From nobody Fri May 3 05:08:23 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=virtuozzo.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526574380783917.8371175044413; Thu, 17 May 2018 09:26:20 -0700 (PDT) Received: from localhost ([::1]:35369 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLjI-000826-48 for importer@patchew.org; Thu, 17 May 2018 12:26:12 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34456) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLhX-0006aY-Iy for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJLhT-0007Ip-TT for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:23 -0400 Received: from mail-eopbgr50097.outbound.protection.outlook.com ([40.107.5.97]:20608 helo=EUR03-VE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJLhT-0007FD-Hd for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:19 -0400 Received: from localhost.localdomain (93.175.11.132) by VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Thu, 17 May 2018 16:24:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Or69Emdt3DR4yBVhKRyX4bEMlc4Psp79jSe+IOGCE7Y=; b=I/ikLCa+M3QEHsnTX2Lwrg+U66b9Nsk11mqxOKJyiIgIlRxCXt/UOTcbEJjHaTmRgrCVbDz028QQVgg4MiCpCOtDOwPCPaNrCN0idzUDoaWVYg8qNhP1OTIWNtNG46hmNf1DgBzE+yIoM3/cUleafV89msivUMH4i5gwPhhiEFA= From: Viktor Prutyanov To: qemu-devel@nongnu.org Date: Thu, 17 May 2018 19:23:39 +0300 Message-ID: <20180517162342.4330-2-viktor.prutyanov@virtuozzo.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> References: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [93.175.11.132] X-ClientProxiedBy: AM0PR06CA0027.eurprd06.prod.outlook.com (2603:10a6:208:ab::40) To VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR08MB2862; X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 3:XE5FugXJJufxC0IYyoeXVQC/RQoWBYOn2Ye3TNQBlmBzlS5R5ma1i4A0CAGpbHJv4jZqB/C+VmBeDTsnNZiNp2JZqs35LH/A8lO3OKPVTlPSYrydjXq30+y4R9OcX4YA6IUj4JerPWZDU5wlF74mMnyumDjv8k0ncGWDirqnetmHTtJaGc2cO7Nt1MZ5tRlwn75W9WYNTg6vp1pVWq2ZFWEGJTvr793E2lJeOCkxeUbpnUY5zrXXOi4PDL3NF9F+; 25:TVAXd1ushYmN+U66UvyR+w/bYr5nzGr4fLZMrwQE68VN7rU+aMaY0BhxeJaFpAU5fX2ddGsGoNh/Mw466qgcNrgOEaWz3RcMph8ZCH5+M8Ny0nQZ8UmFmRqvlHtxjxQGkE5d1/gaoVzWPQChOEdi+QvxB67qph8VvgU/AiqHvhs286qO8va19NPIuzFgf67LFqNmePiJDC1sI4F22F074m+N9LczErYU5gebeAmvMu4K+VV6JcmaNyn4Ah4thpQuLAdup5se36F66cS3S4HxMXF8Gv/FPYY0BgLq42Zif2W5BZNEQfnnRGsi991p2CwcXKEi2RSM0u03GbCJSGRdMg==; 31:APu0Rt0y8YyfIkEhstzodVJ3OyIsx21pYYTKhrWyBF3yzWc6h9Pi/FOezmBPlQt2bilvgqh2L9+8GWFBE14EgGiXTmZt79r0x/TV5GhlOqwIq70/bhpgo0rTheeMVVlWps/4LCkK64gReFa0XO/rjtKzgCn6v/JdgEIcn9jp6lLnntreZ5dbLKkGr8kHKAjqPCBviFiFdpm1vK/x/ChTu/gQkO57hGV0HFvufUkUJj0= X-MS-TrafficTypeDiagnostic: VI1PR08MB2862: X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 20:smKxmRqzqlD1tqXufYysTIhKasi7YV2i47GzCLDBXbkddfrI5maIwJ8M1r/oaeCJ0jM52/XtcNpbo9kRsqHEVzQJ3llv1ntDxLGiF0Q/MNyPelmRrOB8LAZjPj8QZgCaSc9bm5bSJoaoJLUYg97CRBuM8oiUIpH92HbLZSgqRGNGniLLtnx4UiglvEvae03s6LJDLFsJoufVKEmP+LH9P4mpSBxg79oPbvORaJ0tRPJ9f+t7uyEIUGe+nMiMpKvlKkro8eug+NOOb68H7pcq63tLgI1FD8oGMYrRJIJtXUyUVnG8uGO0Nv8ss7NBehPB0PLaNL8i1AgfvEzFPYjH7i1XaRhweDPVqOZbtBKRL2vdUf9Z6hejo+IEyAChWb3lTasMXOgLEBQ4lkAOr48oNOLquDTZj/DuGEN0mZwgm24OTGNsStZDHKWPfLPFZxkclt3FXQE3/jy7Bt+dZq/ce8Tw2GK/Xl9ief2H1Bwc/OlJWZuIavWPXuzccSwvdNCD; 4:zaj0NertTJiBU8WFUgcUrGHUR/YAgkVH8/khFPgXJY2T4EiVk/R3RCIuQaIhhojb2TErDR8sc8q/xmzoNh3HoAg35rRecrGkjvNCYGqANSXBZZXcAUO7/MetRoFCF1LTVay3pNc1cQaFsQqvnEh1AcbJcDc1thc1G3rouLQFCqyoPOPWCWosYZqKEFllfNEqX4vakKHEoDKgF47TDiodJy+Olchh4MzQQLvZxODBcY7tilgNqnYeYYe9A/Y7vqd+tLdJzPr3loA3oxGBPrK4GcbhcnpNnScwE3JfRU4phCfjPovWgQ3lDMr4LlQpKG8DWbT6Mr9balpnIgxX0BX31g== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(6846125436962)(166708455590820); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231254)(944501410)(52105095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:VI1PR08MB2862; BCL:0; PCL:0; RULEID:; SRVR:VI1PR08MB2862; X-Forefront-PRVS: 067553F396 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(366004)(396003)(39850400004)(346002)(39380400002)(376002)(377424004)(189003)(199004)(2870700001)(8676002)(47776003)(956004)(2616005)(81166006)(81156014)(59450400001)(6486002)(6666003)(6916009)(7736002)(486006)(446003)(44832011)(6116002)(3846002)(1076002)(97736004)(11346002)(36756003)(76176011)(476003)(25786009)(53936002)(6306002)(6512007)(478600001)(86362001)(107886003)(2351001)(106356001)(2361001)(386003)(966005)(66066001)(2906002)(5660300001)(316002)(68736007)(8936002)(23676004)(52116002)(50466002)(186003)(305945005)(6506007)(50226002)(26005)(6346003)(16526019)(575784001)(4326008)(105586002)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR08MB2862; H:localhost.localdomain; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=viktor.prutyanov@virtuozzo.com; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; VI1PR08MB2862; 23:75Rw4CtEkSnaPyoNWTHOlZFhAde2Siqmm5w9jgWQ6?