jtagfs – jtag kernel debugging file system

jtagfs [ –d debugstr ] [ –b motherbname ] [ –t text ] [ –m mountpoint ] [ –s srvfile ] jtagfile

Jjagfs presents in /n/jtagfs/ctl a set of process files for debugging a kernel running on an arm over a jtag device in a manner similarly to rdbfs(4) but without any need for the kernel collaborating. In debug mode an arm stops and isolates itself from the surroundings and can be probed and instructions injected at will. There are a number of options:
d    Can be used to set the debug string, see below.
m    and –s Set the mount point and srv name respectively. By default the mount point is /n/jtagfs/ctl.
b    Motherboard kind jtagfs is going to be run against. Valid parameters are sheeva, which stands for the Feroceon Guruplug and the sheevaplug and is the default and gurudisp which stands for the Armada Guru Display.
t    The text file presented is just a copy of text (default /arm/s9plug). It can usually be ignored, since the debuggers open kernel files directly rather than using /proc/n/text.

Kernels can be remotely debugged only when they are stopped and put in debug mode. This can be done through instruction breakpoints, vector catching (on entry to interrupts) or on demand using stop().

An acid library to use with the most common operations called jtag is provided to make most common operations simpler. In particular start(), stop() and waitstop() have jtag specific variants (for example sheevastart() ) which disable and reenable the watchdog. Other than this functions and the symbol translations, this program can be used to debug kernels from other operating systems.

The function veccatch(str) can be used to set a vectorcatch, which stops the processor right after an interrupt. The string describes which interrupts to cacth. Each caracter represents a type of interrupt:
'R'     Reset
'S'     SWI
'P'     PAbort
'D'     DAbort
'I'     Irq
'F'     Fiq

The function debug(str) can be used to set different levels of debug. Each character on the string represent a different software layer:

DFile     = 'f',       /* Reads, writes, flushes*/
DPath     = 'p',       /* path for state transitions for tap debugging */
DState    = 's',       /* state calculation and changes on tap interface */
Dinst     = 'i',       /* mpsse instruction assembling debug */
Dassln    = 'a',       /* print instructions before assembling */
Dmach     = 'm',       /* print mpsse machine code and op results */
Djtag     = 'j',       /* print jtag level operations */
Dice      = 'e',       /* print icert level operations */
Dchain    = 'h',       /* print icert chains */
Dmmu      = 'u',       /* print MMU ops */
Dctxt     = 'c',       /* dump context in and out */
Darm      = 'w',       /* standard insts and so */
Dmem      = 'y',       /* memory ops */
Dfs       = 'k',       /* filesystem ops */
DAll      = 'A'

jtagfs /dev/eiaU*/jtag
bind /n/jtagfs /proc/1
term% acid –l jtag –k 1 /arm/s9plug
/arm/s9plug:ARM plan 9 boot image
acid: reset()
acid: sheevastop()
ID: 0x20a023d3
Must be 1: 1
Manufacturer id: 0x1e9
Part no: 0xa02
Version: 0x2
1: SVC/SWI Exception0xc02e1094no instruction
acid: dump(0xc02e1094, 4, "Xi")
0xc02e1094: 0x1204e0ff CMP.S$#0x100,R0
0xc02e109c: 0xe0266003 B.NEetext+0x5fa536bc
0xc02e10a4: 0xe20c2040 AND$#0x8,R12,R0
0xc02e10ac: 0xe20e1080 AND$#0x1,R14,R3
0xc02e10b4: 0xe1811002 ORR(R0<<4),R3,R3
acid: regs()
R0    0x5e20a2dc R1    0xf5518723 R20x001d1d00
R3    0x369244e0 R4    0x2b9244fd R50xbbc54739
R6    0x5e20a2dc R7    0x00000eb0 R80xdfd7ceb0
R9    0x00000006 R10    0xc08c1f20 R110xc08c1f04
R12 0x1d00001d R13    0xc08c1ea0 R140x00000000
R15 0xc031fa8c
acid: sheevastart()


acid(1), db(1).
``ARM9E–S Technical Reference Manual''.
``ARM7TDMI–S Core Technical Reference Manual".
``Application note 205 "Writing JTAG Sequences for Arm 9 Processors".
``Design and Implementation of an On–Chip Debug for Embedded Target Systems", Dominic Rath.
``IEEE Standard 1149–1–2001 Test Access Port and Boundary Scan Architecture", JTag IEEE standard.
``AN2232C–01 Command Processor for MPSSE and MCU Host Bus Emulation Modes", Future Technology Devices International Ltd.

After a while of the machine being on, the jtag will stop working; maybe an autentication register needs to be set. If this is the case cpuid() will return error. Reset always works. Reading and writing from memory is slow. The filesystems needs a lot of cleaning. Only the feroceon cpu and sheeva/guruplug boards are supported, though more can be added. Error report is sparse. Jtagfs should be rewritten using the 9p library and it would shrink to half.
Copyright © 2021 Alcatel-Lucent. All rights reserved.