系统构建 -- QEMU调试内核（gdb）

qemu中包含有gdbserver功能，利用这个功能我们可以直接对kernel进行gdb调试。

-S              freeze CPU at startup (use 'c' to start execution)
-s              shorthand for -gdb tcp::1234

主要就是利用qemu的这两个选项来进行调试，比如我的qemu环境中的启动命令：

qemu-system-aarch64 -machine virt \
    -s -S \
    -cpu cortex-a57 \
    -machine type=virt \
    -nographic -m 2048 \
    -smp 2 \
    -kernel linux-4.0/arch/arm64/boot/Image \
    -append "console=ttyAMA0 loglevel=8 root=/dev/nfs rw nfsroot=${HOST_IP}:${NFS_ROOT}/arm64/_install,nolock ip=${TARGET_IP}:${HOST_IP}:::::off::" \
    -netdev tap,id=tap0,ifname=tap0,script=no \

这样qemu系统在启动时就会暂停，并且使用gdbserver创建gdb调试端口1234。

在宿主机上使用gdb命令去连接qemu：

$cd linux-4.0
$aarch64-linux-gnu-gdb
$file vmlinux
$target remote localhost:1234
$b start_kernel
$c
$n 

进行debug运行的调试log:

[email protected]:~/work/qemu/linux-4.0$ aarch64-linux-gnu-gdb 
GNU gdb (Linaro_GDB-2017.01) 7.10.1.20160210-cvs
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "--host=x86_64-unknown-linux-gnu --target=aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
(gdb) file vmlinux
Reading symbols from vmlinux...done.
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
0x0000000040000000 in ?? ()
(gdb) b start_kernel
Breakpoint 1 at 0xffff80000073f5ec: file init/main.c, line 490.
(gdb) c
Continuing.

Breakpoint 1, start_kernel () at init/main.c:490
490	{
(gdb) n
499		set_task_stack_end_magic(&init_task);
(gdb) n
490	{
(gdb) n
499		set_task_stack_end_magic(&init_task);
(gdb) n
500		smp_setup_processor_id();
(gdb) n
508		cgroup_init_early();
(gdb) n
510		local_irq_disable();
(gdb) n
517		boot_cpu_init();
(gdb) n
511		early_boot_irqs_disabled = true;
(gdb) n
517		boot_cpu_init();
(gdb) n
511		early_boot_irqs_disabled = true;
(gdb) n
517		boot_cpu_init();
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
cpu_do_idle () at arch/arm64/mm/proc.S:102
102		ret
(gdb) quit
A debugging session is active.

	Inferior 1 [Remote target] will be detached.

Quit anyway? (y or n) y
Detaching from program: /home/xiehaocheng/work/qemu/linux-4.0/vmlinux, Remote target
Ending remote debugging.