Version 19 - History - GalaxyNexusI9250SerialConsole - Replicant

GalaxyNexusI9250SerialConsole » History » Version 19

Denis 'GNUtoo' Carikli, 01/29/2020 11:19 PM

-Paul Kocialkowski
+h1. Galaxy Nexus (I9250) Serial Console
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+See [[SamsungSerial]] for the hardware setup.
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h2. Without patching the kernel on Replicant 6
 Adding @loglevel=8 fiq_debugger.console_enable=1 fiq_debugger.no_sleep=1@ to the kernel command line enables to see some of the boot of the kernel without having to recompile the kernel.
 Though it requires to repack a boot.img to add the commandline arguments.
 <pre>
 IMAGE ?= boot.img
 EXTRA_CMDLINE ?= loglevel=8 fiq_debugger.console_enable=1 fiq_debugger.no_sleep=1
 .PHONY: $(IMAGE) flash
 $(IMAGE):
 	unbootimg --kernel kernel \
 		--ramdisk ramdisk \
 		-i ../$(IMAGE)
 	mkbootimg \
 		--kernel kernel \
 		--ramdisk ramdisk \
 		--base 0x80000000 \
 		--cmdline "androidboot.hardware=tuna ${EXTRA_CMDLINE}" \
 		-o $(IMAGE)
 flash:
 	fastboot flash boot $(IMAGE)
 	fastboot flash recovery $(IMAGE)
 	fastboot boot $(IMAGE)
 </pre>
 h2. Serial console t
 Denis 'GNUtoo'  Carikli
 When you connect the cable you get the FIQ debugger, but what if you want kgdb instead:
 * apply that patch:
 <pre>
 diff --git a/arch/arm/mach-omap2/board-tuna.c b/arch/arm/mach-omap2/board-tuna.c
 index a022a43..7098227 100644
 --- a/arch/arm/mach-omap2/board-tuna.c
 +++ b/arch/arm/mach-omap2/board-tuna.c
@@ -1001,6 +1001,8 @@ static inline void __init board_serial_init(void)
         omap_serial_init_port_pads(0, uart1_pads, uart1_pads_sz, NULL);
         omap_serial_init_port_pads(1, tuna_uart2_pads,
                 ARRAY_SIZE(tuna_uart2_pads), &tuna_uart2_info);
 +       omap_serial_init_port_pads(2,tuna_uart3_pads,
 +               ARRAY_SIZE(tuna_uart3_pads), NULL);
         omap_serial_init_port_pads(3, tuna_uart4_pads,
                                    ARRAY_SIZE(tuna_uart4_pads), NULL);
+ }
 </pre>
 * remove the FIQ debugger in the kernel configuration.
 * change the CMDLINE trough the kernel configuration:
 Use:
 <pre>CONFIG_CMDLINE="console=ttyO2 androidboot.console=ttyO2 [...]"</pre>
 Instead of:
 <pre>CONFIG_CMDLINE="console=ttyFIQ0 androidboot.console=ttyFIQ0 [...]"</pre>
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+* Verify that you get the kernel messages.
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h2. KGDB
-Denis 'GNUtoo'  Carikli
+* Then change the cmdline for kgdb
-Denis 'GNUtoo'  Carikli
+<pre>
 CONFIG_CMDLINE="kgdboc=ttyO2,115200 console=ttyO2 androidboot.console=ttyO2 [...]"
 </pre>
 Don't add kgdbwait tough because it result in that:
 <pre>
 (gdb) set remotebaud 115200
 (gdb) target remote /dev/ttyUSB0
 /dev/ttyUSB0: Device or resource busy.
 (gdb) target remote /dev/ttyUSB0
 Remote debugging using /dev/ttyUSB0
 kgdb_breakpoint ()
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:954
 		arch_kgdb_breakpoint();
 (gdb) c
 Continuing.
 Program received signal SIGSEGV, Segmentation fault.
 __raw_spin_lock_irqsave (lock=0x288)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/spinlock.c:112
 	BUILD_LOCK_OPS(spin, raw_spinlock);
 (gdb) bt
 #0  __raw_spin_lock_irqsave (lock=0x288)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/spinlock.c:112
 #1  0xc061aecc in _raw_spin_lock_irqsave (lock=0x288)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/spinlock.c:145
 #2  0xc0098620 in try_to_wake_up (p=0x0, state=1611595795, wake_flags=1)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/sched.c:2681
 #3  0xc009897c in wake_up_process (p=0x288)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/sched.c:2785
 #4  0xc00e2090 in proc_dohung_task_timeout_secs (table=<value optimized out>, write=<value optimized out>,
     buffer=<value optimized out>, lenp=<value optimized out>, ppos=0xc782bf70)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/hung_task.c:190
 #5  0xc0174178 in proc_sys_call_handler (filp=<value optimized out>, buf=0x24808, count=1, ppos=0xc782bf70,
     write=1) at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/proc/proc_sysctl.c:158
 #6  0xc01741b0 in proc_sys_write (filp=0x288, buf=0x600f0013 <Address 0x600f0013 out of bounds>, count=1,
     ppos=0xc782a000)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/proc/proc_sysctl.c:176
 #7  0xc0126420 in vfs_write (file=0xc73be500, buf=0x24808 "0", count=<value optimized out>, pos=0xc782bf70)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:377
 #8  0xc0126590 in sys_write (fd=<value optimized out>, buf=0x24808 "0", count=1)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:429
