2022年5月7日 星期六

Linux Kernel(2.1)- MAJRO NUMBER RESERVED FOR DYNAMIC ASSIGNMENT


Documentation/admin-guide/devices.txt 文檔中描述了各個major number的用途, 而這文章的重點是dynamic的範圍從234~254與384~511
 234-254 char	RESERVED FOR DYNAMIC ASSIGNMENT
		Character devices that request a dynamic allocation of major number will
		take numbers starting from 254 and downward.

 384-511 char	RESERVED FOR DYNAMIC ASSIGNMENT
		Character devices that request a dynamic allocation of major
		number will take numbers starting from 511 and downward,
		once the 234-254 range is full.

相關的代碼如下:
__register_chrdev_region()
  |-> find_dynamic_major()
    |-> 254 ~ 234 or 511 ~ 384 有空的就拿來用

int alloc_chrdev_region(dev_t *dev, unsigned baseminor, unsigned count,
                        const char *name)
{
  struct char_device_struct *cd;
  cd = __register_chrdev_region(0, baseminor, count, name);
  if (IS_ERR(cd))
    return PTR_ERR(cd);
  *dev = MKDEV(cd->major, cd->baseminor);
  return 0;
}

static struct char_device_struct *
__register_chrdev_region(unsigned int major, unsigned int baseminor,
                           int minorct, const char *name)
{
  struct char_device_struct *cd, *curr, *prev = NULL;
  int ret;
  int i;

  if (major >= CHRDEV_MAJOR_MAX) {
    pr_err("CHRDEV \"%s\" major requested (%u) is greater than the maximum (%u)\n",
        name, major, CHRDEV_MAJOR_MAX-1);
    return ERR_PTR(-EINVAL);
  }

  if (minorct > MINORMASK + 1 - baseminor) {
    pr_err("CHRDEV \"%s\" minor range requested (%u-%u) is out of range of maximum range (%u-%u) for a single major\n",
      name, baseminor, baseminor + minorct - 1, 0, MINORMASK);
    return ERR_PTR(-EINVAL);
  }

    cd = kzalloc(sizeof(struct char_device_struct), GFP_KERNEL);
    if (cd == NULL)
        return ERR_PTR(-ENOMEM);

    mutex_lock(&chrdevs_lock);

    if (major == 0) {
        ret = find_dynamic_major();
        if (ret < 0) {
            pr_err("CHRDEV \"%s\" dynamic allocation region is full\n",
                 name);
            goto out;
        }
        major = ret;
    }

    ret = -EBUSY;
    i = major_to_index(major);
    for (curr = chrdevs[i]; curr; prev = curr, curr = curr->next) {
        if (curr->major < major)
            continue;

        if (curr->major > major)
            break;

        if (curr->baseminor + curr->minorct <= baseminor)
            continue;

        if (curr->baseminor >= baseminor + minorct)
            break;

        goto out;
    }

    cd->major = major;
    cd->baseminor = baseminor;
    cd->minorct = minorct;
    strlcpy(cd->name, name, sizeof(cd->name));

    if (!prev) {
        cd->next = curr;
        chrdevs[i] = cd;
    } else {
        cd->next = prev->next;
        prev->next = cd;
    }

    mutex_unlock(&chrdevs_lock);
    return cd;
out:
    mutex_unlock(&chrdevs_lock);
    kfree(cd);
    return ERR_PTR(ret);
}

/* fs/char_dev.c */
#define CHRDEV_MAJOR_MAX 512
/* Marks the bottom of the first segment of free char majors */
#define CHRDEV_MAJOR_DYN_END 234
/* Marks the top and bottom of the second segment of free char majors */
#define CHRDEV_MAJOR_DYN_EXT_START 511
#define CHRDEV_MAJOR_DYN_EXT_END 384

#define CHRDEV_MAJOR_HASH_SIZE 255
static struct char_device_struct {
    struct char_device_struct *next;
    unsigned int major;
    unsigned int baseminor;
    int minorct;
    char name[64];
    struct cdev *cdev;        /* will die */
} *chrdevs[CHRDEV_MAJOR_HASH_SIZE];


static int find_dynamic_major(void)
{
    int i;
    struct char_device_struct *cd;

              /* from 254 ~ 234 */
    for (i = ARRAY_SIZE(chrdevs)-1; i >= CHRDEV_MAJOR_DYN_END; i--) {
        if (chrdevs[i] == NULL)
            return i;
    }

