VladPolskiy/linux-kernel-module-cheat
1
0
Fork 0
mirror of https://github.com/cirosantilli/linux-kernel-module-cheat.git synced 2026-01-13 20:12:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cli
linux-kernel-module-cheat/run
Ciro Santilli 六四事件 法轮功 fa1e4ffa7d run kind of runs
2018-12-09 00:00:01 +00:00

599 lines
27 KiB
Python
Executable File
Raw Permalink Blame History

#!/usr/bin/env python3
import os
import re
import shutil
import subprocess
import sys
import time
import common
from shell_helpers import LF
class Main(common.LkmcCliFunction):
def __init__(self):
super().__init__(
description='''\
Run some content on an emulator.
'''
)
self.add_argument(
'--background', default=False,
help='''\
Send QEMU output to a file instead of the terminal so it does not require a
terminal attached to run on the background. Interactive input cannot be given.
TODO: use a port instead. If only there was a way to redirect a serial to multiple
places, both to a port and a file? We use the file currently to be able to have
any output at all.
https://superuser.com/questions/1373226/how-to-redirect-qemu-serial-output-to-both-a-file-and-the-terminal-or-a-port
'''
)
self.add_argument(
'-c', '--cpus', default=1, type=int,
help='Number of guest CPUs to emulate. Default: %(default)s'
)
self.add_argument(
'-D', '--debug-vm', default=False,
help='Run GDB on the emulator itself.'
)
self.add_argument(
'--debug-vm-args', default='',
help='Pass arguments to GDB.'
)
self.add_argument(
'-E', '--eval',
help='''\
Replace the normal init with a minimal init that just evals the given string.
See: https://github.com/cirosantilli/linux-kernel-module-cheat#replace-init
'''
)
self.add_argument(
'-e', '--kernel-cli',
help='''\
Pass an extra Linux kernel command line options, and place them before
the dash separator `-`. Only options that come before the `-`, i.e.
"standard" options, should be passed with this option.
Example: `./run -a arm -e 'init=/poweroff.out'`
'''
)
self.add_argument(
'-F', '--eval-after',
help='''\
Pass a base64 encoded command line parameter that gets evalled at the end of
the normal init.
See: https://github.com/cirosantilli/linux-kernel-module-cheat#init-busybox
'''
)
self.add_argument(
'-f', '--kernel-cli-after-dash',
help='''\
Pass an extra Linux kernel command line options, add a dash `-`
separator, and place the options after the dash. Intended for custom
options understood by our `init` scripts, most of which are prefixed
by `lkmc_`.
Example: `./run --kernel-cli-after-dash 'lkmc_eval="wget google.com" lkmc_lala=y'`
Mnenomic: `-f` comes after `-e`.
'''
)
self.add_argument(
'-G', '--gem5-exe-args', default='',
help='''\
Pass extra options to the gem5 executable.
Do not confuse with the arguments passed to config scripts,
like `fs.py`. Example:
./run -G '--debug-flags=Exec --debug' --gem5 -- --cpu-type=HPI --caches
will run:
gem.op5 --debug-flags=Exec fs.py --cpu-type=HPI --caches
'''
)
self.add_argument(
'--gem5-script', default='fs', choices=['fs', 'biglittle'],
help='Which gem5 script to use'
)
self.add_argument(
'--gem5-readfile', default='',
help='Set the contents of m5 readfile to this string.'
)
self.add_argument(
'-K', '--kvm', default=False,
help='Use KVM. Only works if guest arch == host arch'
)
self.add_argument(
'--kgdb', default=False,
)
self.add_argument(
'--kdb', default=False,
)
self.add_argument(
'-l', '--gem5-restore', type=int,
help='''\
Restore the nth most recently taken gem5 checkpoint according to directory
timestamps.
'''
)
self.add_argument(
'-m', '--memory', default='256M',
help='''\
Set the memory size of the guest. E.g.: `-m 512M`. We try to keep the default
at the minimal ammount amount that boots all archs. Anything lower could lead
some arch to fail to boot.
Default: %(default)s
'''
)
self.add_argument(
'-R', '--replay', default=False,
help='Replay a QEMU run record deterministically'
)
self.add_argument(
'-r', '--record', default=False,
help='Record a QEMU run record for later replay with `-R`'
)
self.add_argument(
'-T', '--trace',
help='''\
Set trace events to be enabled. If not given, gem5 tracing is completely
disabled, while QEMU tracing is enabled but uses default traces that are very
rare and don't affect performance, because `./configure
--enable-trace-backends=simple` seems to enable some traces by default, e.g.
`pr_manager_run`, and I don't know how to get rid of them.
'''
)
self.add_argument(
'--trace-stdout', default=False,
help='''\
Output trace to stdout instead of a file. Only works for gem5 currently.
'''
)
self.add_argument(
'--terminal', default=False,
help='''\
Output to the terminal, don't pipe to tee as the default.
Does not save the output to a file, but allows you to use debuggers.
Set automatically by --debug-vm, but you still need this option to debug
gem5 Python scripts.
'''
)
self.add_argument(
'-t', '--tmux', default=False,
help='''\
Create a tmux split the window. You must already be inside of a `tmux` session
to use this option:
* on the main window, run the emulator as usual
* on the split:
** if on QEMU and `-d` is given, GDB
** if on gem5, the gem5 terminal
'''
)
self.add_argument(
'--tmux-args',
help='''\
Parameters to pass to the program running on the tmux split.
'''
)
self.add_argument(
'-u', '--userland',
help='''\
Run the given userland executable in user mode instead of booting the Linux kernel
in full system mode. In gem5, user mode is called Syscall Emulation (SE) mode and
uses se.py.
Path resolution is similar to --baremetal.
'''
)
self.add_argument(
'--userland-before', default='',
help='''\
Pass these arguments to the QEMU user mode CLI before the program to execute.
This is required with --userland since arguments that come at the end are interpreted
as command line arguments to that executable.
'''
)
self.add_argument(
'-w', '--wait-gdb', default=False,
help='Wait for GDB to connect before starting execution'
)
self.add_argument(
'-x', '--graphic', default=False,
help='Run in graphic mode. Mnemonic: X11'
)
self.add_argument(
'-V', '--vnc', default=False,
help='''\
Run QEMU with VNC instead of the default SDL. Connect to it with:
`vinagre localhost:5900`.
'''
)
self.add_argument(
'extra_emulator_args', nargs='*', default=[],
help='Extra options to append at the end of the emulator command line'
)
def timed_main(self):
# Common qemu / gem5 logic.
# nokaslr:
# * https://unix.stackexchange.com/questions/397939/turning-off-kaslr-to-debug-linux-kernel-using-qemu-and-gdb
# * https://stackoverflow.com/questions/44612822/unable-to-debug-kernel-with-qemu-gdb/49840927#49840927
# Turned on by default since v4.12
kernel_cli = 'console_msg_format=syslog nokaslr norandmaps panic=-1 printk.devkmsg=on printk.time=y rw'
if self.env['kernel_cli'] is not None:
kernel_cli += ' {}'.format(self.env['kernel_cli'])
kernel_cli_after_dash = ''
extra_emulator_args = []
extra_qemu_args = []
if self.env['debug_vm'] is not None:
