Skip to content

QEMU gdbstub should support PAC for aarch64

Goal

Currently, debugging QEMU with GDB when PAC is enabled, causes several problems:

  1. "Step Over" doesn't work for PAC branch instructions
  2. backtrace doesn't show the correct frames

This prevents security researchers from properly debugging with PAC emulation. Recent mobile devices have begun to include PAC instructions, so debugging PAC is now necessary :).

Technical details

I assume the issues are:

  1. Step over looks for the RET instruction, and doesn't find it, since the code uses RETAB instead
  2. backtrace doesn't mask out the PAC bits, so it gets bad LR values

Additional information

The fix should probably be in gdbstub.c

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information