diff options
-rw-r--r-- | md/writeup/kernel_debug_messages.md | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/md/writeup/kernel_debug_messages.md b/md/writeup/kernel_debug_messages.md new file mode 100644 index 0000000..38b566a --- /dev/null +++ b/md/writeup/kernel_debug_messages.md @@ -0,0 +1,153 @@ +# Kernel debug messages + +## Intro + +Usaul way how to debug in kernel is by printing messages all over suspicioiuse +places and figure out where is the problem. + +## Loglevel errors + +Here is defintions of log levels from __include/linux/kern_levels.h__ + +```c +#define KERN_SOH "\001" /* ASCII Start Of Header */ +#define KERN_SOH_ASCII '\001' +``` + +| Name | Value | Descriptop | +| --- | --- | --- | +| KERN_EMERG | KERN_SOH "0" | system is unusable | +| KERN_ALERT | KERN_SOH "1" | action must be taken immediately | +| KERN_CRIT | KERN_SOH "2" | critical conditions | +| KERN_ERR | KERN_SOH "3" | error conditions | +| KERN_WARNING | KERN_SOH "4" | warning conditions | +| KERN_NOTICE | KERN_SOH "5" | normal but significant condition | +| KERN_INFO | KERN_SOH "6" | informational | +| KERN_DEBUG | KERN_SOH "7" | debug-level messages | +| KERN_DEFAULT | KERN_SOH "d" | the default kernel loglevel | + +As we can see kernel printk level is detemined from first bytes from begining of +printed string. Basic usage of log level + +``` +printk(KERN_ERR"Error division by 0\n"); +``` + +No need to write comma after log level as it will just concatenated with string. +[Source](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/printk.h?id=HEAD#n13) + +## Set loging level + +To see messages in userspace you can use +``` +dmesg +``` +Loged messages you can see in __/proc/sys/kernel/printk__ +``` +$ cat /proc/sys/kernel/printk + 7 4 1 7 +``` +Column values are +* current - 7 +* default - 4 +* minimum - 1 +* boot-time-default - 7 + +If one does not specify the log level then the default log level of KERN_WARNING is used. For example, enable all levels of console message: + +``` +echo 7 > /proc/sys/kernel/printk +``` + +If you are working on some device all output also could go to /dev/ttyUSB0 and +if you conected to that device with serial interface then you can see log +messages in your console. Sometime also /dev/tty1 could be as default output +for log messages. + +### Timing information +Timing information could be added to printk messages you need to enable in +menuconfig +__Kernel Hacking > printk and dmesg options >__ + +``` +CONFIG_PRINTK_TIME=y +``` + +### Loglevel at kernel boot +There is possible to set loglevel at bootup as kernel parametr +``` +loglevel= +``` +| Value | Name | Desc | +| --- | --- | --- | +| 0 | (KERN_EMERG) | system is unusable +| 1 | (KERN_ALERT) | action must be taken immediately +| 2 | (KERN_CRIT) | critical conditions +| 3 | (KERN_ERR) | error conditions +| 4 | (KERN_WARNING) | warning conditions +| 5 | (KERN_NOTICE) | normal but significant condition +| 6 | (KERN_INFO) | informational +| 7 | (KERN_DEBUG) | debug-level messages + +### Printk formating + +Here is defined formating specifiers __Documentation/printk-formats.txt__ + +| Type | printk format specifier | +| --- | --- | +| int |%d or %x| +| unsigned int |%u or %x| +| long |%ld or %lx| +| unsigned long |%lu or %lx| +| long long |%lld or %llx| +| unsigned long long |%llu or %llx| +| size_t |%zu or %zx| +| ssize_t |%zd or %zx| +| s32 |%d or %x| +| u32 |%u or %x| +| s64 |%lld or %llx| +| u64 |%llu or %llx| +| pointer |%p| +| function pointer with offset |%pF| +| function pointer without offset |%pf| +| symbol name with offset |%pS| +| symbol name without offset |%ps| +| symbol name with (with __builtin_extract_return_addr() translation) |%pSR| +| symbol name for printing backtraces |%pB| +| printing kernel pointers which should be hidden from unprivilege users |%pk| +| struct resources |%pr| +| struct resources with decoded flags member |%pR| +| phys_addr_t |%pa[p]| +| dma_addr_t |%pad| +| raw buffer as an escaped string |%*pE[achnops]| +| |a - ESCAPE_ANY| +| |c - ESCAPE_SPECIAL| +| |h - ESCAPE_HEX| +| |n - ESCAPE_NULL| +| |o - ESCAPE_OCTAL| +| |p - ESCAPE_NP| +| |s - ESCAPE_SPACE| +| Raw buffer as a hex string | %*ph, %*ph[CDN] | +| MAC/FDDI addresses | %p[M|MR|MF|m|mR] | +| IPv4 addresses | %p[Ii]4[hnbl] | +| IPv6 addresses | %p[I6|i6|I6c] | +| IPv4/IPv6 addresses (generic, with port, flowinfo, scope) | %p[Ii]S[pfschnbl] | +| UUID/GUID addresses | %pU[b|B|l|L] | +| dentry names | %pd{,2,3,4},%pD{,2,3,4} | +| block_device names | %pg | +| struct va_format | %pV | +| struct clk | %pC[nr] | +| bitmap,bitmap,nodemask | %*pb[l] | +| bitfields such as page flags, gfp_flags | %pG[pgv] | +| netdev_features_t | %pNF | + +## Links + +1. http://elinux.org/Debugging_by_printing +2. http://elinux.org/Kernel_Debugging_Tips +3. https://wiki.ubuntu.com/Kernel/KernelDebuggingTricks +4. [Documentation/printk-formats.txt](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/printk-formats.txt?id=HEAD) +5. [include/linux/printk.h](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/printk.h?id=HEAD) +6. [include/linux/kern_levels.h](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/kern_levels.h?id=HEAD) +7. [lib/Kconfig.debug](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/lib/Kconfig.debug?id=HEAD) +8. [Documentation/kernel-parameters.txt](https://www.kernel.org/doc/Documentation/kernel-parameters.txt)
\ No newline at end of file |