In this example, the 32-bit version of the alternate kernel kernel.test was booted. Another option is to pass kadb the -d flag, which causes kadb to prompt for the kernel name. The -d flag also causes kadb(1M) to provide a prompt after it has loaded the kernel, so breakpoints can be set.
ok boot kadb -d ... Rebooting with command: boot kadb -d Boot device: /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@0,0:a File and args: kadb -d kadb: kernel.test/unix Size: 482384+67201+88883 Bytes /platform/sun4u/kernel.test/unix loaded - 0xfc000 bytes used stopped at _start: sethi %hi(0x10006c00), %g1 kadb[0]: |
At this point you can set breakpoints or continue execution with the :c command.
Note - Kernel modules are dynamically loaded. Consequently, driver symbols are not available until the driver is loaded. To set breakpoints in modules that have not been loaded, use deferred breakpoints. For information on deferred breakpoints, refer to "Breakpoints".
kadb(1M) passes any kernel flags to the booted kernel. For example, to boot an alternate kernel and pass the -r flag:
ok boot kadb -r -D kernel.test/unix ... Rebooting with command: boot kadb -r -D kernel.test/unix Boot device: /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@0,0:a File and args: kadb -r -D kernel.test/unix kadb: kernel.test/unix Size: 482384+67201+88883 Bytes /platform/sun4u/kernel.test/unix loaded - 0xfe000 bytes used SunOS Release 5.9 Version Generic 32-bit Copyright 1983-2002 Sun Microsystems, Inc. All rights reserved. obpsym: symbolic debugging is available. Read 208377 bytes from misc/forthdebug configuring IPv4 interfaces: le0. Hostname: test Configuring /dev and /devices |
After the system is booted, sending a break passes control to kadb(1M). A break is generated with STOP-A (on the console of SPARC machines), or with F1-A (on the console of IA machines), or by using ~# (if the console is connected through a tip window).
... The system is ready. test console login: ~# stopped at edd000d8: ta %icc,%g0 + 125 kadb[0]: |
The number in brackets is the CPU that kadb(1M) is currently executing on; the remaining CPUs are halted. The CPU number is zero on a uniprocessor system.
Caution - Before rebooting or turning off the power, always halt the system cleanly (with init 0 or shutdown). Buffers might not be flushed otherwise. If the shutdown must occur from the boot PROM prompt, make sure to flush buffers using the sync command at the ok prompt.
To return control to the operating system, use :c.
kadb[0]: :c test console login: |
Exiting kadb
To exit kadb(1M), use $q. On SPARC machines, this will exit to the ok prompt. On IA machines, you will be prompted to reboot the system.
kadb[0]: $q Type `go' to resume ok |
kadb(1M) can be resumed by typing go at the ok prompt.
Caution - No other commands should be performed from the PROM if the system is to be resumed. PROM commands other than go can change system state that the Solaris 9 operating environment depends upon.
Staying at the kadb(1M) prompt for too long can cause the system to lose track of the time of day, and can cause network connections to time out.
kadb Command Usage
The general form of a kadb command is:
[ address ] [ ,count ] command [;] |
If address is omitted, the current location is used (`.' could also be used to represent the current location). The address can be a kernel symbol. If count is omitted, it defaults to 1.
Commands to kadb consist of a verb followed by a modifier or list of modifiers. Verbs can be:
/ | Prints locations starting at address in the kernel address space |
= | Prints the value of address itself |
> | Assigns a value to a debugger variable or machine register |
< | Reads a value from a debugger variable or machine register |
RETURN | Repeats the previous command with a count of 1. Increments `.' (the current location) |
With / and =, output format specifiers can be used. Lowercase letters normally print 2 bytes, uppercase letters print 4 bytes. The values of these specifiers are:
o, O | 2-, 4-byte octal |
g | 8-byte octal |
G | 8-byte unsigned octal |
d, D | 2-, 4-byte decimal |
e | 8-byte decimal |
E | 8-byte unsigned decimal |
x, X | 2-, 4-byte hexadecimal |
J | 8-byte hexadecimal |
K | 4-byte hexadecimal for 32-bit programs, 8-byte hexadecimal for 64-bit programs. Use this format specifier to examine pointers. |
u, U | 2-, 4-byte unsigned decimal |
c | Prints the addressed character |
C | Prints the addressed character using ^ escape notation |
s | Prints the addressed string |
S | Prints the addressed string using ^ escape notation |
i | Prints as machine instructions (disassemble) |
a | Prints the value of `.' in symbolic form |
w, W | 2-, 4-byte write |
Z | 8-byte write |
Caution - When using w, W or Z to modify a kernel variable, make sure that the size of the variable matches the size of the write you are performing. If you specify an incorrect size you could corrupt neighboring data.
For example, to set a bit in the moddebug variable when debugging a driver, first examine the value of moddebug, then set it to the desired bit.
kadb[0]: moddebug/X moddebug: moddebug: 1000 kadb[0]: moddebug/W 0x80001000 moddebug: 0x1000 = 0x80001000 |
Routines can be disassembled with the `i' command. This is useful when tracing crashes, since the only information might be the program counter at the time of the crash. For example, to print the first four instructions of the kmem_alloc function:
kadb[0]: kmem_alloc,4/i kmem_alloc: kmem_alloc: save %sp, -0x60, %sp sub %i0, 0x1, %l6 sra %l6, 0x3, %i5 tst %i5 |
Specify symbolic notation with the `a' command, to show the addresses:
kadb[0]: kmem_alloc,4/ai kmem_alloc: kmem_alloc: save %sp, -0x60, %sp kmem_alloc+4: sub %i0, 0x1, %l6 kmem_alloc+8: sra %l6, 0x3, %i5 kmem_alloc+0xc: tst %i5 |