Hardware breakpoint in GDB +QEMU missing start_kernel

gdbkernelqemu

I am trying to debug a kernel running on QEMU with GDB.

The kernel has been compiled with these options:

CONFIG_DEBUG_INFO=y
CONFIG_GDB_SCRIPTS=y

I launch the kernel in qemu with the following command:

qemu-system-x86_64 -s -S -kernel arch/x86_64/boot/bzImage

In a separate terminal, I launch GDB from the same path and issue these commands in sequence:

 gdb ./vmlinux
(gdb) target remote localhost:1234
(gdb) hbreak start_kernel
(gdb) c

I did not provide a rootfs, as I am not interested in a full working system as of now, just the kernel. I also tried combinations of hbreak/break.

The kernel just boots and reaches a kernel panic as rootfs cannot be found… expected. I want it to stop at start_kernel and then step through the code.

observation: if I set an immediate breakpoint, it works and stops, but not on start_kernel / startup_64 / main

Is it possible that qemu is not calling all these functions, or is it being masked in some way?

Kernel: 4.13.4 
GDB: GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.3) 7.7.1
GCC: gcc (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4    
system: ubuntu 14.04 LTS

NOTE: This exact same procedure worked with kernel 3.2.93, but does not work with 4.13.4, so I guess some more configurations are needed. I could not find resources online which enabled this debug procedure for kernel 4.0 and up, so as of now I am continuing with 3.2, any and all inputs on this are welcome.

Best Answer

I ran into the same problem and found the solution from the linux kernel newbies mailing list.

You should disable KASLR in your kernel command line with nokaslr option, or disable kernel option "Randomize the kernel memory sections" inside "Processor type and features" when you build your kernel image.

Related Solutions

Ubuntu – How to boot EFI kernel using QEMU (kvm)

OVMF supports -boot since r13683, and supports -kernel -append -initrd since r13923.

Download OVMF-0.1+r14071-1.1.x86_64.rpm or newer version.
Extract bios.bin from the rpm: rpm2cpio OVMF-0.1+r14071-1.1.x86_64.rpm | cpio -idmv
Specify firmware parameter for QEMU: qemu-kvm -bios ./usr/share/qemu-ovmf/bios/bios.bin -m 1G -cdrom boot.iso (Tested with Fedora's boot.iso created with special measures)

I also tested qemu -kernel -append -initrd with kernel 3.5, 3.6, and 3.8.

EFI firmware has format and file hierarchy requirements for ISO image to be bootable(1), and other for disks. Your modified ISO image probably did not meet the requirements so the firmware did not recognize it. EFI firmware also has format requirements for the binary to execute, so your bzImage or whatever kernel image needs to be built with EFISTUB.

You can boot kernel from EFI shell with parameters manually specified. Examples: 2. You can create a startup.nsh to the save a little typing. You can use bootloaders to have more complete management. You need to learn these: 2

EFI firmware saves boot options in NVRAM. QEMU currently does not preserve NVRAM, so boot options are lost once you close QEMU. Without boot options, the firmare tries to find \EFI\BOOT\BOOTX64.EFI to execute but it's not here, so it does not know what to boot and leaves control to you. What you need to do to boot the kernel in EFI shell is just enter a filesystem, navigate to a proper path, and execute a binary.

fs0:
    cd EFI\fedora
    grub.efi

vmlinuz.efi ...

OVMF support virtio-scsi since EDK2 r13867.

Linux – permission denied for ptrace under GDB

I don't think the permission denied is necessarily talking about the traditional permissions bits (rwx..), rather I'd be suspicious of something like SELinux or AppArmor which might be denying your process access.

I do not have access to a ArchLinux system but there is something similar under Fedora that is discussed here in this Fedora Wiki topic: Features/SELinuxDenyPtrace.

Here they're blocking access to ptrace through SELinux, so you might want to try disabling either SELinux or AppArmor is ArchLinux happens to be using either.

What your attempting worked for me

I tried you code on my Fedora 19 system and other than needing to install some addtional debuginfo RPMs it worked as you'd expect it to.

Example

Compiled your code.

$ gcc -g test.c

Ran the resulting binary in gdb.

$ gdb a.out 
GNU gdb (GDB) Fedora 7.6.1-46.fc19
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/saml/tst/106912/a.out...done.
(gdb) break main
Breakpoint 1 at 0x40053f: file test.c, line 4.
(gdb) run
Starting program: /home/saml/tst/106912/a.out 

Breakpoint 1, main (argc=1, argv=0x7fffffffd698) at test.c:4
4       printf("1\n");
Missing separate debuginfos, use: debuginfo-install glibc-2.17-20.fc19.x86_64
(gdb) quit
A debugging session is active.

    Inferior 1 [process 13341] will be killed.

Quit anyway? (y or n) y

The debugger complained that I was missing the debuginfos for glibc so I installed them.

$ sudo debuginfo-install glibc-2.17-20.fc19.x86_64

Now when I re-run gdb.

$ gdb a.out 
GNU gdb (GDB) Fedora 7.6.1-46.fc19
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/saml/tst/106912/a.out...done.
(gdb) break main
Breakpoint 1 at 0x40053f: file test.c, line 4.
(gdb) run
Starting program: /home/saml/tst/106912/a.out 

Breakpoint 1, main (argc=1, argv=0x7fffffffd698) at test.c:4
4       printf("1\n");
(gdb)