Kernel Debug with QEMU

Kernel Debug in QEMU

reference

Environment List

Utility	Version
QEMU	5.2.0
Kernel	5.11.9
Busybox	1.32.1

QEMU

Installation (manual)###

1. Download QEMU source
2. complier

wget https://download.qemu.org/qemu-5.2.0.tar.xz
tar xvJf qemu-5.2.0.tar.xz
cd qemu-5.2.0
./configure
make

Installation (automatic)

• Arch: pacman -S qemu
• Debian/Ubuntu/Deepin: apt-get install qemu
• Centos: yum install qemu-kvm

Kernel

1. Config

make defconfig

2. Compile

make bzImage -j8

make modules

Now you have these file:

• vmlinux
  arch/[arch_name]/boot/bzImage
• *.ko

Rootfs

1. Compile busybox

• Download Busybox source
• tar xvf busybox-1.32.1.tar.bz2
• cd busybox-1.32.1
• make defconfig
• make menuconfig and set build staticly

Busybox Settings --->
       --- Build Options
       [*] Build BusyBox as a static binary (no shared libs)

• make -j8

2. Make disk

• cd [linux-kerne-dir]
• qemu-img create -f raw disk.raw 256M
• mkfs -f ext4 ./disk.raw
• mkdir img && sudo mount -o loop ./disk.raw ./img
• sudo make modules_install INSTALL_MOD_PATH=./img

3. Migrate busybox to disk

• cd busybox-1.32.1
• make CONFIG_PREFIX=[path_to_disk_img_mount_point] install

4. Configuration on rootfs

• Edit inittab

::sysinit:/etc/init.d/rcS
::askfirst:/bin/ash
::ctrlaltdel:/sbin/reboot
::shutdown:/sbin/swapoff -a
::shutdown:/bin/umount -a -r
::restart:/sbin/init

• Create etc/init.d/rcS

#!/bin/sh
mount -t proc proc /proc
mount -t sysfs sysfs /sys

• Create directory

sudo mkdir {dev, proc, sys}

Start

qemu-system-x86_64 
   -m 512M 
   -smp 4 
   -kernel ./bzImage 
   -drive format=raw,file=./disk.raw 
   -append "init=/linuxrc root=/dev/sda console=S0"

Errors fixs

1. when compiling busybox, error message comes out as : can not found -lcrypt.

While I did have libcrypt.so in /usr/lib/, thus all you need is static library of crypt, which named libcrypt.a.

Just download source file and compile one, then move it to /usr/lib..

2. when you meet /bin/sh:can't access tyy; job control turned off.
   just add - to ::askfirst:/bin/ash before /bin/ash.

/etc/inittable文件中每个条目用来定义一个子进程，并确定它的启动方法，格式定义如下：
:::
例如：
ttySAC0::askfirst:-/bin/sh
对于Busybox init进程，上述各个字段作用如下：
： 表示这个子进程要使用的控制台（既标准输入、标准输出、标准错误设备）。若果省略，则使用与init进程一样的控制台
:对于busybox init程序，这个字段没有意思，可以省略。
:表示init进程如何控制这个子进程。
:要执行的程序，它可以只可执行程序，也可以是脚本
如果字段前有“-”字符，这个程序被称为“交互的”