Most Linux machines are configured so that the kernel occupies the
upper 1G (0xc0000000 - 0xffffffff) of the 4G address space and
processes use the lower 3G (0x00000000 - 0xbfffffff). However, some
machine are configured with a 2G/2G split, with the kernel occupying
the upper 2G (0x80000000 - 0xffffffff) and processes using the lower
2G (0x00000000 - 0x7fffffff).
The problem
The prebuilt UML binaries on this site will not run on 2G/2G hosts
because UML occupies the upper .5G of the 3G process address space
(0xa0000000 - 0xbfffffff). Obviously, on 2G/2G hosts, this is right
in the middle of the kernel address space, so UML won't even load - it
will immediately segfault.
The solution
The fix for this is to rebuild UML from source after enabling
CONFIG_HOST_2G_2G (under 'General Setup'). This will cause UML to
load itself in the top .5G of that smaller process address space,
where it will run fine. See
this page if you need help building UML from source.
Hosted at
user-mode-linux-doc-20060501/COPYING 0000644 0000000 0000000 00000000655 12742461304 013503 0 ustar All documentation in this tree is Copyright (c) 2002 Jeff Dike.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.1
or any later version published by the Free Software Foundation;
with the no invariant sections, with no Front-Cover Texts, and with the no
Back-Cover Texts.
A copy of the license is included in the file FDL in this directory.
user-mode-linux-doc-20060501/FDL 0000644 0000000 0000000 00000041022 12742461304 012771 0 ustar
Version 1.1, March 2000
Copyright (C) 2000 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
0. PREAMBLE
The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone
the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this
License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for
modifications made by others.
This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It
complements the GNU General Public License, which is a copyleft license designed for free software.
We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free
program should come with manuals providing the same freedoms that the software does. But this License is not limited to software
manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend
this License principally for works whose purpose is instruction or reference.
1. APPLICABILITY AND DEFINITIONS
This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under
the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is
addressed as "you".
A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with
modifications and/or translated into another language.
A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the
publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall
directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not
explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal,
commercial, philosophical, ethical or political position regarding them.
The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that
says that the Document is released under this License.
The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that
the Document is released under this License.
A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the
general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images
composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text
formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise
Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent.
A copy that is not "Transparent" is called "Opaque".
Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML
or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include
PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD
and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output
purposes only.
The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this
License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text
near the most prominent appearance of the work's title, preceding the beginning of the body of the text.
2. VERBATIM COPYING
You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the
copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no
other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further
copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large
enough number of copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly display copies.
3. COPYING IN QUANTITY
If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you
must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and
Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front
cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in
addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can
be treated as verbatim copying in other respects.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on
the actual cover, and continue the rest onto adjacent pages.
If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable
Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location
containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to
download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably
prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus
accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents
or retailers) of that edition to the public.
It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to
give them a chance to provide you with an updated version of the Document.
4. MODIFICATIONS
You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you
release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing
distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the
Modified Version:
A. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions
(which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous
version if the original publisher of that version gives permission.
B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified
Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five).
C. State on the Title page the name of the publisher of the Modified Version, as the publisher.
D. Preserve all the copyright notices of the Document.
E. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices.
F. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under
the terms of this License, in the form shown in the Addendum below.
G. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license
notice.
H. Include an unaltered copy of this License.
I. Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and
publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one
stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified
Version as stated in the previous sentence.
J. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and
likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History"
section. You may omit a network location for a work that was published at least four years before the Document itself, or if the
original publisher of the version it refers to gives permission.
K. In any section entitled "Acknowledgements" or "Dedications", preserve the section's title, and preserve in the section all the
substance and tone of each of the contributor acknowledgements and/or dedications given therein.
L. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent
are not considered part of the section titles.
M. Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version.
N. Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section.
If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material
copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the
list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.
You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various
parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of
a standard.
You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of
the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or
through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by
you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one,
on explicit permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or
imply endorsement of any Modified Version.
5. COMBINING DOCUMENTS
You may combine the Document with other documents released under this License, under the terms defined in section 4 above for
modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified,
and list them all as Invariant Sections of your combined work in its license notice.
The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single
copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by
adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number.
Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.
In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled
"History"; likewise combine any sections entitled "Acknowledgements", and any sections entitled "Dedications". You must delete all
sections entitled "Endorsements."
6. COLLECTIONS OF DOCUMENTS
You may make a collection consisting of the Document and other documents released under this License, and replace the individual
copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of
this License for verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of
this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.
7. AGGREGATION WITH INDEPENDENT WORKS
A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a
storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is
claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained
works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the
Document.
If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of
the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate.
Otherwise they must appear on covers around the whole aggregate.
8. TRANSLATION
Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4.
Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations
of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this
License provided that you also include the original English version of this License. In case of a disagreement between the translation and
the original English version of this License, the original English version will prevail.
9. TERMINATION
You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt
to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However,
parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties
remain in full compliance.
10. FUTURE REVISIONS OF THIS LICENSE
The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new
versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See
http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this
License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of
any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version
number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation.
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-1.html 0000644 0000000 0000000 00000013523 12742461304 017133 0 ustar
User Mode Linux HOWTO : IntroductionNext
Previous
Contents
User Mode Linux lets you run Linux inside itself! With that comes the
power to do all sorts of new things. It virtualises (or simulates, as
some people call it) Linux so that you can run an entire Linux where
once you would have only run a program.
You might have heard of functionality like this before. There are
quite a few projects whose goal is to nest operating systems in one
way or another: Linux on Linux, Windows on Linux, Linux on Windows,
Linux/s390 on Linux/anythingelse, and so on. Or even just x86 on
anything, where the 'x86' program can boot operating systems including
Linux.
Where x86 is involved there is the greatest concentration of
efforts. At the end of this HOWTO you'll find a list of alternative
projects. If all you want to do is run a copy of x86 Linux on another
copy of x86 Linux as fast as possible with little control then quite
possibly one of these other projects will so better than UML.
User Mode Linux (UML) is rather different from every other Linux
virtualisation project, either free or commercial. UML
strives to present itself as an ordinary program as much as
possible. Here are some of the outcomes of that philosophy:
Good speed with few compromises. UML compiles to
native machine code that runs just like any other compiled application
on the host. This makes it very much faster than portable
virtualisation schemes that implement an entire hardware architecture
in software. On the other hand, UML does not suffer from
the extreme hardware specificity of virtualisation systems that rely
on particular CPU features. UML runs applications inside
itself with normally at worst a 20% slowdown compared to the host
system, which modern hardware and clever system design can render
negligable in real terms.
Futureproof. Every time Linux gets improved so it can do
something new and clever that benefits the programs it runs, UML
automatically gets that facility. Software suspend,
fine-grained security control such as SE Linux, new filesystem
features, support for bigger/faster hardware... the same is not true
with those virtualisation systems that require major changes on the host
computer.
Flexible code. Normally an OS kernel is just that... a
kernel. It talks to hardware or maybe some virtualised hardware. But
UML can be viewed in many other ways. It would be possible
to turn it into a shared library, for example, so that other programs
could link to it to take advantage of things that Linux does very
well. It can be started as a subshell of an existing application. It
can use stin/stdout like any other program.
Portable. Really portable. UML has only just
started to be exploited for its portability, but there is promising
evidence that ports to x86 Windows, PowerPC Linux, x86 BSD and other
systems are very practical.
Mature. UML has been in development since 1999. One
indication of its robustness is that UML can be compiled to run within
UML, making it 'self-hosting'. Production systems are running on UML.
Free Software. UML is under the GPL (as it must be, being
part of the Linux kernel.)
Normally, the Linux Kernel talks straight to your hardware (video
card, keyboard, hard drives, etc), and any programs which run ask the
kernel to operate the hardware, like so:
+-----------+-----------+----+
| Process 1 | Process 2 | ...|
+-----------+-----------+----+
| Linux Kernel |
+----------------------------+
| Hardware |
+----------------------------+
The UML Kernel is different; instead of talking to the
hardware, it talks to a `real' Linux kernel (called the `host kernel'
from now on), like any other program. Programs can then run inside
User-Mode Linux as if they were running under a normal kernel, like
so:
+----------------+
| Process 2 | ...|
+-----------+----------------+
| Process 1 | User-Mode Linux|
+----------------------------+
| Linux Kernel |
+----------------------------+
| Hardware |
+----------------------------+
You can run gprof (profiling) and gcov (coverage testing).
You can play with your kernel without breaking things.
You can use it as a sandbox for testing new apps.
You can try new development kernels safely.
You can run different distributions simultaneously.
It's extremely fun.
Next
Previous
Contents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-10.html 0000644 0000000 0000000 00000025135 12742461304 017215 0 ustar
User Mode Linux HOWTO : The Management ConsoleNextPreviousContents
The UML management console is a low-level interface to the kernel,
somewhat like the i386 SysRq interface. Since there is a full-blown
operating system under UML, there is much greater flexibility possible
than with the SysRq mechanism.
There are a number of things you can do with the mconsole interface:
get the kernel version
add and remove devices
halt or reboot the machine
send SysRq commands
pause and resume the UML
make online backups without shutting down the UML
receive notifications of events of interest from within UML
monitor the internal state of the UML
You need the mconsole client (uml_mconsole) which is present in CVS
(/tools/mconsole) in 2.4.5-9um and later, and will be in the RPM in 2.4.6.
You also need CONFIG_MCONSOLE (under 'General Setup') enabled in UML.
When you boot UML, you'll see a line like:
mconsole initialized on /home/jdike/.uml/umlNJ32yL/mconsole
If you specify a unique machine id one the UML command line, i.e.
umid=debian
you'll see this
mconsole initialized on /home/jdike/.uml/debian/mconsole
That file is the socket that uml_mconsole will use to communicate
with UML. Run it with either the umid or the full path as its argument:
This takes no arguments. It prints the UML version.
(mconsole) version
OK Linux usermode 2.4.5-9um #1 Wed Jun 20 22:47:08 EDT 2001 i686
There are a couple actual uses for this. It's a simple no-op which
can be used to check that a UML is running. It's also a way of
sending an interrupt to the UML. This is sometimes useful on SMP
hosts, where there's a bug which causes signals to UML to be lost,
often causing it to appear to hang. Sending such a UML the mconsole
version command is a good way to 'wake it up' before networking has
been enabled, as it does not do anything to the function of the UML.
These take no arguments. They shut the machine down immediately, with
no syncing of disks and no clean shutdown of userspace. So, they are
pretty close to crashing the machine.
"config" adds a new device to the virtual machine or queries the configuration of an existing device.
Currently the ubd and network drivers support pulling devices. It takes one
argument, which is the device to add, with the same syntax as the
kernel command line.
(mconsole)
config ubd3=/home/jdike/incoming/roots/root_fs_debian22
OK
(mconsole) config eth1=mcast
OK
Querying the configuration of a device is handy when you don't know
before the boot what host device the UML device will attach to. This
is a problem with attaching consoles and serial lines to host pty or
pts devices. You have no way of knowing how to access them without
parsing the kernel messages. So, the syntax for this is the same as
above, except you don't specify a configuration
(mconsole) config ssl0
OK pty:/dev/ptyp0
(mconsole) config ubd0
OK /home/jdike/roots/cow.debian,/home/jdike/roots/debian_22
This is supported by the console, serial line, and ubd drivers. As
yet, the network drivers don't support this.
"remove" deletes a device from the system. Its argument is just the
name of the device to be removed. The device must be idle in
whatever sense the driver considers necessary. In the case of the ubd
driver, the removed block device must not be mounted, swapped on, or
otherwise open, and in the case of the network driver, the device must be down.
(mconsole) remove ubd3
OK
(mconsole) remove eth1
OK
This takes one argument, which is a single letter. It calls the
generic kernel's SysRq driver, which does whatever is called for by
that argument. See the SysRq documentation in Documentation/sysrq.txt
in your favorite kernel tree to see what letters are valid and what
they do.
This invokes the Ctl-Alt-Del action on init. What exactly this ends
up doing is up to /etc/inittab. Normally, it reboots the machine.
With UML, this is usually not desired, so if a halt would be better,
then find the section of inittab that looks like this
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
This puts the UML in a loop reading mconsole requests until a 'go'
mconsole command is recieved. This is very useful for making backups of
UML filesystems, as the UML can be stopped, then synced via 'sysrq s', so
that everything is written to the filesystem. You can then copy the
filesystem and then send the UML 'go' via mconsole.
Note that a UML running with more than one CPU will have problems after
you send the 'stop' command, as only one CPU will be held in a mconsole
loop and all others will continue as normal. This is a bug, and will
be fixed.
This resumes a UML after being paused by a 'stop' command. Note that
when the UML has resumed, TCP connections may have timed out and if the
UML is paused for a long period of time, crond might go a little crazy,
running all the jobs it didn't do earlier.
This takes a string as its argument, and will cause the UML to printk
the string so that it ends up in the kernel message log. This is
intended for use in honeypots by allowing the UML-specific stuff in
the kernel log to be replaced with messages that don't expose the
machine as being a UML.
It is possible to make a backup of a UML's data without shutting it
down. The idea is to pause it, make it flush out its data, copy the
filesystem to a safe place, and then resume it. This should usually
take seconds, while shutting down and rebooting the UML could take
minutes. The exact procedure is this:
(mconsole) stop
(mconsole) sysrq s
host% # Copy the UML's filesystem someplace safe
(mconsole) go
By causing UML to flush its data out to disk, the 'sysrq s' will cause
the filesystem to be a clean image. Of course, no guarantees are made
for process data which hadn't been written back to the kernel, but the
filesystem itself won't need an fsck if it's booted.
The mconsole interface also provides a mechanism for processes inside
a UML to send messages to an mconsole client on the host. The
procedure is this:
Create a unix socket and pass that to UML on the command line as the
mconsole notification socket
mconsole=notify:<bf>socket
A /proc/mconsole file will be created inside UML
Anything that is written to it will be turned into an mconsole
notification which your mconsole client should be listening for on the
notification socket
A common use for this mechanism is to have an rc script inside UML
send a message out that the UML has booted to a certain stage, and
that something on the host which depends on that can proceed.
However, this is a completely general mechanism which can be used to
communicate any information at all to the host.
There is a demo mconsole notification client in the utilities tarball
in mconsole/notify.pl. This is only a demo, and as such, isn't very
useful by itself. It should be customized to fit into whatever
environment you are setting up.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-11.html 0000644 0000000 0000000 00000034154 12742461304 017217 0 ustar
User Mode Linux HOWTO : Kernel debuggingNextPreviousContents
This page describes kernel debugging with UML running in tt mode (go
here for the details on
skas and tt mode). Kernel debugging in skas mode is described
here .
Since the UML runs as a normal Linux process, it is
possible to debug it with gdb almost like any other process. It is
slightly different because the kernel's threads are already being
ptraced for system call interception, so gdb can't ptrace them.
However, a mechanism has been added to work around that problem.
In order to debug the kernel, you need build it from source. See
Compiling the kernel and modules for
information on doing that. Make sure that you enable CONFIG_DEBUGSYM
and CONFIG_PT_PROXY during the config. These will compile the kernel
with -g, and enable the ptrace proxy so that gdb works with UML,
respectively.
You can have the kernel running under the control of gdb from the
beginning by putting 'debug' on the command line. You will get an
xterm with gdb running inside it. The kernel will send some commands
to gdb which will leave it stopped at the beginning of start_kernel.
At this point, you can get things going with 'next', 'step', or 'cont'.
There is a transcript of a debugging session
here , with breakpoints being set in the
scheduler and in an interrupt handler.
Not every bug is evident in the currently running process. Sometimes,
processes hang in the kernel when they shouldn't because they've
deadlocked on a semaphore or something similar. In this case, when
you ^C gdb and get a backtrace, you will see the idle thread, which
isn't very relevant.
What you want is the stack of whatever process is sleeping when it
shouldn't be. You need to figure out which process that is, which is
generally fairly easy. Then you need to get its host process id,
which you can do either by looking at ps on the host or at
task.thread.extern_pid in gdb.
Now what you do is this:
detach from the current thread
(UML gdb) det
attach to the thread you are interested in
(UML gdb) att <host pid>
look at its stack and anything else of interest
(UML gdb) bt
Note that you can't do anything at this point that requires that a
process execute, e.g. calling a function
when you're done looking at that process, reattach to the current thread
and continue it
(UML gdb)
att 1
(UML gdb)
c
Here, specifying any pid which is not the process id of a UML thread
will cause gdb to reattach to the current thread. I commonly use 1,
but any other invalid pid would work.
gdb has support for debugging code which is dynamically loaded into
the process. This support is what is needed to debug kernel modules
under UML.
Using that support is somewhat complicated. You have to tell gdb what
object file you just loaded into UML and where in memory it is. Then,
it can read the symbol table, and figure out where all the symbols are
from the load address that you provided. It gets more interesting
when you load the module again (i.e. after an rmmod). You have to
tell gdb to forget about all its symbols, including the main UML ones
for some reason, then load then all back in again.
There's an easy way and a hard way to do this. The easy way is to use
the umlgdb expect script written by Chandan Kudige. It basically
automates the process for you.
First, you must tell it where your modules are. There is a list in
the script that looks like this:
set MODULE_PATHS {
"fat" "/usr/src/uml/linux-2.4.18/fs/fat/fat.o"
"isofs" "/usr/src/uml/linux-2.4.18/fs/isofs/isofs.o"
"minix" "/usr/src/uml/linux-2.4.18/fs/minix/minix.o"
}
You change that to list the names and paths of the modules that you
are going to debug. Then you run it from the toplevel directory of
your UML pool and it basically tells you what to do:
******** GDB pid is 21903 ********
Start UML as: ./linux <kernel switches> debug gdb-pid=21903
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) b sys_init_module
Breakpoint 1 at 0xa0011923: file module.c, line 349.
(gdb) att 1
After you run UML and it sits there doing nothing, you hit return at
the 'att 1' and continue it:
Attaching to program: /home/jdike/linux/2.4/um/./linux, process 1
0xa00f4221 in __kill ()
(UML gdb) c
Continuing.
At this point, you debug normally. When you insmod something, the
expect magic will kick in and you'll see something like:
*** Module hostfs loaded ***
Breakpoint 1, sys_init_module (name_user=0x805abb0 "hostfs",
mod_user=0x8070e00) at module.c:349
349 char *name, *n_name, *name_tmp = NULL;
(UML gdb) finish
Run till exit from #0 sys_init_module (name_user=0x805abb0 "hostfs",
mod_user=0x8070e00) at module.c:349
0xa00e2e23 in execute_syscall (r=0xa8140284) at syscall_kern.c:411
411 else res = EXECUTE_SYSCALL(syscall, regs);
Value returned is $1 = 0
(UML gdb)
p/x (int)module_list + module_list->size_of_struct
$2 = 0xa9021054
(UML gdb) symbol-file ./linux
Load new symbol table from "./linux"? (y or n) y
Reading symbols from ./linux...
done.
(UML gdb)
add-symbol-file /home/jdike/linux/2.4/um/arch/um/fs/hostfs/hostfs.o 0xa9021054
add symbol table from file "/home/jdike/linux/2.4/um/arch/um/fs/hostfs/hostfs.o" at
.text_addr = 0xa9021054
(y or n) y
Reading symbols from /home/jdike/linux/2.4/um/arch/um/fs/hostfs/hostfs.o...
done.
(UML gdb) p *module_list
$1 = {size_of_struct = 84, next = 0xa0178720, name = 0xa9022de0 "hostfs",
size = 9016, uc = {usecount = {counter = 0}, pad = 0}, flags = 1,
nsyms = 57, ndeps = 0, syms = 0xa9023170, deps = 0x0, refs = 0x0,
init = 0xa90221f0 <init_hostfs>, cleanup = 0xa902222c <exit_hostfs>,
ex_table_start = 0x0, ex_table_end = 0x0, persist_start = 0x0,
persist_end = 0x0, can_unload = 0, runsize = 0, kallsyms_start = 0x0,
kallsyms_end = 0x0,
archdata_start = 0x1b855 <Address 0x1b855 out of bounds>,
archdata_end = 0xe5890000 <Address 0xe5890000 out of bounds>,
kernel_data = 0xf689c35d <Address 0xf689c35d out of bounds>}
>> Finished loading symbols for hostfs ...
That's the easy way. It's highly recommended. The umlgdb script is
available in the
UML utilities tarball in tools/umlgdb/umlgdb. The
hard way is described below in case you're interested in what's going
on.
Boot the kernel under the debugger and load the module with insmod or
modprobe. With gdb, do:
(UML gdb) p module_list
This is a list of modules that have been loaded into the kernel, with
the most recently loaded module first. Normally, the module you want
is at module_list. If it's not, walk down the next links, looking at
the name fields until find the module you want to debug. Take the
address of that structure, and add module.size_of_struct (which in
2.4.10 kernels is 96 (0x60)) to it. Gdb can make this hard addition for
you :-):
The offset from the module start occasionally changes (before 2.4.0, it
was module.size_of_struct + 4), so it's a good idea to check the init and
cleanup addresses once in a while, as describe below.
Now do:
Tell gdb you really want to do it, and you're in business.
If there's any doubt that you got the offset right, like breakpoints
appear not to work, or they're appearing in the wrong place, you can
check it by looking at the module structure. The init and cleanup
fields should look like:
with no offsets on the symbol names. If the names are right, but they
are offset, then the offset tells you how much you need to add to the
address you gave to add-symbol-file.
When you want to load in a new version of the module, you need to get
gdb to forget about the old one. The only way I've found to do that
is to tell gdb to forget about all symbols that it knows about:
(UML gdb) symbol-file
Then reload the symbols from the kernel binary:
(UML gdb) symbol-file /path/to/kernel
and repeat the process above. You'll also need to re-enable breakpoints.
They were disabled when you dumped all the symbols because gdb
couldn't figure out where they should go.
If you don't have the kernel running under gdb, you can attach gdb to
it later by sending the tracing thread a SIGUSR1. The first line of
the console output identifies its pid:
tracing thread pid = 20093
When you send it the signal:
host% kill -USR1 20093
you will get an xterm with gdb running in it.
If you have the mconsole compiled into UML, then the mconsole client
can be used to start gdb:
UML has support for attaching to an already running debugger rather than
starting gdb itself. This is present in CVS as of
17 Apr 2001. I sent it to Alan for inclusion in
the ac tree, and it will be in my 2.4.4 release.
This is useful when gdb is a subprocess of some UI, such as emacs or ddd. It
can also be used to run debuggers other than gdb on UML. Below is an example
of using strace as an alternate debugger.
To do this, you need to get the pid of the debugger and pass it in with the
'gdb-pid=<pid>' switch along with the 'debug' switch.
If you are using gdb under some UI, then tell it to 'att 1', and you'll find
yourself attached to UML.
If you are using something other than gdb as your debugger, then you'll need
to get it to do the equivalent of 'att 1' if it doesn't do it automatically.
An example of an alternate debugger is strace. You can strace the actual
kernel as follows:
Run the following in a shell
host%
sh -c 'echo pid=$$; echo -n hit return; read x; exec strace -p 1 -o strace.out'
Run UML with 'debug' and 'gdb-pid=<pid>' with the pid printed out by the
previous command
Hit return in the shell, and UML will start running, and strace output will
start accumulating in the output file.
Note that this is different from running
host% strace ./linux
That will strace only the main UML thread, the tracing thread, which doesn't
do any of the actual kernel work. It just oversees the virtual machine. In
contrast, using strace as described above will show you the low-level activity
of the virtual machine.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-12.html 0000644 0000000 0000000 00000065700 12742461304 017221 0 ustar
User Mode Linux HOWTO : Kernel debugging examplesNextPreviousContents
When booting up the kernel, fsck failed, and dropped me into a shell to fix
things up. I ran fsck -y, which hung:
Setting hostname uml [ OK ]
Checking root filesystem
/dev/fhd0 was not cleanly unmounted, check forced.
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780.
/dev/fhd0: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
(i.e., without -a or -p options)
[ FAILED ]
*** An error occurred during the file system check.
*** Dropping you to a shell; the system will reboot
*** when you leave the shell.
Give root password for maintenance
(or type Control-D for normal startup):
[root@uml /root]# fsck -y /dev/fhd0
fsck -y /dev/fhd0
Parallelizing fsck version 1.14 (9-Jan-1999)
e2fsck 1.14, 9-Jan-1999 for EXT2 FS 0.5b, 95/08/09
/dev/fhd0 contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780. Ignore error? yes
Inode 19780, i_blocks is 1548, should be 540. Fix? yes
Pass 2: Checking directory structure
Error reading block 49405 (Attempt to read block from filesystem resulted in short read). Ignore error? yes
Directory inode 11858, block 0, offset 0: directory corrupted
Salvage? yes
Missing '.' in directory inode 11858.
Fix? yes
Missing '..' in directory inode 11858.
Fix? yes
The standard drill in this sort of situation is to fire up gdb on the
signal thread, which, in this case, was pid 1935. In another window, I
run gdb and attach pid 1935.
~/linux/2.3.26/um 1016: gdb linux
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) att 1935
Attaching to program `/home/dike/linux/2.3.26/um/linux', Pid 1935
0x100756d9 in __wait4 ()
Let's see what's currently running:
(gdb) p current_task.pid
$1 = 0
It's the idle thread, which means that fsck went to sleep for some
reason and never woke up.
Let's guess that the last process in the process list is fsck:
(gdb) p current_task.prev_task.comm
$13 = "fsck.ext2\000\000\000\000\000\000"
The interesting things here are the fact that its .thread.syscall.id
is __NR_write (see the big switch in arch/um/kernel/syscall_kern.c or the
defines in include/asm-um/arch/unistd.h), and that it never returned.
Also, its .request.op is OP_SWITCH (see arch/um/include/user_util.h).
These mean that it went into a write, and, for some reason, called
schedule().
The fact that it never returned from write means that its stack
should be fairly interesting. Its pid is 1980 (.thread.extern_pid).
That process is being ptraced by the signal thread, so it must be
detached before gdb can attach it:
(gdb) call detach(1980)
Program received signal SIGSEGV, Segmentation fault.
<function called from gdb>
The program being debugged stopped while in a function called from GDB.
When the function (detach) is done executing, GDB will silently
stop (instead of continuing to evaluate the expression containing
the function call).
(gdb) call detach(1980)
$15 = 0
The first detach segfaults for some reason, and the second one
succeeds.
Now I detach from the signal thread, attach to the fsck thread, and
look at its stack:
(gdb) det
Detaching from program: /home/dike/linux/2.3.26/um/linux Pid 1935
(gdb) att 1980
Attaching to program `/home/dike/linux/2.3.26/um/linux', Pid 1980
0x10070451 in __kill ()
(gdb) bt
#0 0x10070451 in __kill ()
#1 0x10068ccd in usr1_pid (pid=1980) at process.c:30
#2 0x1006a03f in _switch_to (prev=0x50072000, next=0x507e8000)
at process_kern.c:156
#3 0x1006a052 in switch_to (prev=0x50072000, next=0x507e8000, last=0x50072000)
at process_kern.c:161
#4 0x10001d12 in schedule () at sched.c:777
#5 0x1006a744 in __down (sem=0x507d241c) at semaphore.c:71
#6 0x1006aa10 in __down_failed () at semaphore.c:157
#7 0x1006c5d8 in segv_handler (sc=0x5006e940) at trap_user.c:174
#8 0x1006c5ec in kern_segv_handler (sig=11) at trap_user.c:182
#9 <signal handler called>
#10 0x10155404 in errno ()
#11 0x1006c0aa in segv (address=1342179328, is_write=2) at trap_kern.c:50
#12 0x1006c5d8 in segv_handler (sc=0x5006eaf8) at trap_user.c:174
#13 0x1006c5ec in kern_segv_handler (sig=11) at trap_user.c:182
#14 <signal handler called>
#15 0xc0fd in ?? ()
#16 0x10016647 in sys_write (fd=3,
buf=0x80b8800 <Address 0x80b8800 out of bounds>, count=1024)
at read_write.c:159
#17 0x1006d5b3 in execute_syscall (syscall=4, args=0x5006ef08)
at syscall_kern.c:254
#18 0x1006af87 in really_do_syscall (sig=12) at syscall_user.c:35
#19 <signal handler called>
#20 0x400dc8b0 in ?? ()
The interesting things here are :
There are two segfaults on this stack (frames 9 and 14)
The first faulting address (frame 11) is 0x50000800
(gdb) p (void *)1342179328
$16 = (void *) 0x50000800
The initial faulting address is interesting because it is on the idle
thread's stack. I had been seeing the idle thread segfault for no
apparent reason, and the cause looked like stack corruption. In hopes
of catching the culprit in the act, I had turned off all protections
to that stack while the idle thread wasn't running. This apparently
tripped that trap.
However, the more immediate problem is that second segfault and I'm
going to concentrate on that. First, I want to see where the fault
happened, so I have to go look at the sigcontent struct in frame 8:
(gdb) up
#1 0x10068ccd in usr1_pid (pid=1980) at process.c:30
30 kill(pid, SIGUSR1);
(gdb)
#2 0x1006a03f in _switch_to (prev=0x50072000, next=0x507e8000)
at process_kern.c:156
156 usr1_pid(getpid());
(gdb)
#3 0x1006a052 in switch_to (prev=0x50072000, next=0x507e8000, last=0x50072000)
at process_kern.c:161
161 _switch_to(prev, next);
(gdb)
#4 0x10001d12 in schedule () at sched.c:777
777 switch_to(prev, next, prev);
(gdb)
#5 0x1006a744 in __down (sem=0x507d241c) at semaphore.c:71
71 schedule();
(gdb)
#6 0x1006aa10 in __down_failed () at semaphore.c:157
157 }
(gdb)
#7 0x1006c5d8 in segv_handler (sc=0x5006e940) at trap_user.c:174
174 segv(sc->cr2, sc->err & 2);
(gdb)
#8 0x1006c5ec in kern_segv_handler (sig=11) at trap_user.c:182
182 segv_handler(sc);
(gdb) p *sc
Cannot access memory at address 0x0.
That's not very useful, so I'll try a more manual method:
(gdb) p (void *)268480945
$20 = (void *) 0x1000b1b1
(gdb) i sym $20
handle_mm_fault + 57 in section .text
Specifically, it's in pte_alloc:
(gdb) i line *$20
Line 124 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1b1 <handle_mm_fault+57>
and ends at 0x1000b1b7 <handle_mm_fault+63>.
To find where in handle_mm_fault this is, I'll jump forward in the
code until I see an address in that procedure:
(gdb) i line *0x1000b1c0
Line 126 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1b7 <handle_mm_fault+63>
and ends at 0x1000b1c3 <handle_mm_fault+75>.
(gdb) i line *0x1000b1d0
Line 131 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1d0 <handle_mm_fault+88>
and ends at 0x1000b1da <handle_mm_fault+98>.
(gdb) i line *0x1000b1e0
Line 61 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1da <handle_mm_fault+98>
and ends at 0x1000b1e1 <handle_mm_fault+105>.
(gdb) i line *0x1000b1f0
Line 134 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1f0 <handle_mm_fault+120>
and ends at 0x1000b200 <handle_mm_fault+136>.
(gdb) i line *0x1000b200
Line 135 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b200 <handle_mm_fault+136>
and ends at 0x1000b208 <handle_mm_fault+144>.
(gdb) i line *0x1000b210
Line 139 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b210 <handle_mm_fault+152>
and ends at 0x1000b219 <handle_mm_fault+161>.
(gdb) i line *0x1000b220
Line 1168 of "memory.c" starts at address 0x1000b21e <handle_mm_fault+166>
and ends at 0x1000b222 <handle_mm_fault+170>.
Something is apparently wrong with the page tables or vma_structs,
so lets go back to frame 11 and have a look at them:
This also pretty bogus. With all of the 0x80xxxxx and 0xaffffxxx
addresses, this is looking like a stack was plonked down on top of
these structures. Maybe it's a stack overflow from the next page:
(gdb) p vma
$25 = (struct vm_area_struct *) 0x507d2434
That's towards the lower quarter of the page, so that would have to
have been pretty heavy stack overflow:
It's not stack overflow. The only "stack-like" piece of this data
is the vma_struct itself.
At this point, I don't see any avenues to pursue, so I just have to
admit that I have no idea what's going on. What I will do, though, is
stick a trap on the segfault handler which will stop if it sees any
writes to the idle thread's stack. That was the thing that happened
first, and it may be that if I can catch it immediately, what's going
on will be somewhat clearer.
After setting a trap in the SEGV handler for accesses to the signal
thread's stack, I reran the kernel.
fsck hung again, this time by hitting the trap:
Setting hostname uml [ OK ]
Checking root filesystem
/dev/fhd0 contains a file system with errors, check forced.
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780.
/dev/fhd0: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
(i.e., without -a or -p options)
[ FAILED ]
*** An error occurred during the file system check.
*** Dropping you to a shell; the system will reboot
*** when you leave the shell.
Give root password for maintenance
(or type Control-D for normal startup):
[root@uml /root]# fsck -y /dev/fhd0
fsck -y /dev/fhd0
Parallelizing fsck version 1.14 (9-Jan-1999)
e2fsck 1.14, 9-Jan-1999 for EXT2 FS 0.5b, 95/08/09
/dev/fhd0 contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780. Ignore error? yes
Pass 2: Checking directory structure
Error reading block 49405 (Attempt to read block from filesystem resulted in short read). Ignore error? yes
Directory inode 11858, block 0, offset 0: directory corrupted
Salvage? yes
Missing '.' in directory inode 11858.
Fix? yes
Missing '..' in directory inode 11858.