= =?us-ascii?Q?JOcNO4mcD37ACJLJkAsRgDY3b05k4umUUSz3kCwHdZXeH2/SPLbM9vx/7+7e?= =?us-ascii?Q?+1V2E9WTbjf63kEt35KDOEZJ3T3B/f2LsQf+Sw/Mv9JVA+CjG/apoh7B93A/?= =?us-ascii?Q?yKI2ERLnGPzPVYJemWrz5oiU+HhGuwtOqqxTAuzhHgY9RmrDJTNE7LqkKhn2?= =?us-ascii?Q?nMDSMd/8d+F9w6POnQ4DX9CKHlrKXvCNHOp0SN5/iVuomp8RzxvX9QKj4b8I?= =?us-ascii?Q?TIKWsCfsnyv+/lCV6dErpgt9OCzziUo9jr9lsiGCKDAXfq8V/WolxVoctbCR?= =?us-ascii?Q?9j48uoaeRXXWZPq0ezyjnDPjXvIReHs7jArD95eFsayZmgLdb+hIMTvusxL8?= =?us-ascii?Q?rDhS3Viy/REd+5ti5Fm603DSkZggduwXEI9vn/dm/5NySehYFGq1KRxiUgXv?= =?us-ascii?Q?wzOIrDC6eBX3+/wXPfShfXP4qtuDO706oKsB9PRWAuOG9Xe10CyKuDGbQUGh?= =?us-ascii?Q?zOC7FpCosTvoCTAW+x0UB267xR6VD/8QY0y/ypDjCE2t8JZTgFo991eIcpGy?= =?us-ascii?Q?YtkqFO8cD26Z9VfHUZEQzwoecqN43DM0TJK7ZxWe0MoxhRuFiiVmvlkYy/AJ?= =?us-ascii?Q?fmlG/v7TrUv+tbHaW4Jw4uFQrGyjDTmoeaIQNSAMLnfOFw/pIC+c+ZNdQzWm?= =?us-ascii?Q?TMMOT/OgrUgA/PBFaHwkASPT/X5PnfNDvDH88A11kZqIrRpW8GlYCSJwEjFo?= =?us-ascii?Q?3kTrsv+sEWNcC+NbbGu+mXUmCRF4R5kjXci7C9RbzGbJhYtZAj3DcjXMVj5/?= =?us-ascii?Q?Ugw4Gxy+2vuyzzkd8EuuI9ol9eHObPUa8HZ6sLZQ0iV2HKymw3TdoVj8vGPe?= =?us-ascii?Q?tWw1kqwGkK5IhFRWJc7Fucrkkov2zI7X5a/hAX9ajG4tkJk8zSs6mfO7bl/6?= =?us-ascii?Q?6TRN9hDt4AVK18maKnQ5tLBgAebEsCRSbqfsL1kKD7KpBhQSV5OH84ZZuwvx?= =?us-ascii?Q?rnHXOPI4kvbEm2jFlIZ1JnsU6owV77m0Z61Yy0nIopvreNmbENOT5jeVcZ92?= =?us-ascii?Q?XZ5oxtWrkbMXYYKfVerxCteAqyCJSzzJo0ri1Z5WUWarDNF57wxXLuISAI1h?= =?us-ascii?Q?nl0udNAcLgnl022bbnDjyqJ7L6VLD5CU74bIIh1vgJbteCJWe+kTwGx9Pqef?= =?us-ascii?Q?mQRaj/Diw7EFZLqw7TdHaqAlrchaIra6E02AFvNRksS0F4XTqkgytqtuszPc?= =?us-ascii?Q?We4JT/ejJVYiiFTxntvgVGENR3xYjXrAozmXeEo0S6Zjb/iu814fFGXtvLwt?= =?us-ascii?Q?1A/aFb4hPI5OIwwFDZduh7BEh1j/nmOLf1FQ9AwZk+v0o1v+Abf62TqbRmWv?= =?us-ascii?Q?X8FyfOf6fHeEGvXiDjBhspRsYzOpqNJd8WzRdDeZEZ9zuTw/Gcm/dWrgDtnU?= =?us-ascii?Q?HV0MQv/4B6UENiIdyM38TuWbQ1vwq0=3D?= X-Microsoft-Antispam-Message-Info: 4O5UE1Zm5VOdFLfOfySudDqv1mLfc8LA9RXYGxG6LT/Gh0bND4Fwrk8NWj/H6Gfr2lpA7dNkaKTmZdpwl8khTQz4HOvxNzh5Y4zwNxtJL7l+lzk3cieRgyUlskQZ1CLvvI6nMOg/iCsMs9AL8Zh2rTJmyCOptFHZKQD2IXjzbpHW5C8Z3L6wGbnRzO0x1Can X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 6:uQFg+9WEhYBXeswcrtUk9uoes5XRGQrxRWWOtE/HFq+qbogTW96WEtjRkeCVk3XmlMF/SgcIJcA6vkEzX4ZB13lK7+P9wulwAmdB5ZzsqA8R3Ja2yXJSHvQrX/mrttP5jrsjxTZ5oUvINnUk4/S2BQh9R+Dy3EOJCIeK9Vo91lpMsih1PaQDGRm2ZQxNpCjJgqrBH5Oo8akji7dQd/Jpalk1wJ+SggsQ2CgRAve3POnTFj1Jg69sX4wv2SnJfx4oncZn9uCwhu4Qo9DoQuIujQK/fw2NWlTrMXHosT+Zdyn71km2loDlvywNygVeBoU27+tY82JJW4R9wFOnKXIrajMWnrB/PRxV7uCMy/TvWrO+VAo/Z/kdz0FCVb5dGkT6sLHd8AIqxm5CGRTFQe641eq64SmAPzLOcl8GG4zl1SvlNeMsa1DhkAq91MEL8BK08ZlNz7ntPYDyPjpQxrPUYQ==; 5:IXOfe+ntOldwIspZszuaAizTTfYw6bz20b2uD0As4nvJpv4kDtmocjEzrwBMOtPS/fXLxQ9rlNi/uV0gmvxielsgqlZgERIM8cv/mV974n75gK9FEizSK1MQtXkTpm5hLK4CJOrdMIZoSQ7aXLpMyQkGosFGz/W7YlovFDnb+5s=; 24:jaQIjRUwd1cYeSgODJ3VxAOZENN0avoR+zxOgu6XYEtgMdmCpAPbEK2lHAUypiG6bSIqXew3cp2f7mK9QnkkF9xO0VzpOlOWHke0ihUBsIg= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 7:QPvK0jIDqoxK6npHkWaeohH9HatH5TFx47g1oWbvG4KdGXzU/8edvtQ+chwvpSRtN4igHqlPbZuFSdWixsGqLDKb5hb8KmPmm0cO1YzCD/2CSBLPE0UthPFsGYJKv8NJGZq0WV9rs1GJ5xZYP9xgxxKmApDIxys3ios7lOaBdiYknkAHExrBIbG151UlHQ11r9UP5a56cnukN7+xkdN4bAWxsotjQ4Zbwr51vqAqxNfn42O9uZiOdaxbkI+QOJ1P; 20:O96XS/k5x/ZQM4dH4XKyirCGfApkpyR0FL3oigyk/y11QCGrv1jU/ibpYrVi0r2cMJjQVRhEWONb+IztJb2F/855v3qG14e6QVWdGLI4uWaXa6D+/EO/I7jh0xTgfplINrzuElCtQQ93lgf63gg1IctyEL6lIsJzA7NCnkv4jfc= X-MS-Office365-Filtering-Correlation-Id: 070b56fe-643e-4fd3-bbdf-08d5bc12a238 X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2018 16:24:15.3915 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 070b56fe-643e-4fd3-bbdf-08d5bc12a238 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2862 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.5.97 Subject: [Qemu-devel] [PATCH 1/4] dump: add Windows