                /* from 511 ~ 384 */
    for (i = CHRDEV_MAJOR_DYN_EXT_START;
       i >= CHRDEV_MAJOR_DYN_EXT_END; i--) {
        for (cd = chrdevs[major_to_index(i)]; cd; cd = cd->next)
            if (cd->major == i)
                break;

        if (cd == NULL)
            return i;
    }

    return -EBUSY;
}


2022年4月2日 星期六

run Cortex-A57 with kernel 5.4 on qemu


這篇文章只是拿來記錄compile Kernel for Cortex-A57, 用於研究PCIe Driver, 其餘的rootfs與busybox請參考附錄
[brook@:~/Projects/qemu/linux-virt]$ sudo apt-get install gcc-aarch64-linux-gnu #for ARM64
[brook@:~/Projects/qemu/linux-virt]$ export ARCH=arm64
[brook@:~/Projects/qemu/linux-virt]$ export CROSS_COMPILE=aarch64-linux-gnu-
[brook@:~/Projects/qemu/linux-virt]$ cp arch/arm64/configs/defconfig .config
[brook@:~/Projects/qemu/linux-virt]$ make olddefconfig
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/confdata.o
  HOSTCC  scripts/kconfig/expr.o
  LEX     scripts/kconfig/lexer.lex.c
  YACC    scripts/kconfig/parser.tab.[ch]
  HOSTCC  scripts/kconfig/lexer.lex.o
  HOSTCC  scripts/kconfig/parser.tab.o
  HOSTCC  scripts/kconfig/preprocess.o
  HOSTCC  scripts/kconfig/symbol.o
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --olddefconfig Kconfig
#
# configuration written to .config
#
[brook@:~/Projects/qemu/linux-virt]$ make -j16
[brook@:~/Projects/qemu/linux-virt]$ qemu-system-aarch64 -machine virt -cpu cortex-a57 -smp 8 -m 4096 -kernel  ./arch/arm64/boot/Image -append "console=ttyAMA0 root=/dev/vda" -nographic -initrd ../initrd-arm.img
[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x411fd070]
...
Please press Enter to activate this console.
/ #
/ # lspci -k
00:01.0 Class 0200: 1af4:1000 virtio-pci
00:00.0 Class 0600: 1b36:0008
/ # uname -r
5.4.0
1af4:1000是Virtio network device, 而1b36:0008是QEMU PCIe Host bridge
ETH PCIe driver在"drivers/virtio/virtio_pci_common.c", 其vendor ID是0x1af4, 當device插入時, 就會去比對ID, match後就會載入該module並probe
/* Qumranet donated their vendor ID for devices 0x1000 thru 0x10FF. */
static const struct pci_device_id virtio_pci_id_table[] = {
        { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, PCI_ANY_ID) },
        { 0 }
};

MODULE_DEVICE_TABLE(pci, virtio_pci_id_table);
...
static struct pci_driver virtio_pci_driver = {
        .name           = "virtio-pci",
        .id_table       = virtio_pci_id_table,
        .probe          = virtio_pci_probe,
        .remove         = virtio_pci_remove,
#ifdef CONFIG_PM_SLEEP
        .driver.pm      = &virtio_pci_pm_ops,
#endif
        .sriov_configure = virtio_pci_sriov_configure,
};

module_pci_driver(virtio_pci_driver);

這裡我把PCI ID移成PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET + 1, 再透過echo <vendor_code> <device_code> > /sys/bus/pci/drivers/<pci_device_driver>/new_id動態對PCIe driver新增ID, 讓系統認到網卡
[brook@:~/Projects/qemu/linux-virt]$ git diff .
diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c
index f2862f66c2ac..60aef3fea650 100644
--- a/drivers/virtio/virtio_pci_common.c
+++ b/drivers/virtio/virtio_pci_common.c
@@ -492,7 +492,7 @@ static const struct dev_pm_ops virtio_pci_pm_ops = {

 /* Qumranet donated their vendor ID for devices 0x1000 thru 0x10FF. */
 static const struct pci_device_id virtio_pci_id_table[] = {
-       { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, PCI_ANY_ID) },
+       { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET + 1, PCI_ANY_ID) },
        { 0 }
 };

@@ -514,6 +514,7 @@ static int virtio_pci_probe(struct pci_dev *pci_dev,
 {
        struct virtio_pci_device *vp_dev, *reg_dev = NULL;
        int rc;
+       printk("%s(#%d): Brook\n", __FUNCTION__, __LINE__);

