Debug analysis: PC pointer analysis error based on kernel error information

27 //MUX_CTL mode selection configuration register

28 #define MUX_CTL (*(volatile unsigned long *)(base_iomux + 0x0060))

29 //PAD_CTL GPIO common function settings

30 #define PAD_CTL (*(volatile unsigned long *)(base_iomux + 0x0270))

31 //GPIO DR data register DR

32 #define DR_GPIO3 (*(volatile unsigned long *)(base_gpio3 + 0x0000))

33 // GPIO GDIR direction control register GDIR

34 #define GDIR_GPIO3 (*(volatile unsigned long *)(base_gpio3 + 0x0004))

35

36

37 extern int printk(const char *fmt, ...);

38

39 static int key_open(struct inode *inode, struct file *file)

40 {

41 printk("<0>function open!nn");

42

43 base_iomux = 0x43FAC000;

44 MUX_CTL &= ~(0x07 << 0);

45 MUX_CTL |= (0X05 << 0); //Set to ALT5 GPIO3_23 ERR_LED

46

47 //MUX_CTL

48 return 0;

49 }

50

51 static int key_read(struct file *filp, char __user *buff, size_t count, loff_t *offp)

52 {

53 static int cnt = 0;

54 printk("enter key_open %d n",cnt);

55 return 0;

56 }

57

58 static ssize_t key_write(struct file *file, const char __user *buf, size_t count, loff_t * ppos)

59 {

60 printk("<0>function write!nn");

61 return 1;

62 }

63

64 static int key_release(struct inode *inode, struct file *filp)

65 {

66 printk("<0>function write!nn");

67 return 0;

68 }

69

70 static int key_ioctl(struct inode *inode,struct file *flip,unsigned int command,unsigned long arg)

71 {

72 printk("<0>function ioctl!nn");

73 return 0;

74 }

75 static struct file_operations key_fops = {

76 .owner = THIS_MODULE, /* This is a macro that pushes to the __this_module variable that is automatically created when compiling the module*/

77 .open = key_open,

78.read = key_read,

79 .write = key_write,

80 .release= key_release,

81 .ioctl = key_ioctl,

82 };

83

84 void gpio_addr(void){

85 printk("<0>addr base_iomux : %x n",base_iomux);

86 printk("<0>addr base_gpio3 : %x n",base_gpio3);

87 printk("<0>addr MUX_CTL : %x n",&MUX_CTL);

88 printk("<0>addr PAD_CTL : %x n",&PAD_CTL);

89 printk("<0>addr GDIR_GPIO3 : %x n",&GDIR_GPIO3);

90 printk("<0>addr DR_GPIO3 : %x n",&DR_GPIO3);

91 }

92

93 void led_on_off(void){

94 ssleep(1);

95 DR_GPIO3 |= (0x01 << 23); //Set GPIO2_23 to 1

96 ssleep(1);

97 DR_GPIO3 &= ~(0x01 << 23); // Clear GPIO2_23

98 ssleep(1);

99 DR_GPIO3 |= (0x01 << 23); //Set GPIO2_23 to 1

100 ssleep(1);

101 DR_GPIO3 &= ~(0x01 << 23); //Clear GPIO2_23

102 ssleep(1);

103 DR_GPIO3 |= (0x01 << 23); //Set GPIO2_23 to 1

104 ssleep(1);

105 DR_GPIO3 &= ~(0x01 << 23); // Clear GPIO2_23

106 ssleep(1);

107 DR_GPIO3 |= (0x01 << 23); //Set GPIO2_23 to 1

108 ssleep(1);

109 DR_GPIO3 &= ~(0x01 << 23); // Clear GPIO2_23

110 ssleep(1);

111 DR_GPIO3 |= (0x01 << 23); //Set GPIO2_23 to 1

112 }

113

114 static int __init key_irq_init(void)

115 {

116 printk("<0>nHello,this is %s module!nn",Driver_NAME);

117 //register and mknod

118 major = register_chrdev(0,Driver_NAME,&key_fops);

119 drv_class = class_create(THIS_MODULE,Driver_NAME);

