The kgdb Patches
The two interactive debugging approaches we have looked at so far (using gdb on /proc/kcore and kdb) both fall short of the sort of environment that user-space application developers have become used to. Wouldn't it be nice if there were a true debugger for the kernel that supported features like changing variables, breakpoints, etc.? 到目前为止,我们所看到的两种交互式调试方法(在/proc/kcore上使用gdb和kdb)都没有达到用户空间应用程序开发者已经习惯的那种环境。如果有一个真正的内核调试器,支持改变变量、断点等功能,那不是很好吗?
As it turns out, such a solution does exist. There are, as of this writing, two separate patches in circulation that allow gdb, with full capabilities, to be run against the kernel. Confusingly, both of these patches are called kgdb. They work by separating the system running the test kernel from the system running the debugger; the two are typically connected via a serial cable. Therefore, the developer can run gdb on his or her stable desktop system, while operating on a kernel running on a sacrificial test box. Setting up gdb in this mode takes a little time at the outset, but that investment can pay off quickly when a difficult bug shows up. 事实证明,这样的解决方案确实存在。截至目前,有两个独立的补丁在流传,允许gdb以完整的功能在内核中运行。令人困惑的是,这两个补丁都被称为kgdb。它们的工作原理是将运行测试内核的系统与运行调试器的系统分开;这两个系统通常通过串行电缆连接。因此,开发者可以在他或她稳定的桌面系统上运行gdb,而在一个牺牲的测试盒上运行内核。在这种模式下设置gdb,一开始需要一点时间,但当一个困难的bug出现时,这种投资可以很快得到回报。
These patches are in a strong state of flux, and may even be merged at some point, so we avoid saying much about them beyond where they are and their basic features. Interested readers are encouraged to look and see the current state of affairs. 这些补丁处于强烈的变化状态,甚至可能在某个时候被合并,所以我们避免在它们的位置和基本特征之外对它们说太多。我们鼓励感兴趣的读者去看一看,看看目前的状况。
The first kgdb patch is currently found in the -mm kernel tree—the staging area for patches on their way into the 2.6 mainline. This version of the patch supports the x86, SuperH, ia64, x86_64, SPARC, and 32-bit PPC architectures. In addition to the usual mode of operation over a serial port, this version of kgdb can also communicate over a local-area network. It is simply a matter of enabling the Ethernet mode and booting with the kgdboe parameter set to indicate the IP address from which debugging commands can originate. The documentation under Documentation/i386/kgdb describes how to set things up.[4] 第一个kgdb补丁目前可以在-mm内核树中找到--这是进入2.6主线的补丁的暂存区。这个版本的补丁支持x86、SuperH、ia64、x86_64、SPARC和32位PPC架构。除了通常的通过串口操作的模式外,这个版本的kgdb还可以通过局域网通信。只需启用以太网模式,并在启动时将kgdboe参数设置为可以发出调试命令的IP地址。Documentation/i386/kgdb下的文档描述了如何设置这些东西[4]。
As an alternative, you can use the kgdb patch found on kgdb download | SourceForge.net. This version of the debugger does not support the network communication mode (though that is said to be under development), but it does have some built-in support for working with loadable modules. It supports the x86, x86_64, PowerPC, and S/390 architectures. 作为一个替代方案,你可以使用http://kgdb.sf.net/ 上的kgdb补丁。这个版本的调试器不支持网络通信模式(虽然据说正在开发中),但它确实有一些内置的支持,可以与可加载模块一起工作。它支持x86、x86_64、PowerPC和S/390架构。
The User-Mode Linux Port
User-Mode Linux (UML) is an interesting concept. It is structured as a separate port of the Linux kernel with its own arch/um subdirectory. It does not run on a new type of hardware, however; instead, it runs on a virtual machine implemented on the Linux system call interface. Thus, UML allows the Linux kernel to run as a separate, user-mode process on a Linux system. 用户模式Linux(UML)是一个有趣的概念。它的结构是Linux内核的一个独立端口,有自己的arch/um子目录。然而,它并不在一种新的硬件上运行;相反,它在一个以Linux系统调用接口实现的虚拟机上运行。因此,UML允许Linux内核在Linux系统上作为一个独立的、用户模式的进程运行。
Having a copy of the kernel running as a user-mode process brings a number of advantages. Because it is running on a constrained, virtual processor, a buggy kernel cannot damage the "real" system. Different hardware and software configurations can be tried easily on the same box. And, perhaps most significantly for kernel developers, the user-mode kernel can be easily manipulated with gdb or another debugger. After all, it is just another process. UML clearly has the potential to accelerate kernel development. 让内核的副本以用户模式进程的形式运行会带来很多好处。因为它运行在一个受限制的虚拟处理器上,一个有问题的内核不能损害 "真实 "系统。不同的硬件和软件配置可以很容易地在同一个盒子上尝试。而且,对于内核开发者来说,最重要的是,用户模式的内核可以很容易地用gdb或其他调试器进行操作。毕竟,它只是另一个进程。UML显然具有加速内核开发的潜力。
However, UML has a big shortcoming from the point of view of driver writers: the user-mode kernel has no access to the host system's hardware. Thus, while it can be useful for debugging most of the sample drivers in this book, UML is not yet useful for debugging drivers that have to deal with real hardware. 然而,从驱动程序编写者的角度来看,UML有一个很大的缺陷:用户模式的内核不能访问主机系统的硬件。因此,虽然它对调试本书中的大多数样本驱动程序很有用,但UML对调试必须处理真实硬件的驱动程序还没有用。
See The User-mode Linux Kernel Home Page for more information on UML.