dump format to dump-guest-memory X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: marcandre.lureau@redhat.com, Viktor Prutyanov , rkagan@virtuozzo.com, armbru@redhat.com, dgilbert@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This patch adds Windows crashdumping feature. Now QEMU can produce ELF-dump containing Windows crashdump header, which can help to convert to a valid WinDbg-understandable crashdump file, or immediately create such file. The crashdump will be obtained by joining physical memory dump and 8K header exposed through vmcoreinfo/fw_cfg device by guest driver at BSOD time. Opti= on '-w' was added to dump-guest-memory command. At the moment, only x64 configuration is supported. Suitable driver can be found at https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/fwcfg64 Signed-off-by: Viktor Prutyanov Reviewed-by: Marc-Andr=C3=A9 Lureau --- This patch is unchanged from the one posted separately on 2018-05-01 with message-id: <20180501132031.13270-1-viktor.prutyanov@virtuozzo.com> Makefile.target | 1 + dump.c | 24 ++++++- hmp-commands.hx | 13 ++-- hmp.c | 9 ++- qapi/misc.json | 5 +- win_dump.c | 209 ++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ win_dump.h | 87 +++++++++++++++++++++++ 7 files changed, 339 insertions(+), 9 deletions(-) create mode 100644 win_dump.c create mode 100644 win_dump.h diff --git a/Makefile.target b/Makefile.target index d0ec77a307..6ae2609597 100644 --- a/Makefile.target +++ b/Makefile.target @@ -138,6 +138,7 @@ obj-y +=3D hw/ obj-y +=3D memory.o obj-y +=3D memory_mapping.o obj-y +=3D dump.o +obj-y +=3D win_dump.o obj-y +=3D migration/ram.o LIBS :=3D $(libs_softmmu) $(LIBS) =20 diff --git a/dump.c b/dump.c index b54cd42b21..04467b353e 100644 --- a/dump.c +++ b/dump.c @@ -29,6 +29,10 @@ #include "qemu/error-report.h" #include "hw/misc/vmcoreinfo.h" =20 +#ifdef TARGET_X86_64 +#include "win_dump.h" +#endif + #include #ifdef CONFIG_LZO #include @@ -1866,7 +1870,11 @@ static void dump_process(DumpState *s, Error **errp) Error *local_err =3D NULL; DumpQueryResult *result =3D NULL; =20 - if (s->has_format && s->format !=3D DUMP_GUEST_MEMORY_FORMAT_ELF) { + if (s->has_format && s->format =3D=3D DUMP_GUEST_MEMORY_FORMAT_WIN_DMP= ) { +#ifdef TARGET_X86_64 + create_win_dump(s, &local_err); +#endif + } else if (s->has_format && s->format !=3D DUMP_GUEST_MEMORY_FORMAT_EL= F) { create_kdump_vmcore(s, &local_err); } else { create_vmcore(s, &local_err); @@ -1970,6 +1978,13 @@ void qmp_dump_guest_memory(bool paging, const char *= file, } #endif =20 +#ifndef TARGET_X86_64 + if (has_format && format =3D=3D DUMP_GUEST_MEMORY_FORMAT_WIN_DMP) { + error_setg(errp, "Windows dump is only available for x86-64"); + return; + } +#endif + #if !defined(WIN32) if (strstart(file, "fd:", &p)) { fd =3D monitor_get_fd(cur_mon, p, errp); @@ -2044,5 +2059,12 @@ DumpGuestMemoryCapability *qmp_query_dump_guest_memo= ry_capability(Error **errp) item->value =3D DUMP_GUEST_MEMORY_FORMAT_KDUMP_SNAPPY; #endif =20 + /* Windows dump is available only if target is x86_64 */ +#ifdef TARGET_X86_64 + item->next =3D g_malloc0(sizeof(DumpGuestMemoryFormatList)); + item =3D item->next; + item->value =3D DUMP_GUEST_MEMORY_FORMAT_WIN_DMP; +#endif + return cap; } diff --git a/hmp-commands.hx b/hmp-commands.hx index 227f7eee88..fc1f7401f7 100644 --- a/hmp-commands.hx +++ b/hmp-commands.hx @@ -1088,30 +1088,33 @@ ETEXI =20 { .name =3D "dump-guest-memory", - .args_type =3D "paging:-p,detach:-d,zlib:-z,lzo:-l,snappy:-s,file= name:F,begin:i?,length:i?", - .params =3D "[-p] [-d] [-z|-l|-s] filename [begin length]", + .args_type =3D "paging:-p,detach:-d,windmp:-w,zlib:-z,lzo:-l,snap= py:-s,filename:F,begin:i?,length:i?", + .params =3D "[-p] [-d] [-z|-l|-s|-w] filename [begin length]", .help =3D "dump guest memory into file 'filename'.\n\t\t\t" "-p: do paging to get guest's memory mapping.\n\t\t\= t" "-d: return immediately (do not wait for completion)= .\n\t\t\t" "-z: dump in kdump-compressed format, with zlib comp= ression.\n\t\t\t" "-l: dump in kdump-compressed format, with lzo compr= ession.\n\t\t\t" "-s: dump in kdump-compressed format, with snappy co= mpression.\n\t\t\t" + "-w: dump in Windows crashdump format (can be used i= nstead of ELF-dump converting),\n\t\t\t" + " for Windows x64 guests with vmcoreinfo driver o= nly.