This repository has been archived by the owner on Apr 14, 2023. It is now read-only.
How to create an iOS VM #2
Labels
good first issue
Good for newcomers
Comments
|
So this is what I tried so far: This results in: With the following backtrace: |
|
UPDATE: Follow this guide You need to set The tools for unpacking im4p can be found at https://github.com/TrungNguyen1909/xnu-qemu-arm64-tools The ramdisk FS need to be decompressed. resize it with something like To decompress, do That should get launchd up. P/s: |
|
Thanks, @TrungNguyen1909 , I get this far: although the exact error message can vary slightly. |
For the |
|
Thanks, looks like the disk was too small (I used 128M instead of 512M) and this caused So this is what I get now: Do you get a similar result? |
|
It can be workarounded by removing This is due to the hacky PMGR implementation which I haven't got enough time to work on.
|
|
Thanks! This gets me a step further: Are the errors about the missing files and the improperly signed executable? Should we be able to interact with the device over USB at this point (once an USB controller is emulated)? I can see the device-tree lists a usb-drd device like this: which seems to indicate that the USB device is using the |
This is the current status of the project, I haven't gone any further than that.
Hopefully.
These are actually offsets from the |
|
Thanks. I've made a very naive attempt at registering read/write handlers for the USB address space: https://github.com/qmfrederik/qemu-t8030/commit/5eee15de406ba6a344c4e4b4769b987e7594efee, but it looks like the handlers are not being invoked. I'm not sure whether this is because there's an obvious bug in my code, or because the interrupts are not registered. (never mind my comment about the AIC, I can see there's a |
Repository owner
locked and limited conversation to collaborators
Mar 4, 2021
Repository owner
unlocked this conversation
Mar 8, 2021
|
UPDATE: You can find the updated tutorial here |
|
have you tested this on macOS too? i saw a "guide" for compiling this on macOS, but it doesn't work, at least on Big Sur (11.2.2). this is a log with the "macOS guide" (https://github.com/TrungNguyen1909/qemu-t8030/pull/6/checks (i tried both build_aarch64_softmmu_macos, and build_macos_all)), but the same thing happen using you commands. |
|
What errors do you get?
|
|
oh seems like i forgot to include the link for the log, here it is https://ghostbin.com/paste/imt1R |
|
@cutecodee, you are building on a M1 machine, right? |
|
@TrungNguyen1909 Yes, I can get launchd up with the I had some issues preparing the OS disk using your instructions (basically a timeout when running the detach command), so I just attached the original I'm not sure whether the error is related to that (it may very well be); do you get any further in boot process on your side? |
|
@qmfrederik have you decompress the fs? |
|
@TrungNguyen1909 No, it's not decompressed; I got a timeout when detaching the disk. The logs seemed to indicate the kernel could find the disk and mount the file system, which would mean that the ANS/NVMe controller code you added works, so just wanted to share that part of the good news ;-). |
nope, i'm using an x86 machine |
|
@cutecodee, you might want to try to run Your build seems to fail while building capstone, but we are not using capstone here. |
|
https://pastebin.com/mCrxK353 that's the output |
|
@cutecodee Looks like you're on Xcode 12.5 beta. Is it possible for you to try this with an earlier Xcode version? |
@cutecodee, try |
|
Closed. Tutorial |
Closed
shannon2893
pushed a commit
to shannon2893/qemu-t8030
that referenced
this issue
Jul 25, 2022
In commit 00f05c0 we gave the TYPE_XLNX_CSU_DMA object its own class struct, but forgot to update the TypeInfo::class_size accordingly. This meant that not enough memory was allocated for the class struct, and the initialization of xcdc->read in the class init function wrote off the end of the memory. Add the missing line. Found by running 'check-qtest-aarch64' with a clang address-sanitizer build, which complains: ==2542634==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61000000ab00 at pc 0x559a20aebc29 bp 0x7fff97df74d0 sp 0x7fff97df74c8 WRITE of size 8 at 0x61000000ab00 thread T0 #0 0x559a20aebc28 in xlnx_csu_dma_class_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../hw/dma/xlnx_csu_dma.c:722:16 TrungNguyen1909#1 0x559a21bf297c