The Linux Trace Toolkit
The Linux Trace Toolkit (LTT) is a kernel patch and a set of related utilities that allow the tracing of events in the kernel. The trace includes timing information and can create a reasonably complete picture of what happened over a given period of time. Thus, it can be used not only for debugging but also for tracking down performance problems. Linux Trace Toolkit(LTT)是一个内核补丁和一组相关的工具,允许对内核中的事件进行追踪。追踪包括时间信息,可以创建一个相当完整的关于在给定时间段内发生了什么的图片。因此,它不仅可以用于调试,还可以用于追踪性能问题。
LTT, along with extensive documentation, can be found at http://www.opersys.com/LTT. LTT以及大量的文件,可以在http://www.opersys.com/LTT。
Dynamic Probes
Dynamic Probes (or DProbes) is a debugging tool released (under the GPL) by IBM for Linux on the IA-32 architecture. It allows the placement of a "probe" at almost any place in the system, in both user and kernel space. The probe consists of some code (written in a specialized, stack-oriented language) that is executed when control hits the given point. This code can report information back to user space, change registers, or do a number of other things. The useful feature of DProbes is that once the capability has been built into the kernel, probes can be inserted anywhere within a running system without kernel builds or reboots. DProbes can also work with the LTT to insert new tracing events at arbitrary locations. 动态探针(或DProbes)是IBM为IA-32架构的Linux发布的调试工具(在GPL下)。它允许在系统中几乎任何地方放置一个 "探针",包括用户和内核空间。探针由一些代码组成(用专门的、面向堆栈的语言编写),当控制到达给定的点时被执行。这段代码可以向用户空间报告信息,改变寄存器,或做其他一些事情。DProbes的有用功能是,一旦该功能被植入内核,探针就可以被插入到运行系统的任何地方,而不需要构建内核或重新启动。DProbes还可以和LTT一起工作,在任意位置插入新的跟踪事件。
The DProbes tool can be downloaded from IBM's open source site: http://oss.software.ibm.com. DProbes工具可以从IBM的开放源代码网站下载:http://oss.software.ibm.com。
[1] For example, use setlevel 8; setconsole 10 to set up terminal 10 to display messages. 例如,使用setlevel 8;setconsole 10来设置终端10来显示信息。
[2] The hyphen, or minus sign, is a "magic" marker to prevent syslogd from flushing the file to disk at every new message, documented in syslog.conf(5), a manpage worth reading. 连字符,或减号,是一个 "神奇 "的标记,以防止syslogd在每条新消息时将文件刷入磁盘,这在syslog.conf(5)中有记载,是一个值得阅读的手册。
[3] Actually, multiprocessor systems still schedule on the other processors, and even a uniprocessor machine might reschedule if kernel preemption is enabled. For the most common case (uniprocessor with preemption disabled), however, the system stops scheduling altogether. 实际上,多处理器系统仍然在其他处理器上进行调度,如果启用了内核抢占,甚至单处理器机器也可能重新进行调度。然而,对于最常见的情况(单处理器禁用抢占),系统会完全停止调度。
[4] It does neglect to point out that you should have your network adapter driver built into the kernel, however, or the debugger fails to find it at boot time and will shut itself down. 然而,它确实忽略了你应该把你的网络适配器驱动程序内置到内核中,否则调试器在启动时无法找到它,并会自行关闭。