debug_vm = ['gdb', LF, '-q', LF] + self.sh.shlex_split(self.env['debug_vm_args']) + ['--args', LF]
else:
debug_vm = []
if self.env['wait_gdb']:
extra_qemu_args.extend(['-S', LF])
if self.env['eval_after'] is not None:
kernel_cli_after_dash += ' lkmc_eval_base64="{}"'.format(self.base64_encode(self.env['eval_after']))
if self.env['kernel_cli_after_dash'] is not None:
kernel_cli_after_dash += ' {}'.format(self.env['kernel_cli_after_dash'])
if self.env['vnc']:
vnc = ['-vnc', ':0', LF]
else:
vnc = []
if self.env['initrd'] or self.env['initramfs']:
ramfs = True
else:
ramfs = False
if self.env['eval'] is not None:
if ramfs:
initarg = 'rdinit'
else:
initarg = 'init'
kernel_cli += ' {}=/eval_base64.sh'.format(initarg)
kernel_cli_after_dash += ' lkmc_eval="{}"'.format(self.base64_encode(self.env['eval']))
if not self.env['graphic']:
extra_qemu_args.extend(['-nographic', LF])
console = None
console_type = None
console_count = 0
if self.env['arch'] == 'x86_64':
console_type = 'ttyS'
elif self.env['is_arm']:
console_type = 'ttyAMA'
console = '{}{}'.format(console_type, console_count)
console_count += 1
if not (self.env['arch'] == 'x86_64' and self.env['graphic']):
kernel_cli += ' console={}'.format(console)
extra_console = '{}{}'.format(console_type, console_count)
console_count += 1
if self.env['kdb'] or self.env['kgdb']:
kernel_cli += ' kgdbwait'
if self.env['kdb']:
if self.env['graphic']:
kdb_cmd = 'kbd,'
else:
kdb_cmd = ''
kernel_cli += ' kgdboc={}{},115200'.format(kdb_cmd, console)
if self.env['kgdb']:
kernel_cli += ' kgdboc={},115200'.format(extra_console)
if kernel_cli_after_dash:
kernel_cli += " -{}".format(kernel_cli_after_dash)
extra_env = {}
if self.env['trace'] is None:
do_trace = False
# A dummy value that is already turned on by default and does not produce large output,
# just to prevent QEMU from emitting a warning that '' is not valid.
trace_type = 'load_file'
else:
do_trace = True
trace_type = self.env['trace']
def raise_rootfs_not_found():
if not self.env['dry_run']:
raise Exception('Root filesystem not found. Did you build it?\n' \
'Tried to use: ' + self.env['disk_image'])
def raise_image_not_found():
if not self.env['dry_run']:
raise Exception('Executable image not found. Did you build it?\n' \
'Tried to use: ' + self.env['image'])
if self.env['image'] is None:
raise Exception('Baremetal ELF file not found. Tried:\n' + '\n'.join(paths))
cmd = debug_vm.copy()
if self.env['emulator'] == 'gem5':
if self.env['baremetal'] is None:
if not os.path.exists(self.env['rootfs_raw_file']):
if not os.path.exists(self.env['qcow2_file']):
raise_rootfs_not_found()
self.raw_to_qcow2(prebuilt=self.env['prebuilt'], reverse=True)
else:
if not os.path.exists(self.env['gem5_fake_iso']):
os.makedirs(os.path.dirname(self.env['gem5_fake_iso']), exist_ok=True)
self.write_string_to_file(self.env['gem5_fake_iso'], 'a' * 512)
if not os.path.exists(self.env['image']):
# This is to run gem5 from a prebuilt download.
if (not self.env['baremetal'] is None) or (not os.path.exists(self.env['linux_image'])):
raise_image_not_found()
self.sh.run_cmd([os.path.join(self.env['extract_vmlinux'], self.env['linux_image'])])
os.makedirs(os.path.dirname(self.env['gem5_readfile']), exist_ok=True)