in type_initialize /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:365:9 TrungNguyen1909#2 0x559a21bf3442 in object_class_foreach_tramp /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1070:5 TrungNguyen1909#3 0x7f09bcb641b7 in g_hash_table_foreach (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x401b7) TrungNguyen1909#4 0x559a21bf3c27 in object_class_foreach /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1092:5 TrungNguyen1909#5 0x559a21bf3c27 in object_class_get_list /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1149:5 TrungNguyen1909#6 0x559a2081a2fd in select_machine /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:1661:24 TrungNguyen1909#7 0x559a2081a2fd in qemu_create_machine /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:2146:35 TrungNguyen1909#8 0x559a2081a2fd in qemu_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:3706:5 TrungNguyen1909#9 0x559a20720ed5 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/main.c:49:5 TrungNguyen1909#10 0x7f09baec00b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 TrungNguyen1909#11 0x559a2067673d in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/qemu-system-aarch64+0xf4b73d) 0x61000000ab00 is located 0 bytes to the right of 192-byte region [0x61000000aa40,0x61000000ab00) allocated by thread T0 here: #0 0x559a206eeff2 in calloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/qemu-system-aarch64+0xfc3ff2) TrungNguyen1909#1 0x7f09bcb7bef0 in g_malloc0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57ef0) TrungNguyen1909#2 0x559a21bf3442 in object_class_foreach_tramp /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1070:5 Fixes: 00f05c0 ("hw/dma/xlnx_csu_dma: Support starting a read transfer through a class method") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20220308150207.2546272-1-peter.maydell@linaro.org
shannon2893
pushed a commit
to shannon2893/qemu-t8030
that referenced
this issue
Jul 25, 2022
Include the qtest reproducer provided by Alexander Bulekov in https://gitlab.com/qemu-project/qemu/-/issues/542. Without the previous commit, we get: $ make check-qtest-i386 ... Running test tests/qtest/intel-hda-test AddressSanitizer:DEADLYSIGNAL ================================================================= ==1580408==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc3d566fe0 #0 0x63d297cf in address_space_translate_internal softmmu/physmem.c:356 TrungNguyen1909#1 0x63d27260 in flatview_do_translate softmmu/physmem.c:499:15 TrungNguyen1909#2 0x63d27af5 in flatview_translate softmmu/physmem.c:565:15 TrungNguyen1909#3 0x63d4ce84 in flatview_write softmmu/physmem.c:2850:10 TrungNguyen1909#4 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18 TrungNguyen1909#5 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16 TrungNguyen1909#6 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12 TrungNguyen1909#7 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12 TrungNguyen1909#8 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12 TrungNguyen1909#9 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1 TrungNguyen1909#10 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1 TrungNguyen1909#11 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12 TrungNguyen1909#12 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5 TrungNguyen1909#13 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5 TrungNguyen1909#14 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5 TrungNguyen1909#15 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9 TrungNguyen1909#16 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5 TrungNguyen1909#17 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9 TrungNguyen1909#18 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5 TrungNguyen1909#19 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5 TrungNguyen1909#20 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18 TrungNguyen1909#21 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16 TrungNguyen1909#22 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23 TrungNguyen1909#23 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12 TrungNguyen1909#24 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18 TrungNguyen1909#25 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16 TrungNguyen1909#26 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12 #27 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12 