Re: Does kdb hardware breakpoint supports the arm64 architechture?

[Stephen Brennan <stephen.s.brennan@oracle.com>]

Hello,

I've only used KDB a handfull of times, so I can't speak from
experience. But from reading the code, I see that there don't seem to be
any arch-specific debugger hooks set for the arm64 architecture:

https://elixir.bootlin.com/linux/v6.1.12/source/arch/arm64/kernel/kgdb.c#L336

Compare this to the x86_64 version of the arch_kgdb_ops, which has
several fields set:

https://elixir.bootlin.com/linux/v6.1.12/source/arch/x86/kernel/kgdb.c#L776

In particular, what you're interested in is "set_hw_breakpoint". Looking
through the code where your crash happened:

https://elixir.bootlin.com/linux/v6.1.12/source/kernel/debug/kdb/kdb_bp.c#L148

It does seem like KDB went right ahead and tried to call the NULL
set_hw_breakpoint function... There's no check to see whether the
pointer is non-NULL, at least not here. This would match your crash,
since lr = kdb_bp_install+something, and pc = 0.

What's strange is that KDB should not even _have_ a "bph" command
available, because it uses (arch_kgdb_ops.flags & KGDB_HW_BREAKPOINT) to
check before initializing the "bph" command:

https://elixir.bootlin.com/linux/v6.1.12/source/kernel/debug/kdb/kdb_bp.c#L590

So it seems that your kernel has "KGDB_HW_BREAKPOINT" bit set, while
there is no actual implementation of the function. Seems like a bug...
the arm64 code doesn't set that bit. I've added the KGDB mailing list
onto this thread, maybe they have more context?

Stephen

a b <dtsbt@outlook.com> writes:
> When I'm trying to use the kdb's bph(hardware breakpoint) on an arm64 board with linux6.1, the error kernel NULL pointer dereference at virtual address 0000000000000000 occurs:
>
> root@root:~# echo g > /proc/sysrq-trigger
> [ 2189.865491] sysrq: DEBUG
>
> Entering kdb (current=0xffff0003856b5700, pid 314) on processor 4 due to Keyboard Entry
> [4]kdb> bph jiffies_read
> Instruction(Register) BP #0 at 0xffff800008135ee0 (jiffies_read)
>     is enabled   addr at ffff800008135ee0, hardtype=1 installed=0
>
> [4]kdb> go
> [ 2220.051476] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
> [ 2220.051719] Mem abort info:
> [ 2220.051750]   ESR = 0x0000000086000005
> [ 2220.051841]   EC = 0x21: IABT (current EL), IL = 32 bits
> [ 2220.051898]   SET = 0, FnV = 0
> [ 2220.051934]   EA = 0, S1PTW = 0
> [ 2220.051977]   FSC = 0x05: level 1 translation fault
> [ 2220.052195] user pgtable: 64k pages, 48-bit VAs, pgdp=0000000402e23a00
> [ 2220.052254] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
> [ 2220.052804] Internal error: Oops: 0000000086000005 [#1] PREEMPT_RT SMP
> [ 2220.054226] Modules linked in:
> [ 2220.054509] CPU: 4 PID: 314 Comm: bash Not tainted 6.1.12-rt7
> [ 2220.054566] Hardware name: ARM64 board
> [ 2220.054595] pstate: 004003c9 (nzcv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> [ 2220.054638] pc : 0x0
> [ 2220.054811] lr : kdb_bp_install+0x120/0x200
> [ 2220.054865] sp : ffff80000a46f870
> [ 2220.054879] x29: ffff80000a46f870 x28: ffff8000090b8000 x27: ffff8000090bb1c0
> [ 2220.054939] x26: ffff80000a46fb30 x25: ffff8000088dd610 x24: ffff8000088dd5d8
> [ 2220.054988] x23: ffff8000090b8ff4 x22: ffff8000090b8cd8 x21: ffff8000090bb1c0
> [ 2220.055037] x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000001
> [ 2220.055084] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0003856b5bd0
> [ 2220.055131] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000090b9000
> [ 2220.055178] x11: 0000000000000022 x10: ffffffffff9836a8 x9 : 0000000000000010
> [ 2220.055226] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 0000000000220400
> [ 2220.055274] x5 : 0000000000000000 x4 : ffff8003f6d10000 x3 : 0000000000000000
> [ 2220.055320] x2 : 0000000000000001 x1 : 0000000000000001 x0 : ffff800008135ee0
> [ 2220.055371] Call trace:
> [ 2220.055392]  0x0
> [ 2220.055423]  kdb_stub+0x288/0x428
> [ 2220.055455]  kgdb_cpu_enter+0x168/0x740
> [ 2220.055493]  kgdb_handle_exception+0xd0/0x128
> [ 2220.055531]  kgdb_compiled_brk_fn+0x28/0x38
> [ 2220.055567]  call_break_hook+0x6c/0x80
> [ 2220.055597]  brk_handler+0x1c/0x60
> [ 2220.055623]  do_debug_exception+0x8c/0x118
> [ 2220.055655]  el1_dbg+0x38/0x58
> [ 2220.055690]  el1h_64_sync_handler+0xc8/0xe8
> [ 2220.055718]  el1h_64_sync+0x64/0x68
> [ 2220.055741]  kgdb_breakpoint+0x1c/0x80
> [ 2220.055773]  __handle_sysrq+0x90/0x1a0
> [ 2220.055821]  write_sysrq_trigger+0x74/0x98
> [ 2220.055855]  proc_reg_write+0xa4/0xf8
> [ 2220.055894]  vfs_write+0xd0/0x388
> [ 2220.055934]  ksys_write+0x6c/0x100
> [ 2220.055968]  __arm64_sys_write+0x1c/0x28
> [ 2220.056007]  invoke_syscall+0x44/0x108
> [ 2220.056061]  el0_svc_common.constprop.0+0x44/0xf0
> [ 2220.056109]  do_el0_svc+0x2c/0xc8
> [ 2220.056150]  el0_svc+0x28/0x98
> [ 2220.056174]  el0t_64_sync_handler+0xb8/0xc0
> [ 2220.056200]  el0t_64_sync+0x18c/0x190
> [ 2220.056592] Code: bad PC value
> [ 2220.083989] ---[ end trace 0000000000000000 ]---
> [ 2220.084622] Kernel panic - not syncing: Oops: Fatal exception