如何使用QEMU和KGDB调试Linux内核? [英] How to debug the Linux kernel with QEMU and KGDB?
问题描述
我已经能够使用以下方式启动基于powerpc的系统(MPC8544DS)来调用qemu(v1.7.0)
I have been able to boot a powerpc based system (MPC8544DS to be specific) using the following way to invoke qemu (v1.7.0)
qemu-system-ppc -M mpc8544ds -m 512 -kernel zImage -s -nographic -initrd busyboxfs.img -append "root=/dev/ram rdinit=/bin/sh kgdboc=ttyS0,115200 kgdbwait"
其中zImage是一个自定义交叉编译的Linux内核(v2.6.32),它启用和编译了KGDB (用于启动代码调试)和 busyboxfs.img 是基于busybox的rootfs。
where zImage is a custom cross compiled Linux Kernel (v2.6.32) which has KGDB enabled and compiled in (for startupcode debugging) and busyboxfs.img is the busybox based rootfs.
由于我使用 -s 标记给Qemu,我可以使用cross gdb进入内核,如下所示:
Since I'm using the -s flag to Qemu, I can break-in to the kernel using cross gdb like so:
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
mem_serial_in (p=<value optimized out>, offset=5) at drivers/serial/8250.c:405
405 }
但是,如果我删除 s 标志,并尝试通过 / dev / ttyS0 它给我一个权限被拒绝的错误:
However if I remove the -s flag and try to break in to the kernel over /dev/ttyS0 it gives me a permission denied error:
(gdb) set remotebaud 115200
(gdb) target remote /dev/ttyS0
permission denied
是因为它被QEMU?另外在互联网的例子中,kgdboc已经设置为 ttyAMA0 ,我明白了代表 AMBA 总线是特定于基于ARM的系统。我们有类似PowerPC的东西吗?我在这里做错了吗?
Is it because it has been held over by Qemu? Additionally in example across the internet, kgdboc has been set to ttyAMA0 which I've come to understand stands for the AMBAbus which is specific to ARM based systems. Do we have something similar for PowerPC? Am I doing something wrong here?
推荐答案
你似乎对主机串行设备/ dev / ttyS0感到困惑,和QEMU自己的gdbserver,用于访客内核中的KGDB。
You appear to be confusing the host serial device /dev/ttyS0 for the guest one, and QEMU's own gdbserver for KGDB in the guest kernel.
QEMU通常没有任何理由触及主机的串行端口。真正的唯一原因是,如果您想要一台物理机主机QEMU,并有效地将其物理串行端口提供给客户端,以便您可以使用由实际串行电缆连接的不同物理机器来调试客人。
There is normally no reason for QEMU to touch the host's serial port. Really the only reason for doing that would be if you wanted to have one physical machine host QEMU, and effectively give its physical serial port to the guest, so that you could then use a different physical machine connected by an actual serial cable to debug the guest.
当您使用-s标志时,您会告诉QEMU运行自己的GDB服务器(默认情况下监听主机环回TCP端口1234),允许您打破任何程序在客户端上运行,就是一个内核或引导加载程序或者别的东西。这与让guest虚拟机本身通过KGDB进行调试合作不一样。
When you use the -s flag, you tell QEMU to run its own GDB server (by default listening on host loopback TCP port 1234) allowing you to break into whatever program is running on the guest, be that a kernel or bootloader or something else. This is not the same as having the guest kernel itself cooperate with debugging via KGDB.
如果要使用KGDB,您将需要像配置KGDB这样的东西在内核构建中使用仿真串行端口的客户端,然后告诉主机上的GDB,使用该仿真端口的主机端。
QEMU命令行文档详细介绍了这一点:
If you want to use KGDB, you are going to need to so something like configure KGDB in the kernel build to use the guest side of an emulated serial port, and then tell GDB on the host to use the host end of that emulated port. The QEMU command line documenation covers this in detail:
调试/专家选项:
Debug/Expert options:
' - 串行开发'
重定向虚拟串口到主机字符设备开发。默认设备为vc,图形模式为vc,非图形模式为stdio。
‘-serial dev’ Redirect the virtual serial port to host character device dev. The default device is vc in graphical mode and stdio in non graphical mode.
此选项可以多次使用,最多可以模拟4个串口。 b $ b
This option can be used several times to simulate up to 4 serial ports.
您的更有趣的选项
'pty'
[仅限Linux]伪TTY(新PTY自动分配)
‘pty’ [Linux only] Pseudo TTY (a new PTY is automatically allocated)
'/ dev / XXX'
[仅限Linux]使用主机tty,例如的/ dev / ttyS0来。主机串行端口参数是根据仿真设置的。
‘/dev/XXX’ [Linux only] Use host tty, e.g. ‘/dev/ttyS0’. The host serial port parameters are set according to the emulated ones.
这是你不想要的 - 除非你想使用一个串行电缆到不同的物理机器,将运行GDB。
This is what you don't want - unless you want to use a serial cable to a different physical machine that will run GDB.
'tcp:[host]:port [,server] [,nowait ] [,nodelay]'
TCP Net Console有两种操作模式。它可以将串行I / O发送到某个位置或等待某个位置的连接。默认情况下,TCP Net Console在端口上发送到主机。如果使用服务器选项,则在继续之前,QEMU将等待客户端套接字应用程序连接到端口,除非指定了nowait选项。 nodelay选项禁用Nagle缓冲算法。如果省略host,则假定为0.0.0.0。一次只能连接一个TCP连接。您可以使用telnet连接到相应的字符设备。
‘tcp:[host]:port[,server][,nowait][,nodelay]’ The TCP Net Console has two modes of operation. It can send the serial I/O to a location or wait for a connection from a location. By default the TCP Net Console is sent to host at the port. If you use the server option QEMU will wait for a client socket application to connect to the port before continuing, unless the nowait option was specified. The nodelay option disables the Nagle buffering algorithm. If host is omitted, 0.0.0.0 is assumed. Only one TCP connection at a time is accepted. You can use telnet to connect to the corresponding character device.
将tcp控制台发送到192.168.0.2端口4444的示例
-serial tcp:192.168.0.2: 4444
Example to send tcp console to 192.168.0.2 port 4444 -serial tcp:192.168.0.2:4444
监听连接端口4444的示例连接
-serial tcp :: 4444,服务器
Example to listen and wait on port 4444 for connection -serial tcp::4444,server
不等待和监听ip 192.168.0.100端口4444
-serial tcp:192.168.0.100:4444,服务器,nowait
Example to not wait and listen on ip 192.168.0.100 port 4444 -serial tcp:192.168.0.100:4444,server,nowait
这是一个很好的常见选择。您可以使用基本相同的GDB语法,例如,如果您指定loopback接口地址127.0.0.1和端口1234,您可以使用与以前完全相同的GDB命令。
This is a good and common choice. You can use basically the same GDB syntax, for example if you specify the loopback interface address 127.0.0.1 and the port 1234 you can just use exactly the same GDB command as before.
'unix:path [,server] [,nowait]'
使用unix域套接字代替tcp套接字。该选项的工作方式与您已经指定了-serial tcp相同,只是unix域套接字路径用于连接。
‘unix:path[,server][,nowait]’ A unix domain socket is used instead of a tcp socket. The option works the same as if you >had specified -serial tcp except the unix domain socket path is used for connections.
这是一个很好的选择,假设你的GDB支持它。
This is a good choice too, assuming your GDB supports it.
您可能需要首先配置这些选项之一,运行没有KGDB并获得一个shell,并找出什么调用仿真设备的客户端,然后重新启动,配置为使用KGDB。
You may need to configure one of these options first, run without KGDB and get a shell up and figure out what the guest end of the emulated device is called, then reboot with KGDB configured to use that.
这篇关于如何使用QEMU和KGDB调试Linux内核?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
