[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Kernel Extensions and Device Support Programming Concepts

Dumps/Display/Decode Subcommands for the KDB Kernel Debugger and kdb Command


d, dw, dd, dp, dpw, dpd Subcommands

Generally speaking, the display memory subcommands allow read or write access to be done in virtual or real mode, using an effective address or a real address as input:

The d (display bytes) dw (display words) dd (display double words) subcommands may be used to dump memory areas, specified address is an effective address. Access is done in real mode.

The dp (display bytes) dpw (display words) dpd (display double words) subcommands may be used to dump memory areas, specified address is a real address.

Count argument is in hexadecimal base for display data, so 10 bytes is one line and 10 words is 4 lines. To display from symbol to symbol+0080 the subcommand is d symbol 80 or dw symbol 20

Default count is one line, and <CR/LF> continues display.

Example

   KDB(0)> d utsname 40 print utsname byte per byte
   utsname+000000: 4149 5820  0000 0000  0000 0000  0000 0000   AIX.............
   utsname+000010: 0000 0000  0000 0000  0000 0000  0000 0000   ................
   utsname+000020: 3030 3030  3030 3030  4130 3030  0000 0000   00000000A000....
   utsname+000030: 0000 0000  0000 0000  0000 0000  0000 0000   ................
   KDB(0)> <CR/LF> repeat last command
   utsname+000040: 3100 0000  0000 0000  0000 0000  0000 0000   1...............
   utsname+000050: 0000 0000  0000 0000  0000 0000  0000 0000   ................
   utsname+000060: 3400 0000  0000 0000  0000 0000  0000 0000   4...............
   utsname+000070: 0000 0000  0000 0000  0000 0000  0000 0000   ................
   KDB(0)> <CR/LF> repeat last command
   utsname+000080: 3030 3030  3030 3030  4130 3030  0000 0000   00000000A000....
   utsname+000090: 0000 0000  0000 0000  0000 0000  0000 0000   ................
   xutsname+000000: 0000 0000  0000 0000  0000 0000  0000 0000   ................
   devcnt+000000: 0000 0100  0000 0000  0001 239C  0001 23A8   ..........#...#.
   KDB(0)> dw utsname 10 print utsname word per word
   utsname+000000: 41495820 00000000 00000000 00000000      AIX.............
   utsname+000010: 00000000 00000000 00000000 00000000      ................
   utsname+000020: 30303030 30303030 41303030 00000000      00000000A000....
   utsname+000030: 00000000 00000000 00000000 00000000      ................
   KDB(0)> tr utsname find utsname physical address
   Physical Address = 00027E98
   KDB(0)> dp 00027E98 40 print utsname using physical address
   00027E98: 4149 5820  0000 0000  0000 0000  0000 0000      AIX.............
   00027EA8: 0000 0000  0000 0000  0000 0000  0000 0000      ................
   00027EB8: 3030 3030  3030 3030  4130 3030  0000 0000      00000000A000....
   00027EC8: 0000 0000  0000 0000  0000 0000  0000 0000      ................
   KDB(0)> dpw 00027E98 print utsname using physical address
   00027E98: 41495820 00000000 00000000 00000000      AIX.............
   KDB(0)>

dc and dpc Subcommands

The display code subcommands may be used to decode instructions.

Breakpoints are not seen, KDB prints the real instruction.

Example

   KDB(0)> set 4 set toggle for Power PC syntax
   power_pc_syntax is true
   KDB(0)> dc resume_pc 10 prints 10 instructions
   .resume_pc+000000     lbz    r0,3454(0)          3454=Trconflag
   .resume_pc+000004  mfsprg    r15,0
   .resume_pc+000008    cmpi    cr0,r0,0
   .resume_pc+00000C     lwz    toc,4208(0)         toc=TOC,4208=g_toc
   .resume_pc+000010     lwz    r30,4C(r15)
   .resume_pc+000014     lwz    r14,40(r15)
   .resume_pc+000018     lwz    r31,8(r30)
   .resume_pc+00001C     bne-   cr0.eq,<.resume_pc+0001BC>
   .resume_pc+000020     lha    r28,2(r30)
   .resume_pc+000024     lwz    r29,0(r14)
   KDB(0)> dc mttb 5 prints mttb function
   .mttb+000000      li    r0,0
   .mttb+000004   mttbl  X r0 X shows that these instructions
   .mttb+000008   mttbu  X r3 are not supported by the current architecture
   .mttb+00000C   mttbl  X r4 POWER PC 601 processor
   .mttb+000010     blr    
   KDB(0)> set 4 set toggle for Power RS syntax
   power_pc_syntax is false
   KDB(0)> dc resume_pc 10 prints 10 instructions
   .resume_pc+000000     lbz    r0,3454(0)          3454=Trconflag
   .resume_pc+000004   mfspr    r15,110
   .resume_pc+000008    cmpi    cr0,r0,0
   .resume_pc+00000C       l    toc,4208(0)         toc=TOC,4208=g_toc
   .resume_pc+000010       l    r30,4C(r15)
   .resume_pc+000014       l    r14,40(r15)
   .resume_pc+000018       l    r31,8(r30)
   .resume_pc+00001C     bne    cr0.eq,<.resume_pc+0001BC>
   .resume_pc+000020     lha    r28,2(r30)
   .resume_pc+000024       l    r29,0(r14)