TrungNguyen1909#28 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12 TrungNguyen1909#29 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1 TrungNguyen1909#30 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1 TrungNguyen1909#31 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12 TrungNguyen1909#32 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5 TrungNguyen1909#33 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5 TrungNguyen1909#34 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5 TrungNguyen1909#35 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9 TrungNguyen1909#36 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5 TrungNguyen1909#37 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9 TrungNguyen1909#38 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5 TrungNguyen1909#39 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5 TrungNguyen1909#40 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18 TrungNguyen1909#41 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16 TrungNguyen1909#42 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23 TrungNguyen1909#43 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12 TrungNguyen1909#44 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18 TrungNguyen1909#45 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16 TrungNguyen1909#46 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12 TrungNguyen1909#47 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12 TrungNguyen1909#48 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12 ... SUMMARY: AddressSanitizer: stack-overflow softmmu/physmem.c:356 in address_space_translate_internal ==1580408==ABORTING Broken pipe Aborted (core dumped) Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20211218160912.1591633-4-philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
shannon2893
pushed a commit
to shannon2893/qemu-t8030
that referenced
this issue
Jul 25, 2022
The issue reported by OSS-Fuzz produces the following backtrace:
==447470==ERROR: AddressSanitizer: heap-buffer-overflow
READ of size 1 at 0x61500002a080 thread T0
#0 0x71766d47 in sdhci_read_dataport hw/sd/sdhci.c:474:18
TrungNguyen1909#1 0x7175f139 in sdhci_read hw/sd/sdhci.c:1022:19
TrungNguyen1909#2 0x721b937b in memory_region_read_accessor softmmu/memory.c:440:11
TrungNguyen1909#3 0x72171e51 in access_with_adjusted_size softmmu/memory.c:554:18
TrungNguyen1909#4 0x7216f47c in memory_region_dispatch_read1 softmmu/memory.c:1424:16
TrungNguyen1909#5 0x7216ebb9 in memory_region_dispatch_read softmmu/memory.c:1452:9
TrungNguyen1909#6 0x7212db5d in flatview_read_continue softmmu/physmem.c:2879:23
TrungNguyen1909#7 0x7212f958 in flatview_read softmmu/physmem.c:2921:12
TrungNguyen1909#8 0x7212f418 in address_space_read_full softmmu/physmem.c:2934:18
TrungNguyen1909#9 0x721305a9 in address_space_rw softmmu/physmem.c:2962:16
TrungNguyen1909#10 0x7175a392 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
TrungNguyen1909#11 0x7175a0ea in dma_memory_rw include/sysemu/dma.h:132:12
TrungNguyen1909#12 0x71759684 in dma_memory_read include/sysemu/dma.h:152:12
TrungNguyen1909#13 0x7175518c in sdhci_do_adma hw/sd/sdhci.c:823:27
TrungNguyen1909#14 0x7174bf69 in sdhci_data_transfer hw/sd/sdhci.c:935:13
TrungNguyen1909#15 0x7176aaa7 in sdhci_send_command hw/sd/sdhci.c:376:9
TrungNguyen1909#16 0x717629ee in sdhci_write hw/sd/sdhci.c:1212:9
TrungNguyen1909#17 0x72172513 in memory_region_write_accessor softmmu/memory.c:492:5
TrungNguyen1909#18 0x72171e51 in access_with_adjusted_size softmmu/memory.c:554:18
TrungNguyen1909#19 0x72170766 in memory_region_dispatch_write softmmu/memory.c:1504:16
TrungNguyen1909#20 0x721419ee in flatview_write_continue softmmu/physmem.c:2812:23
TrungNguyen1909#21 0x721301eb in flatview_write softmmu/physmem.c:2854:12
TrungNguyen1909#22 0x7212fca8 in address_space_write softmmu/physmem.c:2950:18
TrungNguyen1909#23 0x721d9a53 in qtest_process_command softmmu/qtest.c:727:9
A DMA descriptor is previously filled in RAM. An I/O access to the
device (frames TrungNguyen1909#22 to TrungNguyen1909#16) start the DMA engine (frame TrungNguyen1909#13). The
engine fetch the descriptor and execute the request, which itself
accesses the SDHCI I/O registers (frame TrungNguyen1909#1 and #0), triggering a
re-entrancy issue.
Fix by prohibit transactions from the DMA to devices. The DMA engine
is thus restricted to memories.
