Summary of the invention
Technical matters to be solved by this invention provides a kind of method and device of debugging operations system kernel attitude program, solve common debugger can not commissioning test in the shortcoming of the program of operating system nucleus attitude.
For achieving the above object, the invention provides a kind of method of debugging operations system kernel attitude program, its characteristics are, by debugging stubs that is arranged to operate in kernel state and the foreground debugging proxy module that operates in user's attitude, described foreground debugging proxy module and described debugging stubs are communicated, and described debugging stubs receives the operation of Debugging message from described foreground debugging proxy module, control kernel thread and obtains the abnormal information of kernel thread; Described kernel thread sends to described debugging stubs with described abnormal information, described debugging stubs sends to described abnormal information described foreground debugging proxy module and returns to debugger by described foreground debugging proxy module, thereby makes debugger carry out debugging to the kernel state program.
Above-mentioned method, its characteristics are that the operation control of described kernel thread comprises: the internal memory of breakpoint abnormality processing, single step abnormality processing, kernel Signal Processing, read/write kernel and the register of read/write kernel.
Above-mentioned method, its characteristics are that described abnormal information comprises breakpoint abnormal information and/or single step abnormal information.
Above-mentioned method, its characteristics are that described breakpoint abnormality processing comprises: run into after the breakpoint, trigger once unusual, judge that this is that common kernel exception or real breakpoint is unusual unusually, if common kernel exception then changes common kernel exception handling procedure over to; If breakpoint is unusually then carried out normal breakpoint handling procedure.
Above-mentioned method, its characteristics are, described breakpoint abnormality processing further comprises: if debugged kernel thread stops at common kernel spacing, then described is not that real breakpoint is unusual unusually, the execution of a single step of emulation turns back to the kernel application space earlier thread from common kernel spacing; If debugged kernel thread stops at the kernel application space, then described is that real breakpoint is unusual unusually; Unusual if kernel thread itself takes place, then described is that real breakpoint is unusual unusually.
Above-mentioned method, its characteristics are that described single step abnormality processing comprises: judge it is that common kernel exception or real single step is unusual unusually, if common kernel exception then changes common kernel exception handling procedure over to; If normal single step exception handler is unusually then carried out in real single step.
Above-mentioned method, its characteristics are that described single step abnormality processing further comprises: if thread operates in common kernel spacing, then this is not that real single step is unusual unusually, withdraws from this abnormality processing, returns the original program at thread place; If this thread is a kernel thread, then this is that real single step is unusual unusually, changes normal single step exception handler over to.
Above-mentioned method, its characteristics are, described kernel signal Processing comprises: open the signal shielding of breakpoint abnormal signal, single step abnormal signal and the stop signal of debugged kernel thread, make kernel thread can handle this signal when receiving described three kinds of signals; Increase signal Processing opportunity, in debugging, make kernel thread when common kernel spacing jumps to the kernel thread space, carry out one time signal Processing.
Above-mentioned method, its characteristics are that the memory headroom of described read/write kernel comprises: kernel debugging stake judges whether this time read/write occurs in debugging mode, is the task of then taking over this time read/write memory by kernel debugging stake.
Above-mentioned method, its characteristics be, the memory headroom that kernel is read in described kernel debugging stake comprises: the address of visit is checked seen and judge that described address whether within the scope of kernel spacing, is then to carry out next step, otherwise carries out abnormality processing; If the length that read operation will copy is L, L=m * 4+n * 2+k * 1 then, wherein m represents what 4 bytes are this length have, what 2 bytes n also is left after representing to deduct all 4 bytes, what 1 bytes k also is left after representing to deduct all 4 bytes and 2 bytes, copy m nybble successively according to start address, n 2 bytes, k 1 byte; If make mistakes, then carry out abnormality processing.