   KDB(4)> dc scdisk_pm_handler
   .scdisk_pm_handler+000000     stmw    r26,FFFFFFE8(stkp)
   KDB(4)> tr scdisk_pm_handler
   Physical Address = 1D7CA1C0
   KDB(4)> dpc 1D7CA1C0
   1D7CA1C0     stmw    r26,FFFFFFE8(stkp)

dr Subcommand

The display registers subcommand may be used to display general purpose, segment or special registers. The current context is used to find values. After switching from current thread to another one, KDB shows registers of the new one.

For BATs registers, dbat and ibat subcommands must be used.

Example

   KDB(0)> dr ? print usage
    is not a valid register name
   Usage:        dr [sp|sr|gp|fp|<reg. name>]
   sp reg. name: iar   msr   cr    lr    ctr   xer   mq    tid   asr
   ............. dsisr dar   dec   sdr0  sdr1  srr0  srr1  dabr  rtcu  rtcl
   ............. tbu   tbl   sprg0 sprg1 sprg2 sprg3 pir   fpecr ear   pvr
   ............. hid0  hid1  iabr  dmiss imiss dcmp  icmp  hash1 hash2 rpa
   ............. buscsr l2cr  l2sr  mmcr0 mmcr1 pmc1  pmc2  pmc3  pmc4  pmc5
   ............. pmc6  pmc7  pmc8  sia   sda
   sr reg. name: s0  s1  s2  s3  s4  s5  s6  s7  s8  s9
   ............. s10 s11 s12 s13 s14 s15
   gp reg. name: r0  r1  r2  r3  r4  r5  r6  r7  r8  r9
   ............. r10 r11 r12 r13 r14 r15 r16 r17 r18 r19
   ............. r20 r21 r22 r23 r24 r25 r26 r27 r28 r29
   ............. r30 r31
   fp reg. name: f0  f1  f2  f3  f4  f5  f6  f7  f8  f9
   ............. f10 f11 f12 f13 f14 f15 f16 f17 f18 f19
   ............. f20 f21 f22 f23 f24 f25 f26 f27 f28 f29
   ............. f30 f31 fpscr
   KDB(0)> dr print general purpose registers
   r0  : 00003730  r1  : 2FEDFF88  r2  : 00211B6C  r3  : 00000000  r4  : 00000003
   r5  : 007FFFFF  r6  : 0002F930  r7  : 2FEAFFFC  r8  : 00000009  r9  : 20019CC8
   r10 : 00000008  r11 : 00040B40  r12 : 0009B700  r13 : 2003FC60  r14 : DEADBEEF
   r15 : 00000000  r16 : DEADBEEF  r17 : 2003FD28  r18 : 00000000  r19 : 20009168
   r20 : 2003FD38  r21 : 2FEAFF3C  r22 : 00000001  r23 : 2003F700  r24 : 2FEE02E0
   r25 : 2FEE0000  r26 : D0005454  r27 : 2A820846  r28 : E3000E00  r29 : E60008C0
   r30 : 00353A6C  r31 : 00000511
   KDB(0)> dr sp print special registers
   iar   : 10001C48  msr   : 0000F030  cr    : 28202884  lr    : 100DAF18
   ctr   : 100DA1D4  xer   : 00000003  mq    : 00000DF4  
   dsisr : 42000000  dar   : 394A8000  dec   : 007DDC00
   sdr1  : 00380007  srr0  : 10001C48  srr1  : 0000F030
   dabr  : 00000000  rtcu  : 2DC05E64  rtcl  : 2E993E00
   sprg0 : 000A5740  sprg1 : 00000000  sprg2 : 00000000  sprg3 : 00000000
   pid   : 00000000  fpecr : 00000000  ear   : 00000000  pvr   : 00010001
   hid0  : 8101FBC1  hid1  : 00004000  iabr  : 00000000  
   KDB(0)> dr sr print segment registers
   s0  : 60000000  s1  : 60001377  s2  : 60001BDE  s3  : 60001B7D  s4  : 6000143D
   s5  : 60001F3D  s6  : 600005C9  s7  : 007FFFFF  s8  : 007FFFFF  s9  : 007FFFFF
   s10 : 007FFFFF  s11 : 007FFFFF  s12 : 007FFFFF  s13 : 60000A0A  s14 : 007FFFFF
   s15 : 600011D2  
   KDB(0)> dr fp print floating point registers
   f0  : C027C28F5C28F5C3  f1  : 000333335999999A  f2  : 3FE3333333333333
   f3  : 3FC9999999999999  f4  : 7FF0000000000000  f5  : 00100000C0000000