\n\t\t\t" "begin: the starting physical address.\n\t\t\t" "length: the memory size, in bytes.", .cmd =3D hmp_dump_guest_memory, }, =20 - STEXI @item dump-guest-memory [-p] @var{filename} @var{begin} @var{length} -@item dump-guest-memory [-z|-l|-s] @var{filename} +@item dump-guest-memory [-z|-l|-s|-w] @var{filename} @findex dump-guest-memory Dump guest memory to @var{protocol}. The file can be processed with crash = or -gdb. Without -z|-l|-s, the dump format is ELF. +gdb. Without -z|-l|-s|-w, the dump format is ELF. -p: do paging to get guest's memory mapping. -z: dump in kdump-compressed format, with zlib compression. -l: dump in kdump-compressed format, with lzo compression. -s: dump in kdump-compressed format, with snappy compression. + -w: dump in Windows crashdump format (can be used instead of ELF-d= ump converting), + for Windows x64 guests with vmcoreinfo driver only filename: dump file name. begin: the starting physical address. It's optional, and should be specified together with length. diff --git a/hmp.c b/hmp.c index bdb340605c..c0c7ff0982 100644 --- a/hmp.c +++ b/hmp.c @@ -1976,6 +1976,7 @@ void hmp_device_del(Monitor *mon, const QDict *qdict) void hmp_dump_guest_memory(Monitor *mon, const QDict *qdict) { Error *err =3D NULL; + bool win_dmp =3D qdict_get_try_bool(qdict, "windmp", false); bool paging =3D qdict_get_try_bool(qdict, "paging", false); bool zlib =3D qdict_get_try_bool(qdict, "zlib", false); bool lzo =3D qdict_get_try_bool(qdict, "lzo", false); @@ -1990,12 +1991,16 @@ void hmp_dump_guest_memory(Monitor *mon, const QDic= t *qdict) enum DumpGuestMemoryFormat dump_format =3D DUMP_GUEST_MEMORY_FORMAT_EL= F; char *prot; =20 - if (zlib + lzo + snappy > 1) { - error_setg(&err, "only one of '-z|-l|-s' can be set"); + if (zlib + lzo + snappy + win_dmp > 1) { + error_setg(&err, "only one of '-z|-l|-s|-w' can be set"); hmp_handle_error(mon, &err); return; } =20 + if (win_dmp) { + dump_format =3D DUMP_GUEST_MEMORY_FORMAT_WIN_DMP; + } + if (zlib) { dump_format =3D DUMP_GUEST_MEMORY_FORMAT_KDUMP_ZLIB; } diff --git a/qapi/misc.json b/qapi/misc.json index f5988cc0b5..5d02d07298 100644 --- a/qapi/misc.json +++ b/qapi/misc.json @@ -1679,10 +1679,13 @@ # # @kdump-snappy: kdump-compressed format with snappy-compressed # +# @win-dmp: Windows full crashdump format, +# can be used instead of ELF converting (since 2.13) +# # Since: 2.0 ## { 'enum': 'DumpGuestMemoryFormat', - 'data': [ 'elf', 'kdump-zlib', 'kdump-lzo', 'kdump-snappy' ] } + 'data': [ 'elf', 'kdump-zlib', 'kdump-lzo', 'kdump-snappy', 'win-dmp' ] } =20 ## # @dump-guest-memory: diff --git a/win_dump.c b/win_dump.c new file mode 100644 index 0000000000..58255c12ee --- /dev/null +++ b/win_dump.c @@ -0,0 +1,209 @@ +/* + * Windows crashdump + * + * Copyright (c) 2018 Virtuozzo International GmbH + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" +#include "qemu/cutils.h" +#include "elf.h" +#include "cpu.h" +#include "exec/hwaddr.h" +#include "monitor/monitor.h" +#include "sysemu/kvm.h" +#include "sysemu/dump.h" +#include "sysemu/sysemu.h" +#include "sysemu/memory_mapping.h" +#include "sysemu/cpus.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "hw/misc/vmcoreinfo.h" +#include "win_dump.h" + +static size_t write_run(WinDumpPhyMemRun64 *run, int fd, Error **errp) +{ + void *buf; + uint64_t addr =3D run->BasePage << TARGET_PAGE_BITS; + uint64_t size =3D run->PageCount << TARGET_PAGE_BITS; + uint64_t len =3D size; + + buf =3D cpu_physical_memory_map(addr, &len, false); + if (!buf) { + error_setg(errp, "win-dump: failed to map run"); + return 0; + } + if (len !=3D size) { + error_setg(errp, "win-dump: failed to map entire run"); + len =3D 0; + goto out_unmap; + } + + len =3D qemu_write_full(fd, buf, len); + if (len !