[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Kernel Extensions and Device Support Programming Concepts

Kernel Extension Loader Subcommands for the KDB Kernel Debugger and kdb Command


lke, stbl, and rmst Subcommands

The following subcommands lke stbl may be used to display current state of loaded kernel extensions. During boot phase, KDB is called to try to load extension symbol table. A message is printed to say what happens. In the following example, unix and one driver have symbol table. If the kernel extension is stripped, the symbol table is not loaded in memory, but it is possible to build a new symbol table with the traceback table. The lke subcommand can be used for this purpose. A symbol name cache is managed inside KDB, and the cache is filled with function names with lke entry subcommand. This cache is a circular buffer, old entries will be removed by new ones when the cache is full.

Example

   ... during boot phase
   no symbol [/etc/drivers/mddtu_load]
   no symbol [/etc/drivers/fd]
   Preserving 14280 bytes of symbol table [/etc/drivers/rsdd]
   no symbol [/etc/drivers/posixdd]
   no symbol [/etc/drivers/dtropendd]
   ...
   KDB(4)> stbl list symbol table entries
       LDRENTRY     TEXT     DATA      TOC MODULE NAME
     1 00000000 00000000 00000000 00207EF0 /unix
     2 0B04C400 0156F0F0 015784F0 01578840 /etc/drivers/rsdd
   KDB(4)> rmst 2  ignore second entry
   KDB(4)> stbl list symbol table entries
       LDRENTRY     TEXT     DATA      TOC MODULE NAME
     1 00000000 00000000 00000000 00207EF0 /unix
   KDB(4)> stbl 1 list a symbol table entry
       LDRENTRY     TEXT     DATA      TOC MODULE NAME
     1 00000000 00000000 00000000 00207EF0 /unix
   st_desc addr.... 00153920
   symoff.......... 002A9EB8
   nb_sym.......... 0000551E
   ...
(0)> lke ? help
A KERNEXT FUNCTION NAME CACHE exists
with 1024 entries max (circular buffer)
Usage: lke <entry> to populate the cache
Usage: lke -a <address> to populate the cache
Usage: lke -l to list the cache
(0)> lke list loaded kernel extensions
     ADDRESS     FILE FILESIZE    FLAGS MODULE NAME

  1 055ADD00 014620C0 000076CC 00000262  /usr/lib/drivers/pse/psekdb
  2 055AD780 05704000 000702D0 00000272  /usr/lib/drivers/nfs.ext
  3 055AD880 05781000 00000D74 00000248  /unix
  4 055AD380 01461D58 00000348 00000272  /usr/lib/drivers/nfs_kdes.ext
  5 055AD800 056F7000 00000D20 00000248  /unix
  6 055AD600 01455140 0000CC0C 00000262  /etc/drivers/ptydd
  7 055AD500 01451400 00003D2C 00000272  /usr/lib/drivers/if_en
  8 055AD580 05656000 00000D20 00000248  /unix
  9 055AD400 055FB000 0004E038 00000272  /usr/lib/drivers/netinet
...
 39 05518200 0135FA60 00006EFC 00000262  /etc/drivers/bscsidd
 40 05518300 0135F5B8 0000049C 00000272  /etc/drivers/lsadd
 41 05518180 04F7D000 00000CCC 00000248  /unix
 42 05518280 0135E020 00001590 00000262  /etc/drivers/mca_ppc_busdd
 43 04F61100 00326BF8 00000000 00000256  /unix
 44 04F61158 04F62000 00000CCC 00000248  /unix
(0)> lke 40 print slot 40 and process traceback table
     ADDRESS     FILE FILESIZE    FLAGS MODULE NAME

 40 05518300 0135F5B8 0000049C 00000272  /etc/drivers/lsadd
le_flags....... TEXT KERNELEX DATAINTEXT DATA DATAEXISTS
le_next........ 05518180 le_fp.......... 00000000
le_filename.... 05518358 le_file........ 0135F5B8
le_filesize.... 0000049C le_data........ 0135F988
le_tid......... 00000000 le_datasize.... 000000CC
le_usecount.... 00000008 le_loadcount... 00000001
le_ndepend..... 00000001 le_maxdepend... 00000001
le_ule......... 04F86000 le_deferred.... 00000000
le_exports..... 04F86000 le_de.......... 632E6100
le_searchlist.. C0000420 le_dlusecount.. 00000000
le_dlindex..... 0000622F le_lex......... 00000000
TOC@........... 0135FA10
                             <PROCESS TRACE BACKS>
             .lsa_pos_unlock 0135F6B4                .lsa_pos_lock 0135F6E4
                 .lsa_config 0135F738                 .lockl.glink 0135F86C
              .pincode.glink 0135F894            .lock_alloc.glink 0135F8BC
     .simple_lock_init.glink 0135F8E4             .unpincode.glink 0135F90C
            .lock_free.glink 0135F934               .unlockl.glink 0135F95C
(0)> lke -a 0135E51C using a kernext address as argument
     ADDRESS     FILE FILESIZE    FLAGS MODULE NAME