   f6  : 4000000000000000  f7  : 000000009A068000  f8  : 7FF8000000000000
   f9  : 00000000BA411000  f10 : 0000000000000000  f11 : 0000000000000000
   f12 : 0000000000000000  f13 : 0000000000000000  f14 : 0000000000000000
   f15 : 0000000000000000  f16 : 0000000000000000  f17 : 0000000000000000
   f18 : 0000000000000000  f19 : 0000000000000000  f20 : 0000000000000000
   f21 : 0000000000000000  f22 : 0000000000000000  f23 : 0000000000000000
   f24 : 0000000000000000  f25 : 0000000000000000  f26 : 0000000000000000
   f27 : 0000000000000000  f28 : 0000000000000000  f29 : 0000000000000000
   f30 : 0000000000000000  f31 : 0000000000000000  fpscr : BA411000
   KDB(0)> dr ctr print CTR register
   ctr   : 100DA1D4
   100DA1D4 cmpi       cr0,r3,E7           r3=2FEAB008
   KDB(0)> dr msr print MSR register
   msr   : 0000F030  bit set: EE PR FP ME IR DR
   KDB(0)> dr cr 
   cr    : 28202884  bits set in CR0 : EQ
   ..............................CR1 : LT
   ..............................CR2 : EQ
   ..............................CR4 : EQ
   ..............................CR5 : LT
   ..............................CR6 : LT
   ..............................CR7 : GT
   KDB(0)> dr xer print XER register
   xer   : 00000003  comparison byte: 0  length: 3
   KDB(0)> dr iar print IAR register
   iar   : 10001C48
   10001C48 stw        r12,4(stkp)         r12=28202884,4(stkp)=2FEAAFD4 
   KDB(0)> set 11 enable 64 bits display on 620 machine
   64_bit is true
   KDB(0)> dr display 620 general purpose registers
   r0  : 0000000000244CF0  r1  : 0000000000259EB4  r2  : 000000000025A110
   r3  : 00000000000A4B60  r4  : 0000000000000001  r5  : 0000000000000001
   r6  : 00000000000000F0  r7  : 0000000000001090  r8  : 000000000018DAD0
   r9  : 000000000015AB20  r10 : 000000000018D9D0  r11 : 0000000000000000
   r12 : 000000000023F05C  r13 : 00000000000001C8  r14 : 00000000000000BC
   r15 : 0000000000000040  r16 : 0000000000000040  r17 : 00000000080300F0
   r18 : 0000000000000000  r19 : 0000000000000000  r20 : 0000000000225A48
   r21 : 0000000001FF3E00  r22 : 00000000002259D0  r23 : 000000000025A12C
   r24 : 0000000000000001  r25 : 0000000000000001  r26 : 0000000001FF42E0
   r27 : 0000000000000000  r28 : 0000000001FF4A64  r29 : 0000000001FF4000
   r30 : 00000000000034CC  r31 : 0000000001FF4A64  
   KDB(0)> dr sp display 620 special registers
   iar   : 000000000023F288  msr   : 0000000000021080  cr    : 42000440
   lr    : 0000000000245738  ctr   : 0000000000000000  xer   : 00000000
   mq    : 00000000  asr   : 0000000000000000  
   dsisr : 42000000  dar   : 00000000000000EC  dec   : C3528E2F
   sdr1  : 01EC0000  srr0  : 000000000023F288  srr1  : 0000000000021080
   dabr  : 0000000000000000  tbu   : 00000002  tbl   : AF33287B
   sprg0 : 00000000000A4C00  sprg1 : 0000000000000040
   sprg2 : 0000000000000000  sprg3 : 0000000000000000
   pir   : 0000000000000000  ear   : 00000000  pvr   : 00140201
   hid0  : 7001C080  iabr  : 0000000000000000
   buscsr : 00000000008DC800  l2cr  : 000000000000421A  l2sr  : 0000000000000000
   mmcr0 : 00000000  pmc1  : 00000000  pmc2  : 00000000
   sia   : 0000000000000000  sda   : 0000000000000000  
   KDB(0)>

