qemu调试Linux内核新方法

原创

mb5fe94cdd5807a 2021-01-30 20:28:14 ©著作权

文章标签 java 文章分类 Java 后端开发

©著作权归作者所有：来自51CTO博客作者mb5fe94cdd5807a的原创作品，请联系作者获取转载授权，否则将追究法律责任

首先贴上我平时使用的qemu启动Linux内核的一个脚本，看看有没有什么特殊的参数？对了，特殊的就是第一行:

-qmp tcp:localhost:4444,server,nowait \

/home/jeff/git/qemu/x86_64-softmmu/qemu-system-x86_64  \
         -qmp tcp:localhost:4444,server,nowait \
         -cpu kvm64,+vmx \
        --enable-kvm \
        -smp cores=1,threads=1 \
        -machine q35,accel=kvm,kernel-irqchip=split \
        -device intel-iommu \
        -nographic \
        -m 100M \
         -kernel ./linux/arch/x86/boot/bzImage  \
         -device edu \
         -hda ./kvm.img \
        -append "root=/dev/sda rw iowait init=/linuxrc noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off  loglevel=8 console=ttyS0 nmi_watchdog=panic,1 intel_iommu=on"

执行上面的脚本之后然后在另外一个终端窗口输入下面的绿色指令，就会在/tmp目录生成vmcore.img

root@jeff:~# telnet localhost 4444 Trying 127.0.0.1... Connected to localhost. Escape character is '^]' {"execute": "qmp_capabilities"} {"return": {} {"execute":"dump-guest-memory","arguments":{"paging":false,"protocol":"file:/tmp/vmcore.img"}} {"return": {} alt+] telnet>quit

有了vmcore就能用crash工具任意debug linux内核了，请任意的玩弄它吧。

qemu:4.1.93 crash: 7.2.8 Linux kernel:5.5

root@jeff:~# /root/crash-7.2.8/crash
/tmp/vmcore.img ./vmlinux

WARNING: kernel relocated [96MB]: patching 116332 gdb minimal_symbol values

      KERNEL: /home/jeff/sdb/git/linux/vmlinux                         
    DUMPFILE: /tmp/vmcore.img
        CPUS: 1
        DATE: Tue Apr 14 00:27:48 2020
      UPTIME: 00:03:13
LOAD AVERAGE: 0.00, 0.00, 0.00
       TASKS: 56
    NODENAME: x86
     RELEASE: 5.5.0+
     VERSION: #33 SMP Sun Apr 12 12:16:04 CST 2020
     MACHINE: x86_64  (2592 Mhz)
      MEMORY: 99.5 MB
       PANIC: ""
         PID: 0
     COMMAND: "swapper/0"
        TASK: ffffffff88412780  [THREAD_INFO: ffffffff88412780]
         CPU: 0
       STATE: TASK_RUNNING (ACTIVE)
     WARNING: panic task not found

crash> bt
PID: 0      TASK: ffffffff88412780  CPU: 0   COMMAND: "swapper/0"
    [exception RIP: default_idle+40]
    RIP: ffffffff87b06718  RSP: ffffffff88403e90  RFLAGS: 00000246
    RAX: 0000000080000000  RBX: 0000000000000000  RCX: 0000000000000000
    RDX: 0000000000000001  RSI: 0000000000000083  RDI: 0000000000000000
    RBP: 0000000000000000   R8: 0000000000000000   R9: 00000000d2a81d91
    R10: ffffa657400a3d40  R11: 0000000000000000  R12: ffffffff88412780
    R13: 0000000000000000  R14: 0000000000000000  R15: ffffffff88412780
    CS: 0010  SS: 0018
 #0 [ffffffff88403ea8] do_idle at ffffffff870a6b1e
 #1 [ffffffff88403ef8] cpu_startup_entry at ffffffff870a6d49
 #2 [ffffffff88403f08] start_kernel at ffffffff88a040cd
 #3 [ffffffff88403f50] secondary_startup_64 at ffffffff870000e6

参考: https://wiki.ubuntu.com/DebuggingKernelWithQEMU