Re: GDB Remote Protocol Extension - Linux VMCOREINFO - Request for Feedback

[Omar Sandoval <osandov@osandov.com>]

On Sun, Jan 26, 2025 at 07:07:47PM +0100, Thomas Weißschuh wrote:
> Hi Stephen,
> 
> On 2025-01-13 16:22:00-0800, Stephen Brennan wrote:
> > I contribute to the drgn debugger [1], and work on debugging the Linux
> > kernel a fair bit. Drgn is particularly well-suited to the Linux kernel
> > and contains a lot of support for it. It currently supports attaching to
> > live targets via Linux's /proc/kcore, and core dumps. We are looking
> > into supporting remote targets via GDB's remote protocol.
> > 
> > One piece of information that is very useful when debugging the Linux
> > kernel is the VMCOREINFO note[2]. This is a free-form piece of text
> > data, typically around 3k bytes, which contains information that
> > debuggers would find useful in interpreting a Linux kernel memory image.
> > In particular, it contains the KASLR offset, the build ID of the kernel,
> > and the OS release. With this information, a debugger could attach to
> > a live GDB stub (e.g. kgdb, or QEMU) without needing to specify
> > debuginfo file names or memory KASLR memory offsets.
> > 
> > To that end, we hope to extend the GDB remote protocol with a facility
> > that would allow the debugger to request this information. We've written
> > up an idea for this proposal at [3]. The summary is:
> > 
> >   'q linux.vmcoreinfo'
> >      Retrieves the Linux vmcoreinfo data.
> >      Reply:
> >      'Q [DATA]' data is encoded as described in the Binary Data doc [4]
> >      'E.<text>' with an informative message if the data is not available
> > 
> > However, with the candidate kgdb implementation taking shape [5], we're
> > becoming concerned regarding this design. It seems that there is an
> > implicit maximum packet size which is not described in the protocol
> > documentation. Many stubs have small(ish) shared output buffers. It
> > seems to me that data which would be 3k bytes before escaping is too
> > large. We've noticed that there is a 'qXfer' query packet which allows
> > specifying an offset and a number of bytes. Maybe it would be better for
> > us to add a new 'special data area' for the 'qXfer' message, and reuse
> > that command?
> 
> Do you need to transfer the full vmcoreinfo data?
> Wouldn't it be sufficient to only include the address/size of the
> vmcoreinfo note in memory and the debugger can read the data from there
> with regular memory access commands?
> That information is enough for QEMUs vmcoreinfo device.
> It would simplify the design and implementation(s) significantly.

Oh, that's a good idea. I guess the downside is an extra command round
trip.

QEMU and KGDB also only implement the `m` command for reading
hex-encoded memory. We'd probably want to implement the `x` command for
both since it doesn't (usually) double the transfer size.

One more caveat is that KGDB doesn't check the length passed to the `m`
command and will happily clobber memory... QEMU's gdbstub does seem to
check, and also advertises its packet size, so we probably want that in
KGDB, too.

Stephen, what do you think?