[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Kernel Extensions and Device Support Programming Concepts

Modify Memory Subcommands for the KDB Kernel Debugger and kdb Command


m, mw, md, mp, mpw, and mpd Subcommands

Note: This subcommand is only available within the kdb command; it is not included in the KDB Kernel Debugger.

Generally speaking, read or write access can be done in virtual or real mode, using an effective address or a real address as input:

For each display subcommand d dw dd using an effective address, there is a memory modify subcommand m (modify bytes) mw (modify words) md (modify double words).

For each display subcommanddp dpw dpd using a real address, there is a memory modify subcommand mp (modify bytes) mpw (modify words) mpd (modify double words).

These subcommands are interactive, each modification is entered one by one. The first unexpected input stops modification. "." for example may be used as <eod>. In the following example, we shows how to do a patch.

If a break point is set at the same address, use the mw subcommand to keep break point coherency.

Note: Symbolic expressions are not allowed as input.

Example

   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> mw @iar nop current instruction
   .open+000000:  7C0802A6  = 60000000
   .open+000004:  93E1FFFC  = . end of input
   KDB(0)> dc @iar print current instruction
   .open+000000     ori    r0,r0,0
   KDB(0)> m @iar restore current instruction byte per byte
   .open+000000:  60  = 7C
   .open+000001:  00  = 08
   .open+000002:  00  = 02
   .open+000003:  00  = A6
   .open+000004:  93  = . end of input
   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> tr @iar physical address of current instruction
   Physical Address = 001C5BA0
   KDB(0)> mwp 001C5BA0 modify with physical address
   001C5BA0:  7C0802A6  = <CR/LF>
   001C5BA4:  93E1FFFC  = <CR/LF>
   001C5BA8:  90010008  = <CR/LF>
   001C5BAC:  9421FF40  = 60000000
   001C5BB0:  83E211C4  = . end of input
   KDB(0)> dc @iar 5 print instructions
   .open+000000    mflr    r0
   .open+000004     stw    r31,FFFFFFFC(stkp)
   .open+000008     stw    r0,8(stkp)
   .open+00000C     ori    r0,r0,0
   .open+000010     lwz    r31,11C4(toc)       11C4(toc)=_open$$
   KDB(0)> mw open+c restore instruction
   .open+00000C:  60000000  = 9421FF40
   .open+000010:  83E211C4  = . end of input
   KDB(0)> dc open+c print instruction
   .open+00000C    stwu    stkp,FFFFFF40(stkp)
   KDB(0)>

mr Subcommand

Each register may be altered by the mr subcommand. When the register is in the mst context, KDB alters this mst and the modification will be taken ast resume. When the register is a special one, the processor register is altered immediately. Symbolic expressions are allowed as input.

Example

   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> mr iar modify current instruction address
   iar : 001C5BA0 = @iar+4
   KDB(0)> dc @iar print current instruction
   .open+000004     stw    r31,FFFFFFFC(stkp)
   KDB(0)> mr iar restore current instruction address
   iar : 001C5BA4 = @iar-4
   KDB(0)> dc @iar print current instruction
   .open+000000    mflr    r0
   KDB(0)> mr sr modify first invalid segment register
   s0  : 00000000 = <CR/LF>
   s1  : 60000323 = <CR/LF>
   s2  : 20001E1E = <CR/LF>
   s3  : 007FFFFF = 0
   s4  : 007FFFFF = . end of input
   KDB(0)> dr s3 print segment register 3
   s3  : 00000000
   KDB(0)> mr s3 restore segment register 3
   s3  : 00000000 = 007FFFFF
   KDB(0)> mr f29 modify floating point register f29
   f29 : 0000000000000000 = 000333335999999A
   KDB(0)> dr f29
   f29 : 000333335999999A
   KDB(0)> u
   Uthread [2FF3B400]:
      save@......2FF3B400   fpr@.......2FF3B550
   ...
   KDB(0)> dd 2FF3B550 20
   __ublock+000150: C027C28F5C28F5C3 000333335999999A  .'..\(....33Y...
   __ublock+000160: 3FE3333333333333 3FC9999999999999  ?.333333?.......
   __ublock+000170: 7FF0000000000000 00100000C0000000  ................
   __ublock+000180: 4000000000000000 000000009A068000  @...............
   __ublock+000190: 7FF8000000000000 00000000BA411000  .............A..
   __ublock+0001A0: 0000000000000000 0000000000000000  ................
   __ublock+0001B0: 0000000000000000 0000000000000000  ................
   __ublock+0001C0: 0000000000000000 0000000000000000  ................
   __ublock+0001D0: 0000000000000000 0000000000000000  ................
   __ublock+0001E0: 0000000000000000 0000000000000000  ................
   __ublock+0001F0: 0000000000000000 0000000000000000  ................
   __ublock+000200: 0000000000000000 0000000000000000  ................
   __ublock+000210: 0000000000000000 0000000000000000  ................
   __ublock+000220: 0000000000000000 0000000000000000  ................
   __ublock+000230: 0000000000000000 000333335999999A  ..........33Y...
   __ublock+000240: 0000000000000000 0000000000000000  ................
   KDB(0)>

mdvb, mdvh, mdvw, mdvd, mdpb, mdph, mdpw, mdpd Subcommands

Note: This subcommand is only available within the kdb command; it is not included in the KDB Kernel Debugger.

Specific subcommands are available to write in IO space memory. To avoid bad effects, memory is not read before, only the specified write is performed with translation enabled.

Access can be done in bytes, half words, words or double words.

Address can be an effective address or a real address.

Four special subcommands mdvb, mdvh, mdvw and mdvd may be used to access these areas in translated mode, giving an effective address already mapped. On 64-bit machine, double words correctly aligned are accessed (mdvd) in a single store instruction.

Four special subcommands mdpb, mdph, mdpw and mdpd may be used to access these areas in translated mode, giving a physical address that will be mapped. On 64-bit machine, double words correctly aligned are accessed (mdpd) in a single store instruction. DBAT interface is used to translate this address in cache inhibited mode (POWER PC only).

WARNING: Interface with effective address (mdv.) assume that mapping to real address is currently valid. No check is done by KDB. Interface with real address (mdp.) can be used to let KDB doing the mapping (attach and detach).

Example on Power PC 601

   KDB(0)> tr FFF19610 print physical mapping
   BAT mapping for FFF19610
   DBAT0 FFC0003A FFC0005F
    bepi 7FE0 brpn 7FE0 bl 001F v 1 wim 3 ks 1 kp 0 pp 2 s 0
    eaddr = FFC00000, paddr = FFC00000 size = 4096 KBytes
   KDB(0)> mdvb fff19610 byte modify with data relocate enable
   FFF19610: ?? = 00
   FFF19611: ?? = 00
   FFF19612: ?? = . end of input
   KDB(0)> mdvw fff19610 word modify with data relocate enable
   FFF19610: ???????? = 004196B0
   FFF19614: ???????? = . end of input
   KDB(0)>

Example on Power PC, PCI machine

   KDB(0)> mdpw 80000cf8 change one word at physical address 80000cf8
   80000CF8: ???????? = 84000080
   80000CFC: ???????? = .Write is done in relocated mode, cache inhibited
   KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc
   80000CFC: D2000000
   KDB(0)> mdpw 80000cfc change one word at physical address 80000cfc
   80000CFC: ???????? = d0000000
   80000D00: ???????? = .
   KDB(0)> mdpw 80000cf8 change one word at physical address 80000cf8
   80000CF8: ???????? = 8c000080
   80000CFC: ???????? = .
   KDB(0)> ddpw 80000cfc print one word at physical address 80000cfc
   80000CFC: D2000080

[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]