在虚拟机中 创建两个脚本get.sh:
tftp 192.168.100.1 -g -r $1
put.sh:
tftp 192.168.100.1 -p -l $1
在linux设备驱动开发详解中源码:
/*======================================================================
A globalmem driver as an example of char device drivers
The initial developer of the original code is Baohua Song
<author@linuxdriver.cn>. All Rights Reserved.
======================================================================*/
#include <linux/module.h>
#include <linux/types.h>
#include <linux/fs.h>
#include <linux/errno.h>
#include <linux/mm.h>
#include <linux/sched.h>
#include <linux/init.h>
#include <linux/cdev.h>
#include <asm/io.h>
#include <asm/system.h>
#include <asm/uaccess.h>
#include <linux/slab.h>
#define GLOBALMEM_SIZE 0x1000 /*全局内存最大4K字节*/
#define MEM_CLEAR 0x1 /*清0全局内存*/
#define GLOBALMEM_MAJOR 245 /*预设的globalmem的主设备号*/
static globalmem_major = GLOBALMEM_MAJOR;
/*globalmem设备结构体*/
struct globalmem_dev
{
struct cdev cdev; /*cdev结构体*/
unsigned char mem[GLOBALMEM_SIZE]; /*全局内存*/
};
struct globalmem_dev *globalmem_devp; /*设备结构体指针*/
/*文件打开函数*/
int globalmem_open(struct inode *inode, struct file *filp)
{
/*将设备结构体指针赋值给文件私有数据指针*/
filp->private_data = globalmem_devp;
return 0;
}
/*文件释放函数*/
int globalmem_release(struct inode *inode, struct file *filp)
{
return 0;
}
/* ioctl设备控制函数 */
static int globalmem_ioctl(struct inode *inodep, struct file *filp, unsigned
int cmd, unsigned long arg)
{
struct globalmem_dev *dev = filp->private_data;/*获得设备结构体指针*/
switch (cmd)
{
case MEM_CLEAR:
memset(dev->mem, 0, GLOBALMEM_SIZE);
printk(KERN_INFO "globalmem is set to zero\n");
break;
default:
return - EINVAL;
}
return 0;
}
/*读函数*/
static ssize_t globalmem_read(struct file *filp, char __user *buf, size_t size,
loff_t *ppos)
{
unsigned long p = *ppos;
unsigned int count = size;
int ret = 0;
struct globalmem_dev *dev = filp->private_data; /*获得设备结构体指针*/
/*分析和获取有效的写长度*/
if (p >= GLOBALMEM_SIZE)
return count ? - ENXIO: 0;
if (count > GLOBALMEM_SIZE - p)
count = GLOBALMEM_SIZE - p;
/*内核空间->用户空间*/
if (copy_to_user(buf, (void*)(dev->mem + p), count))
{
ret = - EFAULT;
}
else
{
*ppos += count;
ret = count;
printk(KERN_INFO "read %d bytes(s) from %d\n", count, p);
}
return ret;
}
/*写函数*/
static ssize_t globalmem_write(struct file *filp, const char __user *buf,
size_t size, loff_t *ppos)
{
unsigned long p = *ppos;
unsigned int count = size;
int ret = 0;
struct globalmem_dev *dev = filp->private_data; /*获得设备结构体指针*/
/*分析和获取有效的写长度*/
if (p >= GLOBALMEM_SIZE)
return count ? - ENXIO: 0;
if (count > GLOBALMEM_SIZE - p)
count = GLOBALMEM_SIZE - p;
/*用户空间->内核空间*/
if (copy_from_user(dev->mem + p, buf, count))
ret = - EFAULT;
else
{
*ppos += count;
ret = count;
printk(KERN_INFO "written %d bytes(s) from %d\n", count, p);
}
return ret;
}
/* seek文件定位函数 */
static loff_t globalmem_llseek(struct file *filp, loff_t offset, int orig)
{
loff_t ret = 0;
switch (orig)
{
case 0: /*相对文件开始位置偏移*/
if (offset < 0)
{
ret = - EINVAL;
break;
}
if ((unsigned int)offset > GLOBALMEM_SIZE)
{
ret = - EINVAL;
break;
}
filp->f_pos = (unsigned int)offset;
ret = filp->f_pos;
break;
case 1: /*相对文件当前位置偏移*/
if ((filp->f_pos + offset) > GLOBALMEM_SIZE)
{
ret = - EINVAL;
break;
}
if ((filp->f_pos + offset) < 0)
{
ret = - EINVAL;
break;
}
filp->f_pos += offset;
ret = filp->f_pos;
break;
default:
ret = - EINVAL;
break;
}
return ret;
}
/*文件操作结构体*/
static const struct file_operations globalmem_fops =
{
.owner = THIS_MODULE,
.llseek = globalmem_llseek,
.read = globalmem_read,
.write = globalmem_write,
.ioctl = globalmem_ioctl,
.open = globalmem_open,
.release = globalmem_release,
};
/*初始化并注册cdev*/
static void globalmem_setup_cdev(struct globalmem_dev *dev, int index)
{
int err, devno = MKDEV(globalmem_major, index);
cdev_init(&dev->cdev, &globalmem_fops);
dev->cdev.owner = THIS_MODULE;
dev->cdev.ops = &globalmem_fops;
err = cdev_add(&dev->cdev, devno, 1);
if (err)
printk(KERN_NOTICE "Error %d adding LED%d", err, index);
}
/*设备驱动模块加载函数*/
int globalmem_init(void)
{
int result;
dev_t devno = MKDEV(globalmem_major, 0);
/* 申请设备号*/
if (globalmem_major)
result = register_chrdev_region(devno, 1, "globalmem");
else /* 动态申请设备号 */
{
result = alloc_chrdev_region(&devno, 0, 1, "globalmem");
globalmem_major = MAJOR(devno);
}
if (result < 0)
return result;
/* 动态申请设备结构体的内存*/
globalmem_devp = kmalloc(sizeof(struct globalmem_dev), GFP_KERNEL);
if (!globalmem_devp) /*申请失败*/
{
result = - ENOMEM;
goto fail_malloc;
}
memset(globalmem_devp, 0, sizeof(struct globalmem_dev));
globalmem_setup_cdev(globalmem_devp, 0);
return 0;
fail_malloc: unregister_chrdev_region(devno, 1);
return result;
}
/*模块卸载函数*/
void globalmem_exit(void)
{
cdev_del(&globalmem_devp->cdev); /*注销cdev*/
kfree(globalmem_devp); /*释放设备结构体内存*/
unregister_chrdev_region(MKDEV(globalmem_major, 0), 1); /*释放设备号*/
}
MODULE_AUTHOR("Song Baohua");
MODULE_LICENSE("Dual BSD/GPL");
module_param(globalmem_major, int, S_IRUGO);
module_init(globalmem_init);
module_exit(globalmem_exit);
其makefile文件:
obj-m += globalmem.o
KDIR = /home/gudujian/work/linux-2.6.35.9
EXTRA_CFLAGS=-g -O0
build:kernel_modules
kernel_modules:
make -C $(KDIR) M=$(CURDIR) modules
clean:
make -C $(KDIR) M=$(CURDIR) clean
其中KDIR为编译内核时使用的目录。
脚本 section.sh 内容:
