QEMU 搭建Linux内核调试环境

Kernel Debug in QEMU

reference

Environment List

Utility Version
QEMU 5.2.0
Kernel 5.11.9
Busybox 1.32.1

QEMU

Installation (manual)

  1. Download QEMU source
  2. complier
wget https://download.qemu.org/qemu-5.2.0.tar.xz
tar xvJf qemu-5.2.0.tar.xz
cd qemu-5.2.0
./configure
make

Installation (automatic)

  • Arch: pacman -S qemu
  • Debian/Ubuntu/Deepin: apt-get install qemu
  • Centos: yum install qemu-kvm

Kernel

  1. Config

    make defconfig
    
  2. Compile

    make bzImage -j8
    make modules
    

Now you have these file:

  • vmlinux
    arch/[arch_name]/boot/bzImage
  • *.ko

Rootfs

  1. Compile busybox

    • Download Busybox source

    • tar xvf busybox-1.32.1.tar.bz2

    • cd busybox-1.32.1

    • make defconfig

    • make menuconfig and set build staticly

       Busybox Settings --->
              --- Build Options
              [*] Build BusyBox as a static binary (no shared libs)
      
    • make -j8

  2. Make disk

    • cd [linux-kerne-dir]
    • qemu-img create -f raw disk.raw 256M
    • mkfs -f ext4 ./disk.raw
    • mkdir img && sudo mount -o loop ./disk.raw ./img
    • sudo make modules_install INSTALL_MOD_PATH=./img
  3. Migrate busybox to disk

    • cd busybox-1.32.1
    • make CONFIG_PREFIX=[path_to_disk_img_mount_point] install
  4. Configuration on rootfs

    • Edit inittab
    ::sysinit:/etc/init.d/rcS
    ::askfirst:/bin/ash
    ::ctrlaltdel:/sbin/reboot
    ::shutdown:/sbin/swapoff -a
    ::shutdown:/bin/umount -a -r
    ::restart:/sbin/init
    
  • Create etc/init.d/rcS

    #!/bin/sh
    mount -t proc proc /proc
    mount -t sysfs sysfs /sys
    
  • Create directory

    sudo mkdir {dev, proc, sys}
    

Start

qemu-system-x86_64    -m 512M    -smp 4    -kernel ./bzImage    -drive format=raw,file=./disk.raw    -append "init=/linuxrc root=/dev/sda console=S0"

Errors

  1. when compiling busybox, error message comes out as : can not found -lcrypt.

    While I did have libcrypt.so in /usr/lib/, thus all you need is static
    library of crypt, which named libcrypt.a.

    Just download source file and compile one, then move it to /usr/lib..

  2. when you meet /bin/sh:can‘t access tyy; job control turned off
    just add - to ::askfirst:/bin/ash before /bin/ash.

/etc/inittable文件中每个条目用来定义一个子进程,并确定它的启动方法,格式定义如下:
<id>:<runlevels>:<action>:<process>
例如:
ttySAC0::askfirst:-/bin/sh
对于Busybox init进程,上述各个字段作用如下:
<id>: 表示这个子进程要使用的控制台(既标准输入、标准输出、标准错误设备)。若果省略,则使用与init进程一样的控制台
<runlevels>:对于busybox init程序,这个字段没有意思,可以省略。
<action>:表示init进程如何控制这个子进程。
<process>:要执行的程序,它可以只可执行程序,也可以是脚本
如果<process>字段前有“-”字符,这个程序被称为“交互的”

QEMU 搭建Linux内核调试环境

上一篇:【转】一种Vue应用程序错误/异常处理机制


下一篇:linux如何通过文件2,3找回文件1?