[Qemu-devel] [PATCH] i386 debugging stubs: Consider segment bases

[Eddie Kohler <kohler@cs.ucla.edu>]

Hi,

QEMU has a bug that complicates GDB debugging of i386 targets when the
current code or data segment has a nonzero base.  A fix is attached.

If the current code segment has a nonzero base, breakpoints don't work
as expected, because the breakpoint detector does not consider segment
bases.

If the current data segment has a nonzero base, memory inspection doesn't
work, because cpu_get_phys_page_debug does not consider segment bases.

A tiny 'operating system' demonstrating the problem is here:

http://read.cs.ucla.edu/~kohler/qemu-gdbseg-demo.tgz

The README enclosed in that tarball gives steps on how to replicate the
breakpoint problem.  The 'kernel' runs with segment base 0x10000000, so
that linear address 0xF0001000 is translated into physical address
0x00001000.  But breakpoints (which should use virtual addresses) at
a linear address (e.g. 0xF0100000) are ignored.  You can stop execution
using a physical address, but all the addresses reported
back to GDB are linear addresses, so this isn't consistent.

This is a real problem that prevents us from using unpatched QEMU in
classwork.  Any comments on the fix??  (A version was initially posted
several years ago.)

Thanks,
Eddie Kohler



>From 6784824c7576514456a989192e07e63352bdb4ae Mon Sep 17 00:00:00 2001
From: Eddie Kohler <ekohler@gmail.com>
Date: Fri, 24 Sep 2010 16:42:27 -0700
Subject: [PATCH] i386 debugging stubs: Consider segment bases

- Access dumpable memory relative to the current data segment base.
- Detect breakpoints relative to the current code segment base.
---
 target-i386/helper.c    |    1 +
 target-i386/translate.c |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/target-i386/helper.c b/target-i386/helper.c
index e134340..0bfd4a9 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -831,6 +831,7 @@ target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
     target_phys_addr_t paddr;
     uint32_t page_offset;
     int page_size;
+    addr += env->segs[R_DS].base;
 
     if (env->cr[4] & CR4_PAE_MASK) {
         target_ulong pdpe_addr;
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 7b6e3c2..d9e5b79 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7816,7 +7816,7 @@ static inline void gen_intermediate_code_internal(CPUState *env,
     for(;;) {
         if (unlikely(!QTAILQ_EMPTY(&env->breakpoints))) {
             QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
-                if (bp->pc == pc_ptr &&
+                if (bp->pc == pc_ptr - dc->cs_base &&
                     !((bp->flags & BP_CPU) && (tb->flags & HF_RF_MASK))) {
                     gen_debug(dc, pc_ptr - dc->cs_base);
                     break;
-- 
1.7.0.4