        /* allocate our structure and fill it out */
        vp_dev = kzalloc(sizeof(struct virtio_pci_device), GFP_KERNEL);
lspci會認到1af4:1000, 但是eth driver因為被我跳號, 所以認不到, 再透過/sys/bus/pci/drivers/<pci_device_driver>/new_id將往卡帶起來
/ # lspci
00:01.0 Class 0200: 1af4:1000
00:00.0 Class 0600: 1b36:0008
/ # ifconfig -a
lo        Link encap:Local Loopback
          LOOPBACK  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
/ # echo 1af4 1000 > /sys/bus/pci/drivers/virtio-pci/new_id
[  130.728345] virtio_pci_probe(#517): Brook
[  130.729216] virtio-pci 0000:00:01.0: enabling device (0000 -> 0003)
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 52:54:00:12:34:56
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          LOOPBACK  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

透過echo <Domain:Bus:Device.Function> > /sys/bus/pci/drivers/<pci_device_driver>/unbind將driver移除, 也可以透過echo <Domain:Bus:Device.Function> > /sys/bus/pci/drivers/<pci_device_driver>/bind重新將driver帶上
/ # lspci
00:01.0 Class 0200: 1af4:1000
00:00.0 Class 0600: 1b36:0008
/ # echo 0000:00:01.0 > /sys/bus/pci/drivers/virtio-pci/unbind
[ 5163.097254] hrtimer: interrupt took 87350512 ns
/ # ifconfig -a
lo        Link encap:Local Loopback
          LOOPBACK  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # echo 0000:00:01.0 > /sys/bus/pci/drivers/virtio-pci/bind
[ 5183.251580] virtio_pci_probe(#517): Brook
/ # ifconfig -a
eth0      Link encap:Ethernet  HWaddr 52:54:00:12:34:56
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          LOOPBACK  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


    參考資料:
  • https://blog.csdn.net/zhqh100/article/details/51173275, qemu模拟Cortex-A57运行Linux4.5.1
  • Build the Linux Kernel and Busybox for ARM and run them on QEMU
  • https://zhuanlan.zhihu.com/p/113467453, qemu PCIe总线结构
  • https://pci-ids.ucw.cz/read/PC/1af4, The PCI ID Repository
  • https://stackoverflow.com/questions/22901282/hard-time-in-understanding-module-device-tableusb-id-table-usage, Hard time in understanding MODULE_DEVICE_TABLE(usb, id_table) usage




2022年3月26日 星期六

GDB - jump - 17.2 Continuing at a Different Address


jump顧名思義就是跳到某一行開始執行, 而且是會立刻執行直到遇到breakpoint. 因為jump並不會對stack, memory, 或register有任何改變(除了PC/program counter), 也因此jump的範圍需要在同一個function內部, 避免crash.
你也可以用set $pc=<execute_address> + "continue", "next", "step"替代
Type "apropos word" to search for commands related to "word"...
Reading symbols from a.out...done.
(gdb) set listsize unlimited
(gdb) list
1       #include <stdio.h>
2
3       static void possible_crash_1(void)
4       {
5           printf("%s(#%d)\n", __FUNCTION__, __LINE__);
6       }
7
8       static void possible_crash_2(void)
9       {
10          printf("%s(#%d)\n", __FUNCTION__, __LINE__);
11      }
12
13      static void possible_crash_3(void)
14      {
15          printf("%s(#%d)\n", __FUNCTION__, __LINE__);
16      }
17
18      int main(int argc, char *argv[])
19      {
20          possible_crash_1();
21
22          possible_crash_2();
23
24          possible_crash_3();
25
26          return 0;
27      }
28
(gdb) b main
Breakpoint 1 at 0x400576: file jump.c, line 20.
(gdb) run
Starting program: /build/brook/a.out

Breakpoint 1, main (argc=1, argv=0x7fffffffe4e8) at jump.c:20
20          possible_crash_1();
(gdb) j 22
Continuing at 0x40057b.
possible_crash_2(#10)
possible_crash_3(#15)
[Inferior 1 (process 9816) exited normally]
(gdb) run
Starting program: /build/brook/a.out

Breakpoint 1, main (argc=1, argv=0x7fffffffe4e8) at jump.c:20
20          possible_crash_1();
(gdb) set $pc=0x40057b
(gdb) n
possible_crash_2(#10)
24          possible_crash_3();
(gdb) n
possible_crash_3(#15)
26          return 0;



  • 參考資料:
      https://sourceware.org/gdb/download/onlinedocs/gdb/Jumping.html#Jumping, 17.2 Continuing at a Different Address



  • 熱門文章