Hello QEMU developers, I'm trying to understand how QEMU software breakpoints work, but I get stuck in one use-case. Basically when you call kvm_insert_breakpoint for virtual_address1, it will look if there is already breakpoint descriptor in cpu->kvm_state->kvm_sw_breakpoints at virtual_address1. And if nothing found it will install breakpoint or increment ref counter for an existing descriptor otherwise. To install breakpoint it basically writes int3 instruction to guest physical memory, ignoring copy-on-write or other attributes of the page. The problem arise when you have shared memory between processes. This mechanism only works if shared memory is pointed by the same virtual address in all the processes. But it will case unhandled exception in a guest process if there are 2 different virtual addresses corresponding to the same physical address. So in this case if we install breakpoint in one of those virtual addresses, int3 instruction will be written to physical address pointed by 2 (or more) different virtual addreses, but only one breakpoint descriptor will be created. Crash happens when breakpoint triggers at virtual address for which there is no breakpoint descriptor.
Do I understand in correctly, or I'm missing something? Looking forward to your answer, Anton