self.write_string_to_file(self.env['gem5_readfile'], self.env['gem5_readfile'])
memory = '{}B'.format(self.env['memory'])
gem5_exe_args = self.sh.shlex_split(self.env['gem5_exe_args'])
if do_trace:
gem5_exe_args.extend(['--debug-flags={}'.format(trace_type), LF])
extra_env['M5_PATH'] = self.env['gem5_system_dir']
# https://stackoverflow.com/questions/52312070/how-to-modify-a-file-under-src-python-and-run-it-without-rebuilding-in-gem5/52312071#52312071
extra_env['M5_OVERRIDE_PY_SOURCE'] = 'true'
if self.env['trace_stdout']:
debug_file = 'cout'
else:
debug_file = 'trace.txt'
cmd.extend(
[
self.env['executable'], LF,
'--debug-file', debug_file, LF,
'--listener-mode', 'on', LF,
'--outdir', self.env['m5out_dir'], LF,
] +
gem5_exe_args
)
if self.env['userland'] is not None:
cmd.extend([
self.env['gem5_se_file'], LF,
'-c', self.resolve_userland(self.env['userland']), LF,
])
else:
if self.env['gem5_script'] == 'fs':
# TODO port
if self.env['gem5_restore'] is not None:
cpt_dirs = self.gem_list_checkpoint_dirs()
cpt_dir = cpt_dirs[-self.env['gem5_restore']]
extra_emulator_args.extend(['-r', str(sorted(cpt_dirs).index(cpt_dir) + 1)])
cmd.extend([
self.env['gem5_fs_file'], LF,
'--disk-image', self.env['disk_image'], LF,
'--kernel', self.env['image'], LF,
'--mem-size', memory, LF,
'--num-cpus', str(self.env['cpus']), LF,
'--script', self.env['gem5_readfile'], LF,
])
if self.env['arch'] == 'x86_64':
if self.env['kvm']:
cmd.extend(['--cpu-type', 'X86KvmCPU', LF])
cmd.extend(['--command-line', 'earlyprintk={} lpj=7999923 root=/dev/sda {}'.format(console, kernel_cli), LF])
elif self.env['is_arm']:
if self.env['kvm']:
cmd.extend(['--cpu-type', 'ArmV8KvmCPU', LF])
cmd.extend([
# TODO why is it mandatory to pass mem= here? Not true for QEMU.
# Anything smaller than physical blows up as expected, but why can't it auto-detect the right value?
'--command-line', 'earlyprintk=pl011,0x1c090000 lpj=19988480 rw loglevel=8 mem={} root=/dev/sda {}'.format(memory, kernel_cli), LF,
'--dtb-filename', os.path.join(self.env['gem5_system_dir'], 'arm', 'dt', 'armv{}_gem5_v1_{}cpu.dtb'.format(self.env['armv'], self.env['cpus'])), LF,
'--machine-type', self.env['machine'], LF,
])
if self.env['baremetal'] is None:
cmd.extend([
'--param', 'system.panic_on_panic = True', LF])
else:
cmd.extend([
'--bare-metal', LF,
'--param', 'system.auto_reset_addr = True', LF,
])
if self.env['arch'] == 'aarch64':
# https://stackoverflow.com/questions/43682311/uart-communication-in-gem5-with-arm-bare-metal/50983650#50983650
cmd.extend(['--param', 'system.highest_el_is_64 = True', LF])
elif self.env['gem5_script'] == 'biglittle':
if self.env['kvm']:
cpu_type = 'kvm'
else:
cpu_type = 'atomic'
if self.env['gem5_restore'] is not None:
cpt_dir = self.gem_list_checkpoint_dirs()[-self.env['gem5_restore']]
extra_emulator_args.extend(['--restore-from', os.path.join(self.env['m5out_dir'], cpt_dir)])
cmd.extend([
os.path.join(self.env['gem5_source_dir'], 'configs', 'example', 'arm', 'fs_bigLITTLE.py'), LF,
'--big-cpus', '2', LF,
'--cpu-type', cpu_type, LF,
'--disk', self.env['disk_image'], LF,
'--dtb', os.path.join(self.env['gem5_system_dir'], 'arm', 'dt', 'armv8_gem5_v1_big_little_2_2.dtb'), LF,
