search

fizzgig64 / qemu

A version of QEMU with the GiantVM QEMU patches applied
Other
0 stars 0 forks source link

Use QEMU gdbstub to debug a virtual machine kernel #1

Open fizzgig64 opened 3 years ago

fizzgig64 commented 3 years ago

We can typically use:

$QEMU $QEMU_ARGS -kernel vmlinuz ... -gdb tcp::4445 -S

Then:

gdb vmlinux -ex "target remote localhost:4445"

To debug a guest kernel.

This is more complex with GVM since there are at least two gdbstub servers running, one per QEMU instance.

Consider the following two scripts to start a BSP instance and AP instance:

$ cat ./run-gdbstub-bsp-1.sh 
#!/bin/bash

BRANCH=v3.0.0-gvm
QEMU=${BUILD}/${BRANCH}/x86_64-softmmu/qemu-system-x86_64

${QEMU} \
  -m 2048 -nographic \
  -hda ${HDD}.img \
  -cpu host -machine kernel-irqchip=off -enable-kvm \
  -kernel vmlinuz-4.8.0-22-generic -initrd initrd.img-4.8.0-22-generic \
  -append "root=/dev/sda1 console=ttyS0 clocksource=tsc nokaslr init=/bin/bash" \
  -netdev user,id=net0,hostfwd=tcp::2224-:22 -device e1000,netdev=net0 \
  -smp 2 -local-cpu 1,start=0,iplist="127.0.0.1 127.0.0.1" \
  -gdb tcp::4010 -S
$ cat ./run-gdbstub-ap-2.sh 
#!/bin/bash

BRANCH=v3.0.0-gvm
QEMU=${BUILD}/${BRANCH}/x86_64-softmmu/qemu-system-x86_64

${QEMU} \
  -m 2048 -nographic \
  -hda ${HDD}.img \
  -cpu host -machine kernel-irqchip=off -enable-kvm \
  -kernel vmlinuz-4.8.0-22-generic -initrd initrd.img-4.8.0-22-generic \
  -append "root=/dev/sda1 console=ttyS0 clocksource=tsc nokaslr init=/bin/bash" \
  -netdev user,id=net0,hostfwd=tcp::2223-:22 -device e1000,netdev=net0 \
  -smp 2 -local-cpu 1,start=1,iplist="127.0.0.1 127.0.0.1" \
  -monitor telnet:127.0.0.1:4001,server,nowait \
  -gdb tcp::4011 -S

After connecting to the BSP, stepping an instruction hangs:

[...]
Remote debugging using localhost:4010
0x000000000000fff0 in kprobe_ctlblk ()
(gdb) si
...
fizzgig64 commented 3 years ago

For reference, I posted about this on the original repo containing the GiantVM patches: https://github.com/GiantVM/QEMU/issues/1