API Functions
mdb_pwalk()
int mdb_pwalk(const char *name, mdb_walk_cb_t func, void *data, uintptr_t addr); |
Initiate a local walk starting at addr using the walker specified by name, and invoke the callback function func at each step. If addr is NULL, a global walk is performed (that is, the mdb_pwalk() invocation is equivalent to the identical call to mdb_walk() without the trailing addr parameter). This function returns 0 for success, or -1 for error. The mdb_pwalk() function fails if the walker itself returns a fatal error, or if the specified walker name is not known to the debugger. The walker name may be scoped using the backquote (`) operator if there are naming conflicts. The data parameter is an opaque argument that has meaning only to the caller; it is passed back to func at each step of the walk.
mdb_walk()
int mdb_walk(const char *name, mdb_walk_cb_t func, void *data); |
Initiate a global walk starting at addr using the walker specified by name, and invoke the callback function func at each step. This function returns 0 for success, or -1 for error. The mdb_walk() function fails if the walker itself returns a fatal error, or if the specified walker name is not known to the debugger. The walker name can be scoped using the backquote (`) operator if there are naming conflicts. The data parameter is an opaque argument that has meaning only to the caller; it is passed back to func at each step of the walk.
mdb_pwalk_dcmd()
int mdb_pwalk_dcmd(const char *wname, const char *dcname, int argc, const mdb_arg_t *argv, uintptr_t addr); |
Initiate a local walk starting at addr using the walker specified by wname, and invoke the dcmd specified by dcname with the specified argc and argv at each step. This function returns 0 for success, or -1 for error. The function fails if the walker itself returns a fatal error, if the specified walker name or dcmd name is not known to the debugger, or if the dcmd itself returns DCMD_ABORT or DCMD_USAGE to the walker. The walker name and dcmd name can each be scoped using the backquote (`) operator if there are naming conflicts. When invoked from mdb_pwalk_dcmd(), the dcmd will have the DCMD_LOOP and DCMD_ADDRSPEC bits set in its flags parameter, and the first call will have DCMD_LOOPFIRST set.
mdb_walk_dcmd()
int mdb_walk_dcmd(const char *wname, const char *dcname, int argc, const mdb_arg_t *argv); |
Initiate a global walk using the walker specified by wname, and invoke the dcmd specified by dcname with the specified argc and argv at each step. This function returns 0 for success, or -1 for error. The function fails if the walker itself returns a fatal error, if the specified walker name or dcmd name is not known to the debugger, or if the dcmd itself returns DCMD_ABORT or DCMD_USAGE to the walker. The walker name and dcmd name can each be scoped using the backquote (`) operator if there are naming conflicts. When invoked from mdb_walk_dcmd(), the dcmd will have the DCMD_LOOP and DCMD_ADDRSPEC bits set in its flags parameter, and the first call will have DCMD_LOOPFIRST set.
mdb_call_dcmd()
int mdb_call_dcmd(const char *name, uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv); |
Invoke the specified dcmd name with the given parameters. The dot variable is reset to addr, and addr, flags, argc, and argv are passed to the dcmd. The function returns 0 for success, or -1 for error. The function fails if the dcmd returns DCMD_ERR, DCMD_ABORT, or DCMD_USAGE, or if the specified dcmd name is not known to the debugger. The dcmd name can be scoped using the backquote (`) operator if there are naming conflicts.
mdb_layered_walk()
int mdb_layered_walk(const char *name, mdb_walk_state_t *wsp); |
Layer the walk denoted by wsp on top of a walk initiated using the specified walker name. The name can be scoped using the backquote (`) operator if there are naming conflicts. Layered walks can be used, for example, to facilitate constructing walkers for data structures that are embedded in other data structures.
For example, suppose that each CPU structure in the kernel contains a pointer to an embedded structure. To write a walker for the embedded structure type, you could replicate the code to iterate over CPU structures and dereference the appropriate member of each CPU structure, or you could layer the embedded structure's walker on top of the existing CPU walker.
The mdb_layered_walk() function is used from within a walker's init routine to add a new layer to the current walk. The underlying layer is initialized as part of the call to mdb_layered_walk(). The calling walk routine passes in a pointer to its current walk state; this state is used to construct the layered walk. Each layered walk is cleaned up after the caller's walk fini function is called. If more than one layer is added to a walk, the caller's walk step function will step through each element returned by the first layer, then the second layer, and so forth.
