[Qemu-devel] Re: Debugging with paging enabled

[Marcel Kilgus <qemu@mail.kilgus.net>]

andrzej zaborowski wrote:
>> Well, that explains it then, I guess. In that case I don't really see
>> a clean solution for it.
> If I understand the problem, the clean solution is having the
> debugging symbols at the right addresses: in code that runs with
> paging enabled symbols should be at their virtual addresses and the
> other symbols at physical addresses. Since the period from start to
> enabling paging is usually short, I think most kernels generate only
> virtual addresses for the symbols. I don't remember the ld option to
> move text-base to the right address but see Linux. GDB works perfectly
> for it. It doesn't need to know about segmentation if your symbols are
> correct.

No, as I see it, that doesn't solve the problem (and I did try to do
that by simply using objcopy and telling it to rebase all symbols).

OK, I dug a bit deeper and now I probably know far more about the
internals of qemu and the GDB serial debugging protocol than I ever
wanted. ;-)

Let's say the symbols are at the right location, then this happens
(all based on viewing the qemu code, I haven't actually debugged it):

GDB = ->, QEMU-GDB-STUB = <-

-> Z1,0xC0123456        Set hardware breakpoint at address 0xC0123456
<- OK                   Breakpoint set
-> c                    Continue to run virtual machine
<- S05                  qemu comes to the bp and returns with SIGTRAP.

At this point GDB knows that something has triggered the TRAP
exception, but from the answer alone it cannot know what. It will
certainly continue by requesting all registers of the virtual machine
and then look at the EIP value. But EIP, as CS is based at 0xC0000000,
will be 0x00123456 (note the lacking C at the most significant
nibble). It has no clue what to do with that one and simply passes the
exception on to the user (as seen in my mail that started the
thread).

Assuming that breakpoint locations are indeed meant to be virtual
addresses, GDB would have to evaluate the CS descriptor, add the CS
base to the EIP address and THEN check whether it knows the address.
But as it seems to be segment-agnostic it doesn't do that and things
break as a result.

Anybody seeing anything wrong with my reasoning?

All the best, Marcel