Fix? yes
Untested (4127) [100fe44c]: trap_kern.c line 31
I need to get the signal thread to detach from pid 4127 so that I can
attach to it with gdb. This is done by sending it a SIGUSR1, which is
caught by the signal thread, which detaches the process:
kill -USR1 4127
Now I can run gdb on it:
~/linux/2.3.26/um 1034: gdb linux
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) att 4127
Attaching to program `/home/dike/linux/2.3.26/um/linux', Pid 4127
0x10075891 in __libc_nanosleep ()
The backtrace shows that it was in a write and that the fault
address (address in frame 3) is 0x50000800, which is right in the
middle of the signal thread's stack page:
(gdb) bt
#0 0x10075891 in __libc_nanosleep ()
#1 0x1007584d in __sleep (seconds=1000000)
at ../sysdeps/unix/sysv/linux/sleep.c:78
#2 0x1006ce9a in stop () at user_util.c:191
#3 0x1006bf88 in segv (address=1342179328, is_write=2) at trap_kern.c:31
#4 0x1006c628 in segv_handler (sc=0x5006eaf8) at trap_user.c:174
#5 0x1006c63c in kern_segv_handler (sig=11) at trap_user.c:182
#6 <signal handler called>
#7 0xc0fd in ?? ()
#8 0x10016647 in sys_write (fd=3, buf=0x80b8800 "R.", count=1024)
at read_write.c:159
#9 0x1006d603 in execute_syscall (syscall=4, args=0x5006ef08)
at syscall_kern.c:254
#10 0x1006af87 in really_do_syscall (sig=12) at syscall_user.c:35
#11 <signal handler called>
#12 0x400dc8b0 in ?? ()
#13 <signal handler called>
#14 0x400dc8b0 in ?? ()
#15 0x80545fd in ?? ()
#16 0x804daae in ?? ()
#17 0x8054334 in ?? ()
#18 0x804d23e in ?? ()
#19 0x8049632 in ?? ()
#20 0x80491d2 in ?? ()
#21 0x80596b5 in ?? ()
(gdb) p (void *)1342179328
$3 = (void *) 0x50000800
Going up the stack to the segv_handler frame and looking at where
in the code the access happened shows that it happened near line 110
of block_dev.c:
(gdb) up
#1 0x1007584d in __sleep (seconds=1000000)
at ../sysdeps/unix/sysv/linux/sleep.c:78
../sysdeps/unix/sysv/linux/sleep.c:78: No such file or directory.
(gdb)
#2 0x1006ce9a in stop () at user_util.c:191
191 while(1) sleep(1000000);
(gdb)
#3 0x1006bf88 in segv (address=1342179328, is_write=2) at trap_kern.c:31
31 KERN_UNTESTED();
(gdb)
#4 0x1006c628 in segv_handler (sc=0x5006eaf8) at trap_user.c:174
174 segv(sc->cr2, sc->err & 2);
(gdb) p *sc
$1 = {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43,
__dsh = 0, edi = 1342179328, esi = 134973440, ebp = 1342631484,
esp = 1342630864, ebx = 256, edx = 0, ecx = 256, eax = 1024, trapno = 14,
err = 6, eip = 268550834, cs = 35, __csh = 0, eflags = 66070,
esp_at_signal = 1342630864, ss = 43, __ssh = 0, fpstate = 0x0, oldmask = 0,
cr2 = 1342179328}
(gdb) p (void *)268550834
$2 = (void *) 0x1001c2b2
(gdb) i sym $2
block_write + 1090 in section .text
(gdb) i line *$2
Line 209 of "/home/dike/linux/2.3.26/um/include/asm/arch/string.h"
starts at address 0x1001c2a1 <block_write+1073>
and ends at 0x1001c2bf <block_write+1103>.
(gdb) i line *0x1001c2c0
Line 110 of "block_dev.c" starts at address 0x1001c2bf <block_write+1103>
and ends at 0x1001c2e3 <block_write+1139>.
Looking at the source shows that the fault happened during a
call to copy_to_user to copy the data into the kernel:
p is the pointer which must contain 0x50000800, since buf contains
0x80b8800 (frame 8 above). It is defined as:
p = offset + bh->b_data;
I need to figure out what bh is, and it just so happens that bh is
passed as an argument to mark_buffer_uptodate and mark_buffer_dirty a
few lines later, so I do a little disassembly:
(gdb) disas 0x1001c2bf 0x1001c2e0
Dump of assembler code from 0x1001c2bf to 0x1001c2d0:
0x1001c2bf <block_write+1103>: addl %eax,0xc(%ebp)
0x1001c2c2 <block_write+1106>: movl 0xfffffdd4(%ebp),%edx
0x1001c2c8 <block_write+1112>: btsl $0x0,0x18(%edx)
0x1001c2cd <block_write+1117>: btsl $0x1,0x18(%edx)
0x1001c2d2 <block_write+1122>: sbbl %ecx,%ecx
0x1001c2d4 <block_write+1124>: testl %ecx,%ecx
0x1001c2d6 <block_write+1126>: jne 0x1001c2e3 <block_write+1139>
0x1001c2d8 <block_write+1128>: pushl $0x0
0x1001c2da <block_write+1130>: pushl %edx
0x1001c2db <block_write+1131>: call 0x1001819c <__mark_buffer_dirty>
End of assembler dump.
At that point, bh is in %edx (address 0x1001c2da), which is
calculated at 0x1001c2c2 as %ebp + 0xfffffdd4, so I figure exactly
what that is, taking %ebp from the sigcontext_struct above:
(gdb) p (void *)1342631484
$5 = (void *) 0x5006ee3c
(gdb) p 0x5006ee3c+0xfffffdd4
$6 = 1342630928
(gdb) p (void *)$6
$7 = (void *) 0x5006ec10
(gdb) p *((void **)$7)
$8 = (void *) 0x50100200
Now, I look at the structure to see what's in it, and particularly,
what its b_data field contains:
The b_data field is indeed 0x50000800, so the question becomes how
that happened. The rest of the structure looks fine, so this probably is
not a case of data corruption. It happened on purpose somehow.
The b_page field is a pointer to the page_struct representing the
0x50000000 page. Looking at it shows the kernel's idea of the state
of that page:
Some sanity-checking: the virtual field shows the "virtual" address
of this page, which in this kernel is the same as its "physical"
address, and the page_struct itself should be mem_map[0], since it
represents the first page of memory:
(gdb) p (void *)1342177280
$18 = (void *) 0x50000000
(gdb) p mem_map
$19 = (mem_map_t *) 0x50004000
These check out fine.
Now to check out the page_struct itself. In particular, the flags
field shows whether the page is considered free or not:
(gdb) p (void *)132
$21 = (void *) 0x84
The "reserved" bit is the high bit, which is definitely not set, so
the kernel considers the signal stack page to be free and available to
be used.
At this point, I jump to conclusions and start looking at my early
boot code, because that's where that page is supposed to be reserved.
In my setup_arch procedure, I have the following code which looks
just fine:
Two stack pages have already been allocated, and low_physmem points
to the third page, which is the beginning of free memory.
The init_bootmem call declares the entire memory to the boot memory
manager, which marks it all reserved. The free_bootmem call frees up
all of it, except for the first two pages. This looks correct to me.
So, I decide to see init_bootmem run and make sure that it is
marking those first two pages as reserved. I never get that far.
Stepping into init_bootmem, and looking at bootmem_map before
looking at what it contains shows the following:
(gdb) p bootmem_map
$3 = (void *) 0x50000000
Aha! The light dawns. That first page is doing double duty as a
stack and as the boot memory map. The last thing that the boot memory
manager does is to free the pages used by its memory map, so this page is
getting freed even its marked as reserved.
The fix was to initialize the boot memory manager before allocating
those two stack pages, and then allocate them through the boot memory
manager. After doing this, and fixing a couple of subsequent buglets,
the stack corruption problem disappeared.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-13.html 0000644 0000000 0000000 00000033430 12742461304 017215 0 ustar
User Mode Linux HOWTO : What to do when UML doesn't workNextPreviousContents
As of test11, it is necessary to have "ARCH=um" in the environment or
on the make command line for all steps in building UML, including
clean, distclean, or mrproper, config, menuconfig, or xconfig, dep,
and linux. If you forget for any of them, the i386 build seems to
contaminate the UML build. If this happens, start from scratch with
host%
make mrproper ARCH=um
and repeat the build process with ARCH=um on all the steps.
Another cause of strange compilation errors is building UML in
/usr/src/linux. If you do this, the first thing you need to do is
clean up the mess you made. The /usr/src/linux/asm link will now
point to /usr/src/linux/asm-um. Make it point back to
/usr/src/linux/asm-i386. Then, move your UML pool someplace else and
build it there. Also see below, where a more specific set of symptoms
is described.
VFS: Mounted root (ext2 filesystem) readonly.
Mounted devfs on /dev
You're probably running a recent distribution on an old machine. I
saw this with the RH7.1 filesystem running on a Pentium. The shared
library loader, ld.so, was executing an instruction (cmove) which the
Pentium didn't support. That instruction was apparently added later.
If you run UML under the debugger, you'll see the hang caused by one
instruction causing an infinite SIGILL stream.
I saw this on reiserfs 3.5.21 and it seems to be fixed in 3.5.27.
Panics preceded by
Detaching pid nnnn
are
diagnostic of this problem. This is a reiserfs bug which causes a
thread to occasionally read stale data from a mmapped page shared with
another thread. The fix is to upgrade the filesystem or to have /tmp be
an ext2 filesystem.
This happens when you build in /usr/src/linux. The UML build makes
the include/asm link point to include/asm-um. /usr/include/asm points
to /usr/src/linux/include/asm, so when that link gets moved, files
which need to include the asm-i386 versions of headers get the
incompatible asm-um versions. The fix is to move the include/asm link
back to include/asm-i386 and to do UML builds someplace else.
This seems to be a similar situation with the resierfs problem above. Some
versions of NFS seems not to handle mmap correctly, which UML depends on.
The workaround is have /tmp be non-NFS directory.
If you build UML with gprof support and, early in the boot, it does this
kernel BUG at page_alloc.c:100!
you have a buggy gcc. You can work around the problem by removing
UM_FASTCALL from CFLAGS in arch/um/Makefile-i386. This will open up
another bug, but that one is fairly hard to reproduce.
This is a syslogd bug. There's a race between a parent process
installing a signal handler and its child sending the signal. See
this uml-devel post for the details.
It doesn't work on hosts running 2.4.7 (or thereabouts) or earlier. The fix
is to upgrade to something more recent and then read the next item.
If you see
File descriptor in bad state
when you
bring up the device inside UML, you have a header mismatch between the
original kernel and the upgraded one. Make /usr/src/linux point at
the new headers. This will only be a problem if you build uml_net
yourself.
If you can connect to the host, and the host can connect to UML, but you
can not connect to any other machines, then you may need to enable IP
Masquerading on the host. Usually this is only experienced when using
private IP addresses (192.168.x.x or 10.x.x.x) for host/UML
networking, rather than the public address space that your host
is connected to. UML does not enable IP Masquerading, so you will
need to create a static rule to enable it:
host%
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Replace eth0 with the interface that you use to talk to the
rest of the world.
Documentation on IP Masquerading, and SNAT, can be found at
www.netfilter.org .
If you can reach the local net, but not the outside Internet, then
that is usually a routing problem. The UML needs a default route:
UML#
route add default gw gateway IP
The gateway IP can be any machine on the local net that knows how to
reach the outside world. Usually, this is the host or the local
network's gateway.
Occasionally, we hear from someone who can reach some machines, but
not others on the same net, or who can reach some ports on other
machines, but not others. These are usually caused by strange
firewalling somewhere between the UML and the other box. You track
this down by running tcpdump on every interface the packets travel
over and see where they disappear. When you find a machine that
takes the packets in, but does not send them onward, that's the
culprit.
Thanks to Birgit Wahlich for telling me about this strange one. It
turns out that there's a limit of six environment variables on the
kernel command line. When that limit is reached or exceeded, argument
processing stops, which means that the 'root=' argument that UML
usually adds is not seen. So, the filesystem has no idea what the
root device is, so it panics.
The fix is to put less stuff on the command line. Glomming all your
setup variables into one is probably the best way to go.
On some older systems, /usr/include/asm/ptrace.h and
/usr/include/sys/ucontext.h define the same names. So, when they're
included together, the defines from one completely mess up the parsing
of the other, producing errors like:
/usr/include/sys/ucontext.h:47: parse error before
`10'
plus a pile of warnings.
This is a libc botch, which has since been fixed, and I don't see any
way around it besides upgrading.
On i386 kernels, there are two ways of running the loop that is used
to calculate the BogoMips rating, using the TSC if it's there or using
a one-instruction loop. The TSC produces twice the BogoMips as the
loop. UML uses the loop, since it has nothing resembling a TSC, and
will get almost exactly the same BogoMips as a host using the loop.
However, on a host with a TSC, its BogoMips will be double the loop
BogoMips, and therefore double the UML BogoMips.
If you're running an up to date kernel with an old release of
uml_utilities, the port-helper program will not work properly, so
xterms will exit straight after they appear. The solution is to
upgrade to the latest release of uml_utilities. Usually this problem
occurs when you have installed a packaged release of UML then
compiled your own development kernel without upgrading the
uml_utilities from the source distribution.
This problem is fixed by the skas-hold-own-ldt patch that went into
2.6.15-rc1.
The boot looks like this:
cannot set up thread-local storage: cannot set up LDT for thread-local storage
Kernel panic - not syncing: Attempted to kill init!
Your UML kernel doesn't support Native Posix Thread Library (NPTL) and
the binaries you're running are being dynamically linked to it. Try
running in SKAS3 mode first. You might be able to avoid the kernel
panic setting the
LD_ASSUME_KERNEL environment variable on the command line:
./linux init=/bin/sh LD_ASSUME_KERNEL=2.4.1
Many commands are very restrictive about what is preserved in the
environment when starting child processes, so relying on
LD_ASSUME_KERNEL to be globally set for all processes in the whole
system is generally not a good idea. It's very hard to
guarantee. Thus it's better to move the NPTL libraries away:
These appear to be fixed with the tls patches from Blaisorblade that
are currently in my
patchset . You can apply the entire
patchset, or you can move /lib/tls in the image away, as described
above.
If you're seeing truly strange behavior, such as hangs or panics that
happen in random places, or you try running the debugger to see what's
happening and it acts strangely, then it could be a problem in the
host kernel. If you're not running a stock Linus or -ac kernel, then
try that. An early version of the preemption patch and a 2.4.10 SuSE
kernel have caused very strange problems in UML.
Otherwise, let me know about it. Send a message to one of the UML
mailing lists - either the developer list - user-mode-linux-devel at
lists dot sourceforge dot net (subscription
info) or the user list - user-mode-linux-user at lists dot
sourceforge do net (subscription info),
whichever you prefer. Don't assume that everyone knows about it and
that a fix is imminent.
If you want to be super-helpful, read
Diagnosing Problems
and follow the instructions contained therein.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-14.html 0000644 0000000 0000000 00000015764 12742461304 017230 0 ustar
User Mode Linux HOWTO : Diagnosing ProblemsNextPreviousContents
If you get UML to crash, hang, or otherwise misbehave, you should
report this on one of the project mailing lists, either the
developer list - user-mode-linux-devel at lists dot sourceforge dot
net (subscription info) or the user list -
user-mode-linux-user at lists dot sourceforge dot net
(subscription info). When you do, it is
likely that I will want more information. So, it would be helpful to
read the stuff below, do whatever is applicable in your case, and
report the results to the list.
For any diagnosis, you're going to need to build a debugging kernel.
The binaries from this site aren't debuggable. If you haven't done
this before, read about
Compiling the kernel and modules and
Kernel debugging UML first.
The most common case is for a normal thread to panic. To debug this,
you will need to run it under the debugger (add 'debug' to the command
line). An xterm will start up with gdb running inside it. Continue
it when it stops in start_kernel and make it crash. Now ^C gdb and
'bt'. I'm going to want to see the resulting stack trace.
If the panic was a "Kernel mode fault", then there will be a segv
frame on the stack and I'm going to want some more information. The
stack might look something like this:
(UML gdb) backtrace
#0 0x1009bf76 in __sigprocmask (how=1, set=0x5f347940, oset=0x0)
at ../sysdeps/unix/sysv/linux/sigprocmask.c:49
#1 0x10091411 in change_sig (signal=10, on=1) at process.c:218
#2 0x10094785 in timer_handler (sig=26) at time_kern.c:32
#3 0x1009bf38 in __restore ()
at ../sysdeps/unix/sysv/linux/i386/sigaction.c:125
#4 0x1009534c in segv (address=8, ip=268849158, is_write=2, is_user=0)
at trap_kern.c:66
#5 0x10095c04 in segv_handler (sig=11) at trap_user.c:285
#6 0x1009bf38 in __restore ()
I'm going to want to see the symbol and line information for the value
of ip in the segv frame. In this case, you would do the following:
(UML gdb) i sym 268849158
and
(UML gdb) i line *268849158
The reason for this is the __restore frame right above the
segv_handler frame is hiding the frame that actually segfaulted. So,
I have to get that information from the faulting ip.
The less common and more painful case is when the tracing thread
panics. In this case, the kernel debugger will be useless because it
needs a healthy tracing thread in order to work. The first thing to
do is get a backtrace from the tracing thread. This is done by
figuring out what its pid is, firing up gdb, and attaching it to that
pid. You can figure out the tracing thread pid by looking at the
first line of the console output, which will look like this:
tracing thread pid = 15851
or by running ps on the host and finding the line that looks like
this:
However, there are cases where the misbehavior of another
thread caused the problem. The most common panic of this type is:
wait_for_stop failed to wait for <pid> to stop with <signal number>
In this case, you'll need to get a backtrace from the process
mentioned in the panic, which is complicated by the fact that the
kernel debugger is defunct and without some fancy footwork, another
gdb can't attach to it. So, this is how the fancy footwork goes:
In a shell:
host% kill -STOP pid
Run gdb on the tracing thread as described in case 2 and do:
(host gdb) call detach(pid)
If you get a segfault, do it again. It always works the second
time.
Detach from the tracing thread and attach to that other thread:
(host gdb) detach
(host gdb) attach pid
If gdb hangs when attaching to that process, go back to a shell and
do:
Hangs seem to be fairly rare, but they sometimes happen. When a hang
happens, we need a backtrace from the offending process. Run the
kernel debugger as described in case 1 and get a backtrace. If the
current process is not the idle thread, then send in the backtrace.
You can tell that it's the idle thread if the stack looks like this:
#0 0x100b1401 in __libc_nanosleep ()
#1 0x100a2885 in idle_sleep (secs=10) at time.c:122
#2 0x100a546f in do_idle () at process_kern.c:445
#3 0x100a5508 in cpu_idle () at process_kern.c:471
#4 0x100ec18f in start_kernel () at init/main.c:592
#5 0x100a3e10 in start_kernel_proc (unused=0x0) at um_arch.c:71
#6 0x100a383f in signal_tramp (arg=0x100a3dd8) at trap_user.c:50
If this is the case, then some other process is at fault, and went to
sleep when it shouldn't have. Run ps on the host and figure out which
process should not have gone to sleep and stayed asleep. Then attach
to it with gdb and get a backtrace as described in case 3.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-15.html 0000644 0000000 0000000 00000020000 12742461304 017204 0 ustar
User Mode Linux HOWTO : Thanks
Next
PreviousContents
A number of people have helped this project in various ways, and this page
gives recognition where recognition is due.
If you're listed here and you would prefer a real link on your name,
or no link at all, instead of the despammed email address pseudo-link,
let me know.
If you're not listed here and you think maybe you should be, please let
me know that as well. I try to get everyone, but sometimes my bookkeeping
lapses and I forget about contributions.
Lennert Buytenhek - Contributed various patches, a rewrite of the
network driver, the first implementation of the mconsole driver, and
did the bulk of the work needed to get SMP working again.
Yon Uriarte - Fixed the TUN/TAP network backend while I slept.
Adam Heath - Made a bunch of nice cleanups to the initialization code,
plus various other small patches.
Matt Zimmerman - Matt volunteered to be the UML Debian maintainer
and is doing a real nice job of it. He also noticed and fixed a
number of actually and potentially exploitable security holes in
uml_net. Plus the occasional patch. I like patches.
James McMechan - James seems to have taken over maintenance of the ubd
driver and is doing a nice job of it.
Chandan Kudige - wrote the umlgdb script which automates the reloading
of module symbols.
Steve Schmidtke - wrote the UML slirp transport and hostaudio drivers,
enabling UML processes to access audio devices on the host. He also
submitted patches for the slip transport and lots of other things.
SGI (and more specifically
Ralf Baechle ) gave me an account on
oss.sgi.com . The bandwidth
there made it possible to produce most of the filesystems available on
the project
download page.
Laurent Bonnaud took the old grotty
Debian filesystem that I've been distributing and updated it to 2.2.
It is now available by itself here.
Rik van Riel gave me some ftp space on ftp.nl.linux.org so I can
make releases even when Sourceforge is broken.
Rodrigo de Castro looked at my broken pte code and told me what
was wrong with it, letting me fix a long-standing (several weeks) and
serious set of bugs.
Chris Reahard built a specialized root filesystem for running a
DNS server jailed inside UML. It's available from the
download page in the
Jail Filesysems section.
Next
PreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-2.html 0000644 0000000 0000000 00000023526 12742461304 017140 0 ustar
User Mode Linux HOWTO : Compiling the kernel and modulesNextPreviousContents
Compiling the user mode kernel is just like compiling any other
kernel. Let's go through the steps, using 2.4.0-prerelease (current
as of this writing) as an example:
Download the latest UML patch from
the download page
In this example, the file is uml-patch-2.4.0-prerelease.bz2.
Run your favorite config; `make xconfig ARCH=um' is the most
convenient. `make config ARCH=um' and 'make menuconfig ARCH=um' will
work as well. The defaults will give you a useful kernel. If you
want to change something, go ahead, it probably won't hurt anything.
Note: If the host is configured with a 2G/2G address space split
rather than the usual 3G/1G split, then the packaged UML binaries will
not run. They will immediately segfault. See
UML on 2G/2G hosts for the scoop on
running UML on your system.
Finish with `make linux ARCH=um': the result is a file called `linux'
in the top directory of your source tree.
You may notice that the final binary is pretty large (many 10's of
megabytes for a debuggable UML). This is almost entirely symbol
information. The actual binary is comparable in size to a native
kernel. You can run that huge binary, and only the actual code and
data will be loaded into memory, so the symbols only consume disk
space unless you are running UML under gdb. You can strip UML:
host% strip linux
to see the true size of the UML kernel.
Make sure that you don't build this
kernel in /usr/src/linux. On some distributions, /usr/include/asm
is a link into this pool. The user-mode build changes the other end
of that link, and things that include <asm/anything.h> stop compiling.
The sources are also available from cvs. You can
browse the CVS pool
or access it anonymously via
If you get the CVS sources, you will have to check them out into an
empty directory. You will then have to copy each file into the corresponding
directory in the appropriate kernel pool.
If you don't have the latest kernel pool, you can get the corresponding
user-mode sources with
host% cvs co -r v_2_3_x linux
where 'x' is the version in your pool. Note that you will not get the bug
fixes and enhancements that have gone into subsequent releases.
If you build your own kernel, and want to boot it from one of the
filesystems distributed from this site, then, in nearly all cases,
devfs must be compiled into the kernel and mounted at boot time. The
exception is the tomsrtbt filesystem. For this,
devfs must either not be in the kernel at all, or "devfs=nomount" must
be on the kernel command line. Any disagreement between the kernel
and the filesystem being booted about whether devfs is being used will
result in the boot getting no further than single-user mode.
If you don't want to use devfs, you can remove the need for it from a
filesystem by copying /dev from someplace, making a bunch of
/dev/ubd devices:
UML#
for i in 0 1 2 3 4 5 6 7; do mknod ubd$i b 98 $[ $i * 16 ]; done
and changing /etc/fstab and /etc/inittab to refer to the non-devfs devices.
UML modules are built in the same way as the native kernel (with the
exception of the 'ARCH=um' that you always need for UML):
host% make modules ARCH=um
Any modules that you want to load into this kernel need to
be built in the user-mode pool. Modules from the native kernel won't
work. If you notice that the modules you get are much larger than
they are on the host, see the note above about the size of the final
UML binary.
You can install them by using ftp or something to copy them into the
virtual machine and dropping them into /lib/modules/`uname -r`.
You can also get the kernel build process to install them as
follows:
with the kernel not booted, mount the root filesystem in the top level
of the kernel pool:
host% mount root_fs mnt -o loop
run
host%
make modules_install INSTALL_MOD_PATH=`pwd`/mnt ARCH=um
unmount the filesystem
host% umount mnt
boot the kernel on it
If you can't mount the root filesystem on the host for some reason
(like it's a COW file), then an alternate approach is to mount the
UML kernel tree from the host into the UML with
hostfs and run the modules_install inside
UML:
With UML booted, mount the host kernel tree inside UML at the same
location as on the host:
UML# mount none -t hostfs path to UML pool -o
path to UML pool
Run make modules_install:
UML# cd path to UML pool ; make modules_install
The depmod at the end may complain about unresolved symbols because
there is an incorrect or missing System.map installed in the UML
filesystem. This appears to be harmless. insmod or modprobe should
work fine at this point.
When the system is booted, you can use insmod as usual to get the modules
into the kernel. A number of things have been loaded into UML as
modules, especially filesystems and network protocols and filters, so
most symbols which need to be exported probably already are. However,
if you do find symbols that need exporting, let
us know, and they'll be "taken care of".
If you try building an external module against a UML tree, you will
find that it doesn't compile because of missing includes. There are
less obvious problems with the CFLAGS that the module Makefile or
script provides which would make it not run even if it did build. To
get around this, you need to provide the same CFLAGS that the UML
kernel build uses.
A reasonably slick way of getting the UML CFLAGS is
cd uml-tree ; make script 'SCRIPT=@echo $(CFLAGS)' ARCH=um
If the module build process has something that looks like
$(CC) $(CFLAGS) file
then you can define CFLAGS in a script like this
CFLAGS=`cd uml-tree ; make script 'SCRIPT=@echo $(CFLAGS)' ARCH=um`
and like this in a Makefile
CFLAGS=$(shell cd uml-tree ; make script 'SCRIPT=@echo
$$(CFLAGS)' ARCH=um)
Many features of the UML kernel require a user-space helper program,
so a uml_utilities package is distributed separately from the kernel
patch which provides these helpers. Included within this is:
port-helper - Used by consoles which connect to xterms or ports
tunctl - Configuration tool to create and delete tap devices
uml_net - Setuid binary for automatic tap device configuration
uml_switch - User-space virtual switch required for daemon transport
The uml_utilities tree is compiled with:
host#
make && make install
Note that UML kernel patches may require a specific version of the
uml_utilities distribution. If you don't keep up with the mailing lists,
ensure that you have the latest release of uml_utilities if you are
experiencing problems with your UML kernel, particularly when dealing
with consoles or command-line switches to the helper programs
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-3.html 0000644 0000000 0000000 00000007725 12742461304 017144 0 ustar
User Mode Linux HOWTO : Running UML and logging inNextPreviousContents
It runs on 2.2.15 or later, and all 2.4 and 2.6 kernels.
Booting UML is straightforward. Simply run 'linux': it will try to
mount the file `root_fs' in the current directory. You do not need to
run it as root. If your root filesystem is not named `root_fs', then
you need to put a `ubd0=root_fs_whatever' switch on the linux command
line.
You will need a filesystem to boot UML from. There are a number
available for download from
here . There are also
several tools which can be used to generate UML-compatible filesystem
images from media.
The kernel will boot up and present you with a login prompt.
Note: If the host is configured with a 2G/2G address space split
rather than the usual 3G/1G split, then the packaged UML binaries will
not run. They will immediately segfault. See
UML on 2G/2G hosts for the scoop on
running UML on your system.
The prepackaged filesystems have a root account with
password 'root' and a user account with password 'user'. The
login banner will generally tell you how to log in. So, you log in
and you will find yourself inside a little virtual machine. Our
filesystems have a variety of commands and utilities installed (and it
is fairly easy to add more), so you will have a lot of tools with
which to poke around the system.
There are a couple of other ways to log in:
On a virtual console
Each virtual console that is configured (i.e. the
device exists in /dev and /etc/inittab runs a getty on it) will come up
in its own xterm. If you get tired of the xterms, read
Setting up serial lines and consoles to see how to
attach the consoles to something else, like host ptys.
Over the serial line
In the boot output, find a line that looks like:
serial line 0 assigned pty /dev/ptyp1
Attach your favorite terminal program to the corresponding
tty. I.e. for minicom, the command would be
host% minicom -o -p /dev/ttyp1
Over the net
If the network is running, then you can telnet to the virtual machine
and log in to it. See
Setting up the network to learn about setting up a virtual network.
When you're done using it, run halt, and the kernel
will bring itself down and the process will exit.
Most Linux machines are configured so that the kernel occupies the
upper 1G (0xc0000000 - 0xffffffff) of the 4G address space and
processes use the lower 3G (0x00000000 - 0xbfffffff). However, some
machine are configured with a 2G/2G split, with the kernel occupying
the upper 2G (0x80000000 - 0xffffffff) and processes using the lower
2G (0x00000000 - 0x7fffffff).
The prebuilt UML binaries on this site will not run on 2G/2G hosts
because UML occupies the upper .5G of the 3G process address space
(0xa0000000 - 0xbfffffff). Obviously, on 2G/2G hosts, this is right
in the middle of the kernel address space, so UML won't even load - it
will immediately segfault.
The fix for this is to rebuild UML from source after enabling
CONFIG_HOST_2G_2G (under 'General Setup'). This will cause UML to
load itself in the top .5G of that smaller process address space,
where it will run fine. See
Compiling the kernel and modules if you need help building UML from source.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-5.html 0000644 0000000 0000000 00000017330 12742461304 017137 0 ustar
User Mode Linux HOWTO : Setting up serial lines and consolesNextPreviousContents
Devices are specified with "con" or "ssl" (console or serial line,
respectively), optionally with a device number if you are talking
about a specific device.
Using just "con" or "ssl" describes all of the consoles or serial
lines. If you want to talk about console #3 or serial line #10, they
would be "con3" and "ssl10", respectively.
A specific device name will override a less general "con=" or "ssl=".
So, for example, you can assign a pty to each of the serial lines
except for the first two like this:
ssl=pty ssl0=tty:/dev/tty0 ssl1=tty:/dev/tty1
The specificity of the device name is all that matters; order on the
command line is irrelevant.
This will cause UML to allocate a free host pseudo-terminal for the
device. The terminal that it got will be announced in the boot log.
You access it by attaching a terminal program to the corresponding tty:
screen /dev/pts/n
screen /dev/ttyxx
minicom -o -p /dev/ttyxx - minicom seems not able to handle pts
devices
kermit - start it up, 'open' the device, then 'connect'
terminals - device=tty:tty device file
This will make UML attach the device to the specified tty (i.e
con1=tty:/dev/tty3
will attach UML's console 1 to the host's /dev/tty3). If the tty that
you specify is the slave end of a tty/pty pair, something
else must have already opened the corresponding pty in order for this
to work.
xterms - device=xterm
UML will run an xterm and the device will be attached to it.
Port - device=port:port number
This will attach the UML devices to the specified host port.
Attaching console 1 to the host's port 9000 would be done like this:
con1=port:9000
Attaching all the serial lines to that port would be done similarly:
ssl=port:9000
You access these devices by telnetting to that port. Each active
telnet session gets a different device. If there are more telnets to
a port than UML devices attached to it, then the extra telnet sessions
will block until an existing telnet detaches, or until another device
becomes active (i.e. by being activated in /etc/inittab).
This channel has the advantage that you can both attach multiple UML
devices to it and know how to access them without reading the UML boot
log. It is also unique in allowing access to a UML from remote
machines without requiring that the UML be networked. This could be
useful in allowing public access to UMLs because they would be
accessible from the net, but wouldn't need any kind of network
filtering or access control because they would have no network
access.
If you attach the main console to a portal, then the UML boot will
appear to hang. In reality, it's waiting for a telnet to connect, at
which point the boot will proceed.
If you set up a file descriptor on the UML command line, you can
attach a UML device to it. This is most commonly used to put the main
console back on stdin and stdout after assigning all the other
consoles to something else:
con0=fd:0,fd:1 con=pts
Nothing - device=null
This allows the device to be opened, in contrast to 'none', but reads
will block, and writes will succeed and the data will be thrown out.
None - device=none
This causes the device to disappear. If you are using devfs, the
device will not appear in /dev. If not, then attempts to open it will
return -ENODEV.
You can also specify different input and output channels for a device
by putting a comma between them:
ssl3=tty:/dev/tty2,xterm
will cause serial line 3 to accept input on the host's /dev/tty3 and
display output on an xterm. That's a silly example - the most common
use of this syntax is to reattach the main console to stdin and stdout
as shown above.
If you decide to move the main console away from stdin/stdout, the
initial boot output will appear in the terminal that you're running
UML in. However, once the console driver has been officially
initialized, then the boot output will start appearing wherever you
specified that console 0 should be. That device will receive all
subsequent output.
There are a number of interesting things you can do with this
capability.
First, this is how you get rid of those bleeding console xterms by
attaching them to host ptys:
con=pty con0=fd:0,fd:1
This will make a UML console take over an unused host virtual console,
so that when you switch to it, you will see the UML login prompt
rather than the host login
prompt:
con1=tty:/dev/tty6
You can attach two virtual machines together with what amounts to a
serial line as follows:
Run one UML with a serial line attached to a pty -
ssl1=pty
Look at the boot log to see what pty it got (this example will assume
that it got /dev/ptyp1).
Boot the other UML with a serial line attached to the corresponding
tty -
ssl1=tty:/dev/ttyp1
Log in, make sure that it has no getty on that serial line, attach
a terminal program like minicom to it, and you should see the login
prompt of the other virtual machine.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-6.html 0000644 0000000 0000000 00000073246 12742461304 017150 0 ustar
User Mode Linux HOWTO : Setting up the networkNextPreviousContents
This page describes how to set up the various transports and to
provide a UML instance with network access to the host, other machines
on the local net, and the rest of the net.