Above-mentioned method, its characteristics are, the register of described read/write kernel comprises: kernel debugging stake judges that this time read-write register is after occurring in debugging mode, carry out following steps: increase a member variable newly to task control block (TCB), the value of stack pointer will be current unusual generation the time is saved in this member variable when entering unusual or interrupting; Value with this member variable when reading register reads the value that each preceding unusually register takes place as the base address; When withdrawing from unusual or interrupting, empty this member variable; Carry out particular processing in read-write in the SP, with current member variable value add SP in the position of register architecture the value as the current stack pointer register.
Above-mentioned method, its characteristics be, the operation of described control kernel thread also obtains the abnormal information of kernel thread, is to realize by the code that the crucial function place in system adds the debugging stubs.
Above-mentioned method, its characteristics are, further comprise the steps: step 1, and by the mode of system call, described foreground debugging proxy module sends Debugging message to described debugging stubs, and described debugging stubs receives described Debugging message; Step 2, described debugging stubs carries out respective handling to described Debugging message; Step 3 is carried out the breakpoint abnormality processing; Step 4 is carried out the single step abnormality processing; Step 5 is carried out the kernel signal Processing; Step 6, read-write kernel memory headroom; Step 7, the register of read-write kernel; Step 8 returns to foreground debugging proxy module with described abnormal information, memory content or content of registers.
In order better to realize purpose of the present invention, the present invention also provides a kind of device of debugging operations system kernel attitude program, its characteristics are, comprising: debugger, foreground debugging proxy module, debugging stubs, kernel application module and kernel thread module; Described debugger connects described foreground debugging proxy module, and described foreground debugging proxy module connects described debugging stubs and described kernel application module, and described kernel thread module connects described debugging stubs and described kernel application module; Described debugging stubs, kernel thread module and kernel application module operate in kernel state, the foreground debugging proxy module and the described debugging stubs that operate in user's attitude communicate, and described debugging stubs receives the operation of Debugging message from described foreground debugging proxy module, control kernel thread and obtains the abnormal information of kernel thread; Described kernel thread module sends to described debugging stubs with described abnormal information, described debugging stubs returns to described status information described foreground debugging proxy module and returns to debugger by described foreground debugging proxy module, thereby makes debugger carry out debugging to the kernel state program.
Technique effect of the present invention is:
The method of the invention has designed a kernel that operates in kernel state and has debugged stake, debugger is by kernel debugging stake control kernel thread and return message, thereby solved the great difficult problem that debugger can not be debugged kernel thread, made that the debugging kernel thread is equally convenient with debugging consumer process or user thread.And this debugging stake is to exist with form independently, and is related with operating system less, can be transplanted on the various general-purpose operating systems.
Further describe specific embodiments of the invention below in conjunction with accompanying drawing.
Embodiment
The present invention for overcome common debugger can not commissioning test in the shortcoming of operating system nucleus attitude program, new debugging framework has been proposed, as shown in Figure 1, the debug system framework specifically comprises: design a kernel debugging stake 11, this debugging 11 operates in kernel state.Debugging proxy 12 people having the same aspiration and interest test piles 11 in foreground communicate, the operation of these debugging stake 11 control kernel threads 13.Kernel thread 13 feeds back to debugging stake 11 with abnormal information when running into anomalous event, after this abnormal information is received in debugging stake 11 this information is returned to foreground debugging proxy 12, and foreground debugging proxy 12 receives that this message returns to debugger 14.Thereby can make things convenient for the kernel state procedure development with the program of common user mode debugger 14 debugging kernel modes.
Method of the present invention specifically comprises following step:
Step 1: the foreground debugging proxy sends Debugging message to kernel debugging stake.Kernel debugging stake receives the information that user's attitude foreground debugging proxy sends over.It is to finish by the mode of system call that information sends.
Step 2: kernel debugging stake is carried out respective handling according to command information.Handle the information that the foreground debugging proxy sends over.
Step 3: breakpoint abnormality processing:
It is unusual to trigger a breakpoint after running into a breakpoint, because current abnormality processing occurs in kernel state, so we take over current unusual.Judge it be breakpoint unusually or once common kernel exception.If common kernel exception then changes in the common kernel exception handling procedure and goes, otherwise change our breakpoint exception handler over to.Concrete steps are as follows:
To judge at first in abnormality processing whether debugged kernel thread stops at common kernel spacing, if, the execution of a single step of emulation, allow it turn back to the kernel application space from common kernel spacing earlier.It is unusual to that is to say that the breakpoint that only occurs in kernel application is only real breakpoint unusually, handles otherwise jump to single step.
