CONFIG_KGDB=y
CONFIG_KGDB_KDB=y
CONFIG_PANIC_TIMEOUT=y
CONFIG_PANIC_ON_OOPS=y
CONFIG_RANDOMIZE_BASE=n # Disable KASLR
cmdline:
PMOS_NO_OUTPUT_REDIRECT console=ttyMSM0,115200 kgdboc=ttyMSM0,115200 kgdbcon nokaslr
To handle Android bootloader kernel image offset:
aarch64-linux-gnu-gdb --cd=.output -iex "target remote /dev/ttyUSB0" -ex "symbol-file vmlinux -o 0x80000"The actual running kernel .text offset can be found with monitor info address _text, the vmlinux image one with info address _text
Find kernel module offsets with the following:
; aarch64-linux-gnu-objdump --section-headers .output/drivers/net/ipa/ipa.ko | grep -e "bss\|text\|data "
Idx Name Size VMA LMA File off Algn
0 .text 0000c4f4 0000000000000000 0000000000000000 00000040 2**4
7 .data 00000ba8 0000000000000000 0000000000000000 0000d178 2**3
20 .bss 000000b8 0000000000000000 0000000000000000 00013248 2**3Use monitor lsmod to get the list of loaded modules and their .text
locations (the second address). Then the module symbols can be loaded with the
following, I think.
The offset -o can be calculated by getting the .text address from the kernel
and subtracting the .text offset (0x40).
add-symbol-file drivers/net/ipa/ipa.ko 0xffff80000101f000 -s .data 0xffff80000102c178 -s .bss 0xffff800001032248
add-symbol-file drivers/net/ipa/ipa.ko 0xffff800000f8b000 -s .data 0xffff800000fa01c0 -s .bss 0xffff800000fa1080 -s .text.unlikely 0xffff800000f974f4Can also get sections with:
shift-axolotl:~$ sudo grep -i . /sys/module/ipa/sections/.*
/sys/module/ipa/sections/.altinstructions:0xffff800000f99000
/sys/module/ipa/sections/.bss:0xffff800000fa1080
/sys/module/ipa/sections/.data:0xffff800000fa01c0
/sys/module/ipa/sections/.data.once:0xffff800000fa0d68
/sys/module/ipa/sections/.exit.text:0xffff800000f97ae0
/sys/module/ipa/sections/.gnu.linkonce.this_module:0xffff800000fa0d80
/sys/module/ipa/sections/.init.plt:0xffff800000fa8040
/sys/module/ipa/sections/.init.text:0xffff800000fa8000
/sys/module/ipa/sections/.note.Linux:0xffff800000f9e1c4
/sys/module/ipa/sections/.note.gnu.build-id:0xffff800000f9e1a0
/sys/module/ipa/sections/.note.gnu.property:0xffff800000f9e180
/sys/module/ipa/sections/.plt:0xffff800000f97b40
/sys/module/ipa/sections/.rodata:0xffff800000f99208
/sys/module/ipa/sections/.rodata.str:0xffff800000f9dd4f
/sys/module/ipa/sections/.rodata.str1.8:0xffff800000f9bd58
/sys/module/ipa/sections/.strtab:0xffff800000facf30
/sys/module/ipa/sections/.symtab:0xffff800000fa9000
/sys/module/ipa/sections/.text:0xffff800000f8b000
/sys/module/ipa/sections/.text.ftrace_trampoline:0xffff800000f98380
/sys/module/ipa/sections/.text.unlikely:0xffff800000f974f4Qualcomm's ABL shifts the kernel image by 0x80000, breaking lots of things (:
Including the kernels GDB python scripts which automatically load module symbols...
That wasn't too bad to figure out, however it did make me not realise just what
lx-symbols could do...
Did a bunch of NIH and re-implemented support for a) storing the module sections in struct module b) reading the module sections in the kernel gdb python script
Just need to add support for specify the kernel image offset to lx-symbols
aaaaand
(gdb) lx-symbols -o 0x80000
loading vmlinux
Using vmlinux offset 0x80000
scanning for modules in /home/cas/pmos/enchilada/kernel/.output
loading @0xffff8000014a4000: /home/cas/pmos/enchilada/kernel/.output/net/netfilter/nft_reject_inet.ko
loading @0xffff80000149f000: /home/cas/pmos/enchilada/kernel/.output/net/ipv4/netfilter/nf_reject_ipv4.ko
loading @0xffff800001492000: /home/cas/pmos/enchilada/kernel/.output/net/ipv6/netfilter/nf_reject_ipv6.ko
loading @0xffff80000148d000: /home/cas/pmos/enchilada/kernel/.output/net/netfilter/nft_reject.ko
loading @0xffff800001498000: /home/cas/pmos/enchilada/kernel/.output/net/netfilter/nft_ct.ko