=3D size) { + error_setg(errp, QERR_IO_ERROR); + } + +out_unmap: + cpu_physical_memory_unmap(buf, addr, false, len); + + return len; +} + +static void write_runs(DumpState *s, WinDumpHeader64 *h, Error **errp) +{ + WinDumpPhyMemDesc64 *desc =3D &h->PhysicalMemoryBlock; + WinDumpPhyMemRun64 *run =3D desc->Run; + Error *local_err =3D NULL; + int i; + + for (i =3D 0; i < desc->NumberOfRuns; i++) { + s->written_size +=3D write_run(run + i, s->fd, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + } +} + +static void patch_mm_pfn_database(WinDumpHeader64 *h, Error **errp) +{ + if (cpu_memory_rw_debug(first_cpu, + h->KdDebuggerDataBlock + KDBG_MM_PFN_DATABASE_OFFSET64, + (uint8_t *)&h->PfnDatabase, sizeof(h->PfnDatabase), 0)) { + error_setg(errp, "win-dump: failed to read MmPfnDatabase"); + return; + } +} + +static void patch_bugcheck_data(WinDumpHeader64 *h, Error **errp) +{ + uint64_t KiBugcheckData; + + if (cpu_memory_rw_debug(first_cpu, + h->KdDebuggerDataBlock + KDBG_KI_BUGCHECK_DATA_OFFSET64, + (uint8_t *)&KiBugcheckData, sizeof(KiBugcheckData), 0)) { + error_setg(errp, "win-dump: failed to read KiBugcheckData"); + return; + } + + if (cpu_memory_rw_debug(first_cpu, + KiBugcheckData, + h->BugcheckData, sizeof(h->BugcheckData), 0)) { + error_setg(errp, "win-dump: failed to read bugcheck data"); + return; + } +} + +/* + * This routine tries to correct mistakes in crashdump header. + */ +static void patch_header(WinDumpHeader64 *h) +{ + Error *local_err =3D NULL; + + h->RequiredDumpSpace =3D sizeof(WinDumpHeader64) + + (h->PhysicalMemoryBlock.NumberOfPages << TARGET_PAGE_BITS); + h->PhysicalMemoryBlock.unused =3D 0; + h->unused1 =3D 0; + + /* + * We assume h->DirectoryBase and current CR3 are the same when we acc= ess + * memory by virtual address. In other words, we suppose current conte= xt + * is system context. It is definetely true in case of BSOD. + */ + + patch_mm_pfn_database(h, &local_err); + if (local_err) { + warn_report_err(local_err); + local_err =3D NULL; + } + patch_bugcheck_data(h, &local_err); + if (local_err) { + warn_report_err(local_err); + } +} + +static void check_header(WinDumpHeader64 *h, Error **errp) +{ + const char Signature[] =3D "PAGE"; + const char ValidDump[] =3D "DU64"; + + if (memcmp(h->Signature, Signature, sizeof(h->Signature))) { + error_setg(errp, "win-dump: invalid header, expected '%.4s'," + " got '%.4s'", Signature, h->Signature); + return; + } + + if (memcmp(h->ValidDump, ValidDump, sizeof(h->ValidDump))) { + error_setg(errp, "win-dump: invalid header, expected '%.4s'," + " got '%.4s'", ValidDump, h->ValidDump); + return; + } +} + +static void check_kdbg(WinDumpHeader64 *h, Error **errp) +{ + const char OwnerTag[] =3D "KDBG"; + char read_OwnerTag[4]; + + if (cpu_memory_rw_debug(first_cpu, + h->KdDebuggerDataBlock + KDBG_OWNER_TAG_OFFSET64, + (uint8_t *)&read_OwnerTag, sizeof(read_OwnerTag), 0)) { + error_setg(errp, "win-dump: failed to read OwnerTag"); + return; + } + + if (memcmp(read_OwnerTag, OwnerTag, sizeof(read_OwnerTag))) { + error_setg(errp, "win-dump: invalid KDBG OwnerTag," + " expected '%.4s', got '%.4s'," + " KdDebuggerDataBlock seems to be encrypted", + OwnerTag, read_OwnerTag); + return; + } +} + +void create_win_dump(DumpState *s, Error **errp) +{ + WinDumpHeader64 *h =3D (WinDumpHeader64 *)(s->guest_note + + VMCOREINFO_ELF_NOTE_HDR_SIZE); + Error *local_err =3D NULL; + + if (s->guest_note_size !=3D sizeof(WinDumpHeader64) + + VMCOREINFO_ELF_NOTE_HDR_SIZE) { + error_setg(errp, "win-dump: invalid vmcoreinfo note size"); + return; + } + + check_header(h, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + check_kdbg(h, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + patch_header(h); + + s->total_size =3D h->RequiredDumpSpace; + + s->written_size =3D qemu_write_full(s->fd, h, sizeof(*h)); + if (s->written_size !=3D sizeof(*h)) { + error_setg(errp, QERR_IO_ERROR); + return; + } + + write_runs(s, h, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } +} diff --git a/win_dump.h b/win_dump.h new file mode 100644 index 0000000000..281241881e --- /dev/null +++ b/win_dump.h @@ -0,0 +1,87 @@ +/* + * Windows crashdump + * + * Copyright (c) 2018 Virtuozzo International GmbH + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + * + */ + +typedef struct WinDumpPhyMemRun64 { + uint64_t BasePage; + uint64_t PageCount; +} QEMU_PACKED WinDumpPhyMemRun64; + +typedef struct WinDumpPhyMemDesc64 { + uint32_t NumberOfRuns; + uint32_t unused; + uint64_t NumberOfPages; + WinDumpPhyMemRun64 Run[43]; +} QEMU_PACKED WinDumpPhyMemDesc64; + +typedef struct WinDumpExceptionRecord { + uint32_t ExceptionCode; + uint32_t ExceptionFlags; + uint64_t ExceptionRecord; + uint64_t ExceptionAddress; + uint32_t NumberParameters; + uint32_t unused; + uint64_t