Adrian Huang, profile picture
Uploaded byAdrian Huang
PDF, PPTX1,082 views

qemu + gdb: The efficient way to understand/debug Linux kernel code/data structure

The document provides a detailed guide for setting up and debugging the Linux kernel using qemu and gdb in an x86_64 environment, primarily based on kernel 5.11. It includes instructions for environment preparation, launching the virtual machine, and specific gdb commands for examining kernel data structures. Examples of breakpoints and memory structures are also discussed to aid in understanding the debug process.

Embed presentation

Download as PDF, PPTX
* Based on kernel 5.11 (x86_64) – QEMU * 2-socket CPUs (4 cores/socket) * 16GB memory * Kernel parameter: nokaslr norandmaps * KASAN: disabled * Userspace: ASLR is disabled * Host OS: Ubuntu 20.04.1 qemu + gdb: The efficient way to understand/debug Linux kernel code/data structure Adrian Huang | Aug, 2022
Environment Preparation • Repo: https://github.com/AdrianHuang/gdb-linux-real-mode.git
Environment Preparation • Repo: https://github.com/AdrianHuang/gdb-linux-real-mode.git o ./scripts/build.sh ▪ Download/build kernel and busybox: Make sure if your machine can access the Internet o ./scripts/launch-vm.sh ▪ Launch a guest OS (QEMU) and wait for gdb connection o ./scripts/launch-gdb.sh ▪ Launch gdb debugger and connect to the QEMU guest OS • Steps: $ git clone https://github.com/AdrianHuang/gdb-linux-real-mode.git Cloning into 'gdb-linux-real-mode’... $ cd gdb-linux-real-mode/ $ ./scripts/build.sh # After build.sh is done, you’re all set!
QEMU/gdb at a glance: Console #1 Console #1: wait for gdb debugger
QEMU/gdb at a glance: Console #2: Real-mode entry point Console #2: gdb debugger – breakpoint @0x10200 (real-mode entry point) Kernel boot section 0x10000 0x10200 Physical Memory QEMU loader loads ‘setup.bin’ at address 0x10000 0 ds = es = fs = gs = ss cs stack sp = 0x1FFF0 (ss:0xFFF0) protected mode real mode Kernel setup code gdb command file: Add any gdb commands in this file Reference (Real-mode entry point): Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Console #2: step & continue 1 2 Console #1: QEMU: Guest OS 3 QEMU/gdb at a glance: Console #1/#2 Reference (Real-mode entry point): Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Note: Debug the decompressed vmlinux (generic kernel) $ head -n 12 gdb-files/gdb-linux-kernel-real-mode.txt # debug info about real-mode code of Linux kernel add-symbol-file /home/adrian/work/gdb-linux-real-mode/out/obj/linux/arch/x86/boot/setup.elf 0x103ff -s .bstext 0x10000 -s .bsdata 0x1002d -s .header 0x101ef -s .entrytext 0x1026c -s .inittext 0x102d4 -s .initdata 0x103e1 -s .text32 0x130ce -s .bss 0x136e0 -s .data 0x13660 # debug info about compressed vmlinux add-symbol-file /home/adrian/work/gdb-linux-real-mode/out/obj/linux/arch/x86/boot/compressed/vmlinux 0x3ce4f0 - s .head.text 0x100000 -s .data 0x3d5b90 -s .bss 0x3d5e40 -s .pgtable 0x3f6000 target remote :1234 # Uncomment the following line if you want to debug the decompressed vmlinux add-symbol-file /home/adrian/work/gdb-linux-real-mode/out/obj/linux/vmlinux set print pretty on
Kernel supported gdb functions and commands
Console #2: gdb console Console #1: QEMU: Guest OS Example #1: Conditional breakpoint gdb-files/gdb-linux-kernel-real-mode.txt
Example #2: watchpoint Only one pte mapped pte: physical address 1 2 3 gdb command: (gdb) watch *(0xffff8881809c0028)
4KB Disk Mapping Layer: file system Generic Block Layer sector size bi_size = 1024 bvec_iter bi_sector bv_len = 1024 bio_vec bv_page bv_offset bio Example #3: Data structure examination
Page Map Level-4 Table 40 CR3 init_top_pgt = swapper_pg_dir Sign-extend Page Map Level-4 Offset Physical Page Offset 0 30 21 39 20 38 29 47 48 63 Page Directory Pointer Offset Page Directory Offset Page Directory Pointer Table Page Directory Table level3_kernel_pgt PDPTE #511 PDPTE #510 PDE #506 PDE #507 PDE #505 Direct Mapping Region Kernel Code & fixmap cpu_entry_area: 0.5TB vmalloc: 32TB PDE #13 PML4E #402 PML4E #273 … PML4E #465 PML4E #468 PML4E #508 PML4E #511 vmemmap (page descriptor) PDPTE #0 Page Table Offset 1211 PTE #82 = 0 PTE #83 = 0 Page Table Physical Memory page frame Example #4: Page Table Examination [Linear Address] 0xffff_c900_01a5_2000, 0xffff_c900_01a5_3000 1 2 3 4 5
Example #5: ptype: print data type
Example #6: macro

More Related Content

PDF
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
byAdrian Huang
 
PDF
Linux Kernel - Virtual File System
byAdrian Huang
 
PDF
Decompressed vmlinux: linux kernel initialization from page table configurati...
byAdrian Huang
 
PDF
Process Address Space: The way to create virtual address (page table) of user...
byAdrian Huang
 
PDF
Anatomy of the loadable kernel module (lkm)
byAdrian Huang
 
PDF
malloc & vmalloc in Linux
byAdrian Huang
 
PDF
Physical Memory Models.pdf
byAdrian Huang
 
PPTX
Slab Allocator in Linux Kernel
byAdrian Huang
 
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
byAdrian Huang
 
Linux Kernel - Virtual File System
byAdrian Huang
 
Decompressed vmlinux: linux kernel initialization from page table configurati...
byAdrian Huang
 
Process Address Space: The way to create virtual address (page table) of user...
byAdrian Huang
 
Anatomy of the loadable kernel module (lkm)
byAdrian Huang
 
malloc & vmalloc in Linux
byAdrian Huang
 
Physical Memory Models.pdf
byAdrian Huang
 
Slab Allocator in Linux Kernel
byAdrian Huang
 

What's hot

PDF
Memory Mapping Implementation (mmap) in Linux Kernel
byAdrian Huang
 
PPTX
qemu + gdb + sample_code: Run sample code in QEMU OS and observe Linux Kernel...
byAdrian Huang
 
PDF
Page cache in Linux kernel
byAdrian Huang
 
PDF
Memory Management with Page Folios
byAdrian Huang
 
PDF
Qemu device prototyping
byYan Vugenfirer
 
PDF
spinlock.pdf
byAdrian Huang
 
PDF
Fun with Network Interfaces
byKernel TLV
 
PDF
Reverse Mapping (rmap) in Linux Kernel
byAdrian Huang
 
PPTX
Linux Initialization Process (2)
byshimosawa
 
PPTX
Linux Memory Management
byNi Zo-Ma
 
PDF
BPF Internals (eBPF)
byBrendan Gregg
 
PDF
GDB Rocks!
byKent Chen
 
PDF
Introduction to eBPF and XDP
bylcplcp1
 
PPTX
Linux Network Stack
byAdrien Mahieux
 
PDF
Memory Compaction in Linux Kernel.pdf
byAdrian Huang
 
PDF
The linux networking architecture
byhugo lu
 
PPTX
Linux kernel debugging
byHao-Ran Liu
 
PDF
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
byAnne Nicolas
 
PDF
Intel DPDK Step by Step instructions
byHisaki Ohara
 
PPT
Bootstrap process of u boot (NDS32 RISC CPU)
byMacpaul Lin
 
Memory Mapping Implementation (mmap) in Linux Kernel
byAdrian Huang
 
qemu + gdb + sample_code: Run sample code in QEMU OS and observe Linux Kernel...
byAdrian Huang
 
Page cache in Linux kernel
byAdrian Huang
 
Memory Management with Page Folios
byAdrian Huang
 
Qemu device prototyping
byYan Vugenfirer
 
spinlock.pdf
byAdrian Huang
 
Fun with Network Interfaces
byKernel TLV
 
Reverse Mapping (rmap) in Linux Kernel
byAdrian Huang
 
Linux Initialization Process (2)
byshimosawa
 
Linux Memory Management
byNi Zo-Ma
 
BPF Internals (eBPF)
byBrendan Gregg
 
GDB Rocks!
byKent Chen
 
Introduction to eBPF and XDP
bylcplcp1
 
Linux Network Stack
byAdrien Mahieux
 
Memory Compaction in Linux Kernel.pdf
byAdrian Huang
 
The linux networking architecture
byhugo lu
 
Linux kernel debugging
byHao-Ran Liu
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
byAnne Nicolas
 
Intel DPDK Step by Step instructions
byHisaki Ohara
 
Bootstrap process of u boot (NDS32 RISC CPU)
byMacpaul Lin
 

Similar to qemu + gdb: The efficient way to understand/debug Linux kernel code/data structure

PDF
LAS16-403: GDB Linux Kernel Awareness
byLinaro
 
PDF
LAS16-403 - GDB Linux Kernel Awareness
byPeter Griffin
 
PDF
ELC-E Linux Awareness
byPeter Griffin
 
PDF
Development platform virtualization using qemu
byPremjith Achemveettil
 
PDF
Let's trace Linux Lernel with KGDB @ COSCUP 2021
byJian-Hong Pan
 
PPT
Linux Kernel Debugging
byGlobalLogic Ukraine
 
PDF
Linux Kernel Debugging with KGDB — A Practical Guide for Embedded Developers
bySilicon Signals Pvt. Ltd.
 
PPTX
Beyond printk: Efficient Zynq UltraScale+ MPSoC Linux Debugging and Development
byZach Pfeffer
 
PDF
Im trying to run make qemu-nox In a putty terminal but it.pdf
bymaheshkumar12354
 
PPT
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
byJagadisha Maiya
 
PPT
Troubleshooting Linux Kernel Modules And Device Drivers
bySatpal Parmar
 
PDF
From printk to QEMU: Xen/Linux Kernel debugging
byThe Linux Foundation
 
PPTX
The n00bs guide to ovs dpdk
bymarkdgray
 
PDF
Lecture 6 Kernel Debugging + Ports Development
byMohammed Farrag
 
PDF
Linux: the first second
byAlison Chaiken
 
ZIP
Embedded Linux Odp
byghessler
 
PDF
XS Boston 2008 Debugging Xen
byThe Linux Foundation
 
PDF
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
byAnne Nicolas
 
PDF
Linux kernel debugging
bylibfetion
 
PDF
Grub2 Booting Process
byMike Wang
 
LAS16-403: GDB Linux Kernel Awareness
byLinaro
 
LAS16-403 - GDB Linux Kernel Awareness
byPeter Griffin
 
ELC-E Linux Awareness
byPeter Griffin
 
Development platform virtualization using qemu
byPremjith Achemveettil
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
byJian-Hong Pan
 
Linux Kernel Debugging
byGlobalLogic Ukraine
 
Linux Kernel Debugging with KGDB — A Practical Guide for Embedded Developers
bySilicon Signals Pvt. Ltd.
 
Beyond printk: Efficient Zynq UltraScale+ MPSoC Linux Debugging and Development
byZach Pfeffer
 
Im trying to run make qemu-nox In a putty terminal but it.pdf
bymaheshkumar12354
 
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
byJagadisha Maiya
 
Troubleshooting Linux Kernel Modules And Device Drivers
bySatpal Parmar
 
From printk to QEMU: Xen/Linux Kernel debugging
byThe Linux Foundation
 
The n00bs guide to ovs dpdk
bymarkdgray
 
Lecture 6 Kernel Debugging + Ports Development
byMohammed Farrag
 
Linux: the first second
byAlison Chaiken
 
Embedded Linux Odp
byghessler
 
XS Boston 2008 Debugging Xen
byThe Linux Foundation
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
byAnne Nicolas
 
Linux kernel debugging
bylibfetion
 
Grub2 Booting Process
byMike Wang
 

Recently uploaded

PDF
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
PDF
Figma systems development services
bydavidjohansen1597
 
PPTX
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
PDF
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
PDF
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PDF
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
PDF
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
PDF
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
PDF
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
PPTX
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 
PDF
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
PDF
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
PDF
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PDF
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
PDF
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
PDF
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
PDF
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
Figma systems development services
bydavidjohansen1597
 
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
Visualizing Your Data Lake with Grafana - Amsterdam
byImma Valls Bernaus
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 

qemu + gdb: The efficient way to understand/debug Linux kernel code/data structure

  • 1.
    * Based onkernel 5.11 (x86_64) – QEMU * 2-socket CPUs (4 cores/socket) * 16GB memory * Kernel parameter: nokaslr norandmaps * KASAN: disabled * Userspace: ASLR is disabled * Host OS: Ubuntu 20.04.1 qemu + gdb: The efficient way to understand/debug Linux kernel code/data structure Adrian Huang | Aug, 2022
  • 2.
    Environment Preparation • Repo:https://github.com/AdrianHuang/gdb-linux-real-mode.git
  • 3.
    Environment Preparation • Repo:https://github.com/AdrianHuang/gdb-linux-real-mode.git o ./scripts/build.sh ▪ Download/build kernel and busybox: Make sure if your machine can access the Internet o ./scripts/launch-vm.sh ▪ Launch a guest OS (QEMU) and wait for gdb connection o ./scripts/launch-gdb.sh ▪ Launch gdb debugger and connect to the QEMU guest OS • Steps: $ git clone https://github.com/AdrianHuang/gdb-linux-real-mode.git Cloning into 'gdb-linux-real-mode’... $ cd gdb-linux-real-mode/ $ ./scripts/build.sh # After build.sh is done, you’re all set!
  • 4.
    QEMU/gdb at aglance: Console #1 Console #1: wait for gdb debugger
  • 5.
    QEMU/gdb at aglance: Console #2: Real-mode entry point Console #2: gdb debugger – breakpoint @0x10200 (real-mode entry point) Kernel boot section 0x10000 0x10200 Physical Memory QEMU loader loads ‘setup.bin’ at address 0x10000 0 ds = es = fs = gs = ss cs stack sp = 0x1FFF0 (ss:0xFFF0) protected mode real mode Kernel setup code gdb command file: Add any gdb commands in this file Reference (Real-mode entry point): Vmlinux: anatomy of bzimage and how x86 64 processor is booted
  • 6.
    Console #2: step& continue 1 2 Console #1: QEMU: Guest OS 3 QEMU/gdb at a glance: Console #1/#2 Reference (Real-mode entry point): Vmlinux: anatomy of bzimage and how x86 64 processor is booted
  • 7.
    Note: Debug thedecompressed vmlinux (generic kernel) $ head -n 12 gdb-files/gdb-linux-kernel-real-mode.txt # debug info about real-mode code of Linux kernel add-symbol-file /home/adrian/work/gdb-linux-real-mode/out/obj/linux/arch/x86/boot/setup.elf 0x103ff -s .bstext 0x10000 -s .bsdata 0x1002d -s .header 0x101ef -s .entrytext 0x1026c -s .inittext 0x102d4 -s .initdata 0x103e1 -s .text32 0x130ce -s .bss 0x136e0 -s .data 0x13660 # debug info about compressed vmlinux add-symbol-file /home/adrian/work/gdb-linux-real-mode/out/obj/linux/arch/x86/boot/compressed/vmlinux 0x3ce4f0 - s .head.text 0x100000 -s .data 0x3d5b90 -s .bss 0x3d5e40 -s .pgtable 0x3f6000 target remote :1234 # Uncomment the following line if you want to debug the decompressed vmlinux add-symbol-file /home/adrian/work/gdb-linux-real-mode/out/obj/linux/vmlinux set print pretty on
  • 8.
    Kernel supported gdbfunctions and commands
  • 9.
    Console #2: gdbconsole Console #1: QEMU: Guest OS Example #1: Conditional breakpoint gdb-files/gdb-linux-kernel-real-mode.txt
  • 10.
    Example #2: watchpoint Onlyone pte mapped pte: physical address 1 2 3 gdb command: (gdb) watch *(0xffff8881809c0028)
  • 11.
    4KB Disk Mapping Layer: filesystem Generic Block Layer sector size bi_size = 1024 bvec_iter bi_sector bv_len = 1024 bio_vec bv_page bv_offset bio Example #3: Data structure examination
  • 12.
    Page Map Level-4 Table 40 CR3init_top_pgt = swapper_pg_dir Sign-extend Page Map Level-4 Offset Physical Page Offset 0 30 21 39 20 38 29 47 48 63 Page Directory Pointer Offset Page Directory Offset Page Directory Pointer Table Page Directory Table level3_kernel_pgt PDPTE #511 PDPTE #510 PDE #506 PDE #507 PDE #505 Direct Mapping Region Kernel Code & fixmap cpu_entry_area: 0.5TB vmalloc: 32TB PDE #13 PML4E #402 PML4E #273 … PML4E #465 PML4E #468 PML4E #508 PML4E #511 vmemmap (page descriptor) PDPTE #0 Page Table Offset 1211 PTE #82 = 0 PTE #83 = 0 Page Table Physical Memory page frame Example #4: Page Table Examination [Linear Address] 0xffff_c900_01a5_2000, 0xffff_c900_01a5_3000 1 2 3 4 5
  • 13.
    Example #5: ptype:print data type
  • 14.