As of 2.4.5, UML networking has been completely redone to make it much
easier to set up, fix bugs, and add new features.
There is a new helper, uml_net, which does the host setup that
requires root privileges.
There are currently five transport types available for a UML virtual
machine to exchange packets with other hosts:
ethertap
TUN/TAP
Multicast
a switch daemon
slip
slirp
pcap
The TUN/TAP, ethertap, slip, and slirp transports allow a UML instance to
exchange packets with the host. They may be directed to the host or
the host may just act as a router to provide access to other physical
or virtual machines.
The pcap transport is a synthetic read-only interface, using the libpcap
binary to collect packets from interfaces on the host and filter them.
This is useful for building preconfigured traffic monitors or sniffers.
The daemon and multicast transports provide a completely virtual
network to other virtual machines. This network is completely
disconnected from the physical network unless one of the virtual
machines on it is acting as a gateway.
With so many host transports, which one should you use? Here's when
you should use each one:
ethertap - if you want access to the host networking and it is running
2.2
TUN/TAP - if you want access to the host networking and it is running
2.4. Also, the TUN/TAP transport is able to use a preconfigured
device, allowing it to avoid using the setuid uml_net helper, which
is a security advantage.
Multicast - if you want a purely virtual network and you don't want to
set up anything but the UML
a switch daemon - if you want a purely virtual network and you don't
mind running the daemon in order to get somewhat better performance
slip - there is no particular reason to run the slip backend unless
ethertap and TUN/TAP are just not available for some reason
slirp - if you don't have root access on the host to setup networking,
or if you don't want to allocate an IP to your UML
pcap - not much use for actual network connectivity, but great for
monitoring traffic on the host
Ethertap is available on 2.4 and works fine. TUN/TAP is preferred to
it because it has better performance and ethertap is officially
considered obsolete in 2.4. Also, the root helper only needs to run
occasionally for TUN/TAP, rather than handling every packet, as it
does with ethertap. This is a slight security advantage since it
provides fewer opportunities for a nasty UML user to somehow exploit
the helper's root privileges.
First, you must have the virtual network enabled in your UML. If are
running a prebuilt kernel from this site, everything is already enabled.
If you build the kernel yourself, under the "Network device support" menu,
enable "Network device support", and then the three transports.
The next step is to provide a network device to the virtual machine.
This is done by describing it on the kernel command line.
The general format is
eth <n> = <transport> , <transport args>
For example, a virtual ethernet device may be attached to a host ethertap
device as follows:
eth0=ethertap,tap0,fe:fd:0:0:0:1,192.168.0.254
This sets up eth0 inside the virtual machine to attach itself to the
host /dev/tap0, assigns it an ethernet address, and assigns the host
tap0 interface an IP address.
Note that the IP address you assign to the host end of the tap device
must be different than the IP you assign to the eth device inside
UML. If you are short on IPs and don't want to comsume two per
UML, then you can reuse the host's eth IP address for the host ends of
the tap devices. Internally, the UMLs must still get unique IPs for
their eth devices. You can also give the UMLs non-routable IPs
(192.168.x.x or 10.x.x.x) and have the host masquerade them. This
will let outgoing connections work, but incoming connections won't
without more work, such as port forwarding from the host.
Also note that when you configure the host side of an interface, it is only
acting as a gateway. It will respond to pings sent to it locally, but
is not useful to do that since it's a host interface. You are not
talking to the UML when you ping that interface and get a response.
You can also add devices to a UML and remove them at runtime. See
the
The Management Console page for details.
The sections below describe this in more detail.
Once you've decided how you're going to set up the devices, you boot
UML, log in, configure the UML side of the devices, and set up routes
to the outside world. At that point, you will be able to talk to any
other machines, physical or virtual, on the net.
If ifconfig inside UML fails and the network refuses to come up, run
'dmesg' to see what ended up in the kernel log. That will usually
tell you what went wrong.
You will likely need the setuid helper, or the switch daemon, or
both. They are both installed with the RPM and deb, so if you've installed
either, you can skip the rest of this section.
If not, then you need to check them out of CVS,
build them, and install them. The helper is uml_net, in CVS
/tools/uml_net, and the daemon is uml_switch, in CVS
/tools/uml_router. They are both built with a plain 'make'. Both
need to be installed in a directory that's in your path - /usr/bin is
recommend. On top of that, uml_net needs to be setuid root.
Below, you will see that the TUN/TAP, ethertap, and daemon interfaces
allow you to specify hardware addresses for the virtual ethernet
devices. This is generally not necessary. If you don't have a
specific reason to do it, you probably shouldn't. If one is not
specified on the command line, the driver will assign one based on the
device IP address. It will provide the address fe:fd:nn:nn:nn:nn
where nn.nn.nn.nn is the device IP address. This is nearly always
sufficient to guarantee a unique hardware address for the device. A
couple of exceptions are:
Another set of virtual ethernet devices are on the same network and
they are assigned hardware addresses using a different scheme which
may conflict with the UML IP address-based scheme
You aren't going to use the device for IP networking, so you don't
assign the device an IP address
If you let the driver provide the hardware address, you should make sure
that the device IP address is known before the interface is brought
up. So, inside UML, this will guarantee that:
UML#
ifconfig eth0 192.168.0.250 up
If you decide to assign the hardware address yourself, make sure that
the first byte of the address is even. Addresses with an odd first byte
are broadcast addresses, which you don't want assigned to a device.
Once the network devices have been described on the command line, you
should boot UML and log in.
The first thing to do is bring the interface up:
UML# ifconfig ethn ip-address up
You should be able to ping the host at this point.
To reach the rest of the world, you should set a default route to the
host:
UML# route add default gw host ip
Again, with host ip of 192.168.0.4:
UML# route add default gw 192.168.0.4
This page used to recommend setting a network route to your local
net. This is wrong, because it will cause UML to try to figure out
hardware addresses of the local machines by arping on the interface to
the host. Since that interface is basically a single strand of
ethernet with two nodes on it (UML and the host) and arp requests
don't cross networks, they will fail to elicit any responses. So,
what you want is for UML to just blindly throw all packets at the host
and let it figure out what to do with them, which is what leaving out
the network route and adding the default route does.
Note: If you can't communicate with other hosts on your physical
ethernet, it's probably because of a network route that's
automatically set up. If you run 'route -n' and see a route that
looks like this:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
with a mask that's not 255.255.255.255, then replace it with a route
to your host:
UML#
route del -net 192.168.0.0 dev eth0 netmask 255.255.255.0
UML#
route add -host 192.168.0.4 dev eth0
This, plus the default route to the host, will allow UML to exchange
packets with any machine on your ethernet.
The simplest way to set up a virtual network between multiple UMLs is
to use the mcast transport. This was written by Harald Welte and is
present in UML version 2.4.5-5um and later. Your system must have
multicast enabled in the kernel and there must be a multicast-capable
network device on the host. Normally, this is eth0, but if there is
no ethernet card on the host, then you will likely get strange error
messages when you bring the device up inside UML.
To use it, run two UMLs with
eth0=mcast
on their command lines. Log in, configure the ethernet device in each
machine with different IP addresses:
UML1# ifconfig eth0 192.168.0.254
UML2# ifconfig eth0 192.168.0.253
and they should be able to talk to each other.
The full set of command line options for this transport are
TUN/TAP is the preferred mechanism on 2.4 to exchange packets with the
host. The TUN/TAP backend has been in UML since 2.4.9-3um.
The easiest way to get up and running is to let the setuid uml_net
helper do the host setup for you. This involves insmod-ing the tun.o
module if necessary, configuring the device, and setting up IP
forwarding, routing, and proxy arp. If you are new to UML networking,
do this first. If you're concerned about the security implications of
the setuid helper, use it to get up and running, then read the next
section to see how to have UML use a preconfigured tap device, which
avoids the use of uml_net.
If you specify an IP address for the host side of the device, the
uml_net helper will do all necessary setup on the host - the only
requirement is that TUN/TAP be available, either built in to the host
kernel or as the tun.o module.
The format of the command line switch to attach a device to a TUN/TAP device
is
eth <n> =tuntap,,, <host IP address>
For example, this argument will attach the UML's eth0 to
the next available tap device, assign the IP address
192.168.0.254 to the host side of the tap device, and
assign an ethernet address to it based on the IP address assigned to
it by ifconfig inside UML.
eth0=tuntap,,,192.168.0.254
If you using the uml_net helper to set up the host side of the
networking, as in this example, note that changing the UML IP address
will cause uml_net to change the host routing and arping to match.
This is one reason you should not be using uml_net if there is any
possibility that the user inside the UML may be unfriendly. This
feature is convenient, but can be used to make the UML pretend to be
something like your name server or mail server, and the host will
steal packets intended for those servers and forward them to the UML.
See the next section for setting up networking in a secure manner.
There are a couple potential problems with running the TUN/TAP
transport on a 2.4 host kernel
TUN/TAP seems not to work on 2.4.3 and earlier. Upgrade the host
kernel or use the ethertap transport.
With an upgraded kernel, TUN/TAP may fail with
File descriptor in bad state
This is due to a header mismatch between the upgraded kernel and the
kernel that was originally installed on the machine. The fix is to
make sure that /usr/src/linux points to the headers for the running kernel.
If you prefer not to have UML use uml_net (which is somewhat
insecure), with UML 2.4.17-11, you can set up a TUN/TAP device
beforehand. The setup needs to be done as root, but once that's done,
there is no need for root assistance. Setting up the device is done
as follows:
Create the device with tunctl (available from the UML utilities
tarball)
host# tunctl -u uid
where uid is the user id or username that UML will be run as.
This will tell you what device was created.
Configure the device IP (change IP addresses and device name to suit)
host# ifconfig tap0 192.168.0.254 up
Set up routing and arping if desired - this is my recipe, there are
other ways of doing the same thing
Note that this must be done every time the host boots - this
configuration is not stored across host reboots. So, it's probably a
good idea to stick it in an rc file. An even better idea would be a
little utility which reads the information from a config file and sets
up devices at boot time.
Rather than using up two IPs and ARPing for one of them, you can also
provide direct access to your LAN by the UML by using a bridge.
host#
brctl addbr br0
host#
ifconfig eth0 0.0.0.0 promisc up
host#
ifconfig tap0 0.0.0.0 promisc up
host#
ifconfig br0 192.168.0.1 netmask 255.255.255.0 up
host#
brctl stp br0 off
host#
brctl setfd br0 1
host#
brctl sethello br0 1
host#
brctl addif br0 eth0
host#
brctl addif br0 tap0
Note that 'br0' should be setup using ifconfig with the existing IP
address of eth0, as eth0 no longer has its own IP.
Also, the /dev/net/tun device must be writable by the user running UML
in order for the UML to use the device that's been configured for it.
The simplest thing to do is
host# chmod 666 /dev/net/tun
Making it world-writeable looks bad, but it seems not to be
exploitable as a security hole. However, it does allow anyone to
create useless tap devices (useless because they can't configure
them), which is a DOS attack. A somewhat more secure alternative
would to be to create a group containing all the users who have
preconfigured tap devices and chgrp /dev/net/tun to that group with
mode 664 or 660.
Once the device is set up, run UML with
eth0=tuntap,devicename
i.e.
eth0=tuntap,tap0
on the command line (or do it with
the mconsole config command).
Bring the eth device up in UML and you're in business.
If you don't want that tap device any more, you can make it
non-persistent with
host# tunctl -d tap device
Finally, tunctl has a -b (for brief mode) switch which causes it to
output only the name of the tap device it created. This makes it
suitable for capture by a script:
Ethertap is the general mechanism on 2.2 for userspace processes to
exchange packets with the kernel.
To use this transport, you need to describe the virtual network
device on the UML command line. The general format for this is
eth <n> =ethertap, <device> , <ethernet address> , <host IP address>
So, the previous example
eth0=ethertap,tap0,fe:fd:0:0:0:1,192.168.0.254
attaches the UML eth0 device to the host
/dev/tap0, assigns it the
ethernet address fe:fd:0:0:0:1, and assigns the IP address
192.168.0.254 to the host side of the tap device.
The tap device is mandatory, but the others are optional. If the
ethernet address is omitted, one will be assigned to it.
The presence of the tap IP address will cause the helper to run and do
whatever host setup is needed to allow the virtual machine to
communicate with the outside world. If you're not sure you know what
you're doing, this is the way to go.
If it is absent, then you must configure the tap device and whatever
arping and routing you will need on the host. However, even in this
case, the uml_net helper still needs to be in your path and it must be
setuid root if you're not running UML as root. This is because the
tap device doesn't support SIGIO, which UML needs in order to use
something as a source of input. So, the helper is used as a
convenient asynchronous IO thread.
If you're using the uml_net helper, you can ignore the following host
setup - uml_net will do it for you. You just need to make sure you
have ethertap available, either built in to the host kernel or
available as a module.
If you want to set things up yourself, you need to make
sure that the appropriate /dev entry exists. If it doesn't, become
root and create it as follows (the $[ ... ] is bash syntax for adding 16 to
the minor number) :
mknod /dev/tap <minor> c 36 $[ <minor> + 16 ]
For example, this is how to create /dev/tap0:
mknod /dev/tap0 c 36 $[ 0 + 16 ]
You also need to make sure that the host kernel has ethertap support.
If ethertap is enabled as a module, you apparently need to insmod
ethertap once for each ethertap device you want to enable. So,
host#
insmod ethertap
will give you the tap0 interface. To get the tap1 interface, you need
to run
Note: This is the daemon formerly known as uml_router, but
which was renamed so the network weenies of the world would stop
growling at me.
The switch daemon, uml_switch, provides a mechanism for creating a
totally virtual network. By default, it provides no connection to the
host network (but see -tap, below).
The first thing you need to do is run the daemon. Running it with no
arguments will make it listen on a default unix domain socket.
If you want it to listen on a different socket, use
-unix socket
If you want it to act as a hub rather than a switch, use
-hub
If you're planning on putting it in hub mode so you can sniff UML
traffic from a tap device on the host, it appears that you need to
assign the tap an IP address before you'll see any packets on it.
If you want the switch to be connected to host networking (allowing the
umls to get access to the outside world through the host), use
-tap tap0
Note that the tap device must be preconfigured (see "TUN/TAP with a
preconfigured tap device", above). If you're using a different tap
device than tap0, specify that instead of tap0.
The reason it doesn't background by default is that it listens to
stdin for EOF. When it sees that, it exits.
The general format of the kernel command line switch is
ethn=daemon,ethernet address,socket type,socket
You can leave off everything except the 'daemon'. You only need to
specify the ethernet address if the one that will be assigned to it
isn't acceptable for some reason. The rest of the arguments describe
how to communicate with the daemon. You should only specify them if
you told the daemon to use different sockets than the default. So, if
you ran the daemon with no arguments, running the UML on the same
machine with
eth0=daemon
will cause the eth0 driver to attach itself to the daemon correctly.
The socket argument is the filename of a Unix domain socket which is
used for communications between uml_switch and the UMLs on its network.
If you do specify a different socket from the default, which you will
need to do if you want multiple, separate uml_switch networks on the
host, you need to make sure that you name the same path for the socket
on both the uml_switch and UML command lines.
Currently the only supported value for the socket type is "unix".
Slip is another, less general, mechanism for a process to communicate
with the host networking. In contrast to the ethertap interface,
which exchanges ethernet frames with the host and can be used to
transport any higher-level protocol, it can only be used to transport
IP.
The general format of the command line switch is
ethn=slip,slip IP
The slip IP argument is the IP address that will be assigned to the
host end of the slip device. If it is specified, the helper will run
and will set up the host so that the virtual machine can reach it and
the rest of the network.
There are some oddities with this interface that you should be aware
of. You should only specify one slip device on a given virtual
machine, and its name inside UML will be 'umn', not 'eth0' or whatever
you specified on the command line. These problems will be fixed at some point.
slirp uses an external program, usually /usr/bin/slirp, to provide IP
only networking connectivity through the host. This is similar to IP
masquerading with a firewall, although the translation is performed in
user-space, rather than by the kernel. As slirp does not set up any
interfaces on the host, or changes routing, slirp does not require
root access or setuid binaries on the host.
The general format of the command line switch for slirp is:
ethn=slirp,ethernet address,slirp path
The ethernet address is optional, as UML will set up the interface
with an ethernet address based upon the initial IP address of the
interface. The slirp path is generally /usr/bin/slirp, although it
will depend on distribution.
The slirp program can have a number of options passed to the command line
and we can't add them to the UML command line, as they will be parsed
incorrectly. Instead, a wrapper shell script can be written or the options
inserted into the /.slirprc file. More information on all of the slirp
options can be found in its man pages.
The eth0 interface on UML should be set up with the IP 10.2.0.15,
although you can use anything as long as it is not used by a network you
will be connecting to. The default route on UML should be set to use
'eth0' without a gateway IP:
UML#
route add default dev eth0
slirp provides a number of useful IP addresses which can be used by
UML, such as 10.0.2.3 which is an alias for the DNS server specified in
/etc/resolv.conf on the host or the IP given in the 'dns' option for slirp.
Even with a baudrate setting higher than 115200, the slirp connection
is limited to 115200. If you need it to go faster, the slirp binary
needs to be compiled with FULL_BOLT defined in config.h.
The interface is whatever network device on the host you want to sniff.
The expression is a pcap filter expression, which is also what tcpdump
uses, so if you know how to specify tcpdump filters, you will use the
same expressions here. The options are up to two of 'promisc',
'nopromisc', 'optimize', 'nooptimize'. 'promisc' and 'nopromisc'
control whether pcap puts the host interface into promiscuous
mode. 'optimize' and 'nooptimize' control whether the pcap expression
optimizer is used.
Example:
eth0=pcap,eth0,tcp
eth1=pcap,eth0,!tcp
will cause the UML eth0 to emit all tcp packets on the host eth0 and the
UML eth1 to emit all non-tcp packets on the host eth0.
If you don't specify an address for the host side of the ethertap or
slip device, UML won't do any setup on the host. So this is what is
needed to get things working (the examples use a host-side IP of
192.168.0.251 and a UML-side IP of 192.168.0.250 - adjust to suit your
own network):
The device needs to be configured with its IP address. Tap devices
are also configured with an mtu of 1484. Slip devices are configured
with a point-to-point address pointing at the UML ip address.
host# ifconfig tap0 arp mtu 1484 192.168.0.251 up
host#
ifconfig sl0 192.168.0.251 pointopoint 192.168.0.250 up
If a tap device is being set up, a route is set to the UML IP.
Don't attempt to share filesystems simply by booting two UMLs from the
same file. That's the same thing as booting two physical machines
from a shared disk. It will result in filesystem corruption.
The way to share a filesystem between two virtual machines is to use
the copy-on-write (COW) layering capability of the ubd block driver. As of
2.4.6-2um, the driver supports layering a read-write private device
over a read-only shared device. A machine's writes are stored in the
private device, while reads come from either device - the private one
if the requested block is valid in it, the shared one if not. Using
this scheme, the majority of data which is unchanged is shared between
an arbitrary number of virtual machines, each of which has a much
smaller file containing the changes that it has made. With a large
number of UMLs booting from a large root filesystem, this leads to a
huge disk space saving. It will also help performance, since the host
will be able to cache the shared data using a much smaller amount of
memory, so UML disk requests will be served from the host's memory
rather than its disks.
To add a copy-on-write layer to an existing block device file, simply
add the name of the COW file to the appropriate ubd switch:
ubd0=root_fs_cow,root_fs_debian_22
where 'root_fs_cow' is the private COW file and 'root_fs_debian_22' is
the existing shared filesystem. The COW file need not exist. If it
doesn't, the driver will create and initialize it. Once the COW file
has been initialized, it can be used on its own on the command line:
ubd0=root_fs_cow
The name of the backing file is stored in the COW file header, so it
would be redundant to continue specifying it on the command line.
When checking the size of the COW file in order to see the gobs of
space that you're saving, make sure you use 'ls -ls' to see the actual
disk consumption rather than the length of the file. The COW file is
sparse, so the length will be very different from the disk usage.
Here is a 'ls -l' of a COW file and backing file from one boot and
shutdown:
host% ls -l cow.debian debian2.2
-rw-r--r-- 1 jdike jdike 492504064 Aug 6 21:16 cow.debian
-rwxrw-rw- 1 jdike jdike 537919488 Aug 6 20:42 debian2.2
Doesn't look like much saved space, does it? Well, here's 'ls -ls':
host% ls -ls cow.debian debian2.2
880 -rw-r--r-- 1 jdike jdike 492504064 Aug 6 21:16 cow.debian
525832 -rwxrw-rw- 1 jdike jdike 537919488 Aug 6 20:42 debian2.2
Now, you can see that the COW file has less than a meg of disk, rather
than 492 meg.
Once a filesystem is being used as a readonly backing file for a COW
file, do not boot directly from it or modify it in any way. Doing so
will invalidate any COW files that are using it. The mtime and size
of the backing file are stored in the COW file header at its creation,
and they must continue to match. If they don't, the driver will
refuse to use the COW file.
If you attempt to evade this restriction by changing either the
backing file or the COW header by hand, you will get a corrupted
filesystem.
Among other things, this means that upgrading the distribution in a
backing file and expecting that all of the COW files using it will see
the upgrade will not work.
Because UML stores the backing file name and its mtime in the COW
header, if you move the backing file, that information becomes
invalid. So, the procedure for moving a backing file is
Move it in a way that preserves timestamps. Usually, this is a "-p"
switch. "cp -a" works because "-a" implies "-p".
Update the COW header by booting UML on it, specifying both the COW
file and the new location of the backing file
host% ubd0=COW file,new backing file
location
UML will notice the mismatch between the command line and COW header,
check the size and mtime of the new backing file path, and update the
COW header to reflect it if it checks out.
If you forget to preserve the timestamps when you move the backing
file, you can fix the mtime by hand as follows
host%
mtime=whatever UML says mtime should be ; \
touch --date="`date -d 1970-01-01\ UTC\ $mtime\ seconds`" backing file
Note that if you do this on a backing file that has truly been
changed, and not just moved, then you will get file corruption and you
will lose the filesystem.
Depending on how you use UML and COW devices, it may be advisable to
merge the changes in the COW file into the backing file every once in
a while.
The utility that does this is uml_moo. Its usage is
host% uml_moo COW file new backing file
There's no need to specify the backing file since that information is
already in the COW file header. If you're paranoid, boot the new
merged file, and if you're happy with it, move it over the old backing
file.
uml_moo creates a new backing file by default as a safety measure. It
also has a destructive merge option which will merge the COW file
directly into its current backing file. This is really only usable
when the backing file only has one COW file associated with it. If
there are multiple COWs associated with a backing file, a -d merge of
one of them will invalidate all of the others. However, it is
convenient if you're short of disk space, and it should also be
noticably faster than a non-destructive merge. This usage is
host% uml_moo -d COW file
uml_moo is installed with the UML deb and RPM. If you didn't install
UML from one of those packages, you can also get it from the
UML utilities tar file in tools/moo.
The normal way to create a COW file is to specify a non-existant COW
file on the UML command line, and let UML create it for you. However,
sometimes you want a new COW file, and you don't want to boot UML in
order to get it. This can be done with uml_mkcow, which is a little
standalone utility by Steve Schnepp.
The standard usage is
host% uml_mkcow new COW file existing
backing file
If you want to destroy an existing COW file, then there is a -f switch
to force the overwriting of the old COW file
You may want to create and mount new UML filesystems, either because
your root filesystem isn't large enough or because you want to use a
filesystem other than ext2.
This was written on the occasion of reiserfs being included in the
2.4.1 kernel pool, and therefore the 2.4.1 UML, so the examples will
talk about reiserfs. This information is generic, and the examples
should be easy to translate to the filesystem of your choice.
dd is your friend. All you need to do is tell dd to create an empty
file of the appropriate size. I usually make it sparse to save time
and to avoid allocating disk space until it's actually used. For
example, the following command will create a sparse 100 meg file full
of zeroes.
Make sure that the filesystem is available, either by being built into
the kernel, or available as a module, then boot up UML and log in. If
the root filesystem doesn't have the filesystem utilities (mkfs, fsck,
etc), then get them into UML by way of the net or hostfs.
Make the new filesystem on the device assigned to the new file:
host# mkreiserfs /dev/ubd/4
<----------- MKREISERFSv2 ----------->
ReiserFS version 3.6.25
Block size 4096 bytes
Block count 25856
Used blocks 8212
Journal - 8192 blocks (18-8209), journal header is in block 8210
Bitmaps: 17
Root block 8211
Hash function "r5"
ATTENTION: ALL DATA WILL BE LOST ON '/dev/ubd/4'! (y/n)y
journal size 8192 (from 18)
Initializing journal - 0%....20%....40%....60%....80%....100%
Syncing..done.
Now, mount it:
UML#
mount /dev/ubd/4 /mnt
and you're in business.
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO-9.html 0000644 0000000 0000000 00000012453 12742461304 017144 0 ustar
User Mode Linux HOWTO : Host file accessNextPreviousContents
If you want to access files on the host machine from inside UML, you
can treat it as a separate machine and either nfs mount directories
from the host or copy files into the virtual machine with scp or rcp.
However, since UML is running on the the host, it can access those
files just like any other process and make them available inside the
virtual machine without needing to use the network.
This is now possible with the hostfs virtual filesystem. With it, you
can mount a host directory into the UML filesystem and access the
files contained in it just as you would on the host.
Note that hostfs is currently not available on 2.5. The reason is
that there was an fs.h rework early in 2.5 which required filesystem
changes, and I haven't got around to updating hostfs to those changes.
To begin with, make sure that hostfs is available inside the virtual
machine with
UML# cat /proc/filesystems
hostfs should be listed. If it's not, either rebuild the kernel with
hostfs configured into it or make sure that hostfs is built as a
module and available inside the virtual machine, and insmod it.
Now all you need to do is run mount:
UML# mount none /mnt/host -t hostfs
will mount the host's / on the virtual machine's /mnt/host.
If you don't want to mount the host root directory, then you can
specify a subdirectory to mount with the -o switch to mount:
UML# mount none /mnt/home -t hostfs -o /home
will mount the hosts's /home on the virtual machine's /mnt/home.
There is a hostfs option available on the UML command line which can
be used confine all hostfs mounts to a host directory hierarchy or to
prevent a hostfs user from destroying data on the host. The format is
hostfs=directory,options
The only option available at present is 'append', which forces all
files to be opened in append mode and disallows any deletion of files.
To specify append mode without confining hostfs to a host directory,
just leave out the directory name so that the argument begins with a
comma:
If you need to build hostfs because it's not in your kernel, you have
two choices:
Compiling hostfs into the kernel:
Reconfigure the kernel and set the 'Host filesystem' option under
'Processor features' to 'Y'. Recompile the kernel and reboot it.
Compiling hostfs as a module:
Reconfigure the kernel and set the 'Host filesystem' option under
'Processor features' to 'M'. Rebuild the kernel modules. hostfs will
be in arch/um/fs/hostfs/hostfs.o. Install that in /lib/modules/`uname -r`/fs
in the virtual machine, boot it up, and
UML# insmod hostfs
NextPreviousContents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO.html 0000644 0000000 0000000 00000026722 12742461304 017002 0 ustar
User Mode Linux HOWTO Next
Previous
Contents
User Mode Linux HOWTO
User Mode Linux Core Team
Mon Jan 30 16:52:10 EST 2006
This document describes the use and abuse of Jeff Dike's User Mode Linux: a port of the Linux kernel as a normal Intel Linux process.
Next
Previous
Contents
user-mode-linux-doc-20060501/UserModeLinux-HOWTO.txt 0000644 0000000 0000000 00000415315 12742461304 016655 0 ustar User Mode Linux HOWTO
User Mode Linux Core Team
Mon Jan 30 16:52:10 EST 2006
This document describes the use and abuse of Jeff Dike's User Mode
Linux: a port of the Linux kernel as a normal Intel Linux process.
______________________________________________________________________
Table of Contents
1. Introduction
1.1 What is User Mode Linux?
1.2 How is User Mode Linux Different?
1.3 How does UML Work?
1.4 Why Would I Want UML?
2. Compiling the kernel and modules
2.1 Compiling the kernel
2.2 Compiling and installing kernel modules
2.3 Compiling and installing uml_utilities
3. Running UML and logging in
3.1 Running UML
3.2 Logging in
3.3 Examples
4. UML on 2G/2G hosts
4.1 Introduction
4.2 The problem
4.3 The solution
5. Setting up serial lines and consoles
5.1 Specifying the device
5.2 Specifying the channel
5.3 Examples
6. Setting up the network
6.1 General setup
6.2 Userspace daemons
6.3 Specifying ethernet addresses
6.4 UML interface setup
6.5 Multicast
6.6 TUN/TAP with the uml_net helper
6.7 TUN/TAP with a preconfigured tap device
6.8 Ethertap
6.9 The switch daemon
6.10 Slip
6.11 Slirp
6.12 pcap
6.13 Setting up the host yourself
7. Sharing Filesystems between Virtual Machines
7.1 A warning
7.2 Using layered block devices
7.3 Note!
7.4 Another warning
7.5 Moving a backing file
7.6 uml_moo : Merging a COW file with its backing file
7.7 uml_mkcow : Create a new COW file
8. Creating filesystems
8.1 Create the filesystem file
8.2 Assign the file to a UML device
8.3 Creating and mounting the filesystem
9. Host file access
9.1 Using hostfs
9.2 hostfs command line options
9.3 hostfs as the root filesystem
9.4 Building hostfs
10. The Management Console
10.1 version
10.2 halt and reboot
10.3 config
10.4 remove
10.5 sysrq
10.6 help
10.7 cad
10.8 stop
10.9 go
10.10 log
10.11 proc
10.12 Making online backups
10.13 Event notification
11. Kernel debugging
11.1 Starting the kernel under gdb
11.2 Examining sleeping processes
11.3 Running ddd on UML
11.4 Debugging modules
11.5 Attaching gdb to the kernel
11.6 Using alternate debuggers
12. Kernel debugging examples
12.1 The case of the hung fsck
12.2 Episode 2: The case of the hung fsck
13. What to do when UML doesn't work
13.1 Strange compilation errors when you build from source
13.2 UML hangs on boot after mounting devfs
13.3 A variety of panics and hangs with /tmp on a reiserfs filesystem
13.4 The compile fails with errors about conflicting types for 'open', 'dup', and 'waitpid'
13.5 UML doesn't work when /tmp is an NFS filesystem
13.6 UML hangs on boot when compiled with gprof support
13.7 syslogd dies with a SIGTERM on startup
13.8 TUN/TAP networking doesn't work on a 2.4 host
13.9 You can network to the host but not to other machines on the net
13.10 I have no root and I want to scream
13.11 UML build conflict between ptrace.h and ucontext.h
13.12 The UML BogoMips is exactly half the host's BogoMips
13.13 When you run UML, it immediately segfaults
13.14 xterms appear, then immediately disappear
13.15 cannot set up thread-local storage
13.16 Process segfaults with a modern (NPTL-using) filesystem
13.17 Any other panic, hang, or strange behavior
14. Diagnosing Problems
14.1 Case 1 : Normal kernel panics
14.2 Case 2 : Tracing thread panics
14.3 Case 3 : Tracing thread panics caused by other threads
14.4 Case 4 : Hangs
15. Thanks
15.1 Code and Documentation
15.2 Flushing out bugs
15.3 Buglets and clean-ups
15.4 Case Studies
15.5 Other contributions
______________________________________________________________________
[1m1. Introduction[0m
Welcome to User Mode Linux. It's going to be fun.
[1m1.1. What is User Mode Linux?[0m
User Mode Linux lets you run Linux inside itself! With that comes the
power to do all sorts of new things. It virtualises (or simulates, as
some people call it) Linux so that you can run an entire Linux where
once you would have only run a program.
You might have heard of functionality like this before. There are
quite a few projects whose goal is to nest operating systems in one
way or another: Linux on Linux, Windows on Linux, Linux on Windows,
Linux/s390 on Linux/anythingelse, and so on. Or even just x86 on
anything, where the 'x86' program can boot operating systems including
Linux.
Where x86 is involved there is the greatest concentration of efforts.
At the end of this HOWTO you'll find a list of alternative projects.
If all you want to do is run a copy of x86 Linux on another copy of
x86 Linux as fast as possible with little control then quite possibly
one of these other projects will so better than UML.
[1m1.2. How is User Mode Linux Different?[0m
User Mode Linux (UML) is rather different from every other Linux
virtualisation project, either free or commercial. UML strives to
present itself as an ordinary program as much as possible. Here are
some of the outcomes of that philosophy:
1. Good speed with few compromises. UML compiles to native machine
code that runs just like any other compiled application on the
host. This makes it very much faster than portable virtualisation
schemes that implement an entire hardware architecture in software.
On the other hand, UML does not suffer from the extreme hardware
specificity of virtualisation systems that rely on particular CPU
features. UML runs applications inside itself with normally at
worst a 20% slowdown compared to the host system, which modern
hardware and clever system design can render negligable in real
terms.
2. Futureproof. Every time Linux gets improved so it can do something
new and clever that benefits the programs it runs, UML
automatically gets that facility. Software suspend, fine-grained
security control such as SE Linux, new filesystem features, support
for bigger/faster hardware... the same is not true with those
virtualisation systems that require major changes on the host
computer.
3. Flexible code. Normally an OS kernel is just that... a kernel. It
talks to hardware or maybe some virtualised hardware. But UML can
be viewed in many other ways. It would be possible to turn it into
a shared library, for example, so that other programs could link to
it to take advantage of things that Linux does very well. It can be
started as a subshell of an existing application. It can use
stin/stdout like any other program.
