android内核msm,How do I compile the msm android kernel using the AOSP toolchain?

I've been stuck at this for more than a week, so I'd appreciate any help.

What am I trying to do? (you can skip this part if you want)

I'm trying to do android kernel exploitation. That's not my current problem though. To learn kernel exploitation, I need to be able to get a version of android that is vulnerable to a certain vulnerability. So here's what I'm doing:

Going here to select a CVE that I want to learn how to exploit

After selecting a CVE, I need to select a build that is vulnerable to that CVE from here

Now that I have chosen a build (QQ3A.200805.001 in my case), I note its branch name (android-10.0.0_r41 in my case)

Now I need to be able to run this build in the android emulator (qemu) once as a production build, and once with KASAN+KCOV+debugging symbols for gdb

Before I begin, I'm following these guides:

My Setup:

I did this to download everything I need:

git clone https://android.googlesource.com/kernel/msm

cd msm

git fetch --all --tags --prune

git checkout remotes/origin/android-msm-coral-4.14-android10

cd ..

mkdir AOSP

cd AOSP

repo init -u https://android.googlesource.com/platform/manifest

repo sync -j`nproc`

repo init -b android-10.0.0_r41

repo sync -j`nproc`

cd ..

When I went to the AOSP directory and tried compiling with:

source ./build/envsetup.sh

lunch aosp_flame-userdebug # For the Pixel 4

m

It compiled in 4 hours, but it worked.

My First Issue:

I then created this bash script in the main folder to try to compile the msm kernel normally (without KASAN/KCOV):

###########

# Params: #

###########

ARCH=arm64

CONFIG=cuttlefish_defconfig

###########

# Script: #

###########

read -p "Compile with clang instead of gcc? [y/N] " USE_CLANG

if [ $USE_CLANG == y ] || [ $USE_CLANG == Y ]; then

COMPILER=clang

CC_PATH=$(pwd)/AOSP/prebuilts/clang/host/linux-x86/clang-r346389c/bin/

else

COMPILER=gcc

CC_PATH=$(pwd)/AOSP/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin/

export CROSS_COMPILE=aarch64-linux-android-

fi

export ARCH=$ARCH

export PATH=$PATH:$CC_PATH

cd msm

make clean

make distclean

make $CONFIG

make CC=$COMPILER

When I run it with GCC, I get bombarded with depreciation warnings and I get an error:

Android GCC has been deprecated in favor of Clang, and will be removed from

Android in 2020-01 as per the deprecation plan in:

https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/master/GCC_4_9_DEPRECATION.md

...

Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong not supported by compiler

When I run it with clang, I also get a ton of warnings and this error:

./arch/arm64/include/asm/stack_pointer.h:8:51: error: register 'sp' unsuitable for global register variables on this target

register unsigned long current_stack_pointer asm ("sp");

...

In file included from ./include/linux/kvm_host.h:14:

./include/linux/signal.h:81:11: warning: array index 3 is past the end of the array (which contains 1 element) [-Warray-bounds]

return (set->sig[3] | set->sig[2] |

Full outputs for the script can be found here (for gcc) and here (for clang). Basically my first issue is that I don't know why I'm getting these compilation errors. So any suggestions would be greatly appreciated.

My Second Issue:

Now, I am checking out the remotes/origin/android-msm-coral-4.14-android10 branch in the msm repo, but I think this isn't the way to go because I need the kernel version that corresponds to a certain build/branch (QQ3A.200805.001 or android-10.0.0_r41 in my case). I think I need to build the exact version that is precompiled in the AOSP repository.

For example, if I go to the AOSP/device/google/coral directory, and run git log, I get something like this:

commit 62d311ad7cfc3e76a5278634427596462069b44d (HEAD, tag: android-10.0.0_r41, tag: m/android-10.0.0_r41, aosp/android10-qpr3-release)

Merge: 7b91fff 0657c80

Author: android-build-team Robot

Date: Wed Jun 10 23:45:11 2020 +0000

Merge cherrypicks of [11827366, 11829660, 11829049, 11829662, 11829647, 11829300, 11826697, 11829719, 11829051, 11829663, 11829664, 11829838, 11829052, 11829472, 11829586] into qt-qpr3-release

Change-Id: Ic126de75c24133f8d43df7c9d8f09059a9ca8089

commit 0657c80f016720f70ed6f9618f928a30e71f2b79

Author: wenchangliu

Date: Tue Mar 24 18:11:18 2020 +0800

coral: Add seccomp policy for Codec2 process

Add seccomp policy for Codec2 process.

Bug: 149511958

Test: adb shell killall media.hwcodec

Change-Id: Iab64bd42ead0c5a27769a757007282c2dddf911d

(cherry picked from commit 3628a510a808a52c4ebf69958a8343928e5df3f2)

(cherry picked from commit 45a6093f3d085ca2a531c2607bd12dbc1eff6bf9)

commit 7b91fffc14afb41cf14772566272c72b37c36785

Merge: 2e7f1a3 e8c9484

Author: android-build-team Robot

Date: Wed Jun 10 00:37:23 2020 +0000

...

Link for this exact commit/tag can be found here. However, there is no android-10.0.0_r41 tag in the msm source repo, so I don't know which version of the msm repo corresponds to the prebuilt one in the AOSP directory. And.. I don't know where to start looking tbh.

Any help is greatly appreciated.