From: Stephen Brennan <stephen.s.brennan@oracle.com>
To: a b <dtsbt@outlook.com>,
"linux-debuggers@vger.kernel.org"
<linux-debuggers@vger.kernel.org>
Cc: kgdb-bugreport@lists.sourceforge.net
Subject: Re: Does kdb hardware breakpoint supports the arm64 architechture?
Date: Wed, 25 Oct 2023 09:41:50 -0700 [thread overview]
Message-ID: <87r0lizmb5.fsf@oracle.com> (raw)
In-Reply-To: <ME3P282MB1826A5F031A2E9747D66F1CDA9DEA@ME3P282MB1826.AUSP282.PROD.OUTLOOK.COM>
Hello,
I've only used KDB a handfull of times, so I can't speak from
experience. But from reading the code, I see that there don't seem to be
any arch-specific debugger hooks set for the arm64 architecture:
https://elixir.bootlin.com/linux/v6.1.12/source/arch/arm64/kernel/kgdb.c#L336
Compare this to the x86_64 version of the arch_kgdb_ops, which has
several fields set:
https://elixir.bootlin.com/linux/v6.1.12/source/arch/x86/kernel/kgdb.c#L776
In particular, what you're interested in is "set_hw_breakpoint". Looking
through the code where your crash happened:
https://elixir.bootlin.com/linux/v6.1.12/source/kernel/debug/kdb/kdb_bp.c#L148
It does seem like KDB went right ahead and tried to call the NULL
set_hw_breakpoint function... There's no check to see whether the
pointer is non-NULL, at least not here. This would match your crash,
since lr = kdb_bp_install+something, and pc = 0.
What's strange is that KDB should not even _have_ a "bph" command
available, because it uses (arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT) to
check before initializing the "bph" command:
https://elixir.bootlin.com/linux/v6.1.12/source/kernel/debug/kdb/kdb_bp.c#L590
So it seems that your kernel has "KGDB_HW_BREAKPOINT" bit set, while
there is no actual implementation of the function. Seems like a bug...
the arm64 code doesn't set that bit. I've added the KGDB mailing list
onto this thread, maybe they have more context?
Stephen
a b <dtsbt@outlook.com> writes:
> When I'm trying to use the kdb's bph(hardware breakpoint) on an arm64 board with linux6.1, the error kernel NULL pointer dereference at virtual address 0000000000000000 occurs:
>
> root@root:~# echo g > /proc/sysrq-trigger
> [ 2189.865491] sysrq: DEBUG
>
> Entering kdb (current=0xffff0003856b5700, pid 314) on processor 4 due to Keyboard Entry
> [4]kdb> bph jiffies_read
> Instruction(Register) BP #0 at 0xffff800008135ee0 (jiffies_read)
> is enabled addr at ffff800008135ee0, hardtype=1 installed=0
>
> [4]kdb> go
> [ 2220.051476] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
> [ 2220.051719] Mem abort info:
> [ 2220.051750] ESR = 0x0000000086000005
> [ 2220.051841] EC = 0x21: IABT (current EL), IL = 32 bits
> [ 2220.051898] SET = 0, FnV = 0
> [ 2220.051934] EA = 0, S1PTW = 0
> [ 2220.051977] FSC = 0x05: level 1 translation fault
> [ 2220.052195] user pgtable: 64k pages, 48-bit VAs, pgdp=0000000402e23a00
> [ 2220.052254] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
> [ 2220.052804] Internal error: Oops: 0000000086000005 [#1] PREEMPT_RT SMP
> [ 2220.054226] Modules linked in:
> [ 2220.054509] CPU: 4 PID: 314 Comm: bash Not tainted 6.1.12-rt7
> [ 2220.054566] Hardware name: ARM64 board
> [ 2220.054595] pstate: 004003c9 (nzcv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 2220.054638] pc : 0x0
> [ 2220.054811] lr : kdb_bp_install+0x120/0x200
> [ 2220.054865] sp : ffff80000a46f870
> [ 2220.054879] x29: ffff80000a46f870 x28: ffff8000090b8000 x27: ffff8000090bb1c0
> [ 2220.054939] x26: ffff80000a46fb30 x25: ffff8000088dd610 x24: ffff8000088dd5d8
> [ 2220.054988] x23: ffff8000090b8ff4 x22: ffff8000090b8cd8 x21: ffff8000090bb1c0
> [ 2220.055037] x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000001
> [ 2220.055084] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0003856b5bd0
> [ 2220.055131] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000090b9000
> [ 2220.055178] x11: 0000000000000022 x10: ffffffffff9836a8 x9 : 0000000000000010
> [ 2220.055226] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 0000000000220400
> [ 2220.055274] x5 : 0000000000000000 x4 : ffff8003f6d10000 x3 : 0000000000000000
> [ 2220.055320] x2 : 0000000000000001 x1 : 0000000000000001 x0 : ffff800008135ee0
> [ 2220.055371] Call trace:
> [ 2220.055392] 0x0
> [ 2220.055423] kdb_stub+0x288/0x428
> [ 2220.055455] kgdb_cpu_enter+0x168/0x740
> [ 2220.055493] kgdb_handle_exception+0xd0/0x128
> [ 2220.055531] kgdb_compiled_brk_fn+0x28/0x38
> [ 2220.055567] call_break_hook+0x6c/0x80
> [ 2220.055597] brk_handler+0x1c/0x60
> [ 2220.055623] do_debug_exception+0x8c/0x118
> [ 2220.055655] el1_dbg+0x38/0x58
> [ 2220.055690] el1h_64_sync_handler+0xc8/0xe8
> [ 2220.055718] el1h_64_sync+0x64/0x68
> [ 2220.055741] kgdb_breakpoint+0x1c/0x80
> [ 2220.055773] __handle_sysrq+0x90/0x1a0
> [ 2220.055821] write_sysrq_trigger+0x74/0x98
> [ 2220.055855] proc_reg_write+0xa4/0xf8
> [ 2220.055894] vfs_write+0xd0/0x388
> [ 2220.055934] ksys_write+0x6c/0x100
> [ 2220.055968] __arm64_sys_write+0x1c/0x28
> [ 2220.056007] invoke_syscall+0x44/0x108
> [ 2220.056061] el0_svc_common.constprop.0+0x44/0xf0
> [ 2220.056109] do_el0_svc+0x2c/0xc8
> [ 2220.056150] el0_svc+0x28/0x98
> [ 2220.056174] el0t_64_sync_handler+0xb8/0xc0
> [ 2220.056200] el0t_64_sync+0x18c/0x190
> [ 2220.056592] Code: bad PC value
> [ 2220.083989] ---[ end trace 0000000000000000 ]---
> [ 2220.084622] Kernel panic - not syncing: Oops: Fatal exception
prev parent reply other threads:[~2023-10-25 16:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-25 9:17 Does kdb hardware breakpoint supports the arm64 architechture? a b
2023-10-25 16:41 ` Stephen Brennan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r0lizmb5.fsf@oracle.com \
--to=stephen.s.brennan@oracle.com \
--cc=dtsbt@outlook.com \
--cc=kgdb-bugreport@lists.sourceforge.net \
--cc=linux-debuggers@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).