ExceptionInformation[15]; +} QEMU_PACKED WinDumpExceptionRecord; + +typedef struct WinDumpHeader64 { + char Signature[4]; + char ValidDump[4]; + uint32_t MajorVersion; + uint32_t MinorVersion; + uint64_t DirectoryTableBase; + uint64_t PfnDatabase; + uint64_t PsLoadedModuleList; + uint64_t PsActiveProcessHead; + uint32_t MachineImageType; + uint32_t NumberProcessors; + union { + struct { + uint32_t BugcheckCode; + uint32_t unused0; + uint64_t BugcheckParameter1; + uint64_t BugcheckParameter2; + uint64_t BugcheckParameter3; + uint64_t BugcheckParameter4; + }; + uint8_t BugcheckData[40]; + }; + uint8_t VersionUser[32]; + uint64_t KdDebuggerDataBlock; + union { + WinDumpPhyMemDesc64 PhysicalMemoryBlock; + uint8_t PhysicalMemoryBlockBuffer[704]; + }; + union { + uint8_t ContextBuffer[3000]; + }; + WinDumpExceptionRecord Exception; + uint32_t DumpType; + uint32_t unused1; + uint64_t RequiredDumpSpace; + uint64_t SystemTime; + char Comment[128]; + uint64_t SystemUpTime; + uint32_t MiniDumpFields; + uint32_t SecondaryDataState; + uint32_t ProductType; + uint32_t SuiteMask; + uint32_t WriterStatus; + uint8_t unused2; + uint8_t KdSecondaryVersion; + uint8_t reserved[4018]; +} QEMU_PACKED WinDumpHeader64; + +void create_win_dump(DumpState *s, Error **errp); + +#define KDBG_OWNER_TAG_OFFSET64 0x10 +#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 +#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 + +#define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 --=20 2.14.3 From nobody Fri May 3 05:08:23 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=virtuozzo.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526574503155991.986864610928; Thu, 17 May 2018 09:28:23 -0700 (PDT) Received: from localhost ([::1]:35440 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLlO-0001dF-CB for importer@patchew.org; Thu, 17 May 2018 12:28:22 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34457) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLhX-0006aZ-J2 for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJLhU-0007JF-7a for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:23 -0400 Received: from mail-eopbgr50097.outbound.protection.outlook.com ([40.107.5.97]:20608 helo=EUR03-VE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJLhU-0007FD-1I for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:20 -0400 Received: from localhost.localdomain (93.175.11.132) by VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Thu, 17 May 2018 16:24:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bGXJUXZia46WHMNxRMz8KSd6o2IzAId7eTR7tW3UmZM=; b=RVIQCl1DS9KKgpxhoWM1aCQltfVR2eYdQmLvl85M1rQS3i/K3T1UGohawh7MT0+73+66ss2S0wu71yexlDlWl/Hngh0rOVe7gbeh9ih2nfmgSp6FMfPtfbrG9zMcKZ6dlu8NZrRO6uOPFxfeaAziooXqaZKdUgzWguuKpO5yA3w= From: Viktor Prutyanov To: qemu-devel@nongnu.org Date: Thu, 17 May 2018 19:23:40 +0300 Message-Id: <20180517162342.4330-3-viktor.prutyanov@virtuozzo.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> References: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> MIME-Version: 1.0 X-Originating-IP: [93.175.11.132] X-ClientProxiedBy: AM0PR06CA0027.eurprd06.prod.outlook.com (2603:10a6:208:ab::40) To VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR08MB2862; X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 3:s/nrZx+vDscUG/D9Ln6MXWvrL8wN44QPkRLbgBiLojrh4Rb0yeBD32Ep97GMKa6vmyIlSe2uzxDkkPX8sFdKFUyPeYxDkv5MkeKUQrTJLtHcqUPox549lo9+PZNvUKOe3SgLYluHxiQt/35VairSu7aLPrRXKXZXbSIsZEsilpsvpPnbO2EosL2BHITJVDMCeYkdgXwz/E+IqxyM83ANrkKxlkAfkb+XId07G1qoJtnZ1078+JZqTFibVhcHc7JQ; 25:xvMv9q8EmaeEZFEvhVyJ8EhVb/zz+oRL0fl1OFLtKivkcgITutuSdPzwnIu1isPrc3WsRx6RwoeyWhE/7rdQYGhg4pUJvemOmZhLjukk+6WtdWpwRupR80ALZXQxhUqCs5R7YbyBvUIOPd6m9GzBq5McHyaiRQUsF0bD7JkHgt10mZVbm9uR2uSV6SP0BQDAGVd4TeniDmJNdIeLHAZ4KBS0T+Y+byHEyuAepRM9eWlx2jBLUc6TRVYHrn7NHHTLSdN3A2G9kc8JzNA3g8R74Z/EU7s+vf/JZIzKX7ooiY07Aum+yuCjonIg1rGjnWjLutVz6OQKxowh9QRtVvsQ8w==; 31:7GDXsvLs6rbkG0ODXmxAdlBLiRsLA3v2uNvs3ObkT8vLHZSQMZCw216hJ83PCis6Ic9sSRmh3u/aq/4UxlcVnD/727Utc4vgJEIuUp/MV2li6TyHjn7Ev75gIauKQqNK+gwzLqFYShLzQX4t0iilEC5MxY8b/09IVu3WzkUIXofZomOdGPE3NfVdRBYgEVhhbvbIU6vZNRF0Bb2A9GyQYFljJqYymUXw2m77UwWZM+E= X-MS-TrafficTypeDiagnostic: VI1PR08MB2862: X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 