4. Portable. Really portable. UML has only just started to be
exploited for its portability, but there is promising evidence that
ports to x86 Windows, PowerPC Linux, x86 BSD and other systems are
very practical.
5. Mature. UML has been in development since 1999. One indication of
its robustness is that UML can be compiled to run within UML,
making it 'self-hosting'. Production systems are running on UML.
6. Free Software. UML is under the GPL (as it must be, being part of
the Linux kernel.)
[1m1.3. How does UML Work?[0m
Normally, the Linux Kernel talks straight to your hardware (video
card, keyboard, hard drives, etc), and any programs which run ask the
kernel to operate the hardware, like so:
+-----------+-----------+----+
| Process 1 | Process 2 | ...|
+-----------+-----------+----+
| Linux Kernel |
+----------------------------+
| Hardware |
+----------------------------+
The UML Kernel is different; instead of talking to the hardware, it
talks to a `real' Linux kernel (called the `host kernel' from now on),
like any other program. Programs can then run inside User-Mode Linux
as if they were running under a normal kernel, like so:
+----------------+
| Process 2 | ...|
+-----------+----------------+
| Process 1 | User-Mode Linux|
+----------------------------+
| Linux Kernel |
+----------------------------+
| Hardware |
+----------------------------+
[1m1.4. Why Would I Want UML?[0m
1. If UML crashes, your host kernel is still fine.
2. You can run a usermode kernel as a non-root user.
3. You can debug the UML like any normal process.
4. You can run gprof (profiling) and gcov (coverage testing).
5. You can play with your kernel without breaking things.
6. You can use it as a sandbox for testing new apps.
7. You can try new development kernels safely.
8. You can run different distributions simultaneously.
9. It's extremely fun.
[1m2. Compiling the kernel and modules[0m
[1m2.1. Compiling the kernel[0m
Compiling the user mode kernel is just like compiling any other
kernel. Let's go through the steps, using 2.4.0-prerelease (current
as of this writing) as an example:
1. Download the latest UML patch from
the download page
In this example, the file is uml-patch-2.4.0-prerelease.bz2.
2. Download the matching kernel from your favourite kernel mirror,
such as: http://ftp.ca.kernel.org/linux/kernel/
http://ftp.ca.kernel.org/linux/kernel/
.
3. Make a directory and unpack the kernel into it.
host%
mkdir ~/uml
host%
cd ~/uml
host%
tar -xjvf linux-2.4.0-prerelease.tar.bz2
4. Apply the patch using
host%
cd ~/uml/linux
host%
bzcat uml-patch-2.4.0-prerelease.bz2 | patch -p1
5. Run your favorite config; `make xconfig ARCH=um' is the most
convenient. `make config ARCH=um' and 'make menuconfig ARCH=um'
will work as well. The defaults will give you a useful kernel. If
you want to change something, go ahead, it probably won't hurt
anything.
Note: If the host is configured with a 2G/2G address space split
rather than the usual 3G/1G split, then the packaged UML binaries
will not run. They will immediately segfault. See ``UML on 2G/2G
hosts'' for the scoop on running UML on your system.
6. Finish with `make linux ARCH=um': the result is a file called
`linux' in the top directory of your source tree.
You may notice that the final binary is pretty large (many 10's of
megabytes for a debuggable UML). This is almost entirely symbol
information. The actual binary is comparable in size to a native
kernel. You can run that huge binary, and only the actual code and
data will be loaded into memory, so the symbols only consume disk
space unless you are running UML under gdb. You can strip UML:
host% strip linux
to see the true size of the UML kernel.
Make sure that you don't build this kernel in /usr/src/linux. On some
distributions, /usr/include/asm is a link into this pool. The user-
mode build changes the other end of that link, and things that include
stop compiling.
The sources are also available from cvs. You can browse
the CVS pool or access it
anonymously via
cvs -d:pserver:anonymous@www.user-mode-linux.org:/cvsroot/user-mode-linux
cvs command
If you get the CVS sources, you will have to check them out into an
empty directory. You will then have to copy each file into the
corresponding directory in the appropriate kernel pool.
If you don't have the latest kernel pool, you can get the
corresponding user-mode sources with
host% cvs co -r v_2_3_x linux
where 'x' is the version in your pool. Note that you will not get the
bug fixes and enhancements that have gone into subsequent releases.
If you build your own kernel, and want to boot it from one of the
filesystems distributed from this site, then, in nearly all cases,
devfs must be compiled into the kernel and mounted at boot time. The
exception is the tomsrtbt filesystem. For this, devfs must either not
be in the kernel at all, or "devfs=nomount" must be on the kernel
command line. Any disagreement between the kernel and the filesystem
being booted about whether devfs is being used will result in the boot
getting no further than single-user mode.
If you don't want to use devfs, you can remove the need for it from a
filesystem by copying /dev from someplace, making a bunch of /dev/ubd
devices:
UML#
for i in 0 1 2 3 4 5 6 7; do mknod ubd$i b 98 $[ $i * 16 ]; done
and changing /etc/fstab and /etc/inittab to refer to the non-devfs
devices.
[1m2.2. Compiling and installing kernel modules[0m
UML modules are built in the same way as the native kernel (with the
exception of the 'ARCH=um' that you always need for UML):
host% make modules ARCH=um
Any modules that you want to load into this kernel need to be built in
the user-mode pool. Modules from the native kernel won't work. If
you notice that the modules you get are much larger than they are on
the host, see the note above about the size of the final UML binary.
You can install them by using ftp or something to copy them into the
virtual machine and dropping them into /lib/modules/`uname -r`.
You can also get the kernel build process to install them as follows:
1. with the kernel not booted, mount the root filesystem in the top
level of the kernel pool:
host% mount root_fs mnt -o loop
2. run
host%
make modules_install INSTALL_MOD_PATH=`pwd`/mnt ARCH=um
3. unmount the filesystem
host% umount mnt
4. boot the kernel on it
If you can't mount the root filesystem on the host for some reason
(like it's a COW file), then an alternate approach is to mount the UML
kernel tree from the host into the UML with hostfs and run the modules_install inside
UML:
1. With UML booted, mount the host kernel tree inside UML at the same
location as on the host:
UML# mount none -t hostfs path to UML pool -o
path to UML pool
2. Run make modules_install:
UML# cd path to UML pool ; make modules_install
The depmod at the end may complain about unresolved symbols because
there is an incorrect or missing System.map installed in the UML
filesystem. This appears to be harmless. insmod or modprobe should
work fine at this point.
When the system is booted, you can use insmod as usual to get the
modules into the kernel. A number of things have been loaded into UML
as modules, especially filesystems and network protocols and filters,
so most symbols which need to be exported probably already are.
However, if you do find symbols that need exporting, let us
know, and
they'll be "taken care of".
If you try building an external module against a UML tree, you will
find that it doesn't compile because of missing includes. There are
less obvious problems with the CFLAGS that the module Makefile or
script provides which would make it not run even if it did build. To
get around this, you need to provide the same CFLAGS that the UML
kernel build uses.
A reasonably slick way of getting the UML CFLAGS is
cd uml-tree ; make script 'SCRIPT=@echo $(CFLAGS)' ARCH=um
If the module build process has something that looks like
$(CC) $(CFLAGS) file
then you can define CFLAGS in a script like this
CFLAGS=`cd uml-tree ; make script 'SCRIPT=@echo $(CFLAGS)' ARCH=um`
and like this in a Makefile
CFLAGS=$(shell cd uml-tree ; make script 'SCRIPT=@echo
$$(CFLAGS)' ARCH=um)
[1m2.3. Compiling and installing uml_utilities[0m
Many features of the UML kernel require a user-space helper program,
so a uml_utilities package is distributed separately from the kernel
patch which provides these helpers. Included within this is:
+o port-helper - Used by consoles which connect to xterms or ports
+o tunctl - Configuration tool to create and delete tap devices
+o uml_net - Setuid binary for automatic tap device configuration
+o uml_switch - User-space virtual switch required for daemon
transport
The uml_utilities tree is compiled with:
host#
make && make install
Note that UML kernel patches may require a specific version of the
uml_utilities distribution. If you don't keep up with the mailing
lists, ensure that you have the latest release of uml_utilities if you
are experiencing problems with your UML kernel, particularly when
dealing with consoles or command-line switches to the helper programs
[1m3. Running UML and logging in[0m
[1m3.1. Running UML[0m
It runs on 2.2.15 or later, and all 2.4 and 2.6 kernels.
Booting UML is straightforward. Simply run 'linux': it will try to
mount the file `root_fs' in the current directory. You do not need to
run it as root. If your root filesystem is not named `root_fs', then
you need to put a `ubd0=root_fs_whatever' switch on the linux command
line.
You will need a filesystem to boot UML from. There are a number
available for download from here . There are also several tools
which can be
used to generate UML-compatible filesystem images from media.
The kernel will boot up and present you with a login prompt.
Note: If the host is configured with a 2G/2G address space split
rather than the usual 3G/1G split, then the packaged UML binaries will
not run. They will immediately segfault. See ``UML on 2G/2G hosts''
for the scoop on running UML on your system.
[1m3.2. Logging in[0m
The prepackaged filesystems have a root account with password 'root'
and a user account with password 'user'. The login banner will
generally tell you how to log in. So, you log in and you will find
yourself inside a little virtual machine. Our filesystems have a
variety of commands and utilities installed (and it is fairly easy to
add more), so you will have a lot of tools with which to poke around
the system.
There are a couple of other ways to log in:
+o On a virtual console
Each virtual console that is configured (i.e. the device exists in
/dev and /etc/inittab runs a getty on it) will come up in its own
xterm. If you get tired of the xterms, read ``Setting up serial
lines and consoles'' to see how to attach the consoles to
something else, like host ptys.
+o Over the serial line
In the boot output, find a line that looks like:
serial line 0 assigned pty /dev/ptyp1
Attach your favorite terminal program to the corresponding tty. I.e.
for minicom, the command would be
host% minicom -o -p /dev/ttyp1
+o Over the net
If the network is running, then you can telnet to the virtual
machine and log in to it. See ``Setting up the network'' to learn
about setting up a virtual network.
When you're done using it, run halt, and the kernel will bring itself
down and the process will exit.
[1m3.3. Examples[0m
Here are some examples of UML in action:
+o A login session
+o A virtual network
[1m4. UML on 2G/2G hosts[0m
[1m4.1. Introduction[0m
Most Linux machines are configured so that the kernel occupies the
upper 1G (0xc0000000 - 0xffffffff) of the 4G address space and
processes use the lower 3G (0x00000000 - 0xbfffffff). However, some
machine are configured with a 2G/2G split, with the kernel occupying
the upper 2G (0x80000000 - 0xffffffff) and processes using the lower
2G (0x00000000 - 0x7fffffff).
[1m4.2. The problem[0m
The prebuilt UML binaries on this site will not run on 2G/2G hosts
because UML occupies the upper .5G of the 3G process address space
(0xa0000000 - 0xbfffffff). Obviously, on 2G/2G hosts, this is right
in the middle of the kernel address space, so UML won't even load - it
will immediately segfault.
[1m4.3. The solution[0m
The fix for this is to rebuild UML from source after enabling
CONFIG_HOST_2G_2G (under 'General Setup'). This will cause UML to
load itself in the top .5G of that smaller process address space,
where it will run fine. See ``Compiling the kernel and modules'' if
you need help building UML from source.
[1m5. Setting up serial lines and consoles[0m
It is possible to attach UML serial lines and consoles to many types
of host I/O channels by specifying them on the command line.
You can attach them to host ptys, ttys, file descriptors, and ports.
This allows you to do things like
+o have a UML console appear on an unused host console,
+o hook two virtual machines together by having one attach to a pty
and having the other attach to the corresponding tty
+o make a virtual machine accessible from the net by attaching a
console to a port on the host.
The general format of the command line option is device=channel.
[1m5.1. Specifying the device[0m
Devices are specified with "con" or "ssl" (console or serial line,
respectively), optionally with a device number if you are talking
about a specific device.
Using just "con" or "ssl" describes all of the consoles or serial
lines. If you want to talk about console #3 or serial line #10, they
would be "con3" and "ssl10", respectively.
A specific device name will override a less general "con=" or "ssl=".
So, for example, you can assign a pty to each of the serial lines
except for the first two like this:
ssl=pty ssl0=tty:/dev/tty0 ssl1=tty:/dev/tty1
The specificity of the device name is all that matters; order on the
command line is irrelevant.
[1m5.2. Specifying the channel[0m
There are a number of different types of channels to attach a UML
device to, each with a different way of specifying exactly what to
attach to.
+o pseudo-terminals - device=pty pts terminals - device=pts
This will cause UML to allocate a free host pseudo-terminal for the
device. The terminal that it got will be announced in the boot
log. You access it by attaching a terminal program to the
corresponding tty:
+o screen /dev/pts/n
+o screen /dev/ttyxx
+o minicom -o -p /dev/ttyxx - minicom seems not able to handle pts
devices
+o kermit - start it up, 'open' the device, then 'connect'
+o terminals - device=tty:tty device file
This will make UML attach the device to the specified tty (i.e
con1=tty:/dev/tty3
will attach UML's console 1 to the host's /dev/tty3). If the tty that
you specify is the slave end of a tty/pty pair, something else must
have already opened the corresponding pty in order for this to work.
+o xterms - device=xterm
UML will run an xterm and the device will be attached to it.
+o Port - device=port:port number
This will attach the UML devices to the specified host port.
Attaching console 1 to the host's port 9000 would be done like
this:
con1=port:9000
Attaching all the serial lines to that port would be done similarly:
ssl=port:9000
You access these devices by telnetting to that port. Each active tel-
net session gets a different device. If there are more telnets to a
port than UML devices attached to it, then the extra telnet sessions
will block until an existing telnet detaches, or until another device
becomes active (i.e. by being activated in /etc/inittab).
This channel has the advantage that you can both attach multiple UML
devices to it and know how to access them without reading the UML boot
log. It is also unique in allowing access to a UML from remote
machines without requiring that the UML be networked. This could be
useful in allowing public access to UMLs because they would be
accessible from the net, but wouldn't need any kind of network
filtering or access control because they would have no network access.
If you attach the main console to a portal, then the UML boot will
appear to hang. In reality, it's waiting for a telnet to connect, at
which point the boot will proceed.
+o already-existing file descriptors - device=file descriptor
If you set up a file descriptor on the UML command line, you can
attach a UML device to it. This is most commonly used to put the
main console back on stdin and stdout after assigning all the other
consoles to something else:
con0=fd:0,fd:1 con=pts
+o Nothing - device=null
This allows the device to be opened, in contrast to 'none', but
reads will block, and writes will succeed and the data will be
thrown out.
+o None - device=none
This causes the device to disappear. If you are using devfs, the
device will not appear in /dev. If not, then attempts to open it
will return -ENODEV.
You can also specify different input and output channels for a device
by putting a comma between them:
ssl3=tty:/dev/tty2,xterm
will cause serial line 3 to accept input on the host's /dev/tty3 and
display output on an xterm. That's a silly example - the most common
use of this syntax is to reattach the main console to stdin and stdout
as shown above.
If you decide to move the main console away from stdin/stdout, the
initial boot output will appear in the terminal that you're running
UML in. However, once the console driver has been officially
initialized, then the boot output will start appearing wherever you
specified that console 0 should be. That device will receive all
subsequent output.
[1m5.3. Examples[0m
There are a number of interesting things you can do with this
capability.
First, this is how you get rid of those bleeding console xterms by
attaching them to host ptys:
con=pty con0=fd:0,fd:1
This will make a UML console take over an unused host virtual console,
so that when you switch to it, you will see the UML login prompt
rather than the host login prompt:
con1=tty:/dev/tty6
You can attach two virtual machines together with what amounts to a
serial line as follows:
Run one UML with a serial line attached to a pty -
ssl1=pty
Look at the boot log to see what pty it got (this example will assume
that it got /dev/ptyp1).
Boot the other UML with a serial line attached to the corresponding
tty -
ssl1=tty:/dev/ttyp1
Log in, make sure that it has no getty on that serial line, attach a
terminal program like minicom to it, and you should see the login
prompt of the other virtual machine.
[1m6. Setting up the network[0m
This page describes how to set up the various transports and to
provide a UML instance with network access to the host, other machines
on the local net, and the rest of the net.
As of 2.4.5, UML networking has been completely redone to make it much
easier to set up, fix bugs, and add new features.
There is a new helper, uml_net, which does the host setup that
requires root privileges.
There are currently five transport types available for a UML virtual
machine to exchange packets with other hosts:
+o ethertap
+o TUN/TAP
+o Multicast
+o a switch daemon
+o slip
+o slirp
+o pcap
The TUN/TAP, ethertap, slip, and slirp transports allow a UML
instance to exchange packets with the host. They may be directed
to the host or the host may just act as a router to provide access
to other physical or virtual machines.
The pcap transport is a synthetic read-only interface, using the
libpcap binary to collect packets from interfaces on the host and
filter them. This is useful for building preconfigured traffic
monitors or sniffers.
The daemon and multicast transports provide a completely virtual
network to other virtual machines. This network is completely
disconnected from the physical network unless one of the virtual
machines on it is acting as a gateway.
With so many host transports, which one should you use? Here's when
you should use each one:
+o ethertap - if you want access to the host networking and it is
running 2.2
+o TUN/TAP - if you want access to the host networking and it is
running 2.4. Also, the TUN/TAP transport is able to use a
preconfigured device, allowing it to avoid using the setuid uml_net
helper, which is a security advantage.
+o Multicast - if you want a purely virtual network and you don't want
to set up anything but the UML
+o a switch daemon - if you want a purely virtual network and you
don't mind running the daemon in order to get somewhat better
performance
+o slip - there is no particular reason to run the slip backend unless
ethertap and TUN/TAP are just not available for some reason
+o slirp - if you don't have root access on the host to setup
networking, or if you don't want to allocate an IP to your UML
+o pcap - not much use for actual network connectivity, but great for
monitoring traffic on the host
Ethertap is available on 2.4 and works fine. TUN/TAP is preferred
to it because it has better performance and ethertap is officially
considered obsolete in 2.4. Also, the root helper only needs to
run occasionally for TUN/TAP, rather than handling every packet, as
it does with ethertap. This is a slight security advantage since
it provides fewer opportunities for a nasty UML user to somehow
exploit the helper's root privileges.
[1m6.1. General setup[0m
First, you must have the virtual network enabled in your UML. If are
running a prebuilt kernel from this site, everything is already
enabled. If you build the kernel yourself, under the "Network device
support" menu, enable "Network device support", and then the three
transports.
The next step is to provide a network device to the virtual machine.
This is done by describing it on the kernel command line.
The general format is
eth = ,
For example, a virtual ethernet device may be attached to a host
ethertap device as follows:
eth0=ethertap,tap0,fe:fd:0:0:0:1,192.168.0.254
This sets up eth0 inside the virtual machine to attach itself to the
host /dev/tap0, assigns it an ethernet address, and assigns the host
tap0 interface an IP address.
Note that the IP address you assign to the host end of the tap device
must be different than the IP you assign to the eth device inside UML.
If you are short on IPs and don't want to comsume two per UML, then
you can reuse the host's eth IP address for the host ends of the tap
devices. Internally, the UMLs must still get unique IPs for their eth
devices. You can also give the UMLs non-routable IPs (192.168.x.x or
10.x.x.x) and have the host masquerade them. This will let outgoing
connections work, but incoming connections won't without more work,
such as port forwarding from the host.
Also note that when you configure the host side of an interface, it is
only acting as a gateway. It will respond to pings sent to it
locally, but is not useful to do that since it's a host interface.
You are not talking to the UML when you ping that interface and get a
response.
You can also add devices to a UML and remove them at runtime. See the
``The Management Console'' page for details.
The sections below describe this in more detail.
Once you've decided how you're going to set up the devices, you boot
UML, log in, configure the UML side of the devices, and set up routes
to the outside world. At that point, you will be able to talk to any
other machines, physical or virtual, on the net.
If ifconfig inside UML fails and the network refuses to come up, run
tell you what went wrong.
[1m6.2. Userspace daemons[0m
You will likely need the setuid helper, or the switch daemon, or both.
They are both installed with the RPM and deb, so if you've installed
either, you can skip the rest of this section.
If not, then you need to check them out of CVS, build them, and
install them. The helper is uml_net, in CVS /tools/uml_net, and the
daemon is uml_switch, in CVS /tools/uml_router. They are both built
with a plain 'make'. Both need to be installed in a directory that's
in your path - /usr/bin is recommend. On top of that, uml_net needs
to be setuid root.
[1m6.3. Specifying ethernet addresses[0m
Below, you will see that the TUN/TAP, ethertap, and daemon interfaces
allow you to specify hardware addresses for the virtual ethernet
devices. This is generally not necessary. If you don't have a
specific reason to do it, you probably shouldn't. If one is not
specified on the command line, the driver will assign one based on the
device IP address. It will provide the address fe:fd:nn:nn:nn:nn
where nn.nn.nn.nn is the device IP address. This is nearly always
sufficient to guarantee a unique hardware address for the device. A
couple of exceptions are:
+o Another set of virtual ethernet devices are on the same network and
they are assigned hardware addresses using a different scheme which
may conflict with the UML IP address-based scheme
+o You aren't going to use the device for IP networking, so you don't
assign the device an IP address
If you let the driver provide the hardware address, you should make
sure that the device IP address is known before the interface is
brought up. So, inside UML, this will guarantee that:
UML#
ifconfig eth0 192.168.0.250 up
If you decide to assign the hardware address yourself, make sure that
the first byte of the address is even. Addresses with an odd first
byte are broadcast addresses, which you don't want assigned to a
device.
[1m6.4. UML interface setup[0m
Once the network devices have been described on the command line, you
should boot UML and log in.
The first thing to do is bring the interface up:
UML# ifconfig ethn ip-address up
You should be able to ping the host at this point.
To reach the rest of the world, you should set a default route to the
host:
UML# route add default gw host ip
Again, with host ip of 192.168.0.4:
UML# route add default gw 192.168.0.4
This page used to recommend setting a network route to your local net.
This is wrong, because it will cause UML to try to figure out hardware
addresses of the local machines by arping on the interface to the
host. Since that interface is basically a single strand of ethernet
with two nodes on it (UML and the host) and arp requests don't cross
networks, they will fail to elicit any responses. So, what you want
is for UML to just blindly throw all packets at the host and let it
figure out what to do with them, which is what leaving out the network
route and adding the default route does.
Note: If you can't communicate with other hosts on your physical
ethernet, it's probably because of a network route that's
automatically set up. If you run 'route -n' and see a route that
looks like this:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
with a mask that's not 255.255.255.255, then replace it with a route
to your host:
UML#
route del -net 192.168.0.0 dev eth0 netmask 255.255.255.0
UML#
route add -host 192.168.0.4 dev eth0
This, plus the default route to the host, will allow UML to exchange
packets with any machine on your ethernet.
[1m6.5. Multicast[0m
The simplest way to set up a virtual network between multiple UMLs is
to use the mcast transport. This was written by Harald Welte and is
present in UML version 2.4.5-5um and later. Your system must have
multicast enabled in the kernel and there must be a multicast-capable
network device on the host. Normally, this is eth0, but if there is
no ethernet card on the host, then you will likely get strange error
messages when you bring the device up inside UML.
To use it, run two UMLs with
eth0=mcast
on their command lines. Log in, configure the ethernet device in each
machine with different IP addresses:
UML1# ifconfig eth0 192.168.0.254
UML2# ifconfig eth0 192.168.0.253
and they should be able to talk to each other.
The full set of command line options for this transport are
ethn=mcast,ethernet address,multicast
address,multicast port,ttl
Harald's original README is here and explains these in detail, as well as
some other issues.
[1m6.6. TUN/TAP with the uml_net helper[0m
TUN/TAP is the preferred mechanism on 2.4 to exchange packets with the
host. The TUN/TAP backend has been in UML since 2.4.9-3um.
The easiest way to get up and running is to let the setuid uml_net
helper do the host setup for you. This involves insmod-ing the tun.o
module if necessary, configuring the device, and setting up IP
forwarding, routing, and proxy arp. If you are new to UML networking,
do this first. If you're concerned about the security implications of
the setuid helper, use it to get up and running, then read the next
section to see how to have UML use a preconfigured tap device, which
avoids the use of uml_net.
If you specify an IP address for the host side of the device, the
uml_net helper will do all necessary setup on the host - the only
requirement is that TUN/TAP be available, either built in to the host
kernel or as the tun.o module.
The format of the command line switch to attach a device to a TUN/TAP
device is
eth =tuntap,,,
For example, this argument will attach the UML's eth0 to the next
available tap device, assign the IP address 192.168.0.254 to the host
side of the tap device, and assign an ethernet address to it based on
the IP address assigned to it by ifconfig inside UML.
eth0=tuntap,,,192.168.0.254
If you using the uml_net helper to set up the host side of the
networking, as in this example, note that changing the UML IP address
will cause uml_net to change the host routing and arping to match.
This is one reason you should not be using uml_net if there is any
possibility that the user inside the UML may be unfriendly. This
feature is convenient, but can be used to make the UML pretend to be
something like your name server or mail server, and the host will
steal packets intended for those servers and forward them to the UML.
See the next section for setting up networking in a secure manner.
There are a couple potential problems with running the TUN/TAP
transport on a 2.4 host kernel
+o TUN/TAP seems not to work on 2.4.3 and earlier. Upgrade the host
kernel or use the ethertap transport.
+o With an upgraded kernel, TUN/TAP may fail with
File descriptor in bad state
This is due to a header mismatch between the upgraded kernel and the
kernel that was originally installed on the machine. The fix is to
make sure that /usr/src/linux points to the headers for the running
kernel.
These were pointed out by Tim Robinson in
name="this uml-
user post"> .
[1m6.7. TUN/TAP with a preconfigured tap device[0m
If you prefer not to have UML use uml_net (which is somewhat
insecure), with UML 2.4.17-11, you can set up a TUN/TAP device
beforehand. The setup needs to be done as root, but once that's done,
there is no need for root assistance. Setting up the device is done
as follows:
+o Create the device with tunctl (available from the UML utilities
tarball)
host# tunctl -u uid
where uid is the user id or username that UML will be run as. This
will tell you what device was created.
+o Configure the device IP (change IP addresses and device name to
suit)
host# ifconfig tap0 192.168.0.254 up
+o Set up routing and arping if desired - this is my recipe, there are
other ways of doing the same thing
host#
bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
host#
route add -host 192.168.0.253 dev tap0
host#
bash -c 'echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp'
host#
arp -Ds 192.168.0.253 eth0 pub
Note that this must be done every time the host boots - this configu-
ration is not stored across host reboots. So, it's probably a good
idea to stick it in an rc file. An even better idea would be a little
utility which reads the information from a config file and sets up
devices at boot time.
+o Rather than using up two IPs and ARPing for one of them, you can
also provide direct access to your LAN by the UML by using a
bridge.
host#
brctl addbr br0
host#
ifconfig eth0 0.0.0.0 promisc up
host#
ifconfig tap0 0.0.0.0 promisc up
host#
ifconfig br0 192.168.0.1 netmask 255.255.255.0 up
host#
brctl stp br0 off
host#
brctl setfd br0 1
host#
brctl sethello br0 1
host#
brctl addif br0 eth0
host#
brctl addif br0 tap0
Note that 'br0' should be setup using ifconfig with the existing IP
address of eth0, as eth0 no longer has its own IP.
+o
Also, the /dev/net/tun device must be writable by the user running
UML in order for the UML to use the device that's been configured
for it. The simplest thing to do is
host# chmod 666 /dev/net/tun
Making it world-writeable looks bad, but it seems not to be
exploitable as a security hole. However, it does allow anyone to cre-
ate useless tap devices (useless because they can't configure them),
which is a DOS attack. A somewhat more secure alternative would to be
to create a group containing all the users who have preconfigured tap
devices and chgrp /dev/net/tun to that group with mode 664 or 660.
+o Once the device is set up, run UML with
eth0=tuntap,devicename
i.e.
eth0=tuntap,tap0
on the command line (or do it with the mconsole config command).
+o Bring the eth device up in UML and you're in business.
If you don't want that tap device any more, you can make it non-
persistent with
host# tunctl -d tap device
Finally, tunctl has a -b (for brief mode) switch which causes it to
output only the name of the tap device it created. This makes it
suitable for capture by a script:
host# TAP=`tunctl -u 1000 -b`
[1m6.8. Ethertap[0m
Ethertap is the general mechanism on 2.2 for userspace processes to
exchange packets with the kernel.
To use this transport, you need to describe the virtual network device
on the UML command line. The general format for this is
eth =ethertap, , ,
So, the previous example
eth0=ethertap,tap0,fe:fd:0:0:0:1,192.168.0.254
attaches the UML eth0 device to the host /dev/tap0, assigns it the
ethernet address fe:fd:0:0:0:1, and assigns the IP address
192.168.0.254 to the host side of the tap device.
The tap device is mandatory, but the others are optional. If the
ethernet address is omitted, one will be assigned to it.
The presence of the tap IP address will cause the helper to run and do
whatever host setup is needed to allow the virtual machine to
communicate with the outside world. If you're not sure you know what
you're doing, this is the way to go.
If it is absent, then you must configure the tap device and whatever
arping and routing you will need on the host. However, even in this
case, the uml_net helper still needs to be in your path and it must be
setuid root if you're not running UML as root. This is because the
tap device doesn't support SIGIO, which UML needs in order to use
something as a source of input. So, the helper is used as a
convenient asynchronous IO thread.
If you're using the uml_net helper, you can ignore the following host
setup - uml_net will do it for you. You just need to make sure you
have ethertap available, either built in to the host kernel or
available as a module.
If you want to set things up yourself, you need to make sure that the
appropriate /dev entry exists. If it doesn't, become root and create
it as follows (the $[ ... ] is bash syntax for adding 16 to the minor
number) :
mknod /dev/tap c 36 $[ + 16 ]
For example, this is how to create /dev/tap0:
mknod /dev/tap0 c 36 $[ 0 + 16 ]
You also need to make sure that the host kernel has ethertap support.
If ethertap is enabled as a module, you apparently need to insmod
ethertap once for each ethertap device you want to enable. So,
host#
insmod ethertap
will give you the tap0 interface. To get the tap1 interface, you need
to run
host#
insmod ethertap unit=1 -o ethertap1
[1m6.9. The switch daemon[0m
[1mNote[22m: This is the daemon formerly known as uml_router, but which was
renamed so the network weenies of the world would stop growling at me.
The switch daemon, uml_switch, provides a mechanism for creating a
totally virtual network. By default, it provides no connection to the
host network (but see -tap, below).
The first thing you need to do is run the daemon. Running it with no
arguments will make it listen on a default unix domain socket.
If you want it to listen on a different socket, use
-unix socket
If you want it to act as a hub rather than a switch, use
-hub
If you're planning on putting it in hub mode so you can sniff UML
traffic from a tap device on the host, it appears that you need to
assign the tap an IP address before you'll see any packets on it.
If you want the switch to be connected to host networking (allowing
the umls to get access to the outside world through the host), use
-tap tap0
Note that the tap device must be preconfigured (see "TUN/TAP with a
preconfigured tap device", above). If you're using a different tap
device than tap0, specify that instead of tap0.
uml_switch can be backgrounded as follows
host%
uml_switch [ options ] < /dev/null > /dev/null
The reason it doesn't background by default is that it listens to
stdin for EOF. When it sees that, it exits.
The general format of the kernel command line switch is
ethn=daemon,ethernet address,socket type,socket
You can leave off everything except the 'daemon'. You only need to
specify the ethernet address if the one that will be assigned to it
isn't acceptable for some reason. The rest of the arguments describe
how to communicate with the daemon. You should only specify them if
you told the daemon to use different sockets than the default. So, if
you ran the daemon with no arguments, running the UML on the same
machine with
eth0=daemon
will cause the eth0 driver to attach itself to the daemon correctly.
The socket argument is the filename of a Unix domain socket which is
used for communications between uml_switch and the UMLs on its net-
work. If you do specify a different socket from the default, which
you will need to do if you want multiple, separate uml_switch networks
on the host, you need to make sure that you name the same path for the
socket on both the uml_switch and UML command lines.
Currently the only supported value for the socket type is "unix".
[1m6.10. Slip[0m
Slip is another, less general, mechanism for a process to communicate
with the host networking. In contrast to the ethertap interface,
which exchanges ethernet frames with the host and can be used to
transport any higher-level protocol, it can only be used to transport
IP.
The general format of the command line switch is
ethn=slip,slip IP
The slip IP argument is the IP address that will be assigned to the
host end of the slip device. If it is specified, the helper will run
and will set up the host so that the virtual machine can reach it and
the rest of the network.
There are some oddities with this interface that you should be aware
of. You should only specify one slip device on a given virtual
machine, and its name inside UML will be 'umn', not 'eth0' or whatever
you specified on the command line. These problems will be fixed at
some point.
[1m6.11. Slirp[0m
slirp uses an external program, usually /usr/bin/slirp, to provide IP
only networking connectivity through the host. This is similar to IP
masquerading with a firewall, although the translation is performed in
user-space, rather than by the kernel. As slirp does not set up any
interfaces on the host, or changes routing, slirp does not require
root access or setuid binaries on the host.
The general format of the command line switch for slirp is:
ethn=slirp,ethernet address,slirp path
The ethernet address is optional, as UML will set up the interface
with an ethernet address based upon the initial IP address of the
interface. The slirp path is generally /usr/bin/slirp, although it
will depend on distribution.
The slirp program can have a number of options passed to the command
line and we can't add them to the UML command line, as they will be
parsed incorrectly. Instead, a wrapper shell script can be written or
the options inserted into the /.slirprc file. More information on
all of the slirp options can be found in its man pages.