120 drv_class_dev = device_create(drv_class,NULL,MKDEV(major,0),NULL,DEVICE_NAME); /*/dev/key_query*/

121

122 //IO port application ioremap can directly access these addresses through pointers

123 base_iomux = ioremap(0x43FAC000,0xFFF);

124 base_gpio3 = ioremap(0x53FA4000,0xFFF);

125

126 //MUX_CTL

127 MUX_CTL &= ~(0x07 << 0);

128 MUX_CTL |= (0X05 << 0); //Set to ALT5 GPIO3_23 ERR_LED

129 //PAD_CTL

130 PAD_CTL &= ~(0x01<<13 | 0x01<<3 | 0x03<<1 | 0x01<<0); //1.8v does not require pull-up or pull-down CMOS output slew rate

131 //GDIR_GPIO3 is configured as output mode

132 GDIR_GPIO3 &= ~(0x01 << 23);

133 GDIR_GPIO3 |= (0x01 << 23); //Configure to output mode

134

135 //DR_GPIO3 is configured as output 0 to light up ERR_LED

136 DR_GPIO3 &= ~(0x01 << 23); //Clear GPIO2_23

137 DR_GPIO3 &= ~(0x01 << 23); //Clear GPIO2_23

138 gpio_addr();

139 led_on_off();

140 return 0;

141 }

142

143 static void __exit key_irq_exit(void)

144 {

145 gpio_addr();

146 printk("<0>nGoodbye,%s!nn",Driver_NAME);

147 led_on_off();

148

149 unregister_chrdev(major,Driver_NAME);

150 device_unregister(drv_class_dev);

151 class_destroy(drv_class);

152

153 //Release IO port

154 iounmap(base_iomux);

155 iounmap(base_gpio3);

156 }

157

158

159 /* These two lines specify the driver's initialization function and uninstallation function*/

160 module_init(key_irq_init);

161 module_exit(key_irq_exit);

162

163 /* Describe some information about the driver, not required */

164 MODULE_AUTHOR("Lover Cher");

165 MODULE_VERSION("0.1.0");

166 MODULE_DESCRIPTION("IMX257 key Driver");

167 MODULE_LICENSE("GPL");

4. If our faulty program is a driver compiled into the kernel, how can we find the error?

First, we compile the problematic driver into a module, copy the erroneous c file to the /driver/char directory, and then modify the Makefile:

1 root@Lover snow:/home/study/nfs_home/module/37_debug_err_led#

2 cp err_led.c ../../system/linux-2.6.31/drivers/char/

3 root@Lover snow:/home/study/nfs_home/module/37_debug_err_led#

4 root@Lover snow:/home/study/nfs_home/module/37_debug_err_led# cd ../../system/linux-2.6.31/drivers/char/

5 root@Lover snow:/home/study/nfs_home/system/linux-2.6.31/drivers/char# vi Makefile

6 The modifications are as follows:

7

8 12 obj-y += err_led.o

9 13

10 14 obj-$(CONFIG_FM_SI4702) += mxc_si4702.o

11 15 obj-$(CONFIG_MXC_IIM) += mxc_iim.o

12

13 Then recompile the kernel

14 root@Lover snow:/home/study/nfs_home/system/linux-2.6.31/drivers/char# cd ../../

15 root@Lover snow:/home/study/nfs_home/system/linux-2.6.31# make uImage

16 Entry Point: 80008000

17 Image arch/arm/boot/uImage is ready

18 root@Lover snow:/home/study/nfs_home/system/linux-2.6.31#

19 root@Lover snow:/home/study/nfs_home/system/linux-2.6.31# cp arch/arm/boot/uImage /tftpboot/uImage