If kernel thread takes place that this is unusual, think that then a breakpoint is unusual, rather than kernel exception.Therefore must forward in the normal breakpoint handling procedure.
Step 4: single step abnormality processing:
The same with above-mentioned step 3, if common kernel exception then changes in the common kernel exception handling procedure and goes, should be unusual otherwise take over by kernel debugging stake, concrete steps are as follows:
In this abnormality processing, at first to judge whether to operate in common kernel spacing, if, then withdraw from this abnormality processing, move this program continuously.
Otherwise, judge that this thread is a kernel thread, if change normal single step exception handler over to.
Step 5: kernel signal Processing:
In our method; the realization of final debugging method is all finished by signal; because unusual or single step is unusual at breakpoint take place after; the capital sends the unusual or single step abnormal signal of a breakpoint to it oneself; when withdrawing from abnormality processing, handle this signal then, wake parent process up.
We at first need to open 3 signal shieldings such as the breakpoint of debugged kernel thread is unusual, single step abnormal signal, stop signal, make kernel thread can handle this signal when receiving these signals.
Increased signal Processing opportunity, in debugging, kernel thread can carry out one time signal Processing when common kernel spacing jumps to the kernel thread space.
Step 6: read-write kernel memory headroom.At first kernel debugging stake judges whether this time read-write occurs in debugging mode, if then kernel is debugged the task that this time read/write memory is taken in stake, kernel memory headroom branch following steps are read in kernel debugging stake:
At first the address of visit is checked and seen whether within the scope of kernel spacing.
If copy length is L, L=m*4+n*2+k*1 then, m represent what 4 bytes are this length have, and n represents to deduct also remaining what 2 bytes after so much 4 bytes, k and the like.
Copy m nybble successively according to start address, n 2 bytes, k 1 byte.
If make mistakes, then carry out abnormality processing.
Step 7: the register of read-write kernel.At first kernel debugging stake judges whether this time read-write register occurs in debugging mode, if then kernel is debugged the task that current read-write register is taken in stake, the step of kernel debugging stake read-write register is as follows:
At first, increase a member variable newly to task control block (TCB), the value of stack pointer will be current unusual generation the time is saved in this member variable when entering unusual or interrupting.
Value with this member variable when reading register reads the value that each preceding unusually register takes place as the base address.
When withdrawing from unusual or interrupting, empty this member variable.
In the read-write SP, carry out particular processing, current member variable value is added that SP is exactly the value of current stack pointer register in the position of register architecture.
Step 8: abnormal information or memory content or content of registers are returned to the foreground debugging proxy.
Below in conjunction with accompanying drawing, be described in further detail with the row that are applied as of the present invention on (SuSE) Linux OS:
The kernel state program of (SuSE) Linux OS enters the kernel operation with the form of using module loading, so the kernel state application program exists with the form of kernel module.As Fig. 1, principle shown in Figure 2 also comprises command processing module 111 and abnormality processing module 112 in the kernel debugging stake 11, and the function of kernel debugging stake 11 is: 1) know the kernel state running state of programs; 2) provide visit 3 to internal memory and register) operation of control kernel state program, below narrate specific implementation respectively:
Know the kernel state running state of programs
After linux kernel debugging stake enters kernel, at first handle at system exception, system core function (as process creation, deletion etc.) locates to add the processing code of oneself, it is exactly exception handling code that this section handled code, and concrete can be divided into breakpoint exception handling code and single step exception handling code;
Breakpoint abnormality processing process flow diagram wherein comprises as shown in Figure 3:
Step 301, breakpoint takes place after, judge whether to be in common kernel, be execution in step 305 then, otherwise execution in step 302;
Step 302 judges whether thread is kernel thread and is in tracking mode, is execution in step 307 then, otherwise execution in step 303;
Step 303 judges whether to be in common kernel spacing, is execution in step 304 then, otherwise execution in step 307;
Step 304 changes kernel exception over to and handles, and forwards step 308 to;
Step 305 is put and is withdrawed from common kernel sign;
Step 306, the operation of a single step of simulation forwards step 308 to;
Step 307 sends abnormal signal to tracked process;
Step 308 is returned original program.
Single step abnormality processing flow process comprises as shown in Figure 4
Step 401 judges whether thread operates in common kernel spacing, is execution in step 405 then, otherwise execution in step 402;
Step 402 judges whether this thread is consumer process, is execution in step 403 then, otherwise execution in step 404;
Step 403 is handled Hardware Breakpoint;
Step 404 sends the single step signal to the current inner thread, forwards step 406 to;
Step 405 is forbidden the single step execution;
Step 406 is returned original program.
After unusual generation of single step unusual at the breakpoint of Fig. 3 or Fig. 4, can enter in the processing code of our setting, we can send a signal and turn back to the debugging stake at the end of handling code, carry out following processing then:
If (when the program of pre-treatment is debugged program)
{
Record present procedure executing state
The operation of if (being abnormality processing) time out program, and notice debugger
}
The text-processing function is returned in redirect
By above operation, the kernel stubs can unusual time notice debugger occur in debugged kernel state program to be debugged, and creates and during deletion, can know its state, for the debugger inquiry in that program is new.
Visit to internal memory and register
Be divided into two, the visit of first pair of internal memory: at first the request of foreground debugging proxy transmission read/write memory is to the debugging stake, and the debugging stake receives after this request that this asks formal definition as follows:
#define?PTRACE_PEEKTEXT 1
#define?PTRACE_POKETEXT 4
The expression space of reading the specified memory space and writing specified memory respectively, this debugging stake receives that this request at first judges that this address is whether within kernel spacing afterwards, if, then think to visit the kernel application space, the safe copy function of Start-up and Adjustment stake, the safe copy flow process as shown in Figure 3.
Second is the visit to register; the debugging stake is received after the request of read-write register; obtain and take place to preserve unusual the time; this value is to preserve when kernel takes place unusual or interrupts; we have newly opened a space; be used for preserving the value of this stack pointer specially, open at the end of task control block (TCB) in this space
task_struct{…………….
void?*kth;
int *kth_esp_stack;
}
Kth_esp_stack preserves preserves address value after on-the-spot when being unusual the generation, but preserve rule according to the on-the-spot storehouse of user's attitude, stack pointer value when drawing the kernel thread operation is (* kth_esp_stack)+0x34, so just adds that according to this base address the side-play amount of each register draws the value of each register.
The operation of control kernel state program, the foreground debugging proxy is ordered as shown in the table by sending the operation of following debug command to the debugged program of debugging stake control:
#define PTRACE_CONT 7 continuous active threads
#define PTRACE_KILL 8 kills thread
#define PTRACE_SINGLESTEP 9 single step threads
#define PTRACE_ATTACH 0x10 is with thread of palm fibre
#define PTRACE_DETACH 0x11 removes a thread and follows the tracks of
The debugging proxy stake is received after the above order:
Switch (order)
{
Case continues the active thread order:
Call the debugging stake and continue the action command interface
Case follows the tracks of given thread:
Call the debugging stake and follow the tracks of the given thread interface
…………………….
}
So just realized control function to the given core program.
As from the foregoing, the inventive method has designed a kernel that operates in kernel state and has debugged stake, debugger is by kernel debugging stake control kernel thread and return message, thereby solved the great difficult problem that debugger can not be debugged kernel thread, made that the debugging kernel thread is equally convenient with debugging consumer process or user thread.And this debugging stake is to exist with form independently, and is related with operating system less, can be transplanted on the various general-purpose operating systems.
The above is preferred embodiment of the present invention only, is not to be used for limiting practical range of the present invention; Every according to equivalence variation and modification that the present invention did, all contained by claim of the present invention.