Debugging Linux Kernel With QEMU

Install all dependencies and libraries for compiling the Linux Kernel

sudo apt install libncurses5-dev libssl-dev bison flex libelf-dev gcc make openssl libc6-dev

Clone the Linux Kernel source code

git clone https://github.com/torvalds/linux.git

Right after the compilation, open the configuration menu of the kernel

cd linux

make menuconfig

Be sure the those configuration are on


CONFIG_DEBUG_INFO=y

CONFIG_GDB_SCRIPTS=y

CONFIG_DBUG_KERNEL=y

  • Kernel hacking -> Kernel debugging
  • Kernel hacking -> KGDB:kernel debugger
  • Kernel hacking -> Compile time checks and compiler options -> Provide GDB scripts for kernel debugging

Be sure that the config is disabled

Kernel hacking -> Compile time checks and compiler options -> Reduce debugging information

And make the kernel

make

You can encounter a few error about certification

make[1]: *** No rule to make target 'debian/certs/debian-uefi-certs.pem', needed by 'certs/x509_certificate_list'.  Stop.

Solution:

https://stackoverflow.com/questions/67670169/compiling-kernel-gives-error-no-rule-to-make-target-debian-certs-debian-uefi-ce

scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/signing_key.pem"

scripts/config --enable CONFIG_SYSTEM_TRUSTED_KEYRING

scripts/config --set-str CONFIG_SYSTEM_TRUSTED_KEYS ""

scripts/config --enable CONFIG_SYSTEM_EXTRA_CERTIFICATE

scripts/config --set-val CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096

scripts/config --enable CONFIG_SECONDARY_TRUSTED_KEYRING

scripts/config --enable CONFIG_SYSTEM_BLACKLIST_KEYRING

scripts/config --set-str CONFIG_SYSTEM_BLACKLIST_HASH_LIST ""

scripts/config --enable CONFIG_SYSTEM_REVOCATION_LIST

scripts/config --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""

and make again

Successfully compiled

So we have two main files which are vmlinux and bzImage.

bzimage : arch/x86/boot/bzImage

in order to create a system image we will use syzkaller’s image creation procedure

make defconfig
make kvm_guest.config

Alternative 1

Create a ramdisk

mkinitramfs -o ramdisk.img

qemu-system-x86_64 -kernel <kernel-dir>/arch/x86_64/boot/bzImage \
-initrd <path-to>/ramdisk.img \
-m 512 -s -S \
-append "console=ttyS0 nokaslr"


Alretnative 2

wget https://raw.githubusercontent.com/google/syzkaller/master/tools/create-image.sh -O create-image.sh
chmod +x create-image.sh
./create-image.sh

./create-image.sh --feature full

and then qemu script

qemu-system-x86_64 \
	-m 2G \
	-smp 2 \
	-kernel $KERNEL/arch/x86/boot/bzImage \
	-append "console=ttyS0 root=/dev/sda earlyprintk=serial net.ifnames=0" \
	-drive file=$IMAGE/stretch.img,format=raw \
	-net user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 \
	-net nic,model=e1000 \
	-enable-kvm \
	-nographic \
	-pidfile vm.pid \
	2>&1 | tee vm.log

You can also connect to the qemu instance by ssh

ssh -i ./stretch.id_rsa -p 10021 -o "StrictHostKeyChecking no" root@localhost

After compilation of Linux kernel, there is vmlinux occur in main folder.

In another terminal 

gdb ./vmlinux

and then 

target remote :1234

for continuing of the QEMU instance 

gdb> c

Yayımlandı

kategorisi

yazarı:

Etiketler:

Yorumlar

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir