QEMU模拟ARM

QEMU模拟ARM
https://blog.csdn.net/qq_24188351/article/details/77891353

https://blog.csdn.net/qq_24188351/article/details/77921653

https://www.jianshu.com/p/040459d94e2a

https://www.jianshu.com/p/cd7d9a753433

https://www.jianshu.com/p/ca95d8c771e8

https://www.right.com.cn/forum/thread-341079-1-1.html

https://www.cnblogs.com/schips/p/12345431.html

https://www.cnblogs.com/schips/p/12347820.html

https://blog.csdn.net/FJDJFKDJFKDJFKD/article/details/82713588

https://blog.csdn.net/qq_24188351/article/details/77891353

https://blog.csdn.net/qq_24188351/article/details/77921653

QEMU 安装

Build instructions

To download and build QEMU 4.2.0:
```
wget https://download.qemu.org/qemu-4.2.0.tar.xz
tar xJvf qemu-4.2.0.tar.xz
cd qemu-4.2.0
./configure
make
```
To download and build QEMU from git:
```
git clone https://git.qemu.org/git/qemu.git
cd qemu
git submodule init
git submodule update --recursive
./configure
make
```
```
sudo apt-get install build-essential pkg-config zlib1g-dev libglib2.0-0 libglib2.0-dev  libsdl2-dev libpixman-1-dev libfdt-dev autoconf automake libtool librbd-dev libaio-dev flex bison -y
```
```
wget https://download.qemu.org/qemu-4.2.0.tar.xz
```
```
tar xJvf qemu-4.2.0.tar.xz

cd qemu-4.2.0 

./configure --prefix=/usr/local/qemu --target-list=arm-softmmu --audio-drv-list=

sudo make -j 8 && sudo make install

sudo ln -s /usr/local/qemu/bin/* /usr/local/bin/

# --target-list：选择目标机器的架构。默认是将所有的架构都编译，但为了更快的完成编译，指定需要的架构即可。
# 或者执行./configure --prefix=/usr/local/qemu --audio-drv-list=
```
```
# 测试
```
```
qemu-img -V
```
退出QEMU

输入ctrl + a 后按 x 退出 QEMU

更新gcc

安装之前要卸载掉老版本的gcc、g++

sudo apt-get remove gcc gcc-xx #可能有多个版本，都要删掉

sudo apt-get remove g++
安装gcc

sudo apt-get install gcc
安装g++编译器，可以通过命令

sudo apt-get install build-essential

执行完后，就完成了gcc,g++,make的安装。

build-essential是一整套工具，gcc，libc等等

通过“g++ -v”可以查看g++是否安装成功。

#安装debug工具

sudo apt-get install gdb

推荐： https://www.linuxidc.com/Linux/2016-11/136840.htm

https://www.cnblogs.com/osbreak/p/10127059.html

qemu + gdb调试uboot 和 kernel

1.调试命令
我们之前qemu启动uboot的命令为：

qemu-system-arm -M vexpress-a9 -m 256M -nographic -kernel u-boot

现在变为：

qemu-system-arm -M vexpress-a9 -m 256M -nographic -kernel u-boot -gdb tcp::1234 -S

-S指在启动的时候释放CPU。
qemu会在启动的时候卡住。

2.进行连接
新打开一个终端，依次输入：

gdb-multiarch u-boot
target remote : 1234

uboot中打开debug调试信息的方法

根目录/include/common.h中

增加

#define DEBUG

修改后为

#ifdef DEBUG
#define _DEBUG 1
#else
#define _DEBUG 0
#endif

UBOOT调试方法

https://www.denx.de/wiki/DULG/DebuggingUBoot

https://wiki.st.com/stm32mpu/index.php?title=U-Boot_-_How_to_debug&oldid=46925

https://blog.csdn.net/aggresss/article/details/74834155

高版本编译uboot报错

include/linux/compiler-gcc.h:114:1: fatal error: linux/compiler-gcc7.h: No such file or directory
#include gcc_header(__GNUC__)
^~~~
compilation terminated.

修改include/linux/compiler-gcc.h

(修改为系统gcc版本，include/linux/目录下有compiler-gcc3.h、compiler-gcc4.h、compiler-gcc5.h)
```
#define __gcc_header(x) #x
#define _gcc_header(x) __gcc_header(linux/compiler-gcc##x.h)
#define gcc_header(x) _gcc_header(x)
//#include gcc_header(__GNUC__)
#include gcc_header(4)
```
```
 
```
调试u-boot-2015.10

0x60800000 reset地址

0x7ff7f000 After Relocation地址

log信息也会显示该地址

Relocation Offset is: 1f751000
Relocating to 7ff51000, new gd at 7feb0f00, sp at 7feb0ee0