20 root@Lover snow:/home/study/nfs_home/system/linux-2.6.31#

The board enters UBOOT and re-burns uImag

1 serverip=192.168.31.179

2 ipaddr=192.168.31.180

3 stdin=serial

4 stdout=serial

5 stderr=serial

6

7 Environment size: 1396/262140 bytes

8 MX25 U-Boot > ping 192.168.31.179

9 FEC: enable RMII gasket

10 Using FEC0 device

11 host 192.168.31.179 is alive

12 MX25 U-Boot > tftp 80800000 uImage92.168.31.179; our IP address is 192.168.31.180

13 Filename 'uImage'.

14 Load address: 0x80800000

15 Loading: ############################################# ##################

16 ############################################### ################

17 ###################

18 done

19 Bytes transferred = 2180924 (21473c hex)

20 MX25 U-Boot > bootm 80800000

twenty one

22 Reboot into the development board and run our test program err_led.ko

23 We open the device file echo 1 > /dev/err_led_dev

24 We can find that an error occurred when we loaded:

25 root@EasyARM-iMX257 ~# ll /dev/err_led_dev

26 dev/err_led_dev

27 root@EasyARM-iMX257 ~# echo 1 > /dev/err_led_dev

It can be found that the kernel has an error:

1 root@EasyARM-iMX257 ~# echo 1 > /dev/err_led_dev ndle kernel paging request at virtual address 43fac060

2 pgd = c3b8c000

3 [43fac060] *pgd=00000000

4 Internal error: Oops: 5 [#2] PREEMPT

5 Modules linked in: gpio

6 CPU: 0 Tainted: G D (2.6.31-207-g7286c01 #693)

7 PC is at key_open+0x18/0x54

8 LR is at key_open+0x10/0x54

9 pc : [] lr : [] psr: 60000013

10 sp: c3bade70 ip: c04670aa fp: 00095ab0

11 r10: c3830a20 r9: c3bac000 r8: 894820 r5: 00000000 r4: c3ba00 r1: 43facfff r0: 43fac000 Mode SVC_32 ISA ARM Segment user

12 Control: 0005317f Table: 83b8c000 DAC: 00000015

13 Process sh (pid: 1810, stack limit = 0xc c3bac000 c00bb9d0 0000000b c301c005

14 de80: c3a79de0 c3830a20 c30270e8 000a20 c3861980 c3badef0 c301c000 0: 00000000 c3861980 c3badef0 00000000 c3badef0 c00c4288 0000000a 000001b6

15 dee0: 00020241 00000000 00000000 00000000 c380fba0 c3519458 b89cf437 0000000b

16 df02 00000036

17 df20: 00000000 c00c5698 c3154720 fffffff7 bea04704 c00c5d34 c3badf84 00020242

18 df40 00020241

19 df60: 000001b6 ffffff9c 00000000 c0029f24 c301c000 4 c3bac000

20 dfa0: 40138000 c00200020241 000001b6 00000000

21 dfc000005 00000000 000933f8 40138000 00095ab0

22 dfe0: 000903ac bea043d8 00035c28 400d11e0 60000010 000932ac 00000000 00000000

23 [] (key_open+0x18/0x54) from [] (chrdev_open+0x1d4/0x1f4)

24 [] (chrdevb4>] (__dentry_open+0x18c/0x2ac)

25 [] (__dentry_open+0x18c/0x2ac) from [] (nameidata_to_filp+0x44/0x5c)

26 [] (nameidata_to_filp+0x44/0x5c) from [] (do_filp_open+0x3e4/0x7e8)

27 [] (do_filp_open+0x3e4/0x7e8) from [] (do_sys_open+0x5c/0x114)

28 [] (do_sys_op (ret_fast_syscall+0x0/0x2c)

29 Code: e24dd004 ebf97d89 e59f1030 e59f0030 (e5113f9f)

30 ---[ end trace eae81d24710820c4 ]---

31 proc00 vt100' (pid 1810) exited. Scheduling for restart.

32 starting pid 1811, tty '': '/sbin/getty -L ttymxc0 115200 vt100'

33

34 arm-none-linux-gnueabi-gcc (GCC) 4.1.2

35 root filesystem buil0700

36 Freescale Semiconductor, Inc.

It can be found that PC = c01e8c74

Disassemble the /linux-2.6.31/vmlinux file. This may take some time as the file is too large.

1 root@Lover snow:/home/study/nfs_home/system/linux-2.6.31#