The mdb_layered_walk() function returns 0 for success, or -1 for error. The function fails if the specified walker name is not known to the debugger, if the wsp pointer is not a valid, active walk state pointer, if the layered walker itself fails to initialize, or if the caller attempts to layer the walker on top of itself.
mdb_add_walker()
int mdb_add_walker(const mdb_walker_t *w); |
Register a new walker with the debugger. The walker is added to the module's namespace, and to the debugger's global namespace according to the name resolution rules described in "dcmd and Walker Name Resolution". This function returns 0 for success, or -1 for error if the given walker name is already registered by this module, or if the walker structure w is improperly constructed. The information in the mdb_walker_t w is copied to internal debugger structures, so the caller can reuse or free this structure after the call to mdb_add_walker().
mdb_remove_walker()
int mdb_remove_walker(const char *name); |
Remove the walker with the specified name. This function returns 0 for success, or -1 for error. The walker is removed from the current module's namespace. The function fails if the walker name is unknown, or is registered only in another module's namespace. The mdb_remove_walker() function can be used to remove walkers that were added dynamically using mdb_add_walker(), or walkers that were added statically as part of the module's linkage structure. The scoping operator cannot be used in the walker name; it is not legal for the caller of mdb_remove_walker() to attempt to remove a walker exported by a different module.
mdb_vread() and mdb_vwrite()
ssize_t mdb_vread(void *buf, size_t nbytes, uintptr_t addr); ssize_t mdb_vwrite(const void *buf, size_t nbytes, uintptr_t addr); |
These functions provide the ability to read and write data from a given target virtual address, specified by the addr parameter. The mdb_vread() function returns nbytes for success, or -1 for error; if a read is truncated because only a portion of the data can be read from the specified address, -1 is returned. The mdb_vwrite() function returns the number of bytes actually written upon success; -1 is returned upon error.
mdb_fread() and mdb_fwrite()
ssize_t mdb_fread(void *buf, size_t nbytes, uintptr_t addr); ssize_t mdb_fwrite(const void *buf, size_t nbytes, uintptr_t addr); |
These functions provide the ability to read and write data from the object file location corresponding to the given target virtual address, specified by the addr parameter. The mdb_fread() function returns nbytes for success, or -1 for error; if a read is truncated because only a portion of the data can be read from the specified address, -1 is returned. The mdb_fwrite() function returns the number of bytes actually written upon success; -1 is returned upon error.
mdb_pread() and mdb_pwrite()
ssize_t mdb_pread(void *buf, size_t nbytes, uint64_t addr); ssize_t mdb_pwrite(const void *buf, size_t nbytes, uint64_t addr); |
These functions provide the ability to read and write data from a given target physical address, specified by the addr parameter. The mdb_pread() function returns nbytes for success, or -1 for error; if a read is truncated because only a portion of the data can be read from the specified address, -1 is returned. The mdb_pwrite() function returns the number of bytes actually written upon success; -1 is returned upon error.
mdb_readstr()
ssize_t mdb_readstr(char *s, size_t nbytes, uintptr_t addr); |
The mdb_readstr() function reads a null-terminated C string beginning at the target virtual address addr into the buffer addressed by s. The size of the buffer is specified by nbytes. If the string is longer than can fit in the buffer, the string is truncated to the buffer size and a null byte is stored at s[nbytes - 1]. The length of the string stored in s (not including the terminating null byte) is returned upon success; otherwise -1 is returned to indicate an error.
mdb_writestr()
ssize_t mdb_writestr(const char *s, uintptr_t addr); |
The mdb_writestr() function writes a null-terminated C string from s (including the trailing null byte) to the target's virtual address space at the address specified by addr. The number of bytes written (not including the terminating null byte) is returned upon success; otherwise, -1 is returned to indicate an error.
mdb_readsym()
ssize_t mdb_readsym(void *buf, size_t nbytes, const char *name); |
mdb_readsym() is similar to mdb_vread(), except that the virtual address at which reading begins is obtained from the value of the symbol specified by name. If no symbol by that name is found or a read error occurs, -1 is returned; otherwise nbytes is returned for success.