The eth0 interface on UML should be set up with the IP 10.2.0.15,
although you can use anything as long as it is not used by a network
you will be connecting to. The default route on UML should be set to
use
UML#
route add default dev eth0
slirp provides a number of useful IP addresses which can be used by
UML, such as 10.0.2.3 which is an alias for the DNS server specified
in /etc/resolv.conf on the host or the IP given in the 'dns' option
for slirp.
Even with a baudrate setting higher than 115200, the slirp connection
is limited to 115200. If you need it to go faster, the slirp binary
needs to be compiled with FULL_BOLT defined in config.h.
[1m6.12. pcap[0m
The pcap transport is attached to a UML ethernet device on the command
line or with uml_mconsole with the following syntax:
ethn=pcap,host interface,filter
expression,option1,option2
The expression and options are optional.
The interface is whatever network device on the host you want to
sniff. The expression is a pcap filter expression, which is also what
tcpdump uses, so if you know how to specify tcpdump filters, you will
use the same expressions here. The options are up to two of
'promisc', control whether pcap puts the host interface into
promiscuous mode. 'optimize' and 'nooptimize' control whether the pcap
expression optimizer is used.
Example:
eth0=pcap,eth0,tcp
eth1=pcap,eth0,!tcp
will cause the UML eth0 to emit all tcp packets on the host eth0 and
the UML eth1 to emit all non-tcp packets on the host eth0.
[1m6.13. Setting up the host yourself[0m
If you don't specify an address for the host side of the ethertap or
slip device, UML won't do any setup on the host. So this is what is
needed to get things working (the examples use a host-side IP of
192.168.0.251 and a UML-side IP of 192.168.0.250 - adjust to suit your
own network):
+o The device needs to be configured with its IP address. Tap devices
are also configured with an mtu of 1484. Slip devices are
configured with a point-to-point address pointing at the UML ip
address.
host# ifconfig tap0 arp mtu 1484 192.168.0.251 up
host#
ifconfig sl0 192.168.0.251 pointopoint 192.168.0.250 up
+o If a tap device is being set up, a route is set to the UML IP.
UML# route add -host 192.168.0.250 gw 192.168.0.251
+o To allow other hosts on your network to see the virtual machine,
proxy arp is set up for it.
host# arp -Ds 192.168.0.250 eth0 pub
+o Finally, the host is set up to route packets.
host# echo 1 > /proc/sys/net/ipv4/ip_forward
[1m7. Sharing Filesystems between Virtual Machines[0m
[1m7.1. A warning[0m
Don't attempt to share filesystems simply by booting two UMLs from the
same file. That's the same thing as booting two physical machines
from a shared disk. It will result in filesystem corruption.
[1m7.2. Using layered block devices[0m
The way to share a filesystem between two virtual machines is to use
the copy-on-write (COW) layering capability of the ubd block driver.
As of 2.4.6-2um, the driver supports layering a read-write private
device over a read-only shared device. A machine's writes are stored
in the private device, while reads come from either device - the
private one if the requested block is valid in it, the shared one if
not. Using this scheme, the majority of data which is unchanged is
shared between an arbitrary number of virtual machines, each of which
has a much smaller file containing the changes that it has made. With
a large number of UMLs booting from a large root filesystem, this
leads to a huge disk space saving. It will also help performance,
since the host will be able to cache the shared data using a much
smaller amount of memory, so UML disk requests will be served from the
host's memory rather than its disks.
To add a copy-on-write layer to an existing block device file, simply
add the name of the COW file to the appropriate ubd switch:
ubd0=root_fs_cow,root_fs_debian_22
where 'root_fs_cow' is the private COW file and 'root_fs_debian_22' is
the existing shared filesystem. The COW file need not exist. If it
doesn't, the driver will create and initialize it. Once the COW file
has been initialized, it can be used on its own on the command line:
ubd0=root_fs_cow
The name of the backing file is stored in the COW file header, so it
would be redundant to continue specifying it on the command line.
[1m7.3. Note![0m
When checking the size of the COW file in order to see the gobs of
space that you're saving, make sure you use 'ls -ls' to see the actual
disk consumption rather than the length of the file. The COW file is
sparse, so the length will be very different from the disk usage.
Here is a 'ls -l' of a COW file and backing file from one boot and
shutdown:
host% ls -l cow.debian debian2.2
-rw-r--r-- 1 jdike jdike 492504064 Aug 6 21:16 cow.debian
-rwxrw-rw- 1 jdike jdike 537919488 Aug 6 20:42 debian2.2
Doesn't look like much saved space, does it? Well, here's 'ls -ls':
host% ls -ls cow.debian debian2.2
880 -rw-r--r-- 1 jdike jdike 492504064 Aug 6 21:16 cow.debian
525832 -rwxrw-rw- 1 jdike jdike 537919488 Aug 6 20:42 debian2.2
Now, you can see that the COW file has less than a meg of disk, rather
than 492 meg.
[1m7.4. Another warning[0m
Once a filesystem is being used as a readonly backing file for a COW
file, do not boot directly from it or modify it in any way. Doing so
will invalidate any COW files that are using it. The mtime and size
of the backing file are stored in the COW file header at its creation,
and they must continue to match. If they don't, the driver will
refuse to use the COW file.
If you attempt to evade this restriction by changing either the
backing file or the COW header by hand, you will get a corrupted
filesystem.
Among other things, this means that upgrading the distribution in a
backing file and expecting that all of the COW files using it will see
the upgrade will not work.
[1m7.5. Moving a backing file[0m
Because UML stores the backing file name and its mtime in the COW
header, if you move the backing file, that information becomes
invalid. So, the procedure for moving a backing file is
+o Move it in a way that preserves timestamps. Usually, this is a
"-p" switch. "cp -a" works because "-a" implies "-p".
+o Update the COW header by booting UML on it, specifying both the COW
file and the new location of the backing file
host% ubd0=COW file,new backing file
location
UML will notice the mismatch between the command line and COW header,
check the size and mtime of the new backing file path, and update the
COW header to reflect it if it checks out.
If you forget to preserve the timestamps when you move the backing
file, you can fix the mtime by hand as follows
host%
mtime=whatever UML says mtime should be ; \
touch --date="`date -d 1970-01-01\ UTC\ $mtime\ seconds`" backing file
Note that if you do this on a backing file that has truly been
changed, and not just moved, then you will get file corruption and you
will lose the filesystem.
[1m7.6. uml_moo : Merging a COW file with its backing file[0m
Depending on how you use UML and COW devices, it may be advisable to
merge the changes in the COW file into the backing file every once in
a while.
The utility that does this is uml_moo. Its usage is
host% uml_moo COW file new backing file
There's no need to specify the backing file since that information is
already in the COW file header. If you're paranoid, boot the new
merged file, and if you're happy with it, move it over the old backing
file.
uml_moo creates a new backing file by default as a safety measure. It
also has a destructive merge option which will merge the COW file
directly into its current backing file. This is really only usable
when the backing file only has one COW file associated with it. If
there are multiple COWs associated with a backing file, a -d merge of
one of them will invalidate all of the others. However, it is
convenient if you're short of disk space, and it should also be
noticably faster than a non-destructive merge. This usage is
host% uml_moo -d COW file
uml_moo is installed with the UML deb and RPM. If you didn't install
UML from one of those packages, you can also get it from the UML
utilities tar file in tools/moo.
[1m7.7. uml_mkcow : Create a new COW file[0m
The normal way to create a COW file is to specify a non-existant COW
file on the UML command line, and let UML create it for you. However,
sometimes you want a new COW file, and you don't want to boot UML in
order to get it. This can be done with uml_mkcow, which is a little
standalone utility by Steve Schnepp.
The standard usage is
host% uml_mkcow new COW file existing
backing file
If you want to destroy an existing COW file, then there is a -f switch
to force the overwriting of the old COW file
host% uml_mkcow -f existing COW file existing
backing file
uml_mkcow is available from the UML utilities tar file in
tools/moo.
[1m8. Creating filesystems[0m
You may want to create and mount new UML filesystems, either because
your root filesystem isn't large enough or because you want to use a
filesystem other than ext2.
This was written on the occasion of reiserfs being included in the
2.4.1 kernel pool, and therefore the 2.4.1 UML, so the examples will
talk about reiserfs. This information is generic, and the examples
should be easy to translate to the filesystem of your choice.
[1m8.1. Create the filesystem file[0m
dd is your friend. All you need to do is tell dd to create an empty
file of the appropriate size. I usually make it sparse to save time
and to avoid allocating disk space until it's actually used. For
example, the following command will create a sparse 100 meg file full
of zeroes.
host%
dd if=/dev/zero of=new_filesystem seek=100 count=1 bs=1M
[1m8.2. Assign the file to a UML device[0m
Add an argument like the following to the UML command line:
ubd4=new_filesystem
making sure that you use an unassigned ubd device number.
[1m8.3. Creating and mounting the filesystem[0m
Make sure that the filesystem is available, either by being built into
the kernel, or available as a module, then boot up UML and log in. If
the root filesystem doesn't have the filesystem utilities (mkfs, fsck,
etc), then get them into UML by way of the net or hostfs.
Make the new filesystem on the device assigned to the new file:
host# mkreiserfs /dev/ubd/4
<----------- MKREISERFSv2 ----------->
ReiserFS version 3.6.25
Block size 4096 bytes
Block count 25856
Used blocks 8212
Journal - 8192 blocks (18-8209), journal header is in block 8210
Bitmaps: 17
Root block 8211
Hash function "r5"
ATTENTION: ALL DATA WILL BE LOST ON '/dev/ubd/4'! (y/n)y
journal size 8192 (from 18)
Initializing journal - 0%....20%....40%....60%....80%....100%
Syncing..done.
Now, mount it:
UML#
mount /dev/ubd/4 /mnt
and you're in business.
[1m9. Host file access[0m
If you want to access files on the host machine from inside UML, you
can treat it as a separate machine and either nfs mount directories
from the host or copy files into the virtual machine with scp or rcp.
However, since UML is running on the the host, it can access those
files just like any other process and make them available inside the
virtual machine without needing to use the network.
This is now possible with the hostfs virtual filesystem. With it, you
can mount a host directory into the UML filesystem and access the
files contained in it just as you would on the host.
Note that hostfs is currently not available on 2.5. The reason is
that there was an fs.h rework early in 2.5 which required filesystem
changes, and I haven't got around to updating hostfs to those changes.
[1m9.1. Using hostfs[0m
To begin with, make sure that hostfs is available inside the virtual
machine with
UML# cat /proc/filesystems
hostfs should be listed. If it's not, either rebuild the kernel with
hostfs configured into it or make sure that hostfs is built as a mod-
ule and available inside the virtual machine, and insmod it.
Now all you need to do is run mount:
UML# mount none /mnt/host -t hostfs
will mount the host's / on the virtual machine's /mnt/host.
If you don't want to mount the host root directory, then you can
specify a subdirectory to mount with the -o switch to mount:
UML# mount none /mnt/home -t hostfs -o /home
will mount the hosts's /home on the virtual machine's /mnt/home.
[1m9.2. hostfs command line options[0m
There is a hostfs option available on the UML command line which can
be used confine all hostfs mounts to a host directory hierarchy or to
prevent a hostfs user from destroying data on the host. The format is
hostfs=directory,options
The only option available at present is 'append', which forces all
files to be opened in append mode and disallows any deletion of files.
To specify append mode without confining hostfs to a host directory,
just leave out the directory name so that the argument begins with a
comma:
hostfs=,append
[1m9.3. hostfs as the root filesystem[0m
It's possible to boot from a directory hierarchy on the host using
hostfs rather than using the standard filesystem in a file.
To start, you need that hierarchy. The easiest way is to loop mount
an existing root_fs file:
host# mount root_fs uml_root_dir -o loop
You need to change the filesystem type of / in etc/fstab to be
'hostfs', so that line looks like this:
none / hostfs defaults 1 1
Then you need to chown to yourself all the files in that directory
that are owned by root. This worked for me:
host# find . -uid 0 -exec chown jdike {} \;
If you don't want to do that because that's a filesystem image that
you boot as a disk, then run UML as root instead.
Next, make sure that your UML kernel has hostfs compiled in, not as a
module. Then run UML with the following arguments added to the
command line:
root=/dev/root rootflags=/path/to/uml/root rootfstype=hostfs
UML should then boot as it does normally.
[1m9.4. Building hostfs[0m
If you need to build hostfs because it's not in your kernel, you have
two choices:
+o Compiling hostfs into the kernel:
Reconfigure the kernel and set the 'Host filesystem' option under
+o Compiling hostfs as a module:
Reconfigure the kernel and set the 'Host filesystem' option under
be in arch/um/fs/hostfs/hostfs.o. Install that in
/lib/modules/`uname -r`/fs in the virtual machine, boot it up, and
UML# insmod hostfs
[1m10. The Management Console[0m
The UML management console is a low-level interface to the kernel,
somewhat like the i386 SysRq interface. Since there is a full-blown
operating system under UML, there is much greater flexibility possible
than with the SysRq mechanism.
There are a number of things you can do with the mconsole interface:
+o get the kernel version
+o add and remove devices
+o halt or reboot the machine
+o send SysRq commands
+o pause and resume the UML
+o make online backups without shutting down the UML
+o receive notifications of events of interest from within UML
+o monitor the internal state of the UML
You need the mconsole client (uml_mconsole) which is present in CVS
(/tools/mconsole) in 2.4.5-9um and later, and will be in the RPM in
2.4.6.
You also need CONFIG_MCONSOLE (under 'General Setup') enabled in UML.
When you boot UML, you'll see a line like:
mconsole initialized on /home/jdike/.uml/umlNJ32yL/mconsole
If you specify a unique machine id one the UML command line, i.e.
umid=debian
you'll see this
mconsole initialized on /home/jdike/.uml/debian/mconsole
That file is the socket that uml_mconsole will use to communicate with
UML. Run it with either the umid or the full path as its argument:
host% uml_mconsole debian
or
host% uml_mconsole /home/jdike/.uml/debian/mconsole
You'll get a prompt, at which you can run one of these commands:
+o version
+o halt
+o reboot
+o config
+o remove
+o sysrq
+o help
+o cad
+o stop
+o go
+o log
+o proc
[1m10.1. version[0m
This takes no arguments. It prints the UML version.
(mconsole) version
OK Linux usermode 2.4.5-9um #1 Wed Jun 20 22:47:08 EDT 2001 i686
There are a couple actual uses for this. It's a simple no-op which
can be used to check that a UML is running. It's also a way of
sending an interrupt to the UML. This is sometimes useful on SMP
hosts, where there's a bug which causes signals to UML to be lost,
often causing it to appear to hang. Sending such a UML the mconsole
version command is a good way to 'wake it up' before networking has
been enabled, as it does not do anything to the function of the UML.
[1m10.2. halt and reboot[0m
These take no arguments. They shut the machine down immediately, with
no syncing of disks and no clean shutdown of userspace. So, they are
pretty close to crashing the machine.
(mconsole) halt
OK
[1m10.3. config[0m
"config" adds a new device to the virtual machine or queries the
configuration of an existing device.
Currently the ubd and network drivers support pulling devices. It
takes one argument, which is the device to add, with the same syntax
as the kernel command line.
(mconsole)
config ubd3=/home/jdike/incoming/roots/root_fs_debian22
OK
(mconsole) config eth1=mcast
OK
Querying the configuration of a device is handy when you don't know
before the boot what host device the UML device will attach to. This
is a problem with attaching consoles and serial lines to host pty or
pts devices. You have no way of knowing how to access them without
parsing the kernel messages. So, the syntax for this is the same as
above, except you don't specify a configuration
(mconsole) config ssl0
OK pty:/dev/ptyp0
(mconsole) config ubd0
OK /home/jdike/roots/cow.debian,/home/jdike/roots/debian_22
This is supported by the console, serial line, and ubd drivers. As
yet, the network drivers don't support this.
[1m10.4. remove[0m
"remove" deletes a device from the system. Its argument is just the
name of the device to be removed. The device must be idle in whatever
sense the driver considers necessary. In the case of the ubd driver,
the removed block device must not be mounted, swapped on, or otherwise
open, and in the case of the network driver, the device must be down.
(mconsole) remove ubd3
OK
(mconsole) remove eth1
OK
[1m10.5. sysrq[0m
This takes one argument, which is a single letter. It calls the
generic kernel's SysRq driver, which does whatever is called for by
that argument. See the SysRq documentation in Documentation/sysrq.txt
in your favorite kernel tree to see what letters are valid and what
they do.
[1m10.6. help[0m
"help" returns a string listing the valid commands and what each one
does.
[1m10.7. cad[0m
This invokes the Ctl-Alt-Del action on init. What exactly this ends
up doing is up to /etc/inittab. Normally, it reboots the machine.
With UML, this is usually not desired, so if a halt would be better,
then find the section of inittab that looks like this
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
and change the command to halt.
[1m10.8. stop[0m
This puts the UML in a loop reading mconsole requests until a 'go'
mconsole command is recieved. This is very useful for making backups
of UML filesystems, as the UML can be stopped, then synced via 'sysrq
s', so that everything is written to the filesystem. You can then copy
the filesystem and then send the UML 'go' via mconsole.
Note that a UML running with more than one CPU will have problems
after you send the 'stop' command, as only one CPU will be held in a
mconsole loop and all others will continue as normal. This is a bug,
and will be fixed.
[1m10.9. go[0m
This resumes a UML after being paused by a 'stop' command. Note that
when the UML has resumed, TCP connections may have timed out and if
the UML is paused for a long period of time, crond might go a little
crazy, running all the jobs it didn't do earlier.
[1m10.10. log[0m
This takes a string as its argument, and will cause the UML to printk
the string so that it ends up in the kernel message log. This is
intended for use in honeypots by allowing the UML-specific stuff in
the kernel log to be replaced with messages that don't expose the
machine as being a UML.
[1m10.11. proc[0m
This takes a filename as its argument. It will return the contents of
the corresponding /proc file inside the UML. Example:
(mconsole) proc uptime
will return the contents of the UML's /proc/uptime.
[1m10.12. Making online backups[0m
It is possible to make a backup of a UML's data without shutting it
down. The idea is to pause it, make it flush out its data, copy the
filesystem to a safe place, and then resume it. This should usually
take seconds, while shutting down and rebooting the UML could take
minutes. The exact procedure is this:
(mconsole) stop
(mconsole) sysrq s
host% # Copy the UML's filesystem someplace safe
(mconsole) go
By causing UML to flush its data out to disk, the 'sysrq s' will cause
the filesystem to be a clean image. Of course, no guarantees are made
for process data which hadn't been written back to the kernel, but the
filesystem itself won't need an fsck if it's booted.
[1m10.13. Event notification[0m
The mconsole interface also provides a mechanism for processes inside
a UML to send messages to an mconsole client on the host. The
procedure is this:
+o Create a unix socket and pass that to UML on the command line as
the mconsole notification socket
mconsole=notify:socket
+o A /proc/mconsole file will be created inside UML
+o Anything that is written to it will be turned into an mconsole
notification which your mconsole client should be listening for on
the notification socket
A common use for this mechanism is to have an rc script inside UML
send a message out that the UML has booted to a certain stage, and
that something on the host which depends on that can proceed.
However, this is a completely general mechanism which can be used
to communicate any information at all to the host.
There is a demo mconsole notification client in the utilities tarball
in mconsole/notify.pl. This is only a demo, and as such, isn't very
useful by itself. It should be customized to fit into whatever
environment you are setting up.
[1m11. Kernel debugging[0m
This page describes kernel debugging with UML running in tt mode (go
here for the
details on skas and tt mode). Kernel debugging in skas mode is
described here .
Since the UML runs as a normal Linux process, it is possible to debug
it with gdb almost like any other process. It is slightly different
because the kernel's threads are already being ptraced for system call
interception, so gdb can't ptrace them. However, a mechanism has been
added to work around that problem.
In order to debug the kernel, you need build it from source. See
``Compiling the kernel and modules'' for information on doing that.
Make sure that you enable CONFIG_DEBUGSYM and CONFIG_PT_PROXY during
the config. These will compile the kernel with -g, and enable the
ptrace proxy so that gdb works with UML, respectively.
[1m11.1. Starting the kernel under gdb[0m
You can have the kernel running under the control of gdb from the
beginning by putting 'debug' on the command line. You will get an
xterm with gdb running inside it. The kernel will send some commands
to gdb which will leave it stopped at the beginning of start_kernel.
At this point, you can get things going with 'next', 'step', or
'cont'.
There is a transcript of a debugging session here , with breakpoints being set in the scheduler and in an
interrupt handler.
[1m11.2. Examining sleeping processes[0m
Not every bug is evident in the currently running process. Sometimes,
processes hang in the kernel when they shouldn't because they've
deadlocked on a semaphore or something similar. In this case, when
you ^C gdb and get a backtrace, you will see the idle thread, which
isn't very relevant.
What you want is the stack of whatever process is sleeping when it
shouldn't be. You need to figure out which process that is, which is
generally fairly easy. Then you need to get its host process id,
which you can do either by looking at ps on the host or at
task.thread.extern_pid in gdb.
Now what you do is this:
+o detach from the current thread
(UML gdb) det
+o attach to the thread you are interested in
(UML gdb) att
+o look at its stack and anything else of interest
(UML gdb) bt
Note that you can't do anything at this point that requires that a
process execute, e.g. calling a function
+o when you're done looking at that process, reattach to the current
thread and continue it
(UML gdb)
att 1
(UML gdb)
c
Here, specifying any pid which is not the process id of a UML thread
will cause gdb to reattach to the current thread. I commonly use 1,
but any other invalid pid would work.
[1m11.3. Running ddd on UML[0m
ddd works on UML, but requires a special kludge. The process goes
like this:
+o Start ddd
host% ddd linux
+o With ps, get the pid of the gdb that ddd started. You can ask the
gdb to tell you, but for some reason that confuses things and
causes a hang.
+o run UML with 'debug=parent gdb-pid=' added to the command line
- it will just sit there after you hit return
+o type 'att 1' to the ddd gdb and you will see something like
0xa013dc51 in __kill ()
(gdb)
+o At this point, type 'c', UML will boot up, and you can use ddd just
as you do on any other process.
[1m11.4. Debugging modules[0m
gdb has support for debugging code which is dynamically loaded into
the process. This support is what is needed to debug kernel modules
under UML.
Using that support is somewhat complicated. You have to tell gdb what
object file you just loaded into UML and where in memory it is. Then,
it can read the symbol table, and figure out where all the symbols are
from the load address that you provided. It gets more interesting
when you load the module again (i.e. after an rmmod). You have to
tell gdb to forget about all its symbols, including the main UML ones
for some reason, then load then all back in again.
There's an easy way and a hard way to do this. The easy way is to use
the umlgdb expect script written by Chandan Kudige. It basically
automates the process for you.
First, you must tell it where your modules are. There is a list in
the script that looks like this:
set MODULE_PATHS {
"fat" "/usr/src/uml/linux-2.4.18/fs/fat/fat.o"
"isofs" "/usr/src/uml/linux-2.4.18/fs/isofs/isofs.o"
"minix" "/usr/src/uml/linux-2.4.18/fs/minix/minix.o"
}
You change that to list the names and paths of the modules that you
are going to debug. Then you run it from the toplevel directory of
your UML pool and it basically tells you what to do:
******** GDB pid is 21903 ********
Start UML as: ./linux debug gdb-pid=21903
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) b sys_init_module
Breakpoint 1 at 0xa0011923: file module.c, line 349.
(gdb) att 1
After you run UML and it sits there doing nothing, you hit return at
the 'att 1' and continue it:
Attaching to program: /home/jdike/linux/2.4/um/./linux, process 1
0xa00f4221 in __kill ()
(UML gdb) c
Continuing.
At this point, you debug normally. When you insmod something, the
expect magic will kick in and you'll see something like:
*** Module hostfs loaded ***
Breakpoint 1, sys_init_module (name_user=0x805abb0 "hostfs",
mod_user=0x8070e00) at module.c:349
349 char *name, *n_name, *name_tmp = NULL;
(UML gdb) finish
Run till exit from #0 sys_init_module (name_user=0x805abb0 "hostfs",
mod_user=0x8070e00) at module.c:349
0xa00e2e23 in execute_syscall (r=0xa8140284) at syscall_kern.c:411
411 else res = EXECUTE_SYSCALL(syscall, regs);
Value returned is $1 = 0
(UML gdb)
p/x (int)module_list + module_list->size_of_struct
$2 = 0xa9021054
(UML gdb) symbol-file ./linux
Load new symbol table from "./linux"? (y or n) y
Reading symbols from ./linux...
done.
(UML gdb)
add-symbol-file /home/jdike/linux/2.4/um/arch/um/fs/hostfs/hostfs.o 0xa9021054
add symbol table from file "/home/jdike/linux/2.4/um/arch/um/fs/hostfs/hostfs.o" at
.text_addr = 0xa9021054
(y or n) y
Reading symbols from /home/jdike/linux/2.4/um/arch/um/fs/hostfs/hostfs.o...
done.
(UML gdb) p *module_list
$1 = {size_of_struct = 84, next = 0xa0178720, name = 0xa9022de0 "hostfs",
size = 9016, uc = {usecount = {counter = 0}, pad = 0}, flags = 1,
nsyms = 57, ndeps = 0, syms = 0xa9023170, deps = 0x0, refs = 0x0,
init = 0xa90221f0 , cleanup = 0xa902222c ,
ex_table_start = 0x0, ex_table_end = 0x0, persist_start = 0x0,
persist_end = 0x0, can_unload = 0, runsize = 0, kallsyms_start = 0x0,
kallsyms_end = 0x0,
archdata_start = 0x1b855 ,
archdata_end = 0xe5890000 ,
kernel_data = 0xf689c35d }
>> Finished loading symbols for hostfs ...
That's the easy way. It's highly recommended. The umlgdb script is
available in the UML utilities tarball in tools/umlgdb/umlgdb.
The hard way is described below in case you're interested in what's
going on.
Boot the kernel under the debugger and load the module with insmod or
modprobe. With gdb, do:
(UML gdb) p module_list
This is a list of modules that have been loaded into the kernel, with
the most recently loaded module first. Normally, the module you want
is at module_list. If it's not, walk down the next links, looking at
the name fields until find the module you want to debug. Take the
address of that structure, and add module.size_of_struct (which in
2.4.10 kernels is 96 (0x60)) to it. Gdb can make this hard addition
for you :-):
(UML gdb)
printf "%#x\n", (int)module_list module_list->size_of_struct
The offset from the module start occasionally changes (before 2.4.0,
it was module.size_of_struct + 4), so it's a good idea to check the
init and cleanup addresses once in a while, as describe below. Now
do:
(UML gdb)
add-symbol-file /path/to/module/on/host that_address
Tell gdb you really want to do it, and you're in business.
If there's any doubt that you got the offset right, like breakpoints
appear not to work, or they're appearing in the wrong place, you can
check it by looking at the module structure. The init and cleanup
fields should look like:
init = 0x588066b0 , cleanup = 0x588066c0
with no offsets on the symbol names. If the names are right, but they
are offset, then the offset tells you how much you need to add to the
address you gave to add-symbol-file.
When you want to load in a new version of the module, you need to get
gdb to forget about the old one. The only way I've found to do that
is to tell gdb to forget about all symbols that it knows about:
(UML gdb) symbol-file
Then reload the symbols from the kernel binary:
(UML gdb) symbol-file /path/to/kernel
and repeat the process above. You'll also need to re-enable break-
points. They were disabled when you dumped all the symbols because
gdb couldn't figure out where they should go.
[1m11.5. Attaching gdb to the kernel[0m
If you don't have the kernel running under gdb, you can attach gdb to
it later by sending the tracing thread a SIGUSR1. The first line of
the console output identifies its pid:
tracing thread pid = 20093
When you send it the signal:
host% kill -USR1 20093
you will get an xterm with gdb running in it.
If you have the mconsole compiled into UML, then the mconsole client
can be used to start gdb:
(mconsole) (mconsole) config gdb=xterm
will fire up an xterm with gdb running in it.
[1m11.6. Using alternate debuggers[0m
UML has support for attaching to an already running debugger rather
than starting gdb itself. This is present in CVS as of 17 Apr 2001.
I sent it to Alan for inclusion in the ac tree, and it will be in my
2.4.4 release.
This is useful when gdb is a subprocess of some UI, such as emacs or
ddd. It can also be used to run debuggers other than gdb on UML.
Below is an example of using strace as an alternate debugger.
To do this, you need to get the pid of the debugger and pass it in
with the
If you are using gdb under some UI, then tell it to 'att 1', and
you'll find yourself attached to UML.
If you are using something other than gdb as your debugger, then
you'll need to get it to do the equivalent of 'att 1' if it doesn't do
it automatically.
An example of an alternate debugger is strace. You can strace the
actual kernel as follows:
+o Run the following in a shell
host%
sh -c 'echo pid=$$; echo -n hit return; read x; exec strace -p 1 -o strace.out'
+o Run UML with 'debug' and 'gdb-pid=' with the pid printed out
by the previous command
+o Hit return in the shell, and UML will start running, and strace
output will start accumulating in the output file.
Note that this is different from running
host% strace ./linux
That will strace only the main UML thread, the tracing thread, which
doesn't do any of the actual kernel work. It just oversees the vir-
tual machine. In contrast, using strace as described above will show
you the low-level activity of the virtual machine.
[1m12. Kernel debugging examples[0m
[1m12.1. The case of the hung fsck[0m
When booting up the kernel, fsck failed, and dropped me into a shell
to fix things up. I ran fsck -y, which hung:
Setting hostname uml [ OK ]
Checking root filesystem
/dev/fhd0 was not cleanly unmounted, check forced.
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780.
/dev/fhd0: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
(i.e., without -a or -p options)
[ FAILED ]
*** An error occurred during the file system check.
*** Dropping you to a shell; the system will reboot
*** when you leave the shell.
Give root password for maintenance
(or type Control-D for normal startup):
[root@uml /root]# fsck -y /dev/fhd0
fsck -y /dev/fhd0
Parallelizing fsck version 1.14 (9-Jan-1999)
e2fsck 1.14, 9-Jan-1999 for EXT2 FS 0.5b, 95/08/09
/dev/fhd0 contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780. Ignore error? yes
Inode 19780, i_blocks is 1548, should be 540. Fix? yes
Pass 2: Checking directory structure
Error reading block 49405 (Attempt to read block from filesystem resulted in short read). Ignore error? yes
Directory inode 11858, block 0, offset 0: directory corrupted
Salvage? yes
Missing '.' in directory inode 11858.
Fix? yes
Missing '..' in directory inode 11858.
Fix? yes
The standard drill in this sort of situation is to fire up gdb on the
signal thread, which, in this case, was pid 1935. In another window,
I run gdb and attach pid 1935.
~/linux/2.3.26/um 1016: gdb linux
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) att 1935
Attaching to program `/home/dike/linux/2.3.26/um/linux', Pid 1935
0x100756d9 in __wait4 ()
Let's see what's currently running:
(gdb) p current_task.pid
$1 = 0
It's the idle thread, which means that fsck went to sleep for some
reason and never woke up.
Let's guess that the last process in the process list is fsck:
(gdb) p current_task.prev_task.comm
$13 = "fsck.ext2\000\000\000\000\000\000"
It is, so let's see what it thinks it's up to:
(gdb) p current_task.prev_task.thread
$14 = {extern_pid = 1980, tracing = 0, want_tracing = 0, forking = 0,
kernel_stack_page = 0, signal_stack = 1342627840, syscall = {id = 4, args = {
3, 134973440, 1024, 0, 1024}, have_result = 0, result = 50590720},
request = {op = 2, u = {exec = {ip = 1350467584, sp = 2952789424}, fork = {
regs = {1350467584, 2952789424, 0 }, sigstack = 0,
pid = 0}, switch_to = 0x507e8000, thread = {proc = 0x507e8000,
arg = 0xaffffdb0, flags = 0, new_pid = 0}, input_request = {
op = 1350467584, fd = -1342177872, proc = 0, pid = 0}}}}
The interesting things here are the fact that its .thread.syscall.id
is __NR_write (see the big switch in arch/um/kernel/syscall_kern.c or
the defines in include/asm-um/arch/unistd.h), and that it never
returned. Also, its .request.op is OP_SWITCH (see
arch/um/include/user_util.h). These mean that it went into a write,
and, for some reason, called schedule().
The fact that it never returned from write means that its stack should
be fairly interesting. Its pid is 1980 (.thread.extern_pid). That
process is being ptraced by the signal thread, so it must be detached
before gdb can attach it:
(gdb) call detach(1980)
Program received signal SIGSEGV, Segmentation fault.
The program being debugged stopped while in a function called from GDB.
When the function (detach) is done executing, GDB will silently
stop (instead of continuing to evaluate the expression containing
the function call).
(gdb) call detach(1980)
$15 = 0
The first detach segfaults for some reason, and the second one
succeeds.