20:cfeZR9wH67GxoL9CuY68DmzuhS5WrJueFVXac6S+Cgzf1+peesQLw4ArZ4U86N0Cabq/sVb5ijsyawScVUgirV8blNBusLJSw48ZRBYibJH92ForDZTUuygUynnCV1aHp9YOnmxpfLNcHPbOvGGvVLzIWJAx+499Ei4KPqHGrYBDXE5iikXGcp6Ph3QPfs8z/1otxx42eGyDKG4dpYU0sPU8GYzVMz/n/SyH2KxeGMZjYJz5nivLAnkp74qsXeDCpL6Vm9OBP7WdYqugO3qFEdRABLFML8cb8dco7Hpzb/GMznimQSBU5klh5tNRtGFo9QkwtrAlz0n65YQDWEQEw0qPmepFEDE9++FNa9cUjJ4NgB1PULUoG+2mRf+el1SRCg/iDtsQy1pQmUTXWXNTRys+kSg+usomDswTeKl5Ieax/lH/dAG7Sli+PTgOL75WixRx7hMzgO/xjPlN3KGjaBrrXaaACyu1IFoNRq1Omj4lt+/pT/W9h3QiQhvvMRIh; 4:fA68ENnatHpBDbB201ZnadQsRydKrG36GfsfdiJFSw6FnsQFO3pKZUaelbUksIx3doi8/WFL9w7G2z8nhZdXlxKrf8jJkXUPhtUBItRI9rpVHEaCICtint1yXTFtLDwuWYh7crLHOb6VHe2rjLtUuxt20l9ywuhkKtMO9Mc/jQzs32udonM65Bv9btz28WYbaYTiFAsGu73EBgYh8h2RuBH+Ww22d36qUL86/avWiOJiXEj7Lf4wLpqVQXw8Z74ojM+0Y9ZvyU5vSqOZNw6rZw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231254)(944501410)(52105095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:VI1PR08MB2862; BCL:0; PCL:0; RULEID:; SRVR:VI1PR08MB2862; X-Forefront-PRVS: 067553F396 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(366004)(396003)(39850400004)(346002)(39380400002)(376002)(189003)(199004)(8676002)(47776003)(956004)(2616005)(81166006)(81156014)(59450400001)(51416003)(6486002)(6666003)(6916009)(7736002)(486006)(446003)(44832011)(6116002)(3846002)(1076002)(97736004)(11346002)(36756003)(76176011)(476003)(25786009)(53936002)(6512007)(478600001)(86362001)(107886003)(2351001)(106356001)(16586007)(2361001)(386003)(66066001)(2906002)(5660300001)(316002)(68736007)(8936002)(52116002)(50466002)(186003)(48376002)(305945005)(6506007)(50226002)(26005)(6346003)(16526019)(4326008)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR08MB2862; H:localhost.localdomain; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=viktor.prutyanov@virtuozzo.com; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; VI1PR08MB2862; 23:aYFrDIKe3E82sCpTnG9DVnd16sr1DwECn9bPObb3G?= =?us-ascii?Q?6FNJcjGREG2NFH83b/AHwrKA1WuNpVglfsl/n6eEHYB4lCq7lrXHphuDjgob?= =?us-ascii?Q?WS8ZqQ1uNiAaM+4vLTpAYFI3kZ287d0eAKpkW81bSl2Mce/S87bSGtjTBmkB?= =?us-ascii?Q?meylKNr0yy8Ez6MAeLupvkID4Xewq0qEEzIuZb0tyZcKtIeg/gvjcsKkxXaD?= =?us-ascii?Q?1nwiE8YScnJHnxFblC8yeOXKdLritZkJBuyUAda7R40zhOee4JPGrklAqcZV?= =?us-ascii?Q?RvWXvRVbEkSqjaQ9zj3Mv+XKzDCFegs8SC31arBbA22yreS4pcR14OwJ2DHy?= =?us-ascii?Q?49K4tPMfkX4sDH2ysWxbwa6GrLgXleHtVCjgcDZivelCv22fEQWp5sLb1jSI?= =?us-ascii?Q?zTj/BCcBIlVuhqD17T3SlsjeFxcA+JRyy8oCWdXzYwUGpUsTKg757EkRRrAJ?= =?us-ascii?Q?V4pWUstq4HDP9LAG7jWBdioGUDKVEnBhLUn3XMyXviaxqJHUgTTdn4UH8plr?= =?us-ascii?Q?CAbYooTizZdc57/hWL9C/fvDOhis0hBOusHXwhh42I4CzhhWpq+8E5kH+Nlb?= =?us-ascii?Q?ynC7Lx1qpfTJAtaic2sApm41T4KjFnFaJwb7ehQ4PTjEYJc+zuCo+mPrM+X/?= =?us-ascii?Q?NV248FzuNBmunKIv/mqGp+WIjNI6pD5l3HYem90+lwfzgwS2kFwa3hKk3bWT?= =?us-ascii?Q?VH0I2fxaHyWpzztH6r4FLG2a2SfCdnfdYx+WJ/2iYFMzl8jiVKuSENEhGB7X?= =?us-ascii?Q?PIrwt5JMITHZYlcZNbj/LhupahtAbgWvw2oFn5+UrN+rLhhYtrLxNLP74fLt?= =?us-ascii?Q?qvF0oNievypSmNHbcX2DY3EszELfjO86Q5beW1ATECq0rCwmNc0PXZdm2Xqu?= =?us-ascii?Q?fuydWySX67w60dcO0Ofo/v6mcqBnUWRHTCGVcR1XZZurjSWEbGRoi9VXQcpM?= =?us-ascii?Q?9AdECCVL77dL2URMTH2U3lFz3+orZZ7NV5WKvLoEnw3eDh44kznUjkKZYJKf?= =?us-ascii?Q?fuKGrMB6KdZzlU951hkqc3mu0dDUprw4X5rwHTgnv148hfPvCWmISLQtmtRz?= =?us-ascii?Q?TnjQxLBqGj4cduLnUJUqiob+UvR/SDD5MQEQrEuEiEqcFKTYomyJxUBS0+J/?= =?us-ascii?Q?bowBXl3EtRuHXupftb24JNkotnXzNjV6luY75Z5tqz8yqit/hWykCXAtPeYP?= =?us-ascii?Q?IBFmn6qQG4kK8g+ruR1NBPCp26fFsPASS6f4O8D5HjvaYbieI/a74wA16C1x?= =?us-ascii?Q?5PM2J/zL48fGACfHTW7KKCUEKb/O9c38FiLzWupKgj4PcIMR/5sZLlGdjXNk?= =?us-ascii?Q?ePsFJP+H72u55r8G9uWdkp+ewKVKQkTVZ4BuGsXuR0i?= X-Microsoft-Antispam-Message-Info: /w01f2QtsQAwr4H9YiUiXqRrBodlRtRVQNiDpYum4A+ah0gzvCllux+AhLFvpkq7UgeHkqDsLQUcNG0O1qxgq6rHzatnWV0Hw32N7ERM1yAjdURkv7mc3n2lvOd5edaaJ7ERZBOFV9kOZVfeYZtrwk8XXwsVai2fAmNaWEA3LembEbWEZLEE3WlWh3o+ilm7 X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 6:paSiGW1qnY6d/hhJZVLV/el9sYCh0XICaelFZQByevhg2cwMAtHETlMugA2Pu3CPBHAT/LxI7ZHvTFoG8TpA61iJLCiY6Dgi7ke+sJevSYY396vh2F95nqZ3RB6LHZuuZjMWra0+scLKJDtQX2Jaz4CP39nJZ4UzwB4h5ZKQgfM5Dbp58IXa4BYBSseavkLLdCia6/T8h8D0vKLNmRayGgcwyb2IraNfSqY5oqSmN+YUz8KdYybxmykOg2EmZPnCfXSdRviQVoUq3qyCP8F8A0H6RDZvbLPpv2+8ZigCvokw6741r3ZvAD+yhWYVOxLY3GxTQ5I297hV51R/owMD7T9uRQ5ukiQUVu9QCdpZv/YTF/SpAUQZzDcoBWDyA4sV9ztyOnepctd3pFwUXff+wXWzBBHK14Tq9iBuoWjdxHNqsZhFKho9vlARZnbDtxbzNYCWi4TXS2BeynTWOiP5fw==; 