Using Qemu for debugging kernel code Amirali Shambayati
Using Qemu for debugging kernel code Amirali Shambayati
What is Qemu? �A processor emulator �Uses dynamic binary translation to achieve a reasonable speed. �Easy to port on new host CPU architectures
Features: �Is able to run virtual machines �Supports the emulation of various architectures � including IA-32 (x 86) PCs, x 86 -64 PCs, MIPS R 4000, Sun's SPARC sun 4 m, Sun's SPARC sun 4 u, ARM development boards (Integrator/CP and Versatile/PB), SH 4 SHIX board, Power. PC (PRe. P and Power Macintosh), ETRAX CRIS and Micro. Blaze architectures. �Uses a special format (qcow 2) for virtual machines � Only takes up disk space that the guest OS actually uses.
Features(continued) �Communication between host and guest �Uses SMB server �Disk images can be mounted on host system. �Is able to boot Linux kernels without having to prepare a bootable image with a bootloader.
TCG(Tiny Code Generator) �Aims to remove the shortcoming of relying on a particular version of GCC or any compiler. �The whole translation task consists of two parts: 1. blocks of target code (TBs) being rewritten in TCG ops - a kind of machine-independent intermediate notation. 2. Compiling notations for the host's architecture by TCG. � Optional optimization passes are performed between them.
Using Qemu for debugging purpose �Two approaches we experienced: 1. Using eclipse CDT with Qemu 2. Using gdb with qemu �We encountered with a problem, by using eclipse. �Apparently, it’s possible to set breakpoint before running kernel code, only by using hardware breakpoint, and eclipse CDT doesn’t support it. We decided to use gdb, directly, as an alternative.
Prepare eclipse-qemu �A good step by step instruction for preparing eclipseqemu interaction, is written here: �http: //www. minoraddition. com/2011/02/11/linux-kerneldevelopment-and-debugging-using-eclipse-cdt �http: //issaris. blogspot. com/2007/12/download-linuxkernel-sourcecode-from. html
How to run Qemu �sudo qemu -s -S -hda linux-0. 2. img -append "root=/dev/sda" -kernel /mnt/build/linux 2. 6/arch/x 86/boot/bz. Image � The “-s” option is a shorthand for -gdb tcp: : 1234 � The “-S” option stops the CPU to start at startup � The “-hda” option indicates image disk’s name � The “-append” option indicates the disk which kernel is in. � The “-kernel” indicates the address of kernel image, built after compiling. �Qemu. org has some ready disk images. � Building a disk image and setup an OS on, is also possible.
Using gdb as debugger �GDB is the standard debugger for the GNU software system. �It is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Free. BASIC, Free Pascal and Fortran.
Running GDB gdb is built in kernel, and it can be run by entering “gdb” command in terminal. 2. Target remote localhost: 1234 1. � Indicates the port which gdb should hear qemu on. 3. Symbol-file vmlinux � Indicates image file which gdb should read symbol tables from.
Some useful gdb commands: �C �Continue running code. � hbreak filename. c: line number � Setting hardware breakpoint
- Slides: 11