Re: [BUG]QEMU jump into interrupt when single-stepping on aarch64

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Shuai Xue <xueshuai@linux.alibaba.com>
To: Richard Henderson <richard.henderson@linaro.org>, qemu-devel@nongnu.org
Subject: Re: [BUG]QEMU jump into interrupt when single-stepping on aarch64
Date: Tue, 12 Apr 2022 20:32:23 +0800	[thread overview]
Message-ID: <84e0c8eb-a857-2a9c-917e-9c0583e7dd45@linux.alibaba.com> (raw)
In-Reply-To: <3036a482-33f5-c283-9ca2-93de1a4f2165@linux.alibaba.com>

在 2022/4/7 PM12:10, Shuai Xue 写道:
> 在 2022/4/7 AM12:57, Richard Henderson 写道:
>> On 4/6/22 09:30, Shuai Xue wrote:
>>> Dear, folks,
>>>
>>> I try to debug Linux kernel with QEMU in single-stepping mode on aarch64 platform,
>>> the added breakpoint hits but after I type `step`, the gdb always jumps into interrupt.
>>>
>>> My env:
>>>
>>>     gdb-10.2
>>>     qemu-6.2.0
>>>     host kernel: 5.10.84
>>>     VM kernel: 5.10.84
>>>
>>> The steps to reproduce:
>>>     # host console: run a VM with only one core, the import arg: <qemu:arg value='-s'/>
>>>     # details can be found here: https://www.redhat.com/en/blog/debugging-kernel-qemulibvirt
>>>     virsh create dev_core0.xml
>>>     
>>>     # run gdb client
>>>     gdb ./vmlinux
>>>
>>>     # gdb client on host console
>>>     (gdb) dir ./usr/src/debug/kernel-5.10.84/linux-5.10.84-004.alpha.ali5000.alios7.aarch64
>>>     (gdb) target remote localhost:1234
>>>     (gdb) info b
>>>     Num     Type           Disp Enb Address            What
>>>     1       breakpoint     keep y   <MULTIPLE>
>>>     1.1                         y   0xffff800010361444 mm/memory-failure.c:1318
>>>     1.2                         y   0xffff800010361450 in memory_failure
>>>                                                     at mm/memory-failure.c:1488
>>>     (gdb) c
>>>     Continuing.
>>>
>>>     # console in VM, use madvise to inject a hwposion at virtual address vaddr,
>>>     # which will hit the b inmemory_failur: madvise(vaddr, pagesize, MADV_HWPOISON);
>>>     # and the VM pause
>>>     ./run_madvise.c
>>>
>>>     # gdb client on host console
>>>     (gdb)
>>>     Continuing.
>>>     Breakpoint 1, 0xffff800010361444 in memory_failure () at mm/memory-failure.c:1318
>>>     1318                    res = -EHWPOISON;
>>>     (gdb) n
>>>     vectors () at arch/arm64/kernel/entry.S:552
>>>     552             kernel_ventry   1, irq                          // IRQ EL1h
>>
>> The 'n' command is not a single-step: use stepi, which will suppress interrupts.
>> Anyway, not a bug.
>>
>> r~
> 
> Hi, Richard,
> 
> Thank you for your quick reply, I also try `stepi`, but it does NOT work either.
> 
> 	(gdb) c
> 	Continuing.
> 
> 	Breakpoint 1, memory_failure (pfn=1273982, flags=1) at mm/memory-failure.c:1488
> 	1488    {
> 	(gdb) stepi
> 	vectors () at arch/arm64/kernel/entry.S:552
> 	552             kernel_ventry   1, irq                          // IRQ EL1h
> 
> According to QEMU doc[1]: the default single stepping behavior is step with the IRQs
> and timer service routines off. I checked the MASK bits used to control the single
> stepping IE on my machine as bellow:
> 
> 	# gdb client on host (x86 plafrom)
> 	(gdb) maintenance packet qqemu.sstepbits
> 	sending: "qqemu.sstepbits"
> 	received: "ENABLE=1,NOIRQ=2,NOTIMER=4"
> 
> The sstep MASK looks as expected, but does not work as expected.
> 
> I also try the same kernel and qemu version on X86 platform:
>>>     gdb-10.2
>>>     qemu-6.2.0
>>>     host kernel: 5.10.84
>>>     VM kernel: 5.10.84
> 
> 
> The command `n` jumps to the next instruction.
> 
> 	# gdb client on host (x86 plafrom)
> 	(gdb) b memory-failure.c:1488
> 	Breakpoint 1, memory_failure (pfn=1128931, flags=1) at mm/memory-failure.c:1488
> 	1488    {
> 	(gdb) n
> 	1497            if (!sysctl_memory_failure_recovery)
> 	(gdb) stepi
> 	0xffffffff812efdbc      1497            if (!sysctl_memory_failure_recovery)
> 	(gdb) stepi
> 	0xffffffff812efdbe      1497            if (!sysctl_memory_failure_recovery)
> 	(gdb) n
> 	1500            p = pfn_to_online_page(pfn);
> 	(gdb) l
> 	1496
> 	1497            if (!sysctl_memory_failure_recovery)
> 	1498                    panic("Memory failure on page %lx", pfn);
> 	1499
> 	1500            p = pfn_to_online_page(pfn);
> 	1501            if (!p) {
> 
> Best Regrades,
> Shuai
> 
> 
> [1] https://github.com/qemu/qemu/blob/master/docs/system/gdb.rst

Hi, Richard,

I was wondering that do you have any comments to this?

Best Regrades,
Shuai

     prev parent reply	other threads:[~2022-04-12 12:55 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-06 14:30 [BUG]QEMU jump into interrupt when single-stepping on aarch64 Shuai Xue
2022-04-06 16:57 ` Richard Henderson
2022-04-07  4:10   ` Shuai Xue
2022-04-12 12:32     ` Shuai Xue [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=84e0c8eb-a857-2a9c-917e-9c0583e7dd45@linux.alibaba.com \
    --to=xueshuai@linux.alibaba.com \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).