#
# gdbline module image
#
# Outputs an add-symbol-file line suitable for pasting into gdb to examine
# a loaded module.
#
cd /sys/module/$1/sections
echo -n add-symbol-file `/bin/cat .text`
for section in .[a-z]* *; do
if [ $section != ".text" ]; then
echo " \\"
echo -n " -s" $section `/bin/cat $section`
fi
done
echo
将得到的文件编译结果,globalmem.ko;以及脚本section.sh 通过tftp方式拷贝到工作目录:
#./get.sh globalmem.ko
#./get.sh section.sh
在主机的tftpboot目录下创建一个文件gdb,权限777.
用如下脚本启动虚拟机:
qemu -m 512 -kernel bzImage -append "root=/dev/sda kgdboc=ttyS0,115200 kgdbwait" -boot c -hda busybox.img -k en-us -net nic -net tap,ifname=tap0,script=no -serial tcp::4321,server
另开一个终端:
$cd /dir/to/linux-2.6.35.9
$gdb vmlinux
显示如下:
Reading symbols from /home/gudujian/work/linuxker/linux-2.6.35.9/vmlinux...done.
(gdb)
gdb命令
(gdb) target remote localhost:4321
Remote debugging using localhost:4321
kgdb_breakpoint (new_dbg_io_ops=0xc07c27e0) at kernel/debug/debug_core.c:967
warning: Source file is more recent than executable.
967 wmb(); /* Sync point after breakpoint */
在主机终端按c让qemu虚拟机启动运行:
在qemu的虚拟机中加载模块globalmem.ko
#insmod globalmem.ko
用section.sh脚本得到gdb符号文件:
#./section.sh globalmem > gdb
将gdb符号文件拷贝到主机中:
#./put.sh gdb
让虚拟机进入调试模式:
#echo g >/proc/sysrq-trigger
/tftpboot/gdb 修改前后的内容分别是:
add-symbol-file 0xe0a35000 \
-s .bss 0xe0a35834 \
-s .data 0xe0a356b8 \
-s .gnu.linkonce.this_module 0xe0a356c0 \
-s .note.gnu.build-id 0xe0a35540 \
-s .rodata 0xe0a35580 \
-s .strtab 0xe0a38430 \
-s .symtab 0xe0a38000 \
-s __mcount_loc 0xe0a35690 \
-s __param 0xe0a3567c
add-symbol-file /dir/to/globalmem.ko 0xe0a35000 \
-s .bss 0xe0a35834 \
-s .data 0xe0a356b8 \
-s .gnu.linkonce.this_module 0xe0a356c0 \
-s .note.gnu.build-id 0xe0a35540 \
-s .rodata 0xe0a35580 \
-s .strtab 0xe0a38430 \
-s .symtab 0xe0a38000 \
-s __mcount_loc 0xe0a35690 \
-s __param 0xe0a3567c
此时在调试端输入命令:
(gdb) source /tftpboot/gdb
下两个断点:
(gdb) b globalmem_write
Breakpoint 1 at 0xe0a351cf: file /dir/to/globalmem.c, line 100.
(gdb) b globalmem_read
Breakpoint 2 at 0xe0a350fc: file /dir/to/globalmem.c, line 100.
然后c让qemu运行。
在qemu中创建一个设备节点globalmem:
#mknod /dev/globalmem c 245 0
(这里的主设备号跟源代码里的相同)
在qemu中给节点/dev/globalmem输入 hello driver world:
#echo “hello driver world” > /dev/globalmem
此时主机中断在globalmem_write
(gdb) c
Continuing.
Breakpoint 1, globalmem_write (filp=0xdfa96080,
buf=0x854c740 "hello driver world\n", size=19, ppos=0xdfbcbf98)
at /home/gudujian/06/globalmemDriver/globalmem.c:100
100 unsigned long p = *ppos;
此时查看变量:
(gdb) p buf
$3 = 0x854c740 "hello driver world\n"
(gdb) p /x size
$4 = 0x13 //字符串长度
(gdb) p *ppos
$5 = 0
如果有兴趣可往下跟踪,这里略去,直接c了。
同理也可以用同样的方式来调试内核模块的其它函数。