ddvb, ddvh, ddvw, ddvd, ddpd, ddph, and ddpw Subcommands

Note: This subcommand is only available within the kdb command; it is not included in the KDB Kernel Debugger.

IO space memory (Direct Store Segment (T=1)) can not be accessed when translation is disabled (see Storage model in POWER PC Operating Environment Architecture book III). bat mapped area must also be accessed with translation enabled, else cache controls are ignored.

Access can be done in bytes, half words, words or double words.

Address can be an effective address or a real address.

Four special subcommands ddvb, ddvh, ddvw and ddvd may be used to access these areas in translated mode, giving an effective address already mapped. On 64-bit machine, double words correctly aligned are accessed (ddvd) in a single load (ld) instruction.

Four special subcommands ddpb, ddph, ddpw and ddpd may be used to access these areas in translated mode, giving a physical address that will be mapped. On 64-bit machine, double words correctly aligned are accessed (ddpd) in a single load (ld) instruction. DBAT interface is used to translate this address in cache inhibited mode (POWER PC only).

WARNING: Interface with effective address (ddv.) assume that mapping to real address is currently valid. No check is done by KDB. Interface with real address (ddp.) can be used to let KDB doing th mapping (attach and detach).

Example on Power PC 601

   KDB(0)> tr fff19610 show current mapping
   BAT mapping for FFF19610
   DBAT0 FFC0003A FFC0005F
    bepi 7FE0 brpn 7FE0 bl 001F v 1 wim 3 ks 1 kp 0 pp 2 s 0
    eaddr = FFC00000, paddr = FFC00000 size = 4096 KBytes
   KDB(0)> ddvb fff19610 10 print 10 bytes using data relocate mode enable
   FFF19610: 0041 96B0  6666 CEEA  0041 A0B0  0041 AAB0      .A..ff...A...A..
   KDB(0)> ddvw fff19610 4 print 4 words using data relocate mode enable
   FFF19610: 004196B0 76763346 0041A0B0 0041AAB0
   KDB(0)>

Example on Power PC, PCI machine

   KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc
   80000CFC: D0000080    Read is done in relocated mode, cache inhibited
   KDB(0)>

find and findp Subcommands

The search in memory subcommands may be used to search a specific pattern in memory.

Usage: find -s effective_address string        [delta]
       find    effective_address pattern [mask [delta]]
Usage: findp -s physical_address string        [delta]
       findp    physical_address pattern [mask [delta]]

	string from one to 256 characters.
	pattern is a 32-bits word.
	mask is the mask applied on the pattern.
	delta is address increment, default one char if -s or one word.

Example

   KDB(0)> tpid print current thread
                 SLOT NAME     STATE   TID PRI CPUID CPU FLAGS    WCHAN
   
   thread+002F40   63*nfsd     RUN   03F8F 03C       000 00000000 
   KDB(0)> find lock_pinned 03F8F 00ffffff 20 search TID in the lock area
	compare only 24 low bits, on cache aligned addresses (delta 0x20)
   lock_pinned+00D760: 00003F8F 00000000 00000005 00000000 
   KDB(0)>  <CR/LF> repeat last command
   Invalid address E800F000, skip to (^C to interrupt)
   ............... E8800000
   Invalid address E8840000, skip to (^C to interrupt)
   ............... E9000000
   Invalid address E9012000, skip to (^C to interrupt)
   ............... F0000000
   KDB(0)> findp 0 E819D200 search in physical memory
   00F97C7C: E819D200 00000000 00000000 00000000
   KDB(0)> <CR/LF> repeat last command
   05C4FB18: E819D200 00000000 00000000 00000000
   KDB(0)> <CR/LF> repeat last command
   0F7550F0: E819D200 00000000 E60009C0 00000000
   KDB(0)> <CR/LF> repeat last command
   0F927EE8: E819D200 00000000 05E62D28 00000000
   KDB(0)> <CR/LF> repeat last command
   0FAE16E8: E819D200 00000000 05D3B528 00000000
   KDB(0)> <CR/LF> repeat last command
   kdb_get_real_memory: Out of range address 1FFFFFFF
   KDB(0)>

The -s option can be used to enter string of characters. The '.' character is used to match any character.

Example

   KDB(0)>find -s 01A86260 pse search "pse" in pse text code
   01A86ED4: 7073 655F  6B64 6200  8062 0518  8063 0000   pse_kdb..b...c..
   KDB(0)>  <CR/LF> repeat last command
   01A92952: 7073 6562  7566 6361  6C6C 735F  696E 6974   psebufcalls_init
   KDB(0)>  <CR/LF> repeat last command
   01A939AE: 7073 655F  6275 6663  616C 6C00  0000 BF81   pse_bufcall.....
   KDB(0)>  <CR/LF> repeat last command
   01A94F5A: 7073 655F  7265 766F  6B65 BEA1  FFD4 7D80   pse_revoke....}.
   KDB(0)>  <CR/LF> repeat last command
   01A9547E: 7073 655F  7365 6C65  6374 BE41  FFC8 7D80   pse_select.A..}.
   KDB(0)> find -s 01A86260 pse_....._thread how to use '.'
   01A9F586: 7073 655F  626C 6F63  6B5F 7468  7265 6164   pse_block_thread
   KDB(0)>  <CR/LF> repeat last command
   01A9F6EA: 7073 655F  736C 6565  705F 7468  7265 6164   pse_sleep_thread

ext and extp Subcommands

The extract from memory subcommands may be used to extract specific zone from memory.

ext will display the number of words at the start address, then display the number of words at address = address + delta, and keep doing this until 'count' loops are done.

extp will display the number of words at the start address, then display the number of words at address = *(address + delta), and keep doing this until 'count' loops are done.

Usage: ext    effective_address delta [size [count]]
       ext -p effective_address delta [size [count]]
Usage: extp    physical_address delta [size [count]]
       extp -p physical_address delta [size [count]]

	delta is address increment or next address offset.
	size is how many words to print, default one line
	count is how many extractions to do, default one.

Example

(0)> ext thread+7c 0000C0 1 20 extract scheduler information from threads
thread+00007C: 00021001                                   ....
thread+00013C: 00024800                                   ..H.
thread+0001FC: 00007F01                                   ....
thread+0002BC: 00017F01                                   ....
thread+00037C: 00027F01                                   ....
thread+00043C: 00037F01                                   ....
thread+0004FC: 00021001                                   ....
thread+0005BC: 00012402                                   ..$.
thread+00067C: 00002502                                   ..%.
thread+00073C: 00002502                                   ..%.
thread+0007FC: 00002502                                   ..%.
thread+0008BC: 00032502                                   ..%.
thread+00097C: 00002502                                   ..%.
thread+000A3C: 00033C00                                   ..<.
...
KDB(0)> extp 0 4000000  4 100 extract memory using real address
00000000: 00000000 00000000 00000000 00000000     ................
04000000: 00004001 00000000 00000000 00000000     ..@.............
08000000: 00008001 00000000 00000000 00000000     ................
0C000000: D0071128 F010EA08 F010EA68 F010F028     ...(.......h...(
10000000: 00000000 00000000 00000000 00000000     ................
14000000: 746C2E63 2C206C69 62636673 2C20626F     tl.c, libcfs, bo
18000000: 20005924 0000031D 20001B04 20005924      .Y$.... ... .Y$
1C000000: 000C000D 000E000F 00100011 00120013     ................
20000000: kdb_get_real_memory: Out of range address 20000000

The -p option specifies that delta is offset of the field giving the next address. A list can be printed by this way.

Example

(0)> ext -p proc+500 14 8 10 print siblings of a process
proc+000500: 07000000 00000303 00000000 00000000  ................
proc+000510: 00000000 E3000400 E3000500 00000000  ................

proc+000400: 07000000 00000303 00000000 00000000  ................
proc+000410: 00000000 E3000300 E3000400 00000000  ................

proc+000300: 07000000 00000303 00000000 00000000  ................
proc+000310: 00000000 E3000200 E3000300 00000000  ................

proc+000200: 07000000 00000303 00000000 00000000  ................
proc+000210: 00000000 00000000 E3000200 00000000  ................

[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]