2
votes

I have setup Linux Kernel debug environment with VMware Workstation. But When I tried to connect with gdb that connects correctly but I can't set any breakpoint or examine any kernel symbol.

Target Machine (debugee) Ubuntu 18: I have compiled linux kernel 5.0-0 with the following directives:

CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
# CONFIG_DEBUG_INFO_SPLIT is not set
CONFIG_DEBUG_INFO_DWARF4=y
CONFIG_DEBUG_FS=y
# CONFIG_DEBUG_SECTION_MISMATCH is not set
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set

Also my VMX file configuration:

debugStub.listen.guest64 = "TRUE"
debugStub.listen.guest64.remote="TRUE"

After that I transfered vmlinux to debugger machine and use gdb:

bash$ gdb vmlinux
gdb-peda$ target remote 10.251.31.28:8864
Remote debugging using 10.251.31.28:8864
Warning: not running or target is remote
0xffffffff9c623f36 in ?? ()
gdb-peda$ disas sys_open
No symbol "do_sys_open" in current context.
2

2 Answers

0
votes

First you need to install kernel-debug-devel, kernel-debuginfo, kernel-debuginfo-common for corresponding kernel version. Then you can use crash utility to debug kernel, which internally uses gdb

0
votes

The symbol name you're looking for is sometimes not exactly what you expect it to be. You can use readelf or other similar tools to find the full name of the symbol in the kernel image. These names sometimes differ from the names in the code because of various architecture level differences and their related header and C definitions in kernel code. For example you might be able to disassemble the open() system call by using:

disas __x64_do_sys_open

if you've compiled it for x86-64 architecture. Also keep in mind that these naming conventions are subject to change in different versions of kernel.