From 71d673bac48f43a2e38f5e1e4f94b10da15b7cee Mon Sep 17 00:00:00 2001 From: Ciro Santilli Date: Sun, 1 Oct 2017 19:26:24 +0100 Subject: [PATCH] Look into walking kernel start point, failure --- README.md | 44 +++++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index f979809..e1eb805 100644 --- a/README.md +++ b/README.md @@ -232,12 +232,16 @@ See also: - - -TODO: Ctrl + C kills the emulator, it is not sent to guest processes. See: +Limitations: -- -- +- TODO: Ctrl + C kills the emulator, it is not sent to guest processes. See: -This is however fortunate when running QEMU with GDB, as the Ctrl + C reaches GDB and breaks. + - + - + + This is however fortunate when running QEMU with GDB, as the Ctrl + C reaches GDB and breaks. + +- Very early kernel messages such as `early console in extract_kernel` only show on the GUI, since at such early stages, not even the serial has been setup. ## Automatic startup commands @@ -315,13 +319,7 @@ See also: So get ready for some weird jumps, and `` fun. Why, Linux, why. +`O=0` is an impossible dream, `O=2` being the default: So get ready for some weird jumps, and `` fun. Why, Linux, why. ### Kernel module debugging @@ -591,9 +589,11 @@ Best attempt so far: time ./runqemu -n -e 'init=/init_poweroff.out' -- -trace exec_tb,file=trace && \ time ./qemu/scripts/simpletrace.py qemu/trace-events trace >trace.txt && \ - wc -l trace.txt + wc -l trace.txt && + sed '/0x1000000/q' trace.txt >trace-boot.txt && + wc -l trace-boot.txt && -Parameter notes: +Notes: - `-n` is a good idea to reduce the chances that you send unwanted non-deterministic mouse or keyboard clicks to the VM. @@ -603,6 +603,24 @@ Parameter notes: And it becomes even worse if you try to `-net none` as recommended in the 2.7 `replay.txt` docs, because then `ifup` waits for 15 seconds before giving up as per `/etc/network/interfaces` line `wait-delay 15`. +- `0x1000000` is the address where QEMU puts the Linux kernel at with `-kernel` in x86. + + It can be found from: + + readelf -e buildroot/output.x86_64~/build/linux-*/vmlinux | grep Entry + + TODO confirm further. If I try to break there with: + + ./rungdb *0x1000000 + + but I have no corresponding source line. Also note that this line is not actually the first line, since the kernel messages such as `early console in extract_kernel` have already shown on screen at that point. This does not break at all: + + ./rungdb extract_kernel + + It only appears once on every log I've seen so far, checked with `grep 0x1000000 trace.txt` + + Then when we count the instructions that run before the kernel entry point, there is only about 100k instructions, which is insignificant compared to the kernel boot itself. + This works because we have already done the following with QEMU: - `./configure --enable-trace-backends=simple`. This logs in a binary format to the trace file.