Now I detach from the signal thread, attach to the fsck thread, and
look at its stack:
(gdb) det
Detaching from program: /home/dike/linux/2.3.26/um/linux Pid 1935
(gdb) att 1980
Attaching to program `/home/dike/linux/2.3.26/um/linux', Pid 1980
0x10070451 in __kill ()
(gdb) bt
#0 0x10070451 in __kill ()
#1 0x10068ccd in usr1_pid (pid=1980) at process.c:30
#2 0x1006a03f in _switch_to (prev=0x50072000, next=0x507e8000)
at process_kern.c:156
#3 0x1006a052 in switch_to (prev=0x50072000, next=0x507e8000, last=0x50072000)
at process_kern.c:161
#4 0x10001d12 in schedule () at sched.c:777
#5 0x1006a744 in __down (sem=0x507d241c) at semaphore.c:71
#6 0x1006aa10 in __down_failed () at semaphore.c:157
#7 0x1006c5d8 in segv_handler (sc=0x5006e940) at trap_user.c:174
#8 0x1006c5ec in kern_segv_handler (sig=11) at trap_user.c:182
#9
#10 0x10155404 in errno ()
#11 0x1006c0aa in segv (address=1342179328, is_write=2) at trap_kern.c:50
#12 0x1006c5d8 in segv_handler (sc=0x5006eaf8) at trap_user.c:174
#13 0x1006c5ec in kern_segv_handler (sig=11) at trap_user.c:182
#14
#15 0xc0fd in ?? ()
#16 0x10016647 in sys_write (fd=3,
buf=0x80b8800 , count=1024)
at read_write.c:159
#17 0x1006d5b3 in execute_syscall (syscall=4, args=0x5006ef08)
at syscall_kern.c:254
#18 0x1006af87 in really_do_syscall (sig=12) at syscall_user.c:35
#19
#20 0x400dc8b0 in ?? ()
The interesting things here are :
+o There are two segfaults on this stack (frames 9 and 14)
+o The first faulting address (frame 11) is 0x50000800
(gdb) p (void *)1342179328
$16 = (void *) 0x50000800
The initial faulting address is interesting because it is on the idle
thread's stack. I had been seeing the idle thread segfault for no
apparent reason, and the cause looked like stack corruption. In hopes
of catching the culprit in the act, I had turned off all protections
to that stack while the idle thread wasn't running. This apparently
tripped that trap.
However, the more immediate problem is that second segfault and I'm
going to concentrate on that. First, I want to see where the fault
happened, so I have to go look at the sigcontent struct in frame 8:
(gdb) up
#1 0x10068ccd in usr1_pid (pid=1980) at process.c:30
30 kill(pid, SIGUSR1);
(gdb)
#2 0x1006a03f in _switch_to (prev=0x50072000, next=0x507e8000)
at process_kern.c:156
156 usr1_pid(getpid());
(gdb)
#3 0x1006a052 in switch_to (prev=0x50072000, next=0x507e8000, last=0x50072000)
at process_kern.c:161
161 _switch_to(prev, next);
(gdb)
#4 0x10001d12 in schedule () at sched.c:777
777 switch_to(prev, next, prev);
(gdb)
#5 0x1006a744 in __down (sem=0x507d241c) at semaphore.c:71
71 schedule();
(gdb)
#6 0x1006aa10 in __down_failed () at semaphore.c:157
157 }
(gdb)
#7 0x1006c5d8 in segv_handler (sc=0x5006e940) at trap_user.c:174
174 segv(sc->cr2, sc->err & 2);
(gdb)
#8 0x1006c5ec in kern_segv_handler (sig=11) at trap_user.c:182
182 segv_handler(sc);
(gdb) p *sc
Cannot access memory at address 0x0.
That's not very useful, so I'll try a more manual method:
(gdb) p *((struct sigcontext *) (&sig + 1))
$19 = {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43,
__dsh = 0, edi = 1342179328, esi = 1350378548, ebp = 1342630440,
esp = 1342630420, ebx = 1348150624, edx = 1280, ecx = 0, eax = 0,
trapno = 14, err = 4, eip = 268480945, cs = 35, __csh = 0, eflags = 66118,
esp_at_signal = 1342630420, ss = 43, __ssh = 0, fpstate = 0x0, oldmask = 0,
cr2 = 1280}
The ip is in handle_mm_fault:
(gdb) p (void *)268480945
$20 = (void *) 0x1000b1b1
(gdb) i sym $20
handle_mm_fault + 57 in section .text
Specifically, it's in pte_alloc:
(gdb) i line *$20
Line 124 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1b1
and ends at 0x1000b1b7 .
To find where in handle_mm_fault this is, I'll jump forward in the
code until I see an address in that procedure:
(gdb) i line *0x1000b1c0
Line 126 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1b7
and ends at 0x1000b1c3 .
(gdb) i line *0x1000b1d0
Line 131 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1d0
and ends at 0x1000b1da .
(gdb) i line *0x1000b1e0
Line 61 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1da
and ends at 0x1000b1e1 .
(gdb) i line *0x1000b1f0
Line 134 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b1f0
and ends at 0x1000b200 .
(gdb) i line *0x1000b200
Line 135 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b200
and ends at 0x1000b208 .
(gdb) i line *0x1000b210
Line 139 of "/home/dike/linux/2.3.26/um/include/asm/pgalloc.h"
starts at address 0x1000b210
and ends at 0x1000b219 .
(gdb) i line *0x1000b220
Line 1168 of "memory.c" starts at address 0x1000b21e
and ends at 0x1000b222 .
Something is apparently wrong with the page tables or vma_structs, so
lets go back to frame 11 and have a look at them:
#11 0x1006c0aa in segv (address=1342179328, is_write=2) at trap_kern.c:50
50 handle_mm_fault(current, vma, address, is_write);
(gdb) call pgd_offset_proc(vma->vm_mm, address)
$22 = (pgd_t *) 0x80a548c
That's pretty bogus. Page tables aren't supposed to be in process
text or data areas. Let's see what's in the vma:
(gdb) p *vma
$23 = {vm_mm = 0x507d2434, vm_start = 0, vm_end = 134512640,
vm_next = 0x80a4f8c, vm_page_prot = {pgprot = 0}, vm_flags = 31200,
vm_avl_height = 2058, vm_avl_left = 0x80a8c94, vm_avl_right = 0x80d1000,
vm_next_share = 0xaffffdb0, vm_pprev_share = 0xaffffe63,
vm_ops = 0xaffffe7a, vm_pgoff = 2952789626, vm_file = 0xafffffec,
vm_private_data = 0x62}
(gdb) p *vma.vm_mm
$24 = {mmap = 0x507d2434, mmap_avl = 0x0, mmap_cache = 0x8048000,
pgd = 0x80a4f8c, mm_users = {counter = 0}, mm_count = {counter = 134904288},
map_count = 134909076, mmap_sem = {count = {counter = 135073792},
sleepers = -1342177872, wait = {lock = ,
task_list = {next = 0xaffffe63, prev = 0xaffffe7a},
__magic = -1342177670, __creator = -1342177300}, __magic = 98},
page_table_lock = {}, context = 138, start_code = 0, end_code = 0,
start_data = 0, end_data = 0, start_brk = 0, brk = 0, start_stack = 0,
arg_start = 0, arg_end = 0, env_start = 0, env_end = 0, rss = 1350381536,
total_vm = 0, locked_vm = 0, def_flags = 0, cpu_vm_mask = 0, swap_cnt = 0,
swap_address = 0, segments = 0x0}
This also pretty bogus. With all of the 0x80xxxxx and 0xaffffxxx
addresses, this is looking like a stack was plonked down on top of
these structures. Maybe it's a stack overflow from the next page:
(gdb) p vma
$25 = (struct vm_area_struct *) 0x507d2434
That's towards the lower quarter of the page, so that would have to
have been pretty heavy stack overflow:
(gdb) x/100x $25
0x507d2434: 0x507d2434 0x00000000 0x08048000 0x080a4f8c
0x507d2444: 0x00000000 0x080a79e0 0x080a8c94 0x080d1000
0x507d2454: 0xaffffdb0 0xaffffe63 0xaffffe7a 0xaffffe7a
0x507d2464: 0xafffffec 0x00000062 0x0000008a 0x00000000
0x507d2474: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2484: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2494: 0x00000000 0x00000000 0x507d2fe0 0x00000000
0x507d24a4: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d24b4: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d24c4: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d24d4: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d24e4: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d24f4: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2504: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2514: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2524: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2534: 0x00000000 0x00000000 0x507d25dc 0x00000000
0x507d2544: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2554: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2564: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2574: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2584: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d2594: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d25a4: 0x00000000 0x00000000 0x00000000 0x00000000
0x507d25b4: 0x00000000 0x00000000 0x00000000 0x00000000
It's not stack overflow. The only "stack-like" piece of this data is
the vma_struct itself.
At this point, I don't see any avenues to pursue, so I just have to
admit that I have no idea what's going on. What I will do, though, is
stick a trap on the segfault handler which will stop if it sees any
writes to the idle thread's stack. That was the thing that happened
first, and it may be that if I can catch it immediately, what's going
on will be somewhat clearer.
[1m12.2. Episode 2: The case of the hung fsck[0m
After setting a trap in the SEGV handler for accesses to the signal
thread's stack, I reran the kernel.
fsck hung again, this time by hitting the trap:
Setting hostname uml [ OK ]
Checking root filesystem
/dev/fhd0 contains a file system with errors, check forced.
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780.
/dev/fhd0: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
(i.e., without -a or -p options)
[ FAILED ]
*** An error occurred during the file system check.
*** Dropping you to a shell; the system will reboot
*** when you leave the shell.
Give root password for maintenance
(or type Control-D for normal startup):
[root@uml /root]# fsck -y /dev/fhd0
fsck -y /dev/fhd0
Parallelizing fsck version 1.14 (9-Jan-1999)
e2fsck 1.14, 9-Jan-1999 for EXT2 FS 0.5b, 95/08/09
/dev/fhd0 contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
Error reading block 86894 (Attempt to read block from filesystem resulted in short read) while reading indirect blocks of inode 19780. Ignore error? yes
Pass 2: Checking directory structure
Error reading block 49405 (Attempt to read block from filesystem resulted in short read). Ignore error? yes
Directory inode 11858, block 0, offset 0: directory corrupted
Salvage? yes
Missing '.' in directory inode 11858.
Fix? yes
Missing '..' in directory inode 11858.
Fix? yes
Untested (4127) [100fe44c]: trap_kern.c line 31
I need to get the signal thread to detach from pid 4127 so that I can
attach to it with gdb. This is done by sending it a SIGUSR1, which is
caught by the signal thread, which detaches the process:
kill -USR1 4127
Now I can run gdb on it:
~/linux/2.3.26/um 1034: gdb linux
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) att 4127
Attaching to program `/home/dike/linux/2.3.26/um/linux', Pid 4127
0x10075891 in __libc_nanosleep ()
The backtrace shows that it was in a write and that the fault address
(address in frame 3) is 0x50000800, which is right in the middle of
the signal thread's stack page:
(gdb) bt
#0 0x10075891 in __libc_nanosleep ()
#1 0x1007584d in __sleep (seconds=1000000)
at ../sysdeps/unix/sysv/linux/sleep.c:78
#2 0x1006ce9a in stop () at user_util.c:191
#3 0x1006bf88 in segv (address=1342179328, is_write=2) at trap_kern.c:31
#4 0x1006c628 in segv_handler (sc=0x5006eaf8) at trap_user.c:174
#5 0x1006c63c in kern_segv_handler (sig=11) at trap_user.c:182
#6
#7 0xc0fd in ?? ()
#8 0x10016647 in sys_write (fd=3, buf=0x80b8800 "R.", count=1024)
at read_write.c:159
#9 0x1006d603 in execute_syscall (syscall=4, args=0x5006ef08)
at syscall_kern.c:254
#10 0x1006af87 in really_do_syscall (sig=12) at syscall_user.c:35
#11
#12 0x400dc8b0 in ?? ()
#13
#14 0x400dc8b0 in ?? ()
#15 0x80545fd in ?? ()
#16 0x804daae in ?? ()
#17 0x8054334 in ?? ()
#18 0x804d23e in ?? ()
#19 0x8049632 in ?? ()
#20 0x80491d2 in ?? ()
#21 0x80596b5 in ?? ()
(gdb) p (void *)1342179328
$3 = (void *) 0x50000800
Going up the stack to the segv_handler frame and looking at where in
the code the access happened shows that it happened near line 110 of
block_dev.c:
(gdb) up
#1 0x1007584d in __sleep (seconds=1000000)
at ../sysdeps/unix/sysv/linux/sleep.c:78
../sysdeps/unix/sysv/linux/sleep.c:78: No such file or directory.
(gdb)
#2 0x1006ce9a in stop () at user_util.c:191
191 while(1) sleep(1000000);
(gdb)
#3 0x1006bf88 in segv (address=1342179328, is_write=2) at trap_kern.c:31
31 KERN_UNTESTED();
(gdb)
#4 0x1006c628 in segv_handler (sc=0x5006eaf8) at trap_user.c:174
174 segv(sc->cr2, sc->err & 2);
(gdb) p *sc
$1 = {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 43, __esh = 0, ds = 43,
__dsh = 0, edi = 1342179328, esi = 134973440, ebp = 1342631484,
esp = 1342630864, ebx = 256, edx = 0, ecx = 256, eax = 1024, trapno = 14,
err = 6, eip = 268550834, cs = 35, __csh = 0, eflags = 66070,
esp_at_signal = 1342630864, ss = 43, __ssh = 0, fpstate = 0x0, oldmask = 0,
cr2 = 1342179328}
(gdb) p (void *)268550834
$2 = (void *) 0x1001c2b2
(gdb) i sym $2
block_write + 1090 in section .text
(gdb) i line *$2
Line 209 of "/home/dike/linux/2.3.26/um/include/asm/arch/string.h"
starts at address 0x1001c2a1
and ends at 0x1001c2bf .
(gdb) i line *0x1001c2c0
Line 110 of "block_dev.c" starts at address 0x1001c2bf
and ends at 0x1001c2e3 .
Looking at the source shows that the fault happened during a call to
copy_to_user to copy the data into the kernel:
107 count -= chars;
108 copy_from_user(p,buf,chars);
109 p += chars;
110 buf += chars;
p is the pointer which must contain 0x50000800, since buf contains
0x80b8800 (frame 8 above). It is defined as:
p = offset + bh->b_data;
I need to figure out what bh is, and it just so happens that bh is
passed as an argument to mark_buffer_uptodate and mark_buffer_dirty a
few lines later, so I do a little disassembly:
(gdb) disas 0x1001c2bf 0x1001c2e0
Dump of assembler code from 0x1001c2bf to 0x1001c2d0:
0x1001c2bf : addl %eax,0xc(%ebp)
0x1001c2c2 : movl 0xfffffdd4(%ebp),%edx
0x1001c2c8 : btsl $0x0,0x18(%edx)
0x1001c2cd : btsl $0x1,0x18(%edx)
0x1001c2d2 : sbbl %ecx,%ecx
0x1001c2d4 : testl %ecx,%ecx
0x1001c2d6 : jne 0x1001c2e3
0x1001c2d8 : pushl $0x0
0x1001c2da : pushl %edx
0x1001c2db : call 0x1001819c <__mark_buffer_dirty>
End of assembler dump.
At that point, bh is in %edx (address 0x1001c2da), which is calculated
at 0x1001c2c2 as %ebp + 0xfffffdd4, so I figure exactly what that is,
taking %ebp from the sigcontext_struct above:
(gdb) p (void *)1342631484
$5 = (void *) 0x5006ee3c
(gdb) p 0x5006ee3c+0xfffffdd4
$6 = 1342630928
(gdb) p (void *)$6
$7 = (void *) 0x5006ec10
(gdb) p *((void **)$7)
$8 = (void *) 0x50100200
Now, I look at the structure to see what's in it, and particularly,
what its b_data field contains:
(gdb) p *((struct buffer_head *)0x50100200)
$13 = {b_next = 0x50289380, b_blocknr = 49405, b_size = 1024, b_list = 0,
b_dev = 15872, b_count = {counter = 1}, b_rdev = 15872, b_state = 24,
b_flushtime = 0, b_next_free = 0x501001a0, b_prev_free = 0x50100260,
b_this_page = 0x501001a0, b_reqnext = 0x0, b_pprev = 0x507fcf58,
b_data = 0x50000800 "", b_page = 0x50004000,
b_end_io = 0x10017f60 , b_dev_id = 0x0,
b_rsector = 98810, b_wait = {lock = ,
task_list = {next = 0x50100248, prev = 0x50100248}, __magic = 1343226448,
__creator = 0}, b_kiobuf = 0x0}
The b_data field is indeed 0x50000800, so the question becomes how
that happened. The rest of the structure looks fine, so this probably
is not a case of data corruption. It happened on purpose somehow.
The b_page field is a pointer to the page_struct representing the
0x50000000 page. Looking at it shows the kernel's idea of the state
of that page:
(gdb) p *$13.b_page
$17 = {list = {next = 0x50004a5c, prev = 0x100c5174}, mapping = 0x0,
index = 0, next_hash = 0x0, count = {counter = 1}, flags = 132, lru = {
next = 0x50008460, prev = 0x50019350}, wait = {
lock = , task_list = {next = 0x50004024,
prev = 0x50004024}, __magic = 1342193708, __creator = 0},
pprev_hash = 0x0, buffers = 0x501002c0, virtual = 1342177280,
zone = 0x100c5160}
Some sanity-checking: the virtual field shows the "virtual" address of
this page, which in this kernel is the same as its "physical" address,
and the page_struct itself should be mem_map[0], since it represents
the first page of memory:
(gdb) p (void *)1342177280
$18 = (void *) 0x50000000
(gdb) p mem_map
$19 = (mem_map_t *) 0x50004000
These check out fine.
Now to check out the page_struct itself. In particular, the flags
field shows whether the page is considered free or not:
(gdb) p (void *)132
$21 = (void *) 0x84
The "reserved" bit is the high bit, which is definitely not set, so
the kernel considers the signal stack page to be free and available to
be used.
At this point, I jump to conclusions and start looking at my early
boot code, because that's where that page is supposed to be reserved.
In my setup_arch procedure, I have the following code which looks just
fine:
bootmap_size = init_bootmem(start_pfn, end_pfn - start_pfn);
free_bootmem(__pa(low_physmem) + bootmap_size, high_physmem - low_physmem);
Two stack pages have already been allocated, and low_physmem points to
the third page, which is the beginning of free memory.
The init_bootmem call declares the entire memory to the boot memory
manager, which marks it all reserved. The free_bootmem call frees up
all of it, except for the first two pages. This looks correct to me.
So, I decide to see init_bootmem run and make sure that it is marking
those first two pages as reserved. I never get that far.
Stepping into init_bootmem, and looking at bootmem_map before looking
at what it contains shows the following:
(gdb) p bootmem_map
$3 = (void *) 0x50000000
Aha! The light dawns. That first page is doing double duty as a
stack and as the boot memory map. The last thing that the boot memory
manager does is to free the pages used by its memory map, so this page
is getting freed even its marked as reserved.
The fix was to initialize the boot memory manager before allocating
those two stack pages, and then allocate them through the boot memory
manager. After doing this, and fixing a couple of subsequent buglets,
the stack corruption problem disappeared.
[1m13. What to do when UML doesn't work[0m
[1m13.1. Strange compilation errors when you build from source[0m
As of test11, it is necessary to have "ARCH=um" in the environment or
on the make command line for all steps in building UML, including
clean, distclean, or mrproper, config, menuconfig, or xconfig, dep,
and linux. If you forget for any of them, the i386 build seems to
contaminate the UML build. If this happens, start from scratch with
host%
make mrproper ARCH=um
and repeat the build process with ARCH=um on all the steps.
See ``Compiling the kernel and modules'' for more details.
Another cause of strange compilation errors is building UML in
/usr/src/linux. If you do this, the first thing you need to do is
clean up the mess you made. The /usr/src/linux/asm link will now
point to /usr/src/linux/asm-um. Make it point back to
/usr/src/linux/asm-i386. Then, move your UML pool someplace else and
build it there. Also see below, where a more specific set of symptoms
is described.
[1m13.2. UML hangs on boot after mounting devfs[0m
The boot looks like this:
VFS: Mounted root (ext2 filesystem) readonly.
Mounted devfs on /dev
You're probably running a recent distribution on an old machine. I
saw this with the RH7.1 filesystem running on a Pentium. The shared
library loader, ld.so, was executing an instruction (cmove) which the
Pentium didn't support. That instruction was apparently added later.
If you run UML under the debugger, you'll see the hang caused by one
instruction causing an infinite SIGILL stream.
The fix is to boot UML on an older filesystem.
[1m13.3. A variety of panics and hangs with /tmp on a reiserfs filesys-[0m
[1mtem[0m
I saw this on reiserfs 3.5.21 and it seems to be fixed in 3.5.27.
Panics preceded by
Detaching pid nnnn
are diagnostic of this problem. This is a reiserfs bug which causes a
thread to occasionally read stale data from a mmapped page shared with
another thread. The fix is to upgrade the filesystem or to have /tmp
be an ext2 filesystem.
[1m13.4. The compile fails with errors about conflicting types for[0m
[1m'open', 'dup', and 'waitpid'[0m
This happens when you build in /usr/src/linux. The UML build makes
the include/asm link point to include/asm-um. /usr/include/asm points
to /usr/src/linux/include/asm, so when that link gets moved, files
which need to include the asm-i386 versions of headers get the
incompatible asm-um versions. The fix is to move the include/asm link
back to include/asm-i386 and to do UML builds someplace else.
[1m13.5. UML doesn't work when /tmp is an NFS filesystem[0m
This seems to be a similar situation with the resierfs problem above.
Some versions of NFS seems not to handle mmap correctly, which UML
depends on. The workaround is have /tmp be non-NFS directory.
[1m13.6. UML hangs on boot when compiled with gprof support[0m
If you build UML with gprof support and, early in the boot, it does
this
kernel BUG at page_alloc.c:100!
you have a buggy gcc. You can work around the problem by removing
UM_FASTCALL from CFLAGS in arch/um/Makefile-i386. This will open up
another bug, but that one is fairly hard to reproduce.
[1m13.7. syslogd dies with a SIGTERM on startup[0m
The exact boot error depends on the distribution that you're booting,
but Debian produces this:
/etc/rc2.d/S10sysklogd: line 49: 93 Terminated
start-stop-daemon --start --quiet --exec /sbin/syslogd -- $SYSLOGD
This is a syslogd bug. There's a race between a parent process
installing a signal handler and its child sending the signal. See
this uml-devel post for the details.
[1m13.8. TUN/TAP networking doesn't work on a 2.4 host[0m
There are a couple of problems which were
name="pointed
out"> by Tim Robinson
+o It doesn't work on hosts running 2.4.7 (or thereabouts) or earlier.
The fix is to upgrade to something more recent and then read the
next item.
+o If you see
File descriptor in bad state
when you bring up the device inside UML, you have a header mismatch
between the original kernel and the upgraded one. Make /usr/src/linux
point at the new headers. This will only be a problem if you build
uml_net yourself.
[1m13.9. You can network to the host but not to other machines on the[0m
[1mnet[0m
If you can connect to the host, and the host can connect to UML, but
you can not connect to any other machines, then you may need to enable
IP Masquerading on the host. Usually this is only experienced when
using private IP addresses (192.168.x.x or 10.x.x.x) for host/UML
networking, rather than the public address space that your host is
connected to. UML does not enable IP Masquerading, so you will need
to create a static rule to enable it:
host%
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Replace eth0 with the interface that you use to talk to the rest of
the world.
Documentation on IP Masquerading, and SNAT, can be found at
www.netfilter.org .
If you can reach the local net, but not the outside Internet, then
that is usually a routing problem. The UML needs a default route:
UML#
route add default gw gateway IP
The gateway IP can be any machine on the local net that knows how to
reach the outside world. Usually, this is the host or the local net-
work's gateway.
Occasionally, we hear from someone who can reach some machines, but
not others on the same net, or who can reach some ports on other
machines, but not others. These are usually caused by strange
firewalling somewhere between the UML and the other box. You track
this down by running tcpdump on every interface the packets travel
over and see where they disappear. When you find a machine that takes
the packets in, but does not send them onward, that's the culprit.
[1m13.10. I have no root and I want to scream[0m
Thanks to Birgit Wahlich for telling me about this strange one. It
turns out that there's a limit of six environment variables on the
kernel command line. When that limit is reached or exceeded, argument
processing stops, which means that the 'root=' argument that UML
usually adds is not seen. So, the filesystem has no idea what the
root device is, so it panics.
The fix is to put less stuff on the command line. Glomming all your
setup variables into one is probably the best way to go.
[1m13.11. UML build conflict between ptrace.h and ucontext.h[0m
On some older systems, /usr/include/asm/ptrace.h and
/usr/include/sys/ucontext.h define the same names. So, when they're
included together, the defines from one completely mess up the parsing
of the other, producing errors like:
/usr/include/sys/ucontext.h:47: parse error before
`10'
plus a pile of warnings.
This is a libc botch, which has since been fixed, and I don't see any
way around it besides upgrading.
[1m13.12. The UML BogoMips is exactly half the host's BogoMips[0m
On i386 kernels, there are two ways of running the loop that is used
to calculate the BogoMips rating, using the TSC if it's there or using
a one-instruction loop. The TSC produces twice the BogoMips as the
loop. UML uses the loop, since it has nothing resembling a TSC, and
will get almost exactly the same BogoMips as a host using the loop.
However, on a host with a TSC, its BogoMips will be double the loop
BogoMips, and therefore double the UML BogoMips.
[1m13.13. When you run UML, it immediately segfaults[0m
If the host is configured with the 2G/2G address space split, that's
why. See ``UML on 2G/2G hosts'' for the details on getting UML to
run on your host.
[1m13.14. xterms appear, then immediately disappear[0m
If you're running an up to date kernel with an old release of
uml_utilities, the port-helper program will not work properly, so
xterms will exit straight after they appear. The solution is to
upgrade to the latest release of uml_utilities. Usually this problem
occurs when you have installed a packaged release of UML then compiled
your own development kernel without upgrading the uml_utilities from
the source distribution.
[1m13.15. cannot set up thread-local storage[0m
This problem is fixed by the skas-hold-own-ldt patch that went into
2.6.15-rc1.
The boot looks like this:
cannot set up thread-local storage: cannot set up LDT for thread-local storage
Kernel panic - not syncing: Attempted to kill init!
Your UML kernel doesn't support Native Posix Thread Library (NPTL) and
the binaries you're running are being dynamically linked to it. Try
running in SKAS3 mode first. You might be able to avoid the kernel
panic setting the LD_ASSUME_KERNEL
environment
variable on the command line:
./linux init=/bin/sh LD_ASSUME_KERNEL=2.4.1
Many commands are very restrictive about what is preserved in the
environment when starting child processes, so relying on
LD_ASSUME_KERNEL to be globally set for all processes in the whole
system is generally not a good idea. It's very hard to guarantee.
Thus it's better to move the NPTL libraries away:
# mount root_fs mnt-uml/ -o loop
# mv mnt-uml/lib/tls mnt-uml/lib/tls.away
# umount mnt-uml
If you're running Debian, you might prefer to use dpkg-divert:
# export LD_ASSUME_KERNEL=2.4.1
# mount root_fs mnt-uml/ -o loop
# chroot mnt-uml
# mkdir /lib/tls.off
# cd /lib/tls
# for f in *;
do
dpkg-divert --divert --local --rename --divert /lib/tls.off/$f --add /lib/tls/$f;
done
# exit
# umount mnt-uml
# unset LD_ASSUME_KERNEL
[1m13.16. Process segfaults with a modern (NPTL-using) filesystem[0m
These appear to be fixed with the tls patches from Blaisorblade that
are currently in my patchset . You can apply the entire
patchset, or you can move /lib/tls in the image away, as described
above.
[1m13.17. Any other panic, hang, or strange behavior[0m
If you're seeing truly strange behavior, such as hangs or panics that
happen in random places, or you try running the debugger to see what's
happening and it acts strangely, then it could be a problem in the
host kernel. If you're not running a stock Linus or -ac kernel, then
try that. An early version of the preemption patch and a 2.4.10 SuSE
kernel have caused very strange problems in UML.
Otherwise, let me know about it. Send a message to one of the UML
mailing lists - either the developer list - user-mode-linux-devel at
lists dot sourceforge dot net (subscription info) or the user list -
user-mode-linux-user at lists dot sourceforge do net (subscription
info), whichever you prefer. Don't assume that everyone knows about
it and that a fix is imminent.
If you want to be super-helpful, read ``Diagnosing Problems'' and
follow the instructions contained therein.
[1m14. Diagnosing Problems[0m
If you get UML to crash, hang, or otherwise misbehave, you should
report this on one of the project mailing lists, either the developer
list - user-mode-linux-devel at lists dot sourceforge dot net
(subscription info) or the user list - user-mode-linux-user at lists
dot sourceforge dot net (subscription info). When you do, it is
likely that I will want more information. So, it would be helpful to
read the stuff below, do whatever is applicable in your case, and
report the results to the list.
For any diagnosis, you're going to need to build a debugging kernel.
The binaries from this site aren't debuggable. If you haven't done
this before, read about ``Compiling the kernel and modules'' and
``Kernel debugging'' UML first.
[1m14.1. Case 1 : Normal kernel panics[0m
The most common case is for a normal thread to panic. To debug this,
you will need to run it under the debugger (add 'debug' to the command
line). An xterm will start up with gdb running inside it. Continue
it when it stops in start_kernel and make it crash. Now ^C gdb and
If the panic was a "Kernel mode fault", then there will be a segv
frame on the stack and I'm going to want some more information. The
stack might look something like this:
(UML gdb) backtrace
#0 0x1009bf76 in __sigprocmask (how=1, set=0x5f347940, oset=0x0)
at ../sysdeps/unix/sysv/linux/sigprocmask.c:49
#1 0x10091411 in change_sig (signal=10, on=1) at process.c:218
#2 0x10094785 in timer_handler (sig=26) at time_kern.c:32
#3 0x1009bf38 in __restore ()
at ../sysdeps/unix/sysv/linux/i386/sigaction.c:125
#4 0x1009534c in segv (address=8, ip=268849158, is_write=2, is_user=0)
at trap_kern.c:66
#5 0x10095c04 in segv_handler (sig=11) at trap_user.c:285
#6 0x1009bf38 in __restore ()
I'm going to want to see the symbol and line information for the value
of ip in the segv frame. In this case, you would do the following:
(UML gdb) i sym 268849158
and
(UML gdb) i line *268849158
The reason for this is the __restore frame right above the segv_han-
dler frame is hiding the frame that actually segfaulted. So, I have
to get that information from the faulting ip.
[1m14.2. Case 2 : Tracing thread panics[0m
The less common and more painful case is when the tracing thread
panics. In this case, the kernel debugger will be useless because it
needs a healthy tracing thread in order to work. The first thing to
do is get a backtrace from the tracing thread. This is done by
figuring out what its pid is, firing up gdb, and attaching it to that
pid. You can figure out the tracing thread pid by looking at the
first line of the console output, which will look like this:
tracing thread pid = 15851
or by running ps on the host and finding the line that looks like
this:
jdike 15851 4.5 0.4 132568 1104 pts/0 S 21:34 0:05 ./linux [(tracing thread)]
If the panic was 'segfault in signals', then follow the instructions
above for collecting information about the location of the seg fault.
If the tracing thread flaked out all by itself, then send that
backtrace in and wait for our crack debugging team to fix the problem.
[1m14.3. Case 3 : Tracing thread panics caused by other threads[0m
However, there are cases where the misbehavior of another thread
caused the problem. The most common panic of this type is:
wait_for_stop failed to wait for to stop with
In this case, you'll need to get a backtrace from the process men-
tioned in the panic, which is complicated by the fact that the kernel
debugger is defunct and without some fancy footwork, another gdb can't
attach to it. So, this is how the fancy footwork goes:
In a shell:
host% kill -STOP pid
Run gdb on the tracing thread as described in case 2 and do:
(host gdb) call detach(pid)
If you get a segfault, do it again. It always works the second time.
Detach from the tracing thread and attach to that other thread:
(host gdb) detach
(host gdb) attach pid
If gdb hangs when attaching to that process, go back to a shell and
do:
host%
kill -CONT pid
And then get the backtrace:
(host gdb) backtrace
[1m14.4. Case 4 : Hangs[0m
Hangs seem to be fairly rare, but they sometimes happen. When a hang
happens, we need a backtrace from the offending process. Run the
kernel debugger as described in case 1 and get a backtrace. If the
current process is not the idle thread, then send in the backtrace.
You can tell that it's the idle thread if the stack looks like this:
#0 0x100b1401 in __libc_nanosleep ()
#1 0x100a2885 in idle_sleep (secs=10) at time.c:122
#2 0x100a546f in do_idle () at process_kern.c:445
#3 0x100a5508 in cpu_idle () at process_kern.c:471
#4 0x100ec18f in start_kernel () at init/main.c:592
#5 0x100a3e10 in start_kernel_proc (unused=0x0) at um_arch.c:71
#6 0x100a383f in signal_tramp (arg=0x100a3dd8) at trap_user.c:50
If this is the case, then some other process is at fault, and went to
sleep when it shouldn't have. Run ps on the host and figure out which
process should not have gone to sleep and stayed asleep. Then attach
to it with gdb and get a backtrace as described in case 3.
[1m15. Thanks[0m
A number of people have helped this project in various ways, and this
page gives recognition where recognition is due.
If you're listed here and you would prefer a real link on your name,
or no link at all, instead of the despammed email address pseudo-link,
let me know.
If you're not listed here and you think maybe you should be, please
let me know that as well. I try to get everyone, but sometimes my
bookkeeping lapses and I forget about contributions.
[1m15.1. Code and Documentation[0m
Rusty Russell -
+o wrote the HOWTO
+o prodded me into making this project official and putting it on
SourceForge
+o came up with the way cool UML logo
+o redid the config process
Peter Moulder - Fixed my config and build
processes, and added some useful code to the block driver
Bill Stearns -
+o HOWTO updates
+o lots of bug reports
+o lots of testing
+o dedicated a box (uml.ists.dartmouth.edu) to support UML development
+o wrote the mkrootfs script, which allows bootable filesystems of
RPM-based distributions to be cranked out
+o cranked out a large number of filesystems with said script
Jim Leu - Wrote the virtual ethernet driver
and associated usermode tools
Lars Brinkhoff - Contributed the ptrace
proxy from his own project to allow easier
kernel debugging
Andrea Arcangeli - Redid some of the early boot
code so that it would work on machines with Large File Support
Chris Emerson - Did
the first UML port to Linux/ppc
Harald Welte - Wrote the multicast
transport for the network driver
Jorgen Cederlof - Added special file support to hostfs
Greg Lonnon - Changed the ubd driver
to allow it to layer a COW file on a shared read-only filesystem and
wrote the iomem emulation support
Henrik Nordstrom - Provided a variety
of patches, fixes, and clues
Lennert Buytenhek - Contributed various patches, a rewrite of the
network driver, the first implementation of the mconsole driver, and
did the bulk of the work needed to get SMP working again.
