所有的工具:
aarch64-poky-linux-addr2line
aarch64-poky-linux-c++filt
aarch64-poky-linux-g++
aarch64-poky-linux-gcc-nm
aarch64-poky-linux-gprof
aarch64-poky-linux-nm
aarch64-poky-linux-readelf
aarch64-poky-linux-ar
aarch64-poky-linux-cpp
aarch64-poky-linux-gcc
aarch64-poky-linux-gcc-ranlib
aarch64-poky-linux-ld
aarch64-poky-linux-objcopy
aarch64-poky-linux-size
aarch64-poky-linux-as
aarch64-poky-linux-dwp
aarch64-poky-linux-gcc-5.2.1
aarch64-poky-linux-gcov
aarch64-poky-linux-ld.bfd
aarch64-poky-linux-objdump
aarch64-poky-linux-strings
aarch64-poky-linux-c++
aarch64-poky-linux-elfedit
aarch64-poky-linux-gcc-ar
aarch64-poky-linux-gcov-tool
aarch64-poky-linux-ld.gold
aarch64-poky-linux-ranlib
aarch64-poky-linux-strip
但是编译成模块的符号并不在vmlinux中,因此这样使用没有效果
查找某个内核符号的位置:
$ aarch64-poky-linux-nm vmlinux | grep vmalloc_user
ffff00000819f030 T vmalloc_user
这个内核符号(地址)对应源文件的哪一行
$ aarch64-poky-linux-addr2line -e vmlinux ffff00000819f030
/media/ubuntu/work/Yocto34/source/linux/mm/vmalloc.c:1870
例子:
由于ehci_hcd.c编译成模块了,但是偏移还是可以正常使用的
[ 5360.731638] PC is at qh_completions+0x410/0x4e0 [ehci_hcd]
[ 5360.737134] LR is at end_unlink_async+0x18c/0x2b0 [ehci_hcd]
[ 5360.927298] [<ffff000000b913c0>] qh_completions+0x410/0x4e0 [ehci_hcd]
[ 5360.933839] [<ffff000000b92994>] end_unlink_async+0x18c/0x2b0 [ehci_hcd]
[ 5360.940553] [<ffff000000b92afc>] end_iaa_cycle+0x44/0x50 [ehci_hcd]
将模块进行反汇编:
0000000000002fb0 <qh_completions>:
* Process and free completed qtds for a qh, returning URBs to drivers.
* Chases up to qh->hw_current. Returns nonzero if the caller should
* unlink qh.
*/
static unsigned qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh)
{
2fb0: a9b87bfd stp x29, x30, [sp, #-128]!
2fb4: 910003fd mov x29, sp
2fb8: a90153f3 stp x19, x20, [sp, #16]
2fbc: aa0003f4 mov x20, x0
2fc0: a9025bf5 stp x21, x22, [sp, #32]
2fc4: 91006035 add x21, x1, #0x18
2fc8: a90573fb stp x27, x28, [sp, #80]
....
内核中每一个存在的符号都如0000000000002fb0 <qh_completions>:对于显示指定的inline函数和编译器优化的inline函数,其样子如下,是没有符号地址的。
static inline void ehci_qtd_free (struct ehci_hcd *ehci, struct ehci_qtd *qtd)
{
dma_pool_free (ehci->qtd_pool, qtd, qtd->qtd_dma);
31a4: f9414280 ldr x0, [x20, #640]
31a8: aa1a03e1 mov x1, x26
31ac: f9401f42 ldr x2, [x26, #56]
31b0: 94000000 bl 0 <dma_pool_free>
...
对于qh_completions+0x410,只需要使用0000000000002fb0+0x410即可找出出问题的地址