  1 05518280 0135E020 00001590 00000262  /etc/drivers/mca_ppc_busdd
le_flags....... TEXT DATAINTEXT DATA DATAEXISTS
le_next........ 04F61100 le_fp.......... 00000000
le_filename.... 055182D8 le_file........ 0135E020
le_filesize.... 00001590 le_data........ 0135F380
le_tid......... 00000000 le_datasize.... 00000230
le_usecount.... 00000001 le_loadcount... 00000001
le_ndepend..... 00000001 le_maxdepend... 00000001
le_ule......... 00000000 le_deferred.... 00000000
le_exports..... 00000000 le_de.......... 6366672E
le_searchlist.. C0000420 le_dlusecount.. 00000000
le_dlindex..... 00006C69 le_lex......... 00000000
TOC@........... 0135F4F8
                             <PROCESS TRACE BACKS>
            .mca_ppc_businit 0135E120              .complete_error 0135E38C
              .d_protect_ppc 0135E51C                  .d_move_ppc 0135E608
               .d_bflush_ppc 0135E630                .d_cflush_ppc 0135E65C
             .d_complete_ppc 0135E688                .d_master_ppc 0135E7B4
                .d_slave_ppc 0135E974                .d_unmask_ppc 0135EBA4
                 .d_mask_ppc 0135EC40                 .d_clear_ppc 0135ECD8
                 .d_init_ppc 0135ED8C                .vm_att.glink 0135EF88
           .lock_alloc.glink 0135EFB0      .simple_lock_init.glink 0135EFD8
               .vm_det.glink 0135F000               .pincode.glink 0135F028
                      .bcopy 0135F060                     .copystr 0135F238
              .errsave.glink 0135F2E0           .xmemdma_ppc.glink 0135F308
              .xmemqra.glink 0135F330               .xmemacc.glink 0135F358
(0)> lke -l list current name cache
                             KERNEXT FUNCTION NAME CACHE
             .lsa_pos_unlock 0135F6B4               .lsa_pos_lock 0135F6E4
                 .lsa_config 0135F738                .lockl.glink 0135F86C
              .pincode.glink 0135F894           .lock_alloc.glink 0135F8BC
     .simple_lock_init.glink 0135F8E4            .unpincode.glink 0135F90C
            .lock_free.glink 0135F934              .unlockl.glink 0135F95C
            .mca_ppc_businit 0135E120             .complete_error 0135E38C
              .d_protect_ppc 0135E51C                 .d_move_ppc 0135E608
               .d_bflush_ppc 0135E630               .d_cflush_ppc 0135E65C
             .d_complete_ppc 0135E688               .d_master_ppc 0135E7B4
                .d_slave_ppc 0135E974               .d_unmask_ppc 0135EBA4
                 .d_mask_ppc 0135EC40                .d_clear_ppc 0135ECD8
                 .d_init_ppc 0135ED8C               .vm_att.glink 0135EF88
           .lock_alloc.glink 0135EFB0     .simple_lock_init.glink 0135EFD8
               .vm_det.glink 0135F000              .pincode.glink 0135F028
                      .bcopy 0135F060                    .copystr 0135F238
              .errsave.glink 0135F2E0          .xmemdma_ppc.glink 0135F308
              .xmemqra.glink 0135F330              .xmemacc.glink 0135F358
00 KERNEXT FUNCTION range [0135F6B4 0135F974] 10 entries
01 KERNEXT FUNCTION range [0135E120 0135F370] 24 entries
(0)> dc .lsa_ if name is not unique
Ambiguous: [kernext function name cache]
0135F6B4 .lsa_pos_unlock
0135F6E4 .lsa_pos_lock
0135F738 .lsa_config
(0)> expected symbol or address
(0)> dc .lsa_config 11 display code
.lsa_config+000000     stmw    r29,FFFFFFF4(stkp)
.lsa_config+000004     mflr    r0
.lsa_config+000008      ori    r31,r3,0
.lsa_config+00000C      stw    r0,8(stkp)
.lsa_config+000010     stwu    stkp,FFFFFFB0(stkp)
.lsa_config+000014       li    r30,0
.lsa_config+000018      lwz    r3,C(toc)
.lsa_config+00001C       li    r4,0
.lsa_config+000020       bl    <.lockl.glink>
.lsa_config+000024      lwz    toc,14(stkp)
.lsa_config+000028      lwz    r29,14(toc)
 (0)> dc .lockl.glink 6 display glink code
.lockl.glink+000000      lwz    r12,10(toc)
.lockl.glink+000004      stw    toc,14(stkp)
.lockl.glink+000008      lwz    r0,0(r12)
.lockl.glink+00000C      lwz    toc,4(r12)
.lockl.glink+000010    mtctr    r0
.lockl.glink+000014    bcctr

export table Subcommand

The exp subcommand may be used to look for an exported symbol address, or to display the export list. By default all the export list is printed, but it is possible to specify a string as prefix. Notice that export tables can be paged out.

Example

   KDB(0)> exp list export table
   000814D4 pio_assist
   019A7708 puthere
   0007BE90 vmminfo
   00081FD4 socket
   01A28A50 tcp_input
   01A28BFC in_pcb_hash_del
   019A78E8 adjmsg
   0000BAB8 execexit
   00325138 loif
   01980874 lvm_kp_tid
   000816E4 ns_detach
   019A7930 mps_wakeup
   01A28C50 ip_forward
   00081E60 ksettickd
   000810AC uiomove
   000811EC blkflush
   0018D97C setpriv
   01A5CD38 clntkudp_init
   000820D0 soqremque
   00178824 devtosth
   00081984 rtinithead
   01A5CD8C xdr_rmtcall_args
   (0)> more (^C to quit) ? ^C interrupt
   KDB(0)> exp send search in export table
   00081F5C sendmsg
   00081F80 sendto
   00081F74 send
   KDB(0)>

[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]