Reported-by: OSS-Fuzz (Issue 36391)
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/451
Message-Id: <20211215205656.488940-3-philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
shannon2893
pushed a commit
to shannon2893/qemu-t8030
that referenced
this issue
Jul 25, 2022
Include the qtest reproducer provided by Alexander Bulekov in https://gitlab.com/qemu-project/qemu/-/issues/451. Without the previous commit, we get: $ make check-qtest-i386 ... Running test qtest-i386/fuzz-sdcard-test ==447470==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61500002a080 at pc 0x564c71766d48 bp 0x7ffc126c62b0 sp 0x7ffc126c62a8 READ of size 1 at 0x61500002a080 thread T0 #0 0x564c71766d47 in sdhci_read_dataport hw/sd/sdhci.c:474:18 TrungNguyen1909#1 0x564c7175f139 in sdhci_read hw/sd/sdhci.c:1022:19 TrungNguyen1909#2 0x564c721b937b in memory_region_read_accessor softmmu/memory.c:440:11 TrungNguyen1909#3 0x564c72171e51 in access_with_adjusted_size softmmu/memory.c:554:18 TrungNguyen1909#4 0x564c7216f47c in memory_region_dispatch_read1 softmmu/memory.c:1424:16 TrungNguyen1909#5 0x564c7216ebb9 in memory_region_dispatch_read softmmu/memory.c:1452:9 TrungNguyen1909#6 0x564c7212db5d in flatview_read_continue softmmu/physmem.c:2879:23 TrungNguyen1909#7 0x564c7212f958 in flatview_read softmmu/physmem.c:2921:12 TrungNguyen1909#8 0x564c7212f418 in address_space_read_full softmmu/physmem.c:2934:18 TrungNguyen1909#9 0x564c721305a9 in address_space_rw softmmu/physmem.c:2962:16 TrungNguyen1909#10 0x564c7175a392 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12 TrungNguyen1909#11 0x564c7175a0ea in dma_memory_rw include/sysemu/dma.h:132:12 TrungNguyen1909#12 0x564c71759684 in dma_memory_read include/sysemu/dma.h:152:12 TrungNguyen1909#13 0x564c7175518c in sdhci_do_adma hw/sd/sdhci.c:823:27 TrungNguyen1909#14 0x564c7174bf69 in sdhci_data_transfer hw/sd/sdhci.c:935:13 TrungNguyen1909#15 0x564c7176aaa7 in sdhci_send_command hw/sd/sdhci.c:376:9 TrungNguyen1909#16 0x564c717629ee in sdhci_write hw/sd/sdhci.c:1212:9 TrungNguyen1909#17 0x564c72172513 in memory_region_write_accessor softmmu/memory.c:492:5 TrungNguyen1909#18 0x564c72171e51 in access_with_adjusted_size softmmu/memory.c:554:18 TrungNguyen1909#19 0x564c72170766 in memory_region_dispatch_write softmmu/memory.c:1504:16 TrungNguyen1909#20 0x564c721419ee in flatview_write_continue softmmu/physmem.c:2812:23 TrungNguyen1909#21 0x564c721301eb in flatview_write softmmu/physmem.c:2854:12 TrungNguyen1909#22 0x564c7212fca8 in address_space_write softmmu/physmem.c:2950:18 TrungNguyen1909#23 0x564c721d9a53 in qtest_process_command softmmu/qtest.c:727:9 0x61500002a080 is located 0 bytes to the right of 512-byte region [0x615000029e80,0x61500002a080) allocated by thread T0 here: #0 0x564c708e1737 in __interceptor_calloc (qemu-system-i386+0x1e6a737) TrungNguyen1909#1 0x7ff05567b5e0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x5a5e0) TrungNguyen1909#2 0x564c71774adb in sdhci_pci_realize hw/sd/sdhci-pci.c:36:5 SUMMARY: AddressSanitizer: heap-buffer-overflow hw/sd/sdhci.c:474:18 in sdhci_read_dataport Shadow bytes around the buggy address: 0x0c2a7fffd3c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffd3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fffd3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fffd3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2a7fffd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c2a7fffd410:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffd420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffd430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffd440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffd450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffd460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Heap left redzone: fa Freed heap region: fd ==447470==ABORTING Broken pipe ERROR qtest-i386/fuzz-sdcard-test - too few tests run (expected 3, got 2) Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20211215205656.488940-4-philmd@redhat.com> [thuth: Replaced "-m 4G" with "-m 512M"] Signed-off-by: Thomas Huth <thuth@redhat.com>
shannon2893
pushed a commit
to shannon2893/qemu-t8030
that referenced
this issue
Jul 25, 2022
Since commit 0439c5a ("block/block-backend.c: assertions for block-backend") QEMU crashes when using Cocoa on Darwin hosts. Example on macOS: $ qemu-system-i386 Assertion failed: (qemu_in_main_thread()), function blk_all_next, file block-backend.c, line 552. Abort trap: 6 Looking with lldb: Assertion failed: (qemu_in_main_thread()), function blk_all_next, file block-backend.c, line 552. Process 76914 stopped * thread TrungNguyen1909#1, queue = 'com.apple.main-thread', stop reason = hit program assert frame TrungNguyen1909#4: 0x000000010057c2d4 qemu-system-i386`blk_all_next.cold.1 at block-backend.c:552:5 [opt] 549 */ 550 BlockBackend *blk_all_next(BlockBackend *blk) 551 { --> 552 GLOBAL_STATE_CODE(); 553 return blk ? QTAILQ_NEXT(blk, link) 554 : QTAILQ_FIRST(&block_backends); 555 } Target 1: (qemu-system-i386) stopped. (lldb) bt * thread TrungNguyen1909#1, queue = 'com.apple.main-thread', stop reason = hit program assert frame #0: 0x00000001908c99b8 libsystem_kernel.dylib`__pthread_kill + 8 frame TrungNguyen1909#1: 0x00000001908fceb0 libsystem_pthread.dylib`pthread_kill + 288 frame TrungNguyen1909#2: 0x000000019083a314 libsystem_c.dylib`abort + 164 frame TrungNguyen1909#3: 0x000000019083972c libsystem_c.dylib`__assert_rtn + 300 * frame TrungNguyen1909#4: 0x000000010057c2d4 qemu-system-i386`blk_all_next.cold.1 at block-backend.c:552:5 [opt] frame TrungNguyen1909#5: 0x00000001003c00b4 qemu-system-i386`blk_all_next(blk=<unavailable>) at block-backend.c:552:5 [opt] frame TrungNguyen1909#6: 0x00000001003d8f04 qemu-system-i386`qmp_query_block(errp=0x0000000000000000) at qapi.c:591:16 [opt] frame TrungNguyen1909#7: 0x000000010003ab0c qemu-system-i386`main [inlined] addRemovableDevicesMenuItems at cocoa.m:1756:21 [opt] frame TrungNguyen1909#8: 0x000000010003ab04 qemu-system-i386`main(argc=<unavailable>, argv=<unavailable>) at cocoa.m:1980:5 [opt] frame TrungNguyen1909#9: 0x00000001012690f4 dyld`start + 520 As we are in passed release 7.0 hard freeze, disable the block backend assertion which, while being valuable during development, is not helpful to users. We'll restore this assertion immediately once 7.0 is released and work on a fix. Suggested-by: Akihiko Odaki <akihiko.odaki@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Akihiko Odaki <akihiko.odaki@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20220325183707.85733-1-philippe.mathieu.daude@gmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
UPDATE: Check out the latest guide
I'd be grateful if you could provide some instructions on how we can create a VM which can use the xnu kernel using this project.
Do we need to follow the instructions from https://github.com/alephsecurity/xnu-qemu-arm64/wiki/Build-iOS-on-QEMU? Which ipsw / iOS version did you use?
It looks like you're on iOS 14, so I guess that would make iPhone11,8,iPhone12,1_14.4_18D52_Restore.ipsw then, right?
Did you use the
kernelcache.release.iphone11bkernel image and theDeviceTree.n104ap.im4pdevice tree?PS - I had issues using the Python tools to extract the kernel image & device tree, but https://github.com/blacktop/ipsw seemed to work fine.
Build dependencies
Build script
Install lzfse
Extract disks from IPSW file
Launch script
The text was updated successfully, but these errors were encountered: