jcs.org / qemu
qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio
fork atom

qemu-gdb: allow using glibc_pointer_guard() on core dumps

get_fs_base() cannot be run on a core dump, because it uses the arch_prctl
system call. The fs base is the value that is returned by pthread_self(),
and it would be nice to just glean it from the "info threads" output:

* 1 Thread 0x7f16a3fff700 (LWP 33642) pthread_cond_wait@@GLIBC_2.3.2 ()
^^^^^^^^^^^^^^

but unfortunately the gdb API does not provide that. Instead, we can
look for the "arg" argument of the start_thread function if glibc debug
information are available. If not, fall back to the old mechanism.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1444636974-19950-2-git-send-email-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

authored by

Paolo Bonzini and committed by
Stefan Hajnoczi 1138f246 7bc8e0c9

+16 -2
+16 -2
scripts/qemugdb/coroutine.py
··· 16 16 import gdb 17 17 18 18 def get_fs_base(): 19 - '''Fetch %fs base value using arch_prctl(ARCH_GET_FS)''' 19 + '''Fetch %fs base value using arch_prctl(ARCH_GET_FS). This is 20 + pthread_self().''' 20 21 # %rsp - 120 is scratch space according to the SystemV ABI 21 22 old = gdb.parse_and_eval('*(uint64_t*)($rsp - 120)') 22 23 gdb.execute('call arch_prctl(0x1003, $rsp - 120)', False, True) ··· 24 25 gdb.execute('set *(uint64_t*)($rsp - 120) = %s' % old, False, True) 25 26 return fs_base 26 27 28 + def pthread_self(): 29 + '''Fetch pthread_self() from the glibc start_thread function.''' 30 + f = gdb.newest_frame() 31 + while f.name() != 'start_thread': 32 + f = f.older() 33 + if f is None: 34 + return get_fs_base() 35 + 36 + try: 37 + return f.read_var("arg") 38 + except ValueError: 39 + return get_fs_base() 40 + 27 41 def get_glibc_pointer_guard(): 28 42 '''Fetch glibc pointer guard value''' 29 - fs_base = get_fs_base() 43 + fs_base = pthread_self() 30 44 return gdb.parse_and_eval('*(uint64_t*)((uint64_t)%s + 0x30)' % fs_base) 31 45 32 46 def glibc_ptr_demangle(val, pointer_guard):