The caller can first look up the symbol separately if it is necessary to distinguish between symbol lookup failure and read failure. The primary executable's symbol table is used for the symbol lookup; if the symbol resides in another symbol table, you must first apply mdb_lookup_by_obj(), then mdb_vread().
mdb_writesym()
ssize_t mdb_writesym(const void *buf, size_t nbytes, const char *name); |
mdb_writesym() is identical to mdb_vwrite(), except that the virtual address at which writing begins is obtained from the value of the symbol specified by name. If no symbol by that name is found, -1 is returned. Otherwise, the number of bytes successfully written is returned on success, and -1 is returned on error. The primary executable's symbol table is used for the symbol lookup; if the symbol resides in another symbol table, you must first apply mdb_lookup_by_obj(), then mdb_vwrite().
mdb_readvar() and mdb_writevar()
ssize_t mdb_readvar(void *buf, const char *name); ssize_t mdb_writevar(const void *buf, const char *name); |
mdb_readvar() is similar to mdb_vread(), except that the virtual address at which reading begins and the number of bytes to read are obtained from the value and size of the symbol specified by name. If no symbol by that name is found, -1 is returned. The symbol size (the number of bytes read) is returned on success; -1 is returned on error. This is useful for reading well-known variables whose sizes are fixed. For example:
int hz; /* system clock rate */ mdb_readvar(&hz, "hz"); |
The caller can first look up the symbol separately if it is necessary to distinguish between symbol lookup failure and read failure. The caller must also carefully check the definition of the symbol of interest in order to make sure that the local declaration is the exact same type as the target's definition. For example, if the caller declares an int, and the symbol of interest is actually a long, and the debugger is examining a 64-bit kernel target, mdb_readvar() copies back 8 bytes to the caller's buffer, corrupting the 4 bytes following the storage for the int.
mdb_writevar() is identical to mdb_vwrite(), except that the virtual address at which writing begins and the number of bytes to write are obtained from the value and size of the symbol specified by name. If no symbol by that name is found, -1 is returned. Otherwise, the number of bytes successfully written is returned on success, and -1 is returned on error.
For both functions, the primary executable's symbol table is used for the symbol lookup; if the symbol resides in another symbol table, you must first apply mdb_lookup_by_obj(), then mdb_vread() or mdb_vwrite().
mdb_lookup_by_name() and mdb_lookup_by_obj()
int mdb_lookup_by_name(const char *name, GElf_Sym *sym); int mdb_lookup_by_obj(const char *object, const char *name, GElf_Sym *sym); |
Look up the specified symbol name and copy the ELF symbol information into the GElf_Sym pointed to by sym. If the symbol is found, the function returns 0; otherwise, -1 is returned. The name parameter specifies the symbol name. The object parameter tells the debugger where to look for the symbol. For the mdb_lookup_by_name() function, the object file defaults to MDB_OBJ_EXEC. For mdb_lookup_by_obj(), the object name should be one of the following:
MDB_OBJ_EXEC | Look in the executable's symbol table (.symtab section). For kernel crash dumps, this corresponds to the symbol table from the unix.X file or from /dev/ksyms. |
MDB_OBJ_RTLD | Look in the runtime link-editor's symbol table. For kernel crash dumps, this corresponds to the symbol table for the krtld module. |
MDB_OBJ_EVERY | Look in all known symbol tables. For kernel crash dumps, this includes the .symtab and .dynsym sections from the unix.X file or /dev/ksyms, as well as per-module symbol tables if these have been processed. |
object | If the name of a particular load object is explicitly specified, the search is restricted to the symbol table of this object. The object can be named according to the naming convention for load objects described in "Symbol Name Resolution". |
mdb_lookup_by_addr()
int mdb_lookup_by_addr(uintptr_t addr, uint_t flag, char *buf, size_t len, GElf_Sym *sym); |
Locate the symbol corresponding to the specified address and copy the ELF symbol information into the GElf_Sym pointed to by sym and the symbol name into the character array addressed by buf. If a corresponding symbol is found, the function returns 0; otherwise -1 is returned.
The flag parameter specifies the lookup mode and should be one of the following:
If a symbol match occurs, the name of the symbol is copied into the buf supplied by the caller. The len parameter specifies the length of this buffer in bytes. The caller's buf should be at least of size MDB_SYM_NAMLEN bytes. The debugger copies the name to this buffer and appends a trailing null byte. If the name length exceeds the length of the buffer, the name is truncated but always includes a trailing null byte.
mdb_getopts()
int mdb_getopts(int argc, const mdb_arg_t *argv, ...); |
Parse and process options and option arguments from the specified argument array (argv). The argc parameter denotes the length of the argument array. This function processes each argument in order, and stops and returns the array index of the first argument that could not be processed. If all arguments are processed successfully, argc is returned.
Following the argc and argv parameters, the mdb_getopts() function accepts a variable list of arguments describing the options that are expected to appear in the argv array. Each option is described by an option letter (char argument), an option type (uint_t argument), and one or two additional arguments, as shown in the table below. The list of option arguments is terminated with a NULL argument. The type should be one of one of the following: