QEMU 搭建Linux内核调试环境

Kernel Debug in QEMU

reference

Environment List

Utility	Version
QEMU	5.2.0
Kernel	5.11.9
Busybox	1.32.1

QEMU

Installation (manual)

1. Download QEMU source
2. complier

wget https://download.qemu.org/qemu-5.2.0.tar.xz
tar xvJf qemu-5.2.0.tar.xz
cd qemu-5.2.0
./configure
make

Installation (automatic)

• Arch: pacman -S qemu
• Debian/Ubuntu/Deepin: apt-get install qemu
• Centos: yum install qemu-kvm

Kernel

1. Config

   make defconfig
   

2. Compile

   make bzImage -j8
   make modules
   

Now you have these file:

• vmlinux
  arch/[arch_name]/boot/bzImage
• *.ko

Rootfs

1. Compile busybox

   • Download Busybox source

   • tar xvf busybox-1.32.1.tar.bz2

   • cd busybox-1.32.1

   • make defconfig

   • make menuconfig and set build staticly

      Busybox Settings --->
             --- Build Options
             [*] Build BusyBox as a static binary (no shared libs)
     

   • make -j8

2. Make disk

   • cd [linux-kerne-dir]
   • qemu-img create -f raw disk.raw 256M
   • mkfs -f ext4 ./disk.raw
   • mkdir img && sudo mount -o loop ./disk.raw ./img
   • sudo make modules_install INSTALL_MOD_PATH=./img

3. Migrate busybox to disk

   • cd busybox-1.32.1
   • make CONFIG_PREFIX=[path_to_disk_img_mount_point] install

4. Configuration on rootfs

   • Edit inittab

   ::sysinit:/etc/init.d/rcS
   ::askfirst:/bin/ash
   ::ctrlaltdel:/sbin/reboot
   ::shutdown:/sbin/swapoff -a
   ::shutdown:/bin/umount -a -r
   ::restart:/sbin/init
   

• Create etc/init.d/rcS

  #!/bin/sh
  mount -t proc proc /proc
  mount -t sysfs sysfs /sys
  

• Create directory

  sudo mkdir {dev, proc, sys}
  

Start

qemu-system-x86_64 
   -m 512M 
   -smp 4 
   -kernel ./bzImage 
   -drive format=raw,file=./disk.raw 
   -append "init=/linuxrc root=/dev/sda console=S0"

Errors

1. when compiling busybox, error message comes out as : can not found -lcrypt.

   While I did have libcrypt.so in /usr/lib/, thus all you need is static
   library of crypt, which named libcrypt.a.

   Just download source file and compile one, then move it to /usr/lib..

2. when you meet /bin/sh:can't access tyy; job control turned off
   just add - to ::askfirst:/bin/ash before /bin/ash.

/etc/inittable文件中每个条目用来定义一个子进程，并确定它的启动方法，格式定义如下：
<id>:<runlevels>:<action>:<process>
例如：
ttySAC0::askfirst:-/bin/sh
对于Busybox init进程，上述各个字段作用如下：
<id>： 表示这个子进程要使用的控制台（既标准输入、标准输出、标准错误设备）。若果省略，则使用与init进程一样的控制台
<runlevels>:对于busybox init程序，这个字段没有意思，可以省略。
<action>:表示init进程如何控制这个子进程。
<process>:要执行的程序，它可以只可执行程序，也可以是脚本
如果<process>字段前有“-”字符，这个程序被称为“交互的”