'--kernel', self.env['image'], LF,
'--little-cpus', '2', LF,
])
if self.env['wait_gdb']:
# https://stackoverflow.com/questions/49296092/how-to-make-gem5-wait-for-gdb-to-connect-to-reliably-break-at-start-kernel-of-th
cmd.extend(['--param', 'system.cpu[0].wait_for_remote_gdb = True', LF])
else:
qemu_user_and_system_options = [
'-trace', 'enable={},file={}'.format(trace_type, self.env['qemu_trace_file']), LF,
]
if self.env['userland'] is not None:
if self.env['wait_gdb']:
debug_args = ['-g', str(self.env['gdb_port']), LF]
else:
debug_args = []
cmd.extend(
[
os.path.join(self.env['qemu_build_dir'], '{}-linux-user'.format(self.env['arch']), 'qemu-{}'.format(self.env['arch'])), LF,
'-L', self.env['target_dir'], LF
] +
qemu_user_and_system_options +
self.sh.shlex_split(self.env['userland_before']) +
debug_args +
[
self.resolve_userland(self.env['userland']), LF
]
)
else:
if not os.path.exists(self.env['image']):
raise_image_not_found()
extra_emulator_args.extend(extra_qemu_args)
self.make_run_dirs()
if self.env['prebuilt'] or not os.path.exists(self.env['qemu_executable']):
qemu_executable = self.env['qemu_executable_basename']
qemu_executable_prebuilt = True
else:
qemu_executable = self.env['qemu_executable']
qemu_executable_prebuilt = False
qemu_executable = shutil.which(qemu_executable)
if qemu_executable is None:
raise Exception('QEMU executable not found, did you forget to build or install it?\n' \
'Tried to use: ' + qemu_executable)
if self.env['debug_vm']:
serial_monitor = []
else:
if self.env['background']:
serial_monitor = ['-serial', 'file:{}'.format(self.env['qemu_background_serial_file']), LF]
else:
serial_monitor = ['-serial', 'mon:stdio', LF]
if self.env['kvm']:
extra_emulator_args.extend(['-enable-kvm', LF])
extra_emulator_args.extend(['-serial', 'tcp::{},server,nowait'.format(self.env['extra_serial_port']), LF])
virtfs_data = [
(self.env['p9_dir'], 'host_data'),
(self.env['out_dir'], 'host_out'),
(self.env['out_rootfs_overlay_dir'], 'host_out_rootfs_overlay'),
(self.env['rootfs_overlay_dir'], 'host_rootfs_overlay'),
]
virtfs_cmd = []
for virtfs_dir, virtfs_tag in virtfs_data:
if os.path.exists(virtfs_dir):
virtfs_cmd.extend([
'-virtfs',
'local,path={virtfs_dir},mount_tag={virtfs_tag},security_model=mapped,id={virtfs_tag}' \
.format(virtfs_dir=virtfs_dir, virtfs_tag=virtfs_tag),
LF,
])
cmd.extend(
[
qemu_executable, LF,
'-device', 'rtl8139,netdev=net0', LF,
'-gdb', 'tcp::{}'.format(self.env['gdb_port']), LF,
'-kernel', self.env['image'], LF,
'-m', self.env['memory'], LF,
'-monitor', 'telnet::{},server,nowait'.format(self.env['qemu_monitor_port']), LF,
'-netdev', 'user,hostfwd=tcp::{}-:{},hostfwd=tcp::{}-:22,id=net0'.format(self.env['qemu_hostfwd_generic_port'], self.env['qemu_hostfwd_generic_port'], self.env['qemu_hostfwd_ssh_port']), LF,
'-no-reboot', LF,
'-smp', str(self.env['cpus']), LF,
] +
virtfs_cmd +
serial_monitor +
vnc
)
if not qemu_executable_prebuilt:
cmd.extend(qemu_user_and_system_options)
if self.env['initrd']:
extra_emulator_args.extend(['-initrd', os.path.join(self.env['buildroot_images_dir'], 'rootfs.cpio')])
rr = self.env['record'] or self.env['replay']
if ramfs:
# TODO why is this needed, and why any string works.
root = 'root=/dev/anything'
else:
if rr:
driveif = 'none'
rrid = ',id=img-direct'
root = 'root=/dev/sda'
snapshot = ''
else:
driveif = 'virtio'
root = 'root=/dev/vda'
rrid = ''
snapshot = ',snapshot'
if self.env['baremetal'] is None:
if not os.path.exists(self.env['qcow2_file']):
if not os.path.exists(self.env['rootfs_raw_file']):
raise_rootfs_not_found()
self.raw_to_qcow2(prebuilt=self.env['prebuilt'])
extra_emulator_args.extend([
'-drive',
'file={},format=qcow2,if={}{}{}'.format(self.env['disk_image'], driveif, snapshot, rrid),
LF,
])
if rr:
extra_emulator_args.extend([
'-drive', 'driver=blkreplay,if=none,image=img-direct,id=img-blkreplay', LF,
'-device', 'ide-hd,drive=img-blkreplay', LF,
])
if rr:
extra_emulator_args.extend([
'-object', 'filter-replay,id=replay,netdev=net0',
'-icount', 'shift=7,rr={},rrfile={}'.format('record' if self.env['record'] else 'replay', self.env['qemu_rrfile']),
])
virtio_gpu_pci = []
else:
virtio_gpu_pci = ['-device', 'virtio-gpu-pci', LF]
if self.env['arch'] == 'x86_64':
append = ['-append', '{} nopat {}'.format(root, kernel_cli), LF]
cmd.extend([
'-M', self.env['machine'], LF,
'-device', 'edu', LF,
])
elif self.env['is_arm']:
extra_emulator_args.extend(['-semihosting', LF])
if self.env['arch'] == 'arm':
cpu = 'cortex-a15'
else:
cpu = 'cortex-a57'
append = ['-append', '{} {}'.format(root, kernel_cli), LF]
cmd.extend(
[
# highmem=off needed since v3.0.0 due to:
# http://lists.nongnu.org/archive/html/qemu-discuss/2018-08/msg00034.html
'-M', '{},highmem=off'.format(self.env['machine']), LF,
'-cpu', cpu, LF,
] +
virtio_gpu_pci
)
if self.env['baremetal'] is None:
cmd.extend(append)
if self.env['tmux']:
tmux_args = '--run-id {}'.format(self.env['run_id'])
if self.env['emulator'] == 'gem5':
tmux_cmd = './gem5-shell'
else:
tmux_cmd = './run-gdb'
# TODO find a nicer way to forward all those args automatically.
# Part of me wants to: https://github.com/jonathanslenders/pymux
# but it cannot be used as a library properly it seems, and it is
# slower than tmux.
tmux_args += " --arch {} --linux-build-id '{}' --run-id '{}'".format(
self.env['arch'],
self.env['linux_build_id'],
self.env['run_id'],
)
if self.env['baremetal']:
tmux_args += " --baremetal '{}'".format(self.env['baremetal'])
if self.env['userland']:
tmux_args += " --userland '{}'".format(self.env['userland'])
tmux_args += ' {}'.format(self.env['tmux'])
subprocess.Popen([
os.path.join(self.env['root_dir'], 'tmu'),
"sleep 2;{} {}".format(tmux_cmd, tmux_args)
])
cmd.extend(extra_emulator_args)
cmd.extend(self.env['extra_emulator_args'])
if debug_vm or self.env['terminal']:
out_file = None
else:
out_file = self.env['termout_file']
self.sh.run_cmd(cmd, cmd_file=self.env['run_cmd_file'], out_file=out_file, extra_env=extra_env)
# Check if guest panicked.
if self.env['emulator'] == 'gem5':
# We have to do some parsing here because gem5 exits with status 0 even when panic happens.
# Grepping for '^panic: ' does not work because some errors don't show that message.
panic_msg = b'--- BEGIN LIBC BACKTRACE ---$'
else:
panic_msg = b'Kernel panic - not syncing'
panic_re = re.compile(panic_msg)
error_string_found = False
if out_file is not None and not self.env['dry_run']:
with open(self.env['termout_file'], 'br') as logfile:
for line in logfile:
if panic_re.search(line):
error_string_found = True
if os.path.exists(self.env['guest_terminal_file']):
with open(self.env['guest_terminal_file'], 'br') as logfile:
lines = logfile.readlines()
if lines:
last_line = lines[-1]
if last_line.rstrip() == self.env['magic_fail_string']:
error_string_found = True
if error_string_found:
self.log_error('simulation error detected by parsing logs')
return 1
return 0
if __name__ == '__main__':
Main().cli()
Reference in New Issue View Git Blame Copy Permalink