QEMU SCRIPT

run_qemu.sh

#!/bin/bash

QEMU=~/work/qemu/x86_64-softmmu/qemu-system-x86_64
KERNEL=~/work/linux/arch/x86/boot/bzImage
IMAGE=~/work/debootstrap_work/stretch.img
CMDLINE="console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=QUZ nokaslr"

if [ "$1" == "debug" ]; then
	DEBUG_OPTION="-S -s"
else
	DEBUG_OPTION=" "
fi

$QEMU \
  -kernel $KERNEL \
  -append "$CMDLINE" \
  -hda $IMAGE \
  -net user,hostfwd=tcp::10021-:22 -net nic \
  -enable-kvm \
  -nographic \
  -m 2G \
  -smp 2 \
  $DEBUG_OPTION
#  -pidfile vm.pid \
#  2>&1 | tee vm.log

WHY_HW_BREAK_POINT

https://lists.gnu.org/archive/html/qemu-devel/2012-03/msg03390.html

Two major issues with this procedure:

1. When using kvm, a soft breakpoint (as set by 'b') will inject a trap
instruction into the guest image - which is not yet loaded after the
bios ran. You need to use a hardware breakpoint in this case.

2. Due to gdb limitations, you cannot switch between 16/32-bit mode (the
CPU starts in 16 bit) and the 64-bit mode of kernel within the same gdb
session. Therefore:
 - let the target run into Linux is active
 - attach gdb
 - issue "hw start_kernel"
 - reboot (e.g. "monitor system_reset")
 - you will hit the breakpoint, and gdb will be usable