Reserving 450k for U-Boot at: 7ff7f000
```
"struct global_data" 的地址保存在r9中
```
```
print/x ((gd_t *)$r9)->relocaddr
```
　
```
注意  改地址会根据优化级别不有而有区别
```
add-symbol-file u-boot 0x7ff51000

修改 /Makefile文件

位置1

ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
KBUILD_CFLAGS += -O0
else
KBUILD_CFLAGS += -O0
endif

位置2 （该位置需要测试最好不要修改只修改位置1）

HOSTCC = cc
HOSTCXX = c++
HOSTCFLAGS = -Wall -Wstrict-prototypes -O1 -fomit-frame-pointer
HOSTCXXFLAGS = -O1
/home/user/Project/u-boot-2015.10/arch/arm/lib/relocate.S

ENTRY(relocate_code)
ldr r1, =__image_copy_start /* r1 <- SRC &__image_copy_start */
subs r4, r0, r1 /* r4 <- relocation offset */
beq relocate_done /* skip relocation */
ldr r2, =__image_copy_end /* r2 <- SRC &__image_copy_end */

copy_loop:
ldmia r1!, {r10-r11} /* copy from source address [r1] */
stmia r0!, {r10-r11} /* copy to target address [r0] */
cmp r1, r2 /* until source end address [r2] */
blo copy_loop

/*
* fix .rel.dyn relocations
*/
ldr r2, =__rel_dyn_start /* r2 <- SRC &__rel_dyn_start */
ldr r3, =__rel_dyn_end /* r3 <- SRC &__rel_dyn_end */
fixloop:
ldmia r2!, {r0-r1} /* (r0,r1) <- (SRC location,fixup) */
and r1, r1, #0xff
cmp r1, #23 /* relative fixup? */
bne fixnext

/* relative fix: increase location by offset */
add r0, r0, r4
ldr r1, [r0]
add r1, r1, r4
str r1, [r0]
fixnext:
cmp r2, r3
blo fixloop

relocate_done:

http://www.denx.de/wiki/view/DULG/DebuggingUBoot
```
执行命令 

b relocate_code //在内部调试 获取relocate addr 0x7ff7f000
 

> print/x ((gd_t *)$r9)->relocaddr
$1 = 0x7ff51000



b relocate_done

 

> print/x ((gd_t *)$r9)->relocaddr
$2 = 0x7ff51000



add-symbol-file u-boot 0x7ff7f000
#根据上面地址获取

add-symbol-file u-boot 0x7ff51000

b board_init_r
b efi_runtime_relocate
b bootp_request
```
Todo

https://blog.csdn.net/BakerTheGreat/article/details/101146657

https://blog.csdn.net/chungle2011/article/details/103696431

https://www.cnblogs.com/microxiami/p/11093241.html

5. 安装TFTP服务器

创建TFTP服务器，用来给Qemu模拟开发板启动uImage时，下载uImage到内存中。

1) 安装Linux主机Host的TFTP服务器工具：
```
# sudo apt install tftp-hpa tftpd-hpa xinetd
```
2) 修改配置文件，设置TFTP服务器目录：
```
# sudo vim /etc/default/tftpd-hpa
......
TFTP_DIRECTORY="/home/mcy/tftpboot"
......
```
3) Linux主机上创建tftp目录：
```
# mkdir /home/mcy/tftpboot
# chmod 777 /home/mcy/tftpboot
```
4) 重启tftp服务：
```
# sudo /etc/init.d/tftpd-hpa restart
```
setenv命令可以修改主机和目标机的ip地址。

#setenv ipaddr 10.0.2.16

#setenv serverip 10.0.2.15 //该命令可设置主机ip，该命令只是把设置保存到RAM中，如果重启的话设置会重新回到原来的设置。

这时我们用saveenv命令把设置保存到flash中。

#saveenv

配置好各个参数后，我们在uboot命令窗口中使用tftp命令把内核，文件系统拷贝到RAM中。

#tftp 30008000 zImage //在主机 /tftpboot目录中的zImage文件下载到目标板内存的30008000地址中。
```
https://www.qemu.org/2018/05/31/nic-parameter/

http://wiki.sylixos.com/index.php/Linux%E7%8E%AF%E5%A2%83%E5%BC%80%E5%8F%91%E6%8C%87%E5%8D%97#.E7.BC.96.E8.AF.91_qemu-mini2440
https://blog.51cto.com/lnsane784/1958356



qemu 支持多种网络链接方式，其中最常用的就是桥接(bridge)。 这需要依赖内核的 tun/tap 模块的支持。
```
- 输入如下命令安装必要的工具包:
```
sudo apt-get install uml-utilities
sudo apt-get install bridge-utils
```
- 输入如下命令查看 /dev/net/tun 文件:
modinfo tap ## 查询是否有tap模块
```
ls -l /dev/net/tun  ## 查询内核是否编译进tun
crw-rw-rwT 1 root root 10, 200 Apr 15 02:23 /dev/net/tun
```
如果该文件存在，这表明内核已经支持开启了 tun 支持，在 ubuntu-16.04/18.04 中，这个功能默认已经开启。
如果该文件不存在，则需要加载 tun 模块，并创建 /dev/net/tun 文件。
```
sudo gvim /etc/network/interfaces
```
```
auto lo
iface lo inet loopback

#auto enp0s3

auto br0
iface br0 inet dhcp
bridge_ports enp0s3
bridge_stp on
bridge_fd 0
bridge_maxwait 0
```
```
 
```
sudo gvim /etc/qemu-ifup
```
#!/bin/sh

echo sudo ifconfig $1 0.0.0.0 promisc up
sudo ifconfig $1 0.0.0.0 promisc up

echo sudo brctl addif br0 $1
sudo brctl addif br0 $1

echo brctl show
sudo brctl show

#sudo ifconfig br0 192.168.56.123
```
sudo gvim /etc/qemu-ifdown #新版QEMU 的/qemu-ifdown内容为空即可如下
```
#!/bin/sh

#echo sudo brctl delif br0 $1
#sudo brctl delif br0 $1
 
#echo brctl show
#brctl show
```
```
https://wiki.qemu.org/Documentation/Networking#Network_Basics
```
Setting up taps on Linux

For Linux with iproute2 and tap/tun support, this can be configured as below, and assumes the reader has experience using iproute2 (at least ip-addr and ip-link). Take note of the host's physical devices' configuration, as the bridge created will become the new endpoint for the physical device. Note that this WILL cause the host's networking on that physical device to go out, possibly requiring a reboot for remote systems!
```
 # modprobe tun tap                  # unnecessary if tun/tap is built-in
 # ip link add br0 type bridge
 # ip tuntap add dev tap0 mode tap
 # ip link set dev tap0 master br0   # set br0 as the target bridge for tap0
 # ip link set dev eth0 master br0   # set br0 as the target bridge for eth0
 # ip link set dev br0 up
```
At this point, the bridge works, but is not usable as it does not have an IP address. For reassigning the physical device's addresses for the bridge to be usable:
```
 # ip address delete $PREFIX dev eth0
 # ip address add $PREFIX dev br0
 # ip route add default via $ROUTE dev br0
```
This can be automated with a shell script to setup tap networking on remote hosts; as mentioned above, connection will be lost upon setting the physical device's master to a bridge.

Please note that the newly-created tap device's link may need to be set to UP via ip-link after a virtual machine has been started. Furthermore, as a bridge device basically acts as the new endpoint for a physical device, most normal networking commands, such as a DHCP client or packet sniffer, must be ran on the bridge instead of the physical device. Creating multiple bridges per interface is known (anecdotally) to be problematic; instead, create a tap for each virtual machine using a single bridge for each physical device to be used.

https://www.cnblogs.com/cxchanpin/p/6795616.html

（1）linux要工作在网桥模式，所以必须安装：bridge-utils和tunctl。它们提供所需的brctl、tunctl命令行工具

（2）查看tun模块是否载入，例如以下：
```
[root@server3 ~]# lsmod | grep tun
tun  16577 2 vhost_net
```
假设tun模块没有载入，则执行“modprobe tun”命令来载入就可以；

假设已经将tun编译到内核（可查看内核config文件 /boot/config-5.3.0-28-generic 里是否有“CONFIG_TUN=y” 选项），则不须要载入了；而假设内核全然没有配置TUN模块，则须要又一次编译内核才行了。

（3）检查/dev/net/tun的权限，须要让当前用户拥有可读可写的权限。
```
[root@server3 ~]# ll /dev/net/tun
crw-rw-rw- . 1 root root 10, 200 4月 23 10:35 /dev/net/tun
```
相关阅读:
[概述]移动机器人自主探索
 MRPT编译
 Kinect2.0相机标定
 小豆包的学习之旅：里程计运动模型
 小豆包的学习之旅：入门篇
 Kinect2.0点云数据获取
 COFF，amd64.vc90.mfc两个布署的问题
 [硬件]Robot运动控制
 [硬件]Urg_viewer数据读取
 [硬件]三维点云数据获取
原文地址：https://www.cnblogs.com/sinferwu/p/12490196.html

Build instructions

qemu + gdb调试uboot 和 kernel

uboot中打开debug调试信息的方法

根目录/include/common.h中

5. 安装TFTP服务器

1) 安装Linux主机Host的TFTP服务器工具：

2) 修改配置文件，设置TFTP服务器目录：

3) Linux主机上创建tftp目录：

4) 重启tftp服务：

Setting up taps on Linux