 #9  0xc0055a00 in ?? ()
 Cannot access memory at address 0x0
 #10 0xc0055a00 in ?? ()
 Cannot access memory at address 0x0
 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
 </pre>
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+* disable the watchdog timer in the kernel, and recompile it and reflash the boot.img.
 Denis 'GNUtoo'  Carikli
 then open a root console and do:
 <pre>
 echo g > /proc/sysrq-trigger
 </pre>
 Denis 'GNUtoo'  Carikli
 <pre>
 gnutoo@gnutoo-laptop:~/embedded/android/replicant-4.0$ . build/envsetup.sh
 including device/ti/panda/vendorsetup.sh
 including vendor/replicant/vendorsetup.sh
 including sdk/bash_completion/adb.bash
 gnutoo@gnutoo-laptop:~/embedded/android/replicant-4.0$ lunch replicant_maguro-eng
 ============================================
 PLATFORM_VERSION_CODENAME=REL
 PLATFORM_VERSION=4.0.4
 TARGET_PRODUCT=replicant_maguro
 TARGET_BUILD_VARIANT=eng
 TARGET_BUILD_TYPE=release
 TARGET_BUILD_APPS=
 TARGET_ARCH=arm
 TARGET_ARCH_VARIANT=armv7-a-neon
 HOST_ARCH=x86
 HOST_OS=linux
 HOST_BUILD_TYPE=release
 BUILD_ID=IMM76L
 ============================================
 gnutoo@gnutoo-laptop:~/embedded/android/replicant-4.0$ arm-linux-androideabi-gdb
 GNU gdb (GDB) 7.1-android-gg2
 Copyright (C) 2010 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 and "show warranty" for details.
 This GDB was configured as "--host=i686-linux-gnu --target=arm-elf-linux".
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>.
 (gdb) file /home/gnutoo/embedded/android/replicant-4.0/out/target/product/maguro/obj/KERNEL_OBJ/vmlinux
 Reading symbols from /home/gnutoo/embedded/android/replicant-4.0/out/target/product/maguro/obj/KERNEL_OBJ/vmlinux...done.
 (gdb) set remotebaud 115200
-Denis 'GNUtoo'  Carikli
+(gdb) target remote /dev/ttyUSB0
 Remote debugging using /dev/ttyUSB0
 kgdb_breakpoint ()
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:954
 		arch_kgdb_breakpoint();
 (gdb) bt
 #0  kgdb_breakpoint ()
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:954
 #1  0xc00df764 in sysrq_handle_dbg (key=-29306880)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/kernel/debug/debug_core.c:745
 #2  0xc02f2e18 in __handle_sysrq (key=103, check_mask=false)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/drivers/tty/sysrq.c:522
 #3  0xc02f2ec4 in write_sysrq_trigger (file=<value optimized out>, buf=<value optimized out>, count=2,
     ppos=0xc4a01f70)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/drivers/tty/sysrq.c:870
 #4  0xc016ba88 in proc_reg_write (file=0xc49ea3c0, buf=0x137fc84 "g\n\f@", count=2, ppos=0xc4a01f70)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/proc/inode.c:200
 #5  0xc0126420 in vfs_write (file=0xc49ea3c0, buf=0x137fc84 "g\n\f@", count=<value optimized out>,
     pos=0xc4a01f70) at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:377
 #6  0xc0126590 in sys_write (fd=<value optimized out>, buf=0x137fc84 "g\n\f@", count=2)
     at /home/gnutoo/embedded/android/replicant-4.0/kernel/samsung/tuna/fs/read_write.c:429
 #7  0xc0055a00 in ?? ()
 Cannot access memory at address 0x0
 #8  0xc0055a00 in ?? ()
 Cannot access memory at address 0x0
 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
 (gdb)
 Denis 'GNUtoo'  Carikli
 </pre>
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+h2. Multiplexing the serial port
-Denis 'GNUtoo'  Carikli
+since we have only 1 serial port, you can also use agent proxy to get kgdb and the console at the same time....
 <pre>
 git clone git://git.kernel.org/pub/scm/utils/kernel/kgdb/agent-proxy.git
 cd agent-proxy ; make
 </pre>
 Denis 'GNUtoo'  Carikli
 h2. Root on serial port
 Denis 'GNUtoo'  Carikli
 * Modify system/su/su.c:
 <pre>
 diff --git a/su.c b/su.c
 index d36eaed..51137d4 100644
 --- a/su.c
 +++ b/su.c
@@ -494,11 +494,13 @@ int main(int argc, char *argv[])
              deny(&ctx);
+         }
 +#if 0
          // disallow su in a shell if appropriate
          if (ctx.from.uid == AID_SHELL && (atoi(enabled) == 1)) {
              LOGE("Root access is disabled by a system setting - enable it under settings -> developer options");
              deny(&ctx);
+         }
 +#endif
+     }
      if (ctx.from.uid == AID_ROOT || ctx.from.uid == AID_SHELL)
 </pre>
 * adb push it to /system/xbin/su
 * remove /system/bin/su
 * chmod +s it: <pre>busybox chmod +s /system/xbin/su</pre>
 Denis 'GNUtoo'  Carikli
 h2. TODO
 Denis 'GNUtoo'  Carikli
-Denis 'GNUtoo'  Carikli
+ * reliable rebugging (right now it breaks on the wrong line)
  * phone that doesn't power off screen while debugging...

Project

General

Profile

Replicant

GalaxyNexusI9250SerialConsole » History » Version 19