Yon Uriarte - Fixed the TUN/TAP network backend while I slept.
Adam Heath - Made a bunch of nice cleanups to the initialization code,
plus various other small patches.
Matt Zimmerman - Matt volunteered to be the UML Debian maintainer and
is doing a real nice job of it. He also noticed and fixed a number of
actually and potentially exploitable security holes in uml_net. Plus
the occasional patch. I like patches.
James McMechan - James seems to have taken over maintenance of the ubd
driver and is doing a nice job of it.
Chandan Kudige - wrote the umlgdb script which automates the reloading
of module symbols.
Steve Schmidtke - wrote the UML slirp transport and hostaudio drivers,
enabling UML processes to access audio devices on the host. He also
submitted patches for the slip transport and lots of other things.
David Coulson -
+o Set up the usermodelinux.org site,
which is a great way of keeping the UML user community on top of
UML goings-on.
+o Site documentation and updates
+o Nifty little UML management daemon UMLd
+o Lots of testing and bug reports
[1m15.2. Flushing out bugs[0m
+o Yuri Pudgorodsky
+o Gerald Britton
+o Ian Wehrman
+o Gord Lamb
+o Eugene Koontz
+o John H. Hartman
+o Anders Karlsson
+o Daniel Phillips
+o John Fremlin
+o Rainer Burgstaller
+o James Stevenson
+o Matt Clay
+o Cliff Jefferies
+o Geoff Hoff
+o Lennert Buytenhek
+o Al Viro
+o Frank Klingenhoefer
+o Livio Baldini Soares
+o Jon Burgess
+o Petru Paler
+o Paul
+o Chris Reahard
+o Sverker Nilsson
+o Gong Su
+o johan verrept
+o Bjorn Eriksson
+o Lorenzo Allegrucci
+o Muli Ben-Yehuda
+o David Mansfield
+o Howard Goff
+o Mike Anderson
+o John Byrne
+o Sapan J. Batia
+o Iris Huang
+o Jan Hudec
+o Voluspa
[1m15.3. Buglets and clean-ups[0m
+o Dave Zarzycki
+o Adam Lazur
+o Boria Feigin
+o Brian J. Murrell
+o JS
+o Roman Zippel
+o Wil Cooley
+o Ayelet Shemesh
+o Will Dyson
+o Sverker Nilsson
+o dvorak
+o v.naga srinivas
+o Shlomi Fish
+o Roger Binns
+o johan verrept
+o MrChuoi
+o Peter Cleve
+o Vincent Guffens
+o Nathan Scott
+o Patrick Caulfield
+o jbearce
+o Catalin Marinas
+o Shane Spencer
+o Zou Min
+o Ryan Boder
+o Lorenzo Colitti
+o Gwendal Grignou
+o Andre' Breiler
+o Tsutomu Yasuda
[1m15.4. Case Studies[0m
+o Jon Wright
+o William McEwan
+o Michael Richardson
[1m15.5. Other contributions[0m
Bill Carr made the Red Hat mkrootfs script
work with RH 6.2.
Michael Jennings sent in some material which
is now gracing the top of the index page of this site.
SGI (and more specifically Ralf Baechle ) gave me an account on oss.sgi.com
. The bandwidth there made it possible to
produce most of the filesystems available on the project download
page.
Laurent Bonnaud took the old grotty
Debian filesystem that I've been distributing and updated it to 2.2.
It is now available by itself here.
Rik van Riel gave me some ftp space on ftp.nl.linux.org so I can make
releases even when Sourceforge is broken.
Rodrigo de Castro looked at my broken pte code and told me what was
wrong with it, letting me fix a long-standing (several weeks) and
serious set of bugs.
Chris Reahard built a specialized root filesystem for running a DNS
server jailed inside UML. It's available from the download
page in the Jail
Filesysems section.
user-mode-linux-doc-20060501/arch-port.html 0000644 0000000 0000000 00000122773 12742461304 015243 0 ustar
Porting UML to a new architecture
Even though UML is running on a host Linux, which insulates it from
the underlying platform to a great extent, some details of the hardware
still leak through and make porting UML to Linux on a new architecture
more than a simple rebuild.
The major aspects of the hardware that show through are
register names used by ptrace
organization of the process address space
This page will describe how to port UML to a new architecture. It
will acquire new material as we learn more about how to do it. At
this point, this is based on what we learned from the ppc port, which
is the only real port of UML that's been done so far. The i386 port
doesn't really count since that was part of the overall development of
UML rather than a separate porting effort.
Below, there are references to $(SUBARCH). This is the make variable
which holds the value of the host architecture in the UML build. On
Intel boxes, it's "i386" and on PowerPC boxes, it's "ppc".
Overview
UML is split between architecture-independent code and headers which
are found under arch/um in
kernel
drivers
fs
ptproxy
include
and the architecture-dependent code and definitions under arch/um in
Makefile-*
sys-*
include/sysdep-*
Each '*' is the name of an architecture, so the i386-specific code is
under arch/um/sys-i386 and the ppc-specific code is under arch/um/sys-ppc.
The host
Not all architectures can currently run UML. The potential problem is
the ability of ptrace to change system call numbers. i386 couldn't
until I got the change into 2.3.22 and 2.2.15, ppc could, and IA64 and
mips can't. I don't know about the other arches.
This is necessary because it's critical to UML's ability to virtualize
system calls. Process system calls must be nullified in the host, and
this is done by converting them into getpid.
So, before starting to work on your new port of UML, make sure ptrace
is fully functional. This
little program starts a child, which makes calls to getpid and
prints them out, while the parent is converting the getpid calls to
getppid. The parent prints out its own pid, while the child prints out
what it thinks is its own pid, and they should be the same. So, if
your machine is able to run UML, you will see output like this:
Parent pid = 3246
getpid() returned 3246
getpid() returned 3246
If not, you will likely get errors from ptrace. Less likely is
different pids being printed out from the two processes. If either
happens, then you need to figure out how to remove that restriction
from the host Linux.
Note that when you compile ptrace.c, you will need to change the
references to ORIG_EAX, which contains the system call number, to
whatever is appropriate for your architecture.
Address space layout
Before delving into the code, you need to do some high-level
conceptual thinking about how to organize the address space of a UML
process. UML maps its executable, physical memory, and kernel virtual
memory into the address space of each of its processes. You need to
decide where to put each of these so as to minimize the likelihood of
a process trying to allocate that memory for its own use.
The only arch hook at this point is where in the address space the UML
binary is going to load. The other addresses are still hard-coded
because they happen to work for both i386 and ppc. UML puts its own
memory in the area starting at 0x5000000 and process stacks 4M below
its own process stack. These choices may not work on all
architectures, so feel free to generalize them. To locate a likely
area on your arch, staring at /proc/<pid>/maps of various processes
on the host has been the technique so far.
Architecture Makefile
You need to create arch/um/Makefile-$(SUBARCH), which contains the
following definitions:
START_ADDR - The address where the UML executable will load in
memory. This address must be chosen so that it won't conflict with
any memory that a UML process is going to want to use. The i386
definition is
START_ADDR = 0x10000000
ARCH_CFLAGS - Anything that needs to be added to CFLAGS goes here.
Both the i386 and ppc ports use this to turn off definitions that
would pull hardware-specific code into the kernel. The ppc definition
is
ARCH_CFLAGS = -U__powerpc__ -D__UM_PPC__
ELF_SUBARCH - This is the name of the ELF object format for the
architecture. On i386, it's 'i386', but on ppc, it's not 'ppc' (it's
'powerpc'). The i386 definition is
ELF_SUBARCH = $(SUBARCH)
include/asm-um
Every architecture needs to provide a set of headers to the generic
kernel. These are located in include/asm-$(ARCH). UML mostly uses
the headers of the underlying architecture. It does this by creating
a symlink from include/asm-um/arch to include/asm-$(SUBARCH). Most of
UML's headers then just include "asm/arch/header.h". As an example,
this is rwlock.h
Almost all of UML's headers look exactly like that. Some of the rest
are architecture-independent headers private to UML. You don't need to
worry about these.
Some headers include the underlying arch headers, but also need to
change them in some way. For example, the UML ptrace-generic.h includes
asm/arch/ptrace.h because it needs some definitions from there.
However, there are things it doesn't want because it needs to define
its own, such as struct pt_regs. So, the underlying architecture's
struct pt_regs is renamed by doing the following
This changes the name of the underlying architecture's pt_regs to
struct pt_regs_subarch, allowing UML to define its own struct
pt_regs. This practice of taking most of the contents other
architecture's header and defining the unwanted bits away is useful,
but it also causes problems which porter have to deal with. For
example, the ppc ptrace.h includes "asm/system.h", which includes the
UML system.h. Since the UML system.h contains references to pt_regs
and it's being included by a header that has had pt_regs renamed to
pt_regs_subarch, the UML system.h references are similarly renamed.
This causes conflicts against files which expect references to
pt_regs. There have been several attempts to update UML/ppc and this
problem has stymied them. It's far from an insolvable problem, but it
involves staring at confusing sequences of includes, figuring out
what's happening, and how to fix it.
There are also a few headers which are archtecture-dependent.
archparam-$(SUBARCH).h
This is a header for miscellaneous architecture-dependent
definitions. In a lot of cases, a mostly-generic header can get its
non-generic definitions from a separate header. In these cases, the
definitions are put in archparam-$(SUBARCH).h and that header includes
asm/archparam.h, which is a symbolic link to archparam-$(SUBARCH).h.
The i386 archparam mostly includes definitions for elf.h, such as
platform-specific register initializatins. The ppc archparam is
similar, adding a couple of definitions for hardirq.h and a couple of
other headers.
processor-$(SUBARCH).h
This header exists because UML/ppc needs a little logic to choose
between including one header and another.
ptrace-$(SUBARCH).h
This defines architecture-dependent access macros into struct
pt_regs. These macros aren't used in generic code, but you may need
some when you define ELF_PLAT_INIT and a few other things. Those
definitions should go here.
sigcontext-$(SUBARCH).h
This is similar to processor-$(SUBARCH).h. It exists so that that the
occurrences of pt_regs in asm-$(SUBARCH)/sigcontext.h can be defined
out of the way.
system-$(SUBARCH).h
This header exists so that UML/ppc can define the ppc _switch_to out
of the way. The i386 version doesn't do anything.
ptrace-generic.h
ptrace-generic.h isn't architecture-dependent, but it does put some
requirements on arch/um/include/sysdep/ptrace.h, which you will meet
below. It defines its struct pt_regs as
struct pt_regs {
struct uml_pt_regs regs;
};
and it's up to the architecture to define struct uml_pt_regs. This is
done this way because some UML userspace code needs to refer to
register values. So, uml_pt_regs is the structure that is safe for
userspace code to look at, which pt_regs is for kernel code. Access
macros for pt_regs therefore just call the equivalent access macro for
uml_pt_regs, like
#define PT_REGS_IP(r) UPT_IP(&(r)->regs)
and these should be defined in arch/um/include/sysdep/ptrace.h, which
should be able to be included in both user and kernel code. This
means it can't include either libc headers or kernel headers, but may
include safe UML headers.
Architecture headers
There are three headers, which go in arch/um/include/sysdep-$(SUBARCH),
which need to be written, and each needs to
contain a certain set of definitions.
frame.h
One of the first things that UML does when it boots is it creates and
saves a signal frame. This will be used when it delivers signals to
its processes. It will be copied onto the process stack and the data
in the original frame, like the signal number, sigcontext contents,
and restorer will be replaced. UML knows how to replace this stuff
because it figured out where in the stack frame it is. And it did
that by having the signal handler record the address of the signal,
the sigcontext structure, and a few other things.
This is done in a mostly architecture-independent way, but a little
help is needed from architecture-specific code. That code goes into
frame.h.
What's needed here are definitions of:
static inline unsigned long frame_restorer(void)
This returns the location on the stack of the signal state restorer.
On i386, this is the return address, which is next to the frame
pointer, so the i386 definition is
static inline unsigned long frame_restorer(void)
{
unsigned long *fp;
fp = __builtin_frame_address(0);
return((unsigned long) (fp + 1));
}
static inline unsigned long frame_sp(void)
This returns the value of the stack pointer when the signal handler is
first entered. Note that this is not necessarily the same value as
when the signal handler code is executing because it may have been
adjusted for local variables.
On i386, this is four bytes more than the frame pointer, so its
definition is
static inline unsigned long frame_sp(void)
{
unsigned long *fp;
fp = __builtin_frame_address(0);
return((unsigned long) (fp + 1));
}
In addition, there may be a need for the architecture to save more
information from the signal frame. There are two pairs of structures
and procedures which allow you to do this. The first pair are
expected to record raw addresses from the frame:
The arch_frame_data_raw may contain anything you want and
setup_arch_frame_raw is expected to fill it in. Both may be empty.
i386 needs to know the size of the floating point state that's on the
signal frame, so these save the address of the beginning of the sigcontext
structure, where the floating point state ends:
Then a similar structure and function pair is used to process the raw
addresses into something that's usable later. The i386 code assumes
that the floating point state runs from the top of the stack (which is
alone on its own page, so the top of the stack is the end of the page)
to the start of the sigcontext structure:
ptrace.h deals with the machine's register set. It defines the
following:
struct uml_pt_regs
which should contain a system call number, a set of system call
arguments, a flag saying whether the kernel was entered from userspace
or kernelspace, and a pointer to the sigcontext structure on the
current stack. The i386 definition is
struct uml_pt_regs {
unsigned long args[6];
long syscall;
int is_user;
void *sc;
};
which may in fact be architecture-independent. The only thing that
may need changing is the size of args[].
EMPTY_UML_PT_REGS
which is an initializer for uml_pt_regs. The i386 definition is
which returns the value of the appropriate register from the saved
sigcontext.
UPT_SET(regs, reg, val)
which sets the value of the appropriate register in the saved
sigcontext to whatever value is passed in. The i386 definitions of
these are big switch statements
#define UPT_REG(regs, reg) \
({ unsigned long val; \
switch(reg){ \
case EIP: val = UPT_IP(regs); break; \
case UESP: val = UPT_SP(regs); break; \
case EAX: val = UPT_EAX(regs); break; \
case EBX: val = UPT_EBX(regs); break; \
case ECX: val = UPT_ECX(regs); break; \
case EDX: val = UPT_EDX(regs); break; \
case ESI: val = UPT_ESI(regs); break; \
case EDI: val = UPT_EDI(regs); break; \
case EBP: val = UPT_EBP(regs); break; \
case ORIG_EAX: val = UPT_ORIG_EAX(regs); break; \
case CS: val = UPT_CS(regs); break; \
case SS: val = UPT_SS(regs); break; \
case DS: val = UPT_DS(regs); break; \
case ES: val = UPT_ES(regs); break; \
case FS: val = UPT_FS(regs); break; \
case GS: val = UPT_GS(regs); break; \
case EFL: val = UPT_EFLAGS(regs); break; \
default : \
panic("Bad register in UPT_REG : %d\n", reg); \
val = -1; \
} \
val; \
})
#define UPT_SET(regs, reg, val) \
do { \
switch(reg){ \
case EIP: UPT_IP(regs) = val; break; \
case UESP: UPT_SP(regs) = val; break; \
case EAX: UPT_EAX(regs) = val; break; \
case EBX: UPT_EBX(regs) = val; break; \
case ECX: UPT_ECX(regs) = val; break; \
case EDX: UPT_EDX(regs) = val; break; \
case ESI: UPT_ESI(regs) = val; break; \
case EDI: UPT_EDI(regs) = val; break; \
case EBP: UPT_EBP(regs) = val; break; \
case ORIG_EAX: UPT_ORIG_EAX(regs) = val; break; \
case CS: UPT_CS(regs) = val; break; \
case SS: UPT_SS(regs) = val; break; \
case DS: UPT_DS(regs) = val; break; \
case ES: UPT_ES(regs) = val; break; \
case FS: UPT_FS(regs) = val; break; \
case GS: UPT_GS(regs) = val; break; \
case EFL: UPT_EFLAGS(regs) = val; break; \
default : \
panic("Bad register in UPT_SET : %d\n", reg); \
break; \
} \
} while (0)
In addition to whatever macros you call from any additional PT_REGS_*
macros you define, there are a few that you definitely need
equivalents to. These will generally call into sigcontext macros
since they need to modify the current sigcontext.
UPT_SET_SYSCALL_RETURN
This sets the system call return value
UPT_RESTART_SYSCALL
This does whatever is necessary to make sure that the current system
call will restart when userspace is entered. Backing up the IP so
that it points at the system call instruction is probably enough.
UPT_ORIG_SYSCALL
This is the original location of the system call number. i386 moves
it from EAX to ORIG_EAX, so it refers to EAX. This is used when
restarting a system call to restore the registers to their original
values.
UPT_SYSCALL_NR
This pulls the system call number from the uml_pt_regs. On i386, it
comes directly from the uml_pt_regs structure. On other
architectures, it may make sense to get it from the sigcontext.
UPT_SYSCALL_RET
This returns the system call return value.
ptrace_user.h
This file defines a set of access macros into the hosts's pt_regs
structure. This is purely a userspace file which is used by parts of
UML which use ptrace to pull the process registers from the host
kernel and need to interpret them. These are the definitions that
should be here, and they should be implemented in terms of register
definitions in the host <asm/ptrace.h>.
PT_SYSCALL_NR
PT_SYSCALL_NR_OFFSET
The pt_regs index and ptrace offset of the system call number
PT_SYSCALL_ARG1_OFFSET
PT_SYSCALL_ARG2_OFFSET
PT_SYSCALL_ARG3_OFFSET
PT_SYSCALL_ARG4_OFFSET
PT_SYSCALL_ARG5_OFFSET
The offsets of the system call arguments
PT_SYSCALL_RET_OFFSET
The offset of the system call return value
PT_IP
PT_IP_OFFSET
The pt_regs index and offset of the IP
PT_SP
The index of the stack pointer
FRAME_SIZE
FRAME_SIZE_OFFSET
If the host pt_regs doesn't define FRAME_SIZE, set it to the number of
general purpose registers. Set FRAME_SIZE_OFFSET to the maximum
offset for PTRACE_GETREGS.
FP_FRAME_SIZE
FPX_FRAME_SIZE
These are the number of floating point registers and extended floating
point registers, respectively. The second is likely x86-specific. If
you don't define UM_HAVE_GETFPREGS/UM_HAVE_SETFPREGS or
UM_HAVE_GETFPXREGS/UM_HAVE_SETFPXREGS (see below), you can leave the
corresponding _FRAME_SIZE undefined.
UM_HAVE_GETREGS
UM_HAVE_SETREGS
UM_HAVE_GETFPREGS
UM_HAVE_SETFPREGS
UM_HAVE_GETFPXREGS
UM_HAVE_SETFPXREGS
These should be defined if the architecture defines PTRACE_GETREGS,
PTRACE_SETREGS, PTRACE_GETFPREGS, PTRACE_SETFPREGS, PTRACE_GETFPXREGS,
PTRACE_,SETFPXREGS respectively.
sigcontext.h
sigcontext.h defines a few sigcontext-related macros. Some of them
are accessed through the PT_REGS and UPT_REGS macros, so their
details are up to you. You will have to define similar things at the
very least, so here's what i386 defines
SC_RESTART_SYSCALL
Does whatever IP fiddling is needed to cause the current system call
to restart when userspace is re-entered. On i386, this just subtracts
2 from the IP since a system call instruction is 2 bytes long.
SC_SET_SYSCALL_RETURN
Sets the system call return value. On i386, this just sets %eax. On
ppc, it does a little more than that.
SC_FAULT_ADDR
SC_FAULT_WRITE
These two are called from generic UML code, so you have to implement
these as described. On a segfault, they pick out from a sigcontext
the fault address and whether the fault was on a write.
SEGV_IS_FIXABLE
This evaluates to non-zero if a segfault is one that can be fixed by
mapping in a page or changing page protections. If not, then it
returns zero, and the faulting process will simply be segfaulted.
This is called from generic UML code.
SC_START_SYSCALL
This is a general hook that's called at the start of a system call
before ptrace gets to see it. On x86, strace expects %eax to contain
-ENOSYS when it sees a system call entry. So, this macro sets that.
On other architectures, this may do nothing. This is called from
generic UML code.
void sc_to_regs(struct uml_pt_regs *regs, struct sigcontext *sc,
unsigned long syscall)
This is called at the beginning of a system call to fill in a pt_regs
structure from the sigcontext. It parses the system call from the
sigcontext and fills in the system call number and the arguments in
the pt_regs. This is called from generic UML code.
syscalls.h
syscalls.h defines any architecture-specific system calls. It does so
by defining
ARCH_SYSCALLS
which is a set of array element initializers which will be
included in the initialization of the system call table. The i386
ARCH_SYSCALLS looks in part like this
LAST_ARCH_SYSCALL
to be the last initialized element defined by ARCH_SYSCALLS.
This is used to fill the end of the system call table properly.
In addition, syscalls.h defines
EXECUTE_SYSCALL(syscall, regs)
which calls into a system call entry. The i386 pt_regs has been
arranged so that it can just be dumped on the stack and the right
thing will happen
The actual implementation of the port is contained in sys-$(SUBARCH).
You have complete freedom in this directory, except that when it is
built, it must produce an object file named sys.o which contains all
the code required by the generic kernel.
Here is a list of the files used by the existing ports, along with
what they define.
ptrace.c
int putreg(struct task_struct *child, unsigned long regno, unsigned long value)
This does any needed validity checking on the register and the value,
and assigns the value to the appropriate register in
child->thread.process_regs. If it fails, it returns -EIO.
This may be changed in the future so that it is provided with just the
register set rather than the whole task structure.
unsigned long getreg(struct task_struct *child, unsigned long regno)
getreg fetches the value of the requested register from
child->thread.process_regs, doing any required masking of registers
which don't use all their bits. This may also be changed to take the
register set rather than the task structure.
ptrace_user.c
Linux doesn't implement PTRACE_SETREGS and PTRACE_GETREGS on all
architectures. This file contains definitions of ptrace_getregs and
ptrace_setregs to hide this difference from the generic code.
Architectures which define PTRACE_SETREGS and PTRACE_GETREGS will
implement these functions as follows
Architectures which don't will implement them as loops which call
ptrace(PTRACE_GETREG, ...) or ptrace(PTRACE_SETREG, ...) for each register.
semaphore.c
This implements the architecture's semaphore primitives. It is highly
recommended to steal this from the underlying architecture by having
the Makefile make a link from arch/$(SUBARCH)/kernel/semaphore.c to
arch/um/sys-$(SUBARCH)/semaphore.c.
checksum.c or checksum.S
This implements the architecture's ip checksumming. This is
stolen from the underlying architecture in the same manner as
semaphore.c.
sigcontext.c
This defines a few sigcontext-related functions
int sc_size(void *data)
How big is a sigcontext? On x86, this takes the floating point state
into account as well as just the sigcontext structure itself.
int copy_sc_to_user(void *to_ptr, void *from_ptr, void *data)
Copies a sigcontext to a process stack. It must use copy_to_user, not
memcopy.
int copy_sc_from_user(void *to_ptr, void *from_ptr, void *data)
Copies a sigcontext from a process stack into kernel memory.
Similarly, this must use copy_from_user, not memcopy.
void sc_to_sc(void *to_ptr, void *from_ptr)
This copies a sigcontext from one kernel stack to another. It is used
during thread creation (kernel_thread(), fork(), or clone()) to
initialize a kernel stack with a signal frame that the new process can
return from.
sysrq.c
This needs to define
void show_regs(struct pt_regs *regs)
For the benefit of the SysRq driver.
Other files
If Linux on your architecture defines any private system calls, you
will need to implement them here. Normally, you can take the code
from the underlying architecture, and you might get away with linking
to the files in the other architecture that implement them.
Debugging the new port
There's no algorithm for doing this stage of the port, so I'll just
describe a number of useful tricks.
gdb is available. Use it. It's usable for any part of the kernel
after the beginning of start_kernel. If you need to debug anything
before that, the 'debugtrace' option is handle. It causes the tracing
thread to stop and wait to be attached with gdb. Then you can step
through the very early boot before start_kernel.
If you're post-mortem-ing a bug and you want to see what just happened
inside UML, there are some arrays which store some useful recent
history:
signal_record - stores the last 1024 signals seen by the tracing
thread, including the host pid of the process getting the signal, the
time, and the IP at which the signal happened. This is a circular
buffer and the latest entry is at index signal_index - 1.
syscall_record - the same, except it stores process system calls. It
stores the system call number, the return value (and 0xdeadbeef is
stored there if it hasn't returned), the UML pid of the process, and
the time. It is indexed by syscall_index, so the most recent entry is
at index syscall_index - 1.
These provide a decent picture of what UML has been doing lately.
Looking for unusual things here immediately before a bug happened is a
useful debugging technique. Correlating timestamps between the two
arrays is also sometimes useful.
If you have reproducable memory corruption, an extremely useful way to
track it down is to set the page that it happens on read-only and to
see what seg faults when it tries writing to that page. Obviously,
this only works if there aren't legitimate writes happening to that
page at the same time.
Hosted at
user-mode-linux-doc-20060501/case-studies.html 0000644 0000000 0000000 00000047375 12742461304 015741 0 ustar
UML in the real world
The purpose of this section is to let UML users describe what they're
doing with it and how they're doing it. This eventually (when there's
a wider variety of cases here) will let everyone see the breadth of
UML applications, and provide people who are interested in a specific
use with the information needed to implement it.
If you have a use for UML that you'd like to share, write it up,
including the following information
the problem that you're solving - and saying "I'm doing this wierd
thing because I can" is perfectly acceptable. That's more or less
how UML came into existence.
how you're using UML to solve it
how well it's working, including solutions or workarounds to any
problems you encountered
This is intended to be a collection of HOWTO material at least as much
as it's intended to be an advertisement for UML, so it would
definitely be a bonus to include HOWTO-like step-by-step instructions.
It could either be hosted on this site or linked from here back to
your site.
UML as an augmented firewall
From : Jon Wright (jon at gate dot sinica dot edu dot tw)
Date : 7 Sep 2001
I work for Prof Carmay Lim in the Institute of Biomedical Sciences,
Academia Sinica, Taipei, Taiwan
We're a structural and bioinfomatics group.
Basically on site we have about 10 Linux workstations, a 30 cpu beowulf,
and a couple of nfs fileservers all ip-masqed behind a single firewall.
We also have a group at National ChingHwa university at another city. We
need to provide access to our beowulf and other services to the students
but we don't want to allow direct connections to our firewall. Instead of
having direct connections to the firewall which if cracked gives access to
the internal network device and hence allows network sniffers, we boot a
UML kernel on the firewall itself and, using the slip networking (this was
set up 6 months ago - now we are looking at the tap interface), network the
UML kernel.
The host firewall accepts no syn packets at all on its external
IP address. All syn packets must be directed to the UML kernel IP address
to be accepted.
The UML system offers sshd, hhtpd, anon-ftp (oftpd) to everywhere, the
firewall only offers sshd and squid to the internal network and nothing to
the external network.
Students use ssh to logon on to the UML kernel using a generic name such
as user001, From there they can issue a second ssh command to the
internal network machines (ssh -l fred 192.168.0.140). We don't use the
same usernames or passwords on the UML system as the internal systems so
if someone does get UML account details, it won't help too much for
guessing usernames/passwords for the internal machines. We don't even list
the internal machines in the hosts file.
The firewall itself only allows connections from the UML machine to
internal machines on port 22 (set with ipchains) so if someone cracks the
UML machine they can not portscan the internal machines. The UML machine
does not contain a compiler, and many files/executables such as who, w,
ping, traceroute are read/write/execute for root only. We run tripwire
every night and email the report out, but we don't allow incoming email. If
fact, the host firewall only allows connections to the UML machine on
needed ports such as 22,80,21
The main purpose of the UML system is to provide a secure restricted
machine that offers limited external services and onward ssh connections
to our internal machines but does not allow any access to the network
devices themselves. (We don't allow loadable modules and we don't compile
hostfs)
Also being a 700mb file we can keep a compressed root file on cdrom and
use it to compare to the live one now and again and if need be restore
things using the host kernel.
All in all this is working very well for us at the moment. In fact, the
hardest part is organising all the ipchains rules on the host system so
that we limit what type of connections go where. For that we found
excellent help in the ipchains-howto, they used about 4 different
machines to provide firewall and external services while we saved on
hardware using one machine that worked as two. While other people can
probably pick some holes in this setup (I am not a pro ssyadmin) I haven't
seen any glaringly big holes - we have to allow the students access
somehow and having the external services on a system that does not have
direct access to hardware is a big bonus.
Many thanks for such a great tool
An implementation of a teaching network with UML
Virtual Network Laboratory - Christchurch Polytechnic Institute of
Technology (CPIT), New Zealand: A detailed Case Study HowTo.
William McEwan (Scottish exile), School of Computing, CPIT, New
Zealand.
mcewanw at hermes dot chchpoly dot ac dot nz
8 September 2001
"A problem with teaching data communications in an educational
institution is that there is always an inherent danger of data comms
experiments interfering with the normal operation of the campus
network. Many institutions have traditionally simply avoided much in
the way of practical data comms laboratory work. With the growing
importance of internetworking in general this is obviously an
unsatisfactory situation. With campus network infrastractures already
in place and centralised administration of IT established, it often
proves difficult (and expensive) to implement new network laboratories
that are sufficiently flexible and sufficiently isolated from the
normal campus".
[The above is extracted from a paper presented by this author: McEwan,
W. (2001) "Using Academic Research Methodologies to Improve the
Quality of Teaching: A Case Study". In Proc. Fourteenth Annual
Conference of the NACCQ, Napier, New Zealand: 83-93]
Introduction
With the above problems in mind, I am in the process of creating a
virtual network laboratory, using uml virtual machines. This work, at
the School of Computing, CPIT, NZ, is one of the key components in our
implementation of a "data comms and operating systems" teaching and
research laboratory. The uml configuration currently in active use in
our data comms teaching is illustrated below
(text version):
The virtual network laboratory is implemented on a 1 GHz Pentium III
system having 384 MBytes of RAM and a 20 GByte hard disk. The host
operating system is Redhat Linux 7.1 with a 512 MB swap partition. In
all, the virtual net consists of 20 virtual hosts sitting on 10
(sub)subnets connecting via one virtual router to our campus network
(and thence out to the Internet) as shown. The CPIT campus has been
assigned a class B address space which is subnetted into class C
address ranges (i.e. subnet mask=255.255.255.0). One of these /24
subnets has been allocated for this virtual lan server. On the
virtual network side of this lan the range is further /28 subnetted as
shown (i.e. netmask=255.255.255.240).
The current implementation uses the small debian uml root_fs. Using
debian package manager (dpkg) I have additionally installed telnetd so
that students can log in remotely. On the real host we have the
mindterm ssh client applet served by a running apache web server to
allow ssh login to that machine. We also have the free weirdx X
server applet served from the same machine. It is a great combination!
I shortly intend experimenting with X and ssh using the uml Linux
RH7.1 pristine root_fs in place of the small debian one.
One advantage of the above configuration, where one of the virtual
machines is used as a router, is that that machine can be configured
as a firewall effectively sandboxing the virtual network users into
the virtual lab (whilst allowing inward telnet or ssh traffic and
anything out as desired).
For quite a while, the FreeS/WAN project has been using virtual
networks of UMLs to test their code. Michael Richardson gave a talk
at OLS 2002 on what they're doing and how they're doing it. The
slides are available at
http://www.sandelman.ca/SSW/freeswan/fsumltesting/
.
Hosted at
user-mode-linux-doc-20060501/compile.html 0000644 0000000 0000000 00000053262 12742461304 014770 0 ustar
Building from source
Compiling the user mode kernel is just like compiling any other
kernel. Let's go through the steps, using 2.4.0-prerelease (current
as of this writing) as an example:
Download the latest UML patch from
the download page
In this example, the file is uml-patch-2.4.0-prerelease.bz2.
Run your favorite config; `make xconfig ARCH=um' is the most
convenient. `make config ARCH=um' and 'make menuconfig ARCH=um' will
work as well. The defaults will give you a useful kernel. If you
want to change something, go ahead, it probably won't hurt anything.
Note: If the host is configured with a 2G/2G address space split
rather than the usual 3G/1G split, then the packaged UML binaries will
not run. They will immediately segfault. See
this page for the scoop on
running UML on your system.
Finish with `make linux ARCH=um': the result is a file called `linux'
in the top directory of your source tree.
You may notice that the final binary is pretty large (many 10's of
megabytes for a debuggable UML). This is almost entirely symbol
information. The actual binary is comparable in size to a native
kernel. You can run that huge binary, and only the actual code and
data will be loaded into memory, so the symbols only consume disk
space unless you are running UML under gdb. You can strip UML:
host% strip linux
to see the true size of the UML kernel.
Make sure that you don't build this
kernel in /usr/src/linux. On some distributions, /usr/include/asm
is a link into this pool. The user-mode build changes the other end
of that link, and things that include <asm/anything.h> stop compiling.
The sources are also available from cvs. You can browse the CVS pool
or access it anonymously via
If you get the CVS sources, you will have to check them out into an
empty directory. You will then have to copy each file into the corresponding
directory in the appropriate kernel pool.
If you don't have the latest kernel pool, you can get the corresponding
user-mode sources with
host% cvs co -r v_2_3_x linux
where 'x' is the version in your pool. Note that you will not get the bug
fixes and enhancements that have gone into subsequent releases.
If you build your own kernel, and want to boot it from one of the
filesystems distributed from this site, then, in nearly all cases,
devfs must be compiled into the kernel and mounted at boot time. The
exception is the tomsrtbt filesystem. For this,
devfs must either not be in the kernel at all, or "devfs=nomount" must
be on the kernel command line. Any disagreement between the kernel
and the filesystem being booted about whether devfs is being used will
result in the boot getting no further than single-user mode.
If you don't want to use devfs, you can remove the need for it from a
filesystem by copying /dev from someplace, making a bunch of
/dev/ubd devices:
UML#
for i in 0 1 2 3 4 5 6 7; do mknod ubd$i b 98 $[ $i * 16 ]; done
and changing /etc/fstab and /etc/inittab to refer to the non-devfs devices.
Compiling and installing kernel modules
UML modules are built in the same way as the native kernel (with the
exception of the 'ARCH=um' that you always need for UML):
host% make modules ARCH=um
Any modules that you want to load into this kernel need to
be built in the user-mode pool. Modules from the native kernel won't
work. If you notice that the modules you get are much larger than
they are on the host, see the note above about the size of the final
UML binary.
You can install them by using ftp or something to copy them into the
virtual machine and dropping them into /lib/modules/`uname -r`.
You can also get the kernel build process to install them as
follows:
with the kernel not booted, mount the root filesystem in the top level
of the kernel pool:
host% mount root_fs mnt -o loop
run
host%
make modules_install INSTALL_MOD_PATH=`pwd`/mnt ARCH=um
unmount the filesystem
host% umount mnt
boot the kernel on it
If you can't mount the root filesystem on the host for some reason
(like it's a COW file), then an alternate approach is to mount the
UML kernel tree from the host into the UML with hostfs and run the modules_install inside
UML:
With UML booted, mount the host kernel tree inside UML at the same
location as on the host:
UML# mount none -t hostfs path to UML pool -o
path to UML pool
Run make modules_install:
UML# cd path to UML pool ; make modules_install
The depmod at the end may complain about unresolved symbols because
there is an incorrect or missing System.map installed in the UML
filesystem. This appears to be harmless. insmod or modprobe should
work fine at this point.
When the system is booted, you can use insmod as usual to get the modules
into the kernel. A number of things have been loaded into UML as
modules, especially filesystems and network protocols and filters, so
most symbols which need to be exported probably already are. However,
if you do find symbols that need exporting, let us know, and they'll be "taken care of".
If you try building an external module against a UML tree, you will
find that it doesn't compile because of missing includes. There are
less obvious problems with the CFLAGS that the module Makefile or
script provides which would make it not run even if it did build. To
get around this, you need to provide the same CFLAGS that the UML
kernel build uses.
A reasonably slick way of getting the UML CFLAGS is
cd uml-tree ; make script 'SCRIPT=@echo $(CFLAGS)' ARCH=um
If the module build process has something that looks like
$(CC) $(CFLAGS) file
then you can define CFLAGS in a script like this
CFLAGS=`cd uml-tree ; make script 'SCRIPT=@echo $(CFLAGS)' ARCH=um`
and like this in a Makefile
CFLAGS=$(shell cd uml-tree ; make script 'SCRIPT=@echo
$$(CFLAGS)' ARCH=um)
Compiling and installing uml_utilities
Many features of the UML kernel require a user-space helper program,
so a uml_utilities package is distributed separately from the kernel
patch which provides these helpers. Included within this is:
port-helper - Used by consoles which connect to xterms or ports
tunctl - Configuration tool to create and delete tap devices
uml_net - Setuid binary for automatic tap device configuration
uml_switch - User-space virtual switch required for daemon transport
The uml_utilities tree is compiled with:
host#
make && make install
Note that UML kernel patches may require a specific version of the
uml_utilities distribution. If you don't keep up with the mailing lists,
ensure that you have the latest release of uml_utilities if you are
experiencing problems with your UML kernel, particularly when dealing
with consoles or command-line switches to the helper programs
Changing the configuration of a virtual machine between boots can be
inconvenient because of the need to change config files in the root
filesystem that boots the machine. For example, if you want to change
the filesystems that are mounted, you need to change the kernel
command line to pass in the new filesystems, but you also need to
change /etc/fstab to mount them.
You can mount loopback-mount the root filesystem and go in and edit
the relevant files, but this is more manual than necessary, and it's
impossible without root privileges on the host.
The solution that I'm using is to:
Generate the config files and whatever else needs to be changed or
added to the filesystem that will boot the machine
Lay them out in a skeletal filesystem structure reflecting where
they will go in the virtual machine
Tar up that directory
Add that tar file as one of the block devices on the kernel
command line
Also add
CONFIG_DEV=device-name
to the
command line
The first thing the machine does after it mounts the root filesystem
read-write is check the CONFIG_DEV environment variable. If it has a
value, then it tars the new files from the device after saving the
originals. This is early enough to ensure that almost any new
configuration options will take effect.
To enable this, you need to put this script in
/etc/rc.d/rc.configfiles
#!/bin/sh
for ARG in $@
do
case $ARG in
start)
if [ "$CONFIG_DEV" != "" ]; then
restore=""
remove=""
for file in `tar tf $CONFIG_DEV`; do
if [ -e $file ]
then restore="$restore $file"
else remove="$remove $file"
fi
done
[ "$restore" != "" ] && tar cf /tmp/restore.tar $restore
echo $remove > /tmp/remove
tar xf $CONFIG_DEV
fi
;;
stop)
if [ "$CONFIG_DEV" != "" ]; then
[ -e /tmp/restore.tar ] && tar xf /tmp/restore.tar
[ -f /tmp/remove ] && rm -rf `cat /tmp/remove`
rm -rf /tmp/restore.tar /tmp/remove
fi
;;
*)
echo "usage: $0 (start|stop)"
exit 1
;;
esac
done
exit 0
and add a call to /etc/rc.S:
/etc/rc.d/rc.configfiles start
and a similar call to /etc/rc.0:
/etc/rc.d/rc.configfiles stop
The addition to /etc/rc.S needs to be immediately after the read-write
remount of /:
mount -o remount /
and the /etc/rc.0 needs to be just before the read-only remount of /:
mount -n -o remount,ro /
With this in place, it is possible to arbitrarily reconfigure a
virtual machine without booting it up or loopback mounting
its root filesystem beforehand.
Hosted at
user-mode-linux-doc-20060501/contacts.html 0000644 0000000 0000000 00000027670 12742461304 015162 0 ustar
Getting in touch with UML people
These are generally the preferred means to talk about or ask questions
about UML. There are two of them, uml-user
(user-mode-linux-user (at) lists.sourceforge.net -
subscription info) and uml-devel
(user-mode-linux-devel (at) lists.sourceforge.net -
subscription info). The difference
between them is what you'd expect. uml-user is for people who are
trying to make this darned thing do what you want and for those who
are trying to help. uml-devel is more for discussion of the code. I post
announcements of new patches and CVS updates to uml-devel, and
announcements of full releases to uml-user.
Send bug reports to either list, whichever is more convenient.
The guy in charge
That would be me, Jeff Dike, jdike (at) karaya (dot) com. If
something's not suitable for one of the lists, or you're just shy,
then send it to me personally.
UML users have started to build their own tools and infrastructure
around UML in order to make it better suited for their own
applications. This page lists the ones that I know of so that people
who need something similar don't necessarily need to go off and
reinvent the wheel. If you have something (or know of something) that
should be listed, let us
know.
DNS root filesystem from Chris Reahard
This filesystem is a small filesystem intended to run a jailed named
and nothing else. This general area, of using a UML virtual machine
to jail a single service, is a ripe one, and I welcome contributions
of other filesystems that are specialized for other services.
It's available from the jail
filesystems section of the download
page. Chris' description is available
here .
BusyBox root filesystem builder from Julien Gaulmin
This is a little package which automates the building of a
BusyBox/uClibc root filesystem for UML. Download
this tarball, uncompress it, untar it, and read the README and
Makefile.
UMLd - A UML management daemon from David Coulson
A system with lots of UMLs can be a management nightmare, so David
Coulson has written a daemon to manage all of his UMLs, allowing UML
users to perform functions on their UML via a web interface. For a
network running lots of UML instances on machines, UMLd makes
housekeeping much easier. More information on UMLd, along with
downloads, can be found
here.
Hosted at
user-mode-linux-doc-20060501/cpit.html 0000644 0000000 0000000 00000115464 12742461304 014302 0 ustar
CPIT Case Study Cont'd
Building such a network, involving such subnetting is quite complex.
I have therefore written some shell scripts to build the network
almost automatically. The complexity of the scripts is such that it
would have been easier to implement them using awk or perl or such
like but currently they are in plain bash syntax. They have been
rapidly prepared so are far from elegant, but being in plain bash
syntax has the advantage that more people are likely to understand
them. The scripts are quite flexible - any values for the subnet
x.y.z can be given as a parameter (though the current script is fixed
for a sub(sub)net mask of 225.255.255.240).
[ The scripts below are available in a tarball
here - jdike]
Rather than going into long discussions of how the setup is
implemented I have instead carefully commented the scripts themselves
in explanation.
One of the most important things in the design is to decide on a
suitable directory structure including the permissions used in that
structure.
1. I have therefore created a user "uml" with a home directory /home/uml as the principal operator of the build scripts.
The arrangement chosen requires that ALL scripts and the root_fs MUST
be stored in this /home/uml directory. The cow files however are kept
in separate directories (one per virtual machine). This helps protect
them from other users.
2. Each virtual machine is allocated a user name and home directory
for its cow file. The home directory for the virtual machines is a
sub-directory of /home/uml. The names of the "virtual-machine-users"
(and thus their home directories) are of the form: umlnn_hh where nn
is the subnet they lie on and hh the host number on that subnet. For
example, the virtual host with IP=x.y.z.17 would have the directory
and user name of uml16_17 (the value 16 for the subnet comes from the
relevant address table for a /28 subnetted network like this).
The uml virtual firewall/router has the name/directory of umlfw224_225
(i.e. its IP=x.y.z.225).
3i. Three main scripts are run, one after the other in order to build
the network. It is important that all scripts are run from the
directory /home/uml (i.e. ~uml).
The scripts are called: umlcreatenet1, umlcreatenet2, and umlcreatenet3.
The way it is done presently, umlcreatenet1 must be run by user root
(it insmods ethertap and runs the many uml_router occurrences etc).
3ii. For security reasons user root does not run the second script
umlcreatenet2. It is run instead by user "uml". This second script
boots up the virtual machines themselves. After running this second
script all machines should be running in their own xterm ready for
final network configuration.
3iii. The third script "umlcreatenet3" (which must be run by user
root) sets up the route on the real host towards the virtual network.
3iv. At this stage the main components of the network are already in
place (ethertap and the uml_router daemons etc). All that remains is
to arrange the ifconfig up and route commands on the virtual hosts
themselves. That is not yet fully automatic. Instead I have created
two special scripts (one for the virtual router, and one for the other
virtual hosts). These scripts have been copied into the /root
directory of the small debian root_fs (by entering:
mount root_fs [host_mount_point] -o loop (followed by cp'ing the
scripts into /root).
The two virtual host network configuration scripts are called
umlvfw.conf and umlvhost.conf.
Running any one of these scripts, without supplying any parameters,
results in a brief, but hopefully helpful, usage message.
In practice their are several more scripts than those outlined in the
simple startup steps above. The umlcreatenet(1,2,3) scripts are
actually only "call-up" scripts - they call up the underlying scripts
that do the real work of configuration. The underlying scripts are
called (and they are run in the following order by the umlcreatenet
scripts): umlkillall, umlkillnet (these first two are simply there to
brutally "clean up" any previous uml occurrencies), umlhostsetup1,
umlvfs, umlvhost, umlhostsetup2.
The best way of understanding the whole thing is simply to read the scripts through in the correct order. They are individually quite simple really!!
Summary:
a. Create the user uml (home=/home/uml), and (with home subdirectories
in /home/uml) users: umlfw224_225, uml16_17, uml16,18, uml32_33,
uml32_34 etc...
b. Put every script and the root_fs in /home/uml (and check all the
permissions are okay).
c. Then run the following scripts (and always from pwd of /home/uml) in this order:
umlcreatenet1 (with the parameters required indicated as usage when run)
umlcreatenet2
umlcreatenet3
d. Login to the uml virtual machines (as root) and immediately run the network script:
./umlfw.conf (for the virtual router) or ./umlvhost.conf (for any of the other virtual machines).
Here then are the scripts themselves, and an appendix showing the
permissions that were assigned to each of them and their relevant
directories. Hopefully this stuff will save somebody the many many
tens of hours it took me to put it all together :-).
I. The umlcreatenet1 script:
#!/bin/sh
#Program: umlcreatenet1
#Licence: GPL
#Author: William McEwan
#Date: 6 Sep 2001
# 1. This is the main script (part 1 of 3) for building the Virtual
#Network Laboratory semi-automatically.
# "umlcreatenet1 (as user root) creates a clean slate and sets up the
#host ethertap and uml_router daemons.
# 2. This script should be followed by running script
# ~uml/umlcreatenet2 (as user uml).
# 3. Finally the script ~uml/umlcreatenet3 should be run (as user root).
# 4. The only thing left to do after that it to run the conf scripts
# on the uml machines themselves to complete networking. Assuming a
# telnetd or sshd is present on the virtual machines it should then be
# possible to remotely log in to them.
# READ this script first to help you understand how the whole scheme works.
# It runs all the other scripts for you except for umlvfw.conf and for
# umlvhost.conf (which you run once the virtual machines have booted -
# refer to the related umlvfw and the umlvhost script for usage comments).
# I intend automating that last part later.
# If you have difficulty getting it to work smoothly, start by giving
# more access permissions to all relevant files and directories (and
# re-organise that later).
# IMPORTANT NOTES:
# NOTE 1: Run "./umlcreatenet1 subnet (e.g. 192.168.5)" as user root.
# All these scripts assume you want the (sub)subnet mask
# 255.255.255.240
# NOTE 2: root_fs MUST be placed in ~uml (i.e. uml home directory) for the
# scripts to find it and its modes must be -rw-rw---- root uml
# All the scripts (e.g. umlkillall, umlkillnet, umlhostsetup1,
# umlvfw, umlvhost, umlhostsetup2 MUST also be kept in ~uml
# for this script to find them etc) and all permissions must
# be carefully set up to allow user uml to access them.
# NOTE 3: Make sure you have previously created the uml user(s) along
# with their associated home directories.
# And that you have setup the the main text described permissions and
# groups etc.
# Each virtual machine must have its own directory created in
# ~uml. For example, vhost 192.165.5.17 in my set up has home
# directory /home/uml/uml16_17
# (You can use the -G and -b options of useradd for doing this kind of
# stuff) - in practice it is best to write an automating script for
# adding the uml users.
# The 16_17 stands for sub(subnet) 16 and host id 17. i.e. the number
# 16 usefully tells you which sub(subnet) this particular host is on
# (i.e. subnet 192.168.5.16/28).
cpitsubnet="$1"
case "$cpitsubnet" in
"") echo
echo 'usage: ./umlcreatenet1 subnet(e.g. 192.168.5)'
exit 1
;;
*) ;;
esac
#MAKE SURE you are root user before running this script for the following to work...
# Have a look at the internals of all the following scripts to see
# what they actually do...
cd ~uml
# Get rid off any old uml linux processes and network daemons.
# i.e. clean start:
./umlkillall
./umlkillnet
# Set up ethertap and the uml_router daemons on the host computer:
./umlhostsetup1 238 "$cpitsubnet"
II. The umlcreatenet2 script:
# Program: umlcreatenet2
#This is the second part of the startup script.
#NOTE WELL: It should be run as user uml.
#Boots up all the virtual machines starting with the firewall router
cd ~uml
cpitsubnet="$1"
case "$cpitsubnet" in
"") echo
echo 'usage: ./umlcreatenet2 subnet(e.g. 192.168.5)'
exit 1
;;
*) ;;
esac
./umlvfw 225 238 0 "$cpitsubnet"
./umlvhost 17
./umlvhost 18
./umlvhost 33
./umlvhost 34
./umlvhost 49
./umlvhost 50
./umlvhost 65
./umlvhost 66
./umlvhost 81
./umlvhost 82
./umlvhost 97
./umlvhost 98
./umlvhost 113
./umlvhost 114
./umlvhost 129
./umlvhost 130
./umlvhost 145
./umlvhost 146
./umlvhost 161
./umlvhost 162
III. The umlcreatenet3 script:
# Program: umlcreatenet3
#This is the third and final part of the startup script.
#NOTE WELL: It MUST be run as user root.
# Set up the final route from the host computer to the virtual network.
# Make sure you are in directory ~uml (where all these uml scripts are
# located):
cd ~uml
cpitsubnet="$1"
case "$cpitsubnet" in
"") echo
echo 'usage: ./umlcreatenet3 subnet(e.g. 192.168.5)'
exit 1
;;
*) ;;
esac
./umlhostsetup2 "$cpitsubnet"
# Should all be up now. Now you just need to run "umlvhost.conf on each
# booted uml host (and umlvfw.conf on the virtual firewall router).
IV. The rough and brutal umlkillall script:
# This is just an inelegant quick fix for killing off all the virtual machines
# It assumes "linux" is name of the uml process.
# I generally run this script as the first thing before building the
# virtual net (as user root).
# It, followed by running "umlkillnet", (as user root) cleans
# everything up before beginning the main virtual hosts build.
# I also tend to rm all the cow files before rebuilding the vnet.
# usage: ~uml/umlkillall
# NOTE: Instead of running this script individually it can be called
# by the script "~uml/umlcreatenet1"
# whose purpose is to call up all the other scripts as well. View
# umlcreatenet1 (2 and 3) for details.
kill -9 `ps aux | grep linux | cut -c10-14`
rm -rf /tmp/uml/*
V. The equally rough umlkillnet script:
# Just an inelegant quick fix for killing off all uml_router daemons
# and ethertaps ready for a clean start
# usage: ~uml/umlkillnet
# NOTE: Instead of running this script individually it can be called
# by the script "~uml/umlcreatenet1"
# whose purpose is to call up all the other scripts as well. View
# umlcreatenet1 (2 and 3) for details.
kill -9 `ps aux | grep uml_router | cut -c10-14`
rm -f 14*
ifconfig tap0 down
rmmod ethertap
rmmod ethertap0
VI. The similarly awful umlkillxterm script:
#Just an inelegant quick way to kill all xterms/vconsoles if you ever
#want to...
#usage: ~uml/umlkillxterm
kill -9 `ps aux | grep xterm | cut -c10-14`
VII. The umlhostsetup1 script:
#!/bin/sh
#Program: umlhostsetup1
#Licence: GPL
#Author: William McEwan
#Date: 6 Sep 2001
# This script sets up the host computer.
# Run it (as user root) just after the "clean up scripts" (i.e
# umlkillall followed by umlkillnet).
# NOTE: Instead of running this script individually it can be called
# by the script ~uml/umlcreatenet1
# whose purpose is to call up all the other scripts as well. View
# umlcreatenet1 (2 and 3) for details.
tap0ip="$1" # or in this example case could simply use: tap0ip="238"
# (since that is what it is here!)
case "$1" in
238) ;; # Could modify script to increase acceptable tap
# values: e.g. 23[1-8])
*) echo
echo 'usage: ./umlhostsetup1 tapip(e.g. 238) \
subnet(e.g. 192.168.5)'
exit 1
;;
esac
cpitsubnet="$2" # or could use: cpitsubnet="x.y.z"
tap0mac="10:0:0:0:0:2" # or could use: tap0mac=$3
# (or whatever MAC address you want for tap0)
#Just in case they need done:
mknod /dev/tap0 c 36 16
insmod ethertap #making tap0
#Bring tap0 up on host:
ifconfig tap0 hw ether "$tap0mac" arp mtu 1484 ${cpitsubnet}.${tap0ip} \
netmask 255.255.255.240 broadcast ${cpitsubnet}.239
#Create all the subnet "switches" (daemons):
uml_router -unix 14003 14004 &
uml_router -unix 14005 14006 &
uml_router -unix 14007 14008 &
uml_router -unix 14009 14010 &
uml_router -unix 14011 14012 &
uml_router -unix 14013 14014 &
uml_router -unix 14015 14016 &
uml_router -unix 14017 14018 &
uml_router -unix 14019 14020 &
uml_router -unix 14021 14022 &
uml_router -unix 14023 14024 &
uml_router -unix 14025 14026 &
uml_router -unix 14027 14028 &
uml_router -unix 14029 14030 &
#Give a wee bit time to assure uml_router daemon sockets are ready:
sleep 1
#Make sure the uml virtual hosts can access the uml_router daemon(s) sockets
chgrp uml 14*
chmod 770 14*
VIII. The umlvfw (virtual router/firewall machine) script:
#!/bin/sh
#Program: umlvfw
#Licence: GPL
#Author: William McEwan
#Date: 6 Sep 2001
# This script sets up the virtual machine being used as a router (firewall)
# between the host computer and the rest of the virtual machines.
# In this Case Study this one virtual router connects via ethertap
# (its eth0 IP=225) to the host computer (IP=238).
# The other nine interfaces on this virtual router connect to the other
# virtual machines - two such on each network segment.
# It is planned to set up a filtering firewall on this virtual router in
# order to help sandbox remote users inside the virtual network laboratory.
# "umlvfw" should be run as user uml (not as user root).
# Run it after running umlkillall, umlkillnet and umlhostsetup1 or as part
# of the general startup scripts (~uml/umlcreatenet1,2,3)
# that comes after these.
# NOTE: Instead of running this script individually it can be called
# by the script "~uml/umlcreatenet2" whose purpose is to call up all
# the other scripts as well. View umlcreatenet2 for details.
# (This virtual router is later connected to the uml_router daemon segments
# using the associated script: "umlvfw.conf".
# Note: I previously copy umlvhost.conf onto the root_fs (debian small),
# into the directory /root using:
# mount root_fs [host_dir_mountpoint] -o loop and then using cp.
# "umlvfw.conf is set up to connect to the uml_router daemons using:
# IP addresses 30,46,62,78,94,110,126,142,158,174.
# These are the highest host numbers for each of the segments on
# a 255.255.255.240 subnetted IP address).
# Also, once (and only once) the virtual machine has booted up,
# login as root and run the associated virtual machine configuration
# script "umlvfw.conf" by
# entering: ./umlvfw.conf 225 238 0
umask 006 #So that the cow files are created with the correct permissions
case "$1" in
22[5-9]|23[0-7]) subsubnet=224;;
*) echo
echo 'usage: ./umlvfw ip_address_last_octet(e.g. 225)
\
tapip(e.g. 238)'
echo ' tapnum(e.g. 0) subnet(e.g. 192.168.5)'
exit 1
;;
esac
mainip="$1" # or could use: mainip=225 (= other end of tap)
tapip="$2" # or could use: tapip=238
tapnum="$3" # e.g. tapnum=0 (makes it tap0 below)
cpitsubnet="$4" # or could use: cpitsubnet="x.y.z"
umlswitch1="14003,14004"
umlswitch2="14005,14006"
umlswitch3="14007,14008"
umlswitch4="14009,14010"
umlswitch5="14011,14012"
umlswitch6="14013,14014"
umlswitch7="14015,14016"
umlswitch8="14017,14018"
umlswitch9="14019,14020"
umlswitch10="14021,14022"
umlswitch11="14023,14024"
umlswitch12="14025,14026"
umlswitch13="14027,14028"
umlswitch14="14029,14030"
# Start up uml linux as a daemon (nohup) with one xterm to do the final
# network configuration; using umlvfw.conf (as described in that script):
cow_locat=~uml/umlfw${subsubnet}_${mainip}/cowfw${subsubnet}_${mainip}
nohup linux umid=${mainip} ubd0=${cow_locat},root_fs \
eth0=ethertap,"tap${tapnum}",,${cpitsubnet}.${tapip} \
eth1=daemon,,unix,${umlswitch1} eth2=daemon,,unix,${umlswitch2} \
eth3=daemon,,unix,${umlswitch3} eth4=daemon,,unix,${umlswitch4} \
eth5=daemon,,unix,${umlswitch5} eth6=daemon,,unix,${umlswitch6} \
eth7=daemon,,unix,${umlswitch7} eth8=daemon,,unix,${umlswitch8} \
eth9=daemon,,unix,${umlswitch9} eth10=daemon,,unix,${umlswitch10} \
eth11=daemon,,unix,${umlswitch11} eth12=daemon,,unix,${umlswitch12} \
eth13=daemon,,unix,${umlswitch13} eth14=daemon,,unix,${umlswitch14} \
ssl=pty con=pty con0=xterm &
umask 022 #returning umask to original values on my host
IX. The umlvhost (every other virtual machine) script:
#!/bin/sh
#Program: umlvhost
#Licence: GPL
#Author: William McEwan
#Date: 6 Sep 2001
# This script sets up a single virtual machine on
# the network segment relevant to its ip address (e.g ip 17,18...33,34...etc).
# It should be run as user uml (not as user root).
# Run it after running umlkillall, umlkillnet and umlhostsetup1 or
# as part of a general script (umlcreatenet1,2,3)that comes after these.
# NOTE: Instead of running this script individually it can be called by
# the script "~uml/umlcreatenet2" whose purpose is to call up all
# the other scripts as well. View umlcreatenet2 for details.
# (It is later connected to the uml_router daemon segments using
# the associated script: "umlvhost.conf".
# Note: I previously copy umlvhost.conf onto the root_fs (debian small),
# into the directory /root using:
# mount root_fs [host_dir_mountpoint] -o loop and then using cp).
# Also, once (and only once) the virtual machine has booted up,
# login as root and run the script "umlhost.conf" by entering,
# for example: ./umlvhost.conf 17
# Repeat the above for the other (non-firewall) virtual machines
# (using different IPs!).
# (Later I hope to make this networking more automatic..:-).
umask 006 #So that the cow files are created with the correct permissions
mainip="$1"
#Arrange for the host IP to end up on the correct uml_router daemon subnet:
case "$mainip" in
[1-9]|1[0-4]) subsubnet=0 ; umlswitch="14001,14002" ;;
1[7-9]|2[0-9]|30) subsubnet=16 ; umlswitch="14003,14004" ;;
3[3-9]|4[0-6]) subsubnet=32 ; umlswitch="14005,14006" ;;
49|5[0-9]|6[0-2]) subsubnet=48 ; umlswitch="14007,14008" ;;
6[5-9]|7[0-8]) subsubnet=64 ; umlswitch="14009,14010" ;;
8[1-9]|9[1-4]) subsubnet=80 ; umlswitch="14011,14012" ;;
9[7-9]|10[0-9]|110) subsubnet=96 ; umlswitch="14013,14014" ;;
11[3-9]|12[0-6]) subsubnet=112 ; umlswitch="14015,14016" ;;
129|13[0-9]|14[1-2]) subsubnet=128 ; umlswitch="14017,14018" ;;
14[5-9]|15[0-8]) subsubnet=144 ; umlswitch="14019,14020" ;;
16[1-9]|17[0-4]) subsubnet=160 ; umlswitch="14021,14022" ;;
17[7-9]|18[0-9]|190) subsubnet=176 ; umlswitch="14023,14024" ;;
19[3-9]|20[0-6]) subsubnet=192 ; umlswitch="14025,14026" ;;
209|21[0-9]|22[0-2]) subsubnet=208 ; umlswitch="14027,14028" ;;
# 22[5-9]|23[0-8]) subsubnet=224 ; umlswitch="14029,14030" ;;
24[1-9]|25[0-4]) subsubnet=240 ; umlswitch="14031,14032" ;;
*) echo
echo 'invalid ip_octet'
echo 'usage: ./umlvhost dotted_dec_ip_address_last_octet(e.g. 17)'
exit 1
;;
esac
# Start up uml linux as a daemon (nohup) with one xterm to do the
# final network configuration; using umlvhost.conf (as described in
# that script):
cow_locat=~uml/uml${subsubnet}_${mainip}/cow${subsubnet}_${mainip}
nohup linux umid=uml${mainip} ubd0=${cow_locat},root_fs \
eth0=daemon,,unix,${umlswitch} ssl=pty con=pty con0=xterm &
umask 022 #returning umask to original values on my host
X. The virtual router/firewall network configuration script (umlvfw.conf):
#!/bin/sh
#Program: umlvfw.conf
#Licence: GPL
#Author: William McEwan
#Date: 6 Sep 2001
# This script is used to finally connect the virtual router (firewall)
# to the virtual network.
# It is run from the virtual machine itself after it is first booted
# as root user.
# I plan to automate this better later.
# I store this script in the /root directory of the debian small
# root_fs used in the experiment.
# I similarly store one copy of the script umlvhost.conf in the same place.
# I get them there using the command:
# mount root_fs /some_host_mount_point -o loop
# followed by cp them from the host computer.
# In the current setup $1 should be entered on the
# commandline as 225 (= the virtual machine end of tap0):
case "$1" in
22[5-9]|23[0-7]) ;;
*) echo
echo 'usage: umlhost ip_address_last_octet(e.g. 225) \
tapip(e.g. 238) subnet(e.g. 192.168.5'
exit 1
;;
esac
mainip="$1" # e.g. mainip=225 (= other end of tap).
tapip="$2" # or could use: tapip=238 (= host computer tap0 IP address).
cpitsubnet="$3" # or could make: cpitsubnet="x.y.z"
# Configure the ethertap connection from eth0 to tap:
ifconfig eth0 ${cpitsubnet}.${mainip} netmask 255.255.255.240
broadcast ${cpitsubnet}.239 up
# Configure the virtual router connections to the uml_router daemon sockets:
ifconfig eth1 ${cpitsubnet}.30 netmask 255.255.255.240 broadcast \
${cpitsubnet}.31 up
ifconfig eth2 ${cpitsubnet}.46 netmask 255.255.255.240 broadcast \
${cpitsubnet}.47 up
ifconfig eth3 ${cpitsubnet}.62 netmask 255.255.255.240 broadcast \
${cpitsubnet}.63 up
ifconfig eth4 ${cpitsubnet}.78 netmask 255.255.255.240 broadcast \
${cpitsubnet}.79 up
ifconfig eth5 ${cpitsubnet}.94 netmask 255.255.255.240 broadcast \
${cpitsubnet}.95 up
ifconfig eth6 ${cpitsubnet}.110 netmask 255.255.255.240 broadcast \
${cpitsubnet}.111 up
ifconfig eth7 ${cpitsubnet}.126 netmask 255.255.255.240 broadcast \
${cpitsubnet}.127 up
ifconfig eth8 ${cpitsubnet}.142 netmask 255.255.255.240 broadcast \
${cpitsubnet}.143 up
ifconfig eth9 ${cpitsubnet}.158 netmask 255.255.255.240 broadcast \
${cpitsubnet}.159 up
ifconfig eth10 ${cpitsubnet}.174 netmask 255.255.255.240 broadcast \
${cpitsubnet}.175 up
# On the virtual router machine: add default route (gw = host tap0)
and turn on forwarding:
route add default gw ${cpitsubnet}.${tapip}
echo 1 > /proc/sys/net/ipv4/ip_forward
XI. The network configuration script for all the other virtual hosts
(umlvhost.conf):
#!/bin/sh
#Program: umlvhost.conf
#Licence: GPL
#Author: William McEwan
#Date: 6 Sep 2001
# This script is used to finally connect the virtual machines to the
# virtual network.
# It is run from the virtual machine itself after it is first booted
# as root user.
# I plan to automate this better later.
# I store this script in the /root directory of the debian small
# root_fs used in the experiment.
# I similarly store one copy of the script umlvfw.conf in the same place.
# I get them there using the command:
# mount root_fs /some_host_mount_point -o loop
# followed by cp them from the host computer.
cpitsubnet="$2" # or could use: cpitsubnet="x.y.z"
mainip="$1"
#Arrange for the host IP to end up on the correct uml_router daemon subnet:
case "$mainip" in
[1-9]|1[0-4]) gwip=14 ; bcastip=15 ;;
1[7-9]|2[0-9]|30) gwip=30 ; bcastip=31 ;;
3[3-9]|4[0-6]) gwip=46 ; bcastip=47 ;;
49|5[0-9]|6[0-2]) gwip=62 ; bcastip=63 ;;
6[5-9]|7[0-8]) gwip=78 ; bcastip=79 ;;
8[1-9]|9[1-4]) gwip=94 ; bcastip=95 ;;
9[7-9]|10[0-9]|110) gwip=110 ; bcastip=111 ;;
11[3-9]|12[0-6]) gwip=126 ; bcastip=127 ;;
129|13[0-9]|14[1-2]) gwip=142 ; bcastip=143 ;;
14[5-9]|15[0-8]) gwip=158 ; bcastip=159 ;;
16[1-9]|17[0-4]) gwip=174 ; bcastip=175 ;;
17[7-9]|18[0-9]|190) gwip=190 ; bcastip=191 ;;
19[3-9]|20[0-6]) gwip=206 ; bcastip=207 ;;
209|21[0-9]|22[0-2]) gwip=222 ; bcastip=223 ;;
22[5-9]|23[0-8]) gwip=238 ; bcastip=239 ;;
24[1-9]|25[0-4]) gwip=254 ; bcastip=255 ;;
*) echo
echo 'invalid ip_octet'
echo 'usage: ./umlvhost.conf ip_octet(e.g. 17) \
subnet(e.g.192.168.5)'
exit 1
;;
esac
# Configure the virtual machine eth0:
ifconfig eth0 ${cpitsubnet}.${mainip} netmask 255.255.255.240
broadcast \
${cpitsubnet}.${bcastip} up
# Add a route on the virtual machine back towards the host computer
# via the uml virtual firewall:
route add default gw ${cpitsubnet}.${gwip}
XII. Appendix A: The permissions on the files and directories etc.: