编译 Android kernel 并在QEMU中运行

为 syzkaller fuzz Android kernel 作准备(一)

文章参考: Build Android Kernel and Run on QEMU with Minimal Environment: Step by Step

1.下载源码

在 AOSP kernel 中有个分支叫做 Goldfish,该分支是为模拟器准备的,所以下载该分支代码。

git clone https://android.googlesource.com/kernel/goldfish kernel/goldfish

2.进入源码文件夹

master分支是没东西的,所以文件夹为空(开发者应该是直接向对应分支提交代码

cd ./kernel/goldfish

3.列出分支,checkout最新的一个

git branch -a

* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/android-3.18
  remotes/origin/android-4.14
  remotes/origin/android-goldfish-2.6.29
  remotes/origin/android-goldfish-3.10
  remotes/origin/android-goldfish-3.10-k-dev
  remotes/origin/android-goldfish-3.10-l-mr1-dev
  remotes/origin/android-goldfish-3.10-m-dev
  remotes/origin/android-goldfish-3.10-n-dev
  remotes/origin/android-goldfish-3.18
  remotes/origin/android-goldfish-3.18-dev
  remotes/origin/android-goldfish-3.4
  remotes/origin/android-goldfish-3.4-l-mr1-dev
  remotes/origin/android-goldfish-4.14-dev
  remotes/origin/android-goldfish-4.14-dev.120914098
  remotes/origin/android-goldfish-4.14-dev.143174688
  remotes/origin/android-goldfish-4.14-dev.20190417 # <-----    
  remotes/origin/android-goldfish-4.14-dev.backup
  remotes/origin/android-goldfish-4.4-dev
  remotes/origin/android-goldfish-4.9-dev 
  remotes/origin/b120914098
  remotes/origin/heads/for/android-goldfish-3.18-dev
  remotes/origin/linux-goldfish-3.0-wip
  remotes/origin/master

AOSP 通用内核是长期支持 (LTS) 内核的下游,包含与 Android 社区相关但尚未合并到 LTS 的补丁程序

目前最新的 LTS linux kernel 版本是 4.19,所以选4.14

4.checkout 选中分支

git checkout -b android-4.14-dev.2019 origin/android-goldfish-4.14-dev.20190417

5.编译

make defconfig
make -j7

Result is here: arch/x86/boot/bzImage.

6.安装QEMU

sudo apt install qemu

or just

sudo apt install qemu-system-x86

7. 使用ext4镜像运行Android Linux kernel

下载 1GB 的 wheezy.img.

Wheezy 镜像是一个 有646M 剩余空间 Debian 7 的 R/W 镜像,是syzkaller提供的,供 syzbot 使用,与复现崩溃有关 1

wget https://storage.googleapis.com/syzkaller/wheezy.img

以下命令在参考文章中存在错误-m 1GB -> -m 1G

qemu-system-x86_64 -m 1G -kernel arch/x86/boot/bzImage -hda wheezy.img -append "root=/dev/sda"

Login: root. Password: empty.

添加新评论

请不要水评论

已有 1 条评论

选 `origin/android-goldfish-4.14-dev` 分支更合理,不过问题不大