Re: [Qemu-devel] [PATCH v4 00/46] Windbg supporting

[Paolo Bonzini]

On 22/12/2017 14:21, Pavel Dovgalyuk wrote:
> Paolo, Ladi finished the review.
> What about merging these into upstream?

Sure, in the new year though.

Paolo

> Pavel Dovgalyuk
> 
>> -----Original Message-----
>> From: Ladi Prosek [mailto:address@hidden
>> Sent: Thursday, December 14, 2017 3:33 PM
>> To: Mihail Abakumov
>> Cc: qemu-devel; address@hidden; Pavel Dovgalyuk; Roman Kagan; Paolo Bonzini; 
>> Denis V. Lunev
>> Subject: Re: [PATCH v4 00/46] Windbg supporting
>>
>> On Mon, Dec 11, 2017 at 2:21 PM, Mihail Abakumov
>> <address@hidden> wrote:
>>> An update of:
>>>
>>>         v1: 
>>> https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg07092.html
>>>
>>> We made the debugger module WinDbg (like GDB) for QEMU. This is the 
>>> replacement
>>> of the remote stub in Windows kernel. Used for remote Windows kernel 
>>> debugging
>>> without debugging mode.
>>>
>>> WinDbg is a multipurpose debugger for the Microsoft Windows computer 
>>> operating
>>> system, distributed by Microsoft. Recent versions of WinDbg have been and 
>>> are
>>> being distributed as part of the free Debugging Tools for Windows suite.
>>>
>>> How to start debugging QEMU using WinDbg:
>>>   Run QEMU with next option:
>>>     -windbg pipe:<name>
>>>   QEMU will start and pause for waiting WinDbg connection.
>>>   Run WinDbg with next options:
>>>     -b -k com:pipe,baud=115200,port=\\.\pipe\<name>,resets=0
>>>   Wait for debugger connect to kernel.
>>>
>>> Note: You can add Symbol Search Path in WinDbg such as
>>> srv*c:\tmp*http://msdl.microsoft.com/download/symbols.
>>>
>>> How it works:
>>> The WinDbg debugger has the possibility of connecting to a remote debug 
>>> service
>>> (Kdsrv.exe) in the Windows kernel. Therefore, it is possible to connect to 
>>> the
>>> guest system running in the QEMU emulator. Kernel debugging is possible only
>>> with the enabled debugging mode, may change at the same time. Our module of
>>> WinDbg debugger for QEMU is an alternative of the remote debugging service 
>>> in
>>> the kernel. Thus, the debugger connects to the debugging module, not to the
>>> kernel of the operating system. The module obtains all the necessary 
>>> information
>>> answering debugger requests from the QEMU emulator. At the same time for
>>> debugging there is no need to enable debugging mode in the kernel. This 
>>> leads to
>>> hidden debugging. Our module supports all features of WinDbg regarding 
>>> remote
>>> debugging, besides interception of events and exceptions. Only i386 is 
>>> supported
>>> now.
>>>
>>> Changed in v4:
>>>
>>>  - Add WinDbg stub to the MAINTAINERS file.
>>>  - Increase size of the search buffer in 'kd_api_search_memory'. (Ladi 
>>> Prosek)
>>>  - Add sub functions for helper_wrmsr and helper_rdmsr: cpu_x86_write_msr 
>>> and
>>>    cpu_x86_read_msr. Also they are used in packet handlers, i.e. 
>>> duplication of
>>>    code is removed. (Ladi Prosek)
>>>  - Add a more user-friendly error when try to use -windbg and -gdb at the 
>>> same
>>>    time. (Ladi Prosek)
>>>  - Remove macros for SizedBuf. (Ladi Prosek)
>>>  - Add runtime assert to KD_API_NAME and KD_PKT_TYPE_NAME. (Ladi Prosek)
>>>  - Remove 'ifneq ($(TARGET_NAME), x86_64)' from the 'Makefile.target' file.
>>>    (Ladi Prosek)
>>>  - Remove incorrect macro UINT32_P. Replace it by bit shifts. (Ladi Prosek)
>>>
>>> Changed in v3:
>>>
>>>  - Add a support of the new api functions from the WinDbg v10.
>>>
>>> Changed in v2:
>>>
>>>  - Move target specific code in the 'target/' directory. (Alistair Francis)
>>>  - Change 'kd_api_fill_memory'. Made a fill of memory by line segments. 
>>> Before
>>>    that, a full array was immediately collected and written in RAM. (Ladi 
>>> Prosek)
>>>  - Change 'kd_api_search_memory'. Made a search for memory by line segments.
>>>    (Ladi Prosek)
>>>  - Change ld* to st* where it needs. (Ladi Prosek)
>>>  - Add a additional check of input arguments in 'windbg_read_context' and
>>>    'windbg_read_ks_regs'. (Ladi Prosek)
>>>  - Fix typos. (Ladi Prosek)
>>>  - Add a fliping back 'windbg_state->is_loaded' after reset VM.
>>>  - Add a check to disabled kvm. It is supported yet. (Ladi Prosek)
>>>  - Add a check to device in windbg option. Only pipe is supporting now.
>>>    (Alistair Francis)
>>>  - Add a check to 'ifdef' WINDBG_DEBUG_ON before define it. (Alistair 
>>> Francis)
>>>  - Replace printf to qemu_log. (Alistair Francis)
>>>  - Fix build on s390x host. (patchew)
>>>  - Fix code style error. (patchew)
>>>
>>> ---
>>>
>>> Mihail Abakumov (46):
>>>       windbg: added empty windbgstub files
>>>       windbg: added windbg's KD header file
>>>       windbg: modified windbgkd.h
>>>       windbg: added '-windbg' option
>>>       windbg: added helper features
>>>       windbg: added WindbgState
>>>       windbg: added chardev
>>>       windbg: hook to wrmsr operation
>>>       windbg: handler of fs/gs register
>>>       windbg: structures for parsing data stream
>>>       windbg: parsing data stream
>>>       windbg: send data and control packets
>>>       windbg: handler of parsing context
>>>       windbg: init DBGKD_ANY_WAIT_STATE_CHANGE
>>>       windbg: generate ExceptionStateChange
>>>       windbg: generate LoadSymbolsStateChange
>>>       windbg: windbg_vm_stop
>>>       windbg: implemented windbg_process_control_packet
>>>       windbg: implemented windbg_process_data_packet
>>>       windbg: implemented windbg_process_manipulate_packet
>>>       windbg: implemented kd_api_read_virtual_memory and 
>>> kd_api_write_virtual_memory
>>>       windbg: kernel's structures
>>>       windbg: implemented kd_api_get_context and kd_api_set_context
>>>       windbg: implemented kd_api_read_control_space and 
>>> kd_api_write_control_space
>>>       windbg: implemented windbg_read_context
>>>       windbg: implemented windbg_write_context
>>>       windbg: implemented windbg_read_ks_regs
>>>       windbg: implemented windbg_write_ks_regs
>>>       windbg: implemented windbg_set_sr
>>>       windbg: implemented windbg_set_dr
>>>       windbg: implemented windbg_set_dr7
>>>       windbg: implemented windbg_hw_breakpoint_insert and 
>>> windbg_hw_breakpoint_remove
>>>       windbg: implemented kd_api_write_breakpoint and 
>>> kd_api_restore_breakpoint
>>>       windbg: debug exception subscribing
>>>       windbg: implemented kd_api_continue
>>>       windbg: implemented kd_api_read_io_space and kd_api_write_io_space
>>>       windbg: implemented kd_api_read_physical_memory and 
>>> kd_api_write_physical_memory
>>>       windbg: implemented kd_api_get_version
>>>       windbg: implemented kd_api_read_msr and kd_api_write_msr
>>>       windbg: implemented kd_api_search_memory
>>>       windbg: implemented kd_api_fill_memory
>>>       windbg: implemented kd_api_query_memory
>>>       windbg: added new api functions
>>>       windbg: implemented kd_api_get_context_ex and kd_api_set_context_ex
>>>       windbg: changed kd_api_read_msr and kd_api_write_msr
>>>       windbg: maintainers
>>>
>>>
>>>  MAINTAINERS                     |   12
>>>  Makefile.target                 |    5
>>>  cpus.c                          |   19 +
>>>  gdbstub.c                       |    4
>>>  include/exec/windbgkd.h         |  975 +++++++++++++++++++++++++++++++
>>>  include/exec/windbgstub-utils.h |  105 +++
>>>  include/exec/windbgstub.h       |   24 +
>>>  include/sysemu/sysemu.h         |    2
>>>  qemu-options.hx                 |    8
>>>  stubs/Makefile.objs             |    1
>>>  stubs/windbgstub.c              |   21 +
>>>  target/i386/Makefile.objs       |    2
>>>  target/i386/cpu.h               |    3
>>>  target/i386/misc_helper.c       |   48 +-
>>>  target/i386/windbgstub.c        | 1223 
>>> +++++++++++++++++++++++++++++++++++++++
>>>  vl.c                            |    8
>>>  windbgstub-utils.c              |  351 +++++++++++
>>>  windbgstub.c                    |  498 ++++++++++++++++
>>>  18 files changed, 3296 insertions(+), 13 deletions(-)
>>>  create mode 100755 include/exec/windbgkd.h
>>>  create mode 100755 include/exec/windbgstub-utils.h
>>>  create mode 100755 include/exec/windbgstub.h
>>>  create mode 100755 stubs/windbgstub.c
>>>  create mode 100755 target/i386/windbgstub.c
>>>  create mode 100755 windbgstub-utils.c
>>>  create mode 100755 windbgstub.c
>>
>> Thank you. I have sent a small proposal as a reply to patch 5.
>>
>> Regardless:
>>
>> Acked-by: Ladi Prosek <address@hidden>
>>
>> This is a great work with many interesting uses. For instance, Windows
>> can't be kernel-debugged if secure boot is enabled. And "printf"
>> debugging is painful, too, as modern Windows requires that all kernel
>> code be signed by Microsoft.
>>
>> Now you'll probably have to find somebody who'll do a thorough review
>> and merge the code.
>>
>> Thanks again,
>> Ladi
>