Debugging small OS kernels (part 3)

Turning on Networking

(Continued from part 2)

We’ll need a couple more lines when we really want to connect two OS kernel debugging sessions together, so as to pass network traffic back and forth, to test the system. I had the mistaken thought that the QEMU network device we needed was called “lance” – so the QEMU command on the previous page will not work.  Anyway, the corrected QEMU command line to start our OS debugging session is:

qemu-system-i386 -net nic,model=pcnet,macaddr=52:54:00:52:05:00 -net tap,script=no,downscript=no,ifname=tap0 -hda ./visopsys1.img -cdrom ./visopsys-2014-12-13.iso -s -serial stdio -S -boot d

When using networking, as previously mentioned, there could be issues related to security. I usually like to run these kinds of experiments on private inside-only nets, for that reason. 

Since the lance driver supports various pcnet adapters, and the lance driver is the one used in Visopsys, we should be good to go.  To start things off, I set a bunch of breakpoints I thought would be interesting, relative to debugging the kernel’s network code.  Here’s a screenshot showing the breakpoints.  The flow of execution hasn’t yet hit any of them –  as you can see in the source window.


Now, let’s do it on FreeBSD!

I usually like to run FreeBSD as the host, so I’ve been doing this experiment in parallel on FreeBSD.  The QEMU line I’m using on FreeBSD is:

qemu -net nic,model=pcnet,macaddr=52:54:00:52:05:00 -net tap,script=no,downscript=no,ifname=tap0 -hda ./visopsys1.img -cdrom ./visopsys-2014-12-02.iso -s -serial stdio -S -boot d

Note: instead of sending all the serial port debugger info to stdio, you can tell QEMU to save it all in a host file with:

-serial file:seriallog.txt

The Emacs setup on FreeBSD is a little different.  After selecting “GDB Debugger” from the tools menu in Emacs, the line on the bottom of the GDB frame will try to launch GDB version 6.1 by default (since that is the default GDB on FreeBSD).  GDB 6.1 will not work with this kernel debugging environment very well (at least, it didn’t for me).  I upgraded the FreeBSD version of GDB to 7.8.1, and then I needed to modify the bottom line in the GDB frame to be “gdb781” instead of “gdb”.

(gdb) add-symbol-file visopsys.syms
(gdb) target remote localhost:1234
(gdb) b driverWriteData
(gdb) b driverReadData
(gdb) c

I connected to the QEMU instance from Emacs/GDB, set some network related breakpoints, and caused GDB to continue.  In the following graphic, the first network breakpoint can be seen,  just after being hit.


Such a thrill … it is to single step into the Lance driver of the Visopsys kernel.

Note: Visopsys is a project of, and owned by J. Andrew McLaughlin, at These pages are not affiliated with that author or website. His project has a GPL2 license.

Go to the next segment of the article

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.