5:zAB3iBRRlToy/vfkiBIv3sI7y1Cz1NR+9qtjQKA0/8fAY9DnqJIQxz8hU3VZI8G8Y51rSQPUrf5Tx2lAA9h/3f0qQ0MK/Up9O/ybUT4b3TkrBI7/wpiUSGkfe2BYFvSVNdqsVDiRBeMLn7RphLhvuZp+aUb1HLTqblywGpMOCVw=; 24:M+IWVtO3lUhPRJlRAUhMyBL1ng6Lg5maGnv1SXltzdociZ+QmWFWBEYxfymHcfZS8uWGlAcwknQWQLCQM2d3bX8QD91jLu6aC/rQ34RvLxo= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 7:BBtZmiFuc4r8zw30n5oeAfoPB6eqOErfuCcGSRnifdqK/ThoZl1lTKMb0aVxid7LdiMJm92SI4sGI5nQrr6uJyxU4le7tpbS/4WFoUDVnPMrLr3HIpIIHcvgN4hr0CUfs2JJMQnpz3bbQakyC9HzVNv2ypf8KaNjpChKVwByOW05h4QxcxUHqHD7SRAWrXMmfQVSy9/PaygsF0JWStvwtQDW3TCkoPD+vEEkI8mzU8o3orjemcETtSYXzvtQ1/nK; 20:Ofq3xbGBUlZatDUCapN1da5lklNcxSmeNGNIjKPjSmumwb3shLz7UYPEpfWcfDY6/UAiF0wek4eridX2+fo1P8qLsHPlU6WfR4HPxTzLKzRWThtlnvN2I9Cnv6Wh+QqGeRV4SpEGfYq1lZDPsthNl2ePz/gJAIohQ3Tv70c1k9U= X-MS-Office365-Filtering-Correlation-Id: 1a0e9f62-6182-430a-c938-08d5bc12a2c7 X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2018 16:24:16.3447 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1a0e9f62-6182-430a-c938-08d5bc12a2c7 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2862 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.5.97 Subject: [Qemu-devel] [PATCH 2/4] dump: use system context in Windows dump X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: marcandre.lureau@redhat.com, Viktor Prutyanov , rkagan@virtuozzo.com, armbru@redhat.com, dgilbert@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" We use CPU #0 to access guest virtual memory, but it can execute user thread at that moment. So, switch CR3 to PageDirectoryBase from header and restore original value at the end. Signed-off-by: Viktor Prutyanov --- win_dump.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/win_dump.c b/win_dump.c index 58255c12ee..7d956ca996 100644 --- a/win_dump.c +++ b/win_dump.c @@ -111,12 +111,6 @@ static void patch_header(WinDumpHeader64 *h) h->PhysicalMemoryBlock.unused =3D 0; h->unused1 =3D 0; =20 - /* - * We assume h->DirectoryBase and current CR3 are the same when we acc= ess - * memory by virtual address. In other words, we suppose current conte= xt - * is system context. It is definetely true in case of BSOD. - */ - patch_mm_pfn_database(h, &local_err); if (local_err) { warn_report_err(local_err); @@ -171,6 +165,8 @@ void create_win_dump(DumpState *s, Error **errp) { WinDumpHeader64 *h =3D (WinDumpHeader64 *)(s->guest_note + VMCOREINFO_ELF_NOTE_HDR_SIZE); + X86CPU *first_x86_cpu =3D X86_CPU(first_cpu); + uint64_t saved_cr3 =3D first_x86_cpu->env.cr[3]; Error *local_err =3D NULL; =20 if (s->guest_note_size !=3D sizeof(WinDumpHeader64) + @@ -185,10 +181,17 @@ void create_win_dump(DumpState *s, Error **errp) return; } =20 + /* + * Further access to kernel structures by virtual addresses + * should be made from system context. + */ + + first_x86_cpu->env.cr[3] =3D h->DirectoryTableBase; + check_kdbg(h, &local_err); if (local_err) { error_propagate(errp, local_err); - return; + goto out_cr3; } =20 patch_header(h); @@ -198,12 +201,17 @@ void create_win_dump(DumpState *s, Error **errp) s->written_size =3D qemu_write_full(s->fd, h, sizeof(*h)); if (s->written_size !=3D sizeof(*h)) { error_setg(errp, QERR_IO_ERROR); - return; + goto out_cr3; } =20 write_runs(s, h, &local_err); if (local_err) { error_propagate(errp, local_err); - return; + goto out_cr3; } + +out_cr3: + first_x86_cpu->env.cr[3] =3D saved_cr3; + + return; } --=20 2.14.3 From nobody Fri May 3 05:08:23 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=virtuozzo.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526574379577657.2270392074596; Thu, 17 May 2018 09:26:19 -0700 (PDT) Received: from localhost ([::1]:35368 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLjG-00080d-0f for importer@patchew.org; Thu, 17 May 2018 12:26:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34460) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLhX-0006ab-Jh for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJLhU-0007Jz-Kj for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:23 -0400 Received: from mail-eopbgr50097.outbound.protection.outlook.com ([40.107.5.97]:20608 helo=EUR03-VE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJLhU-0007FD-Cr for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:20 -0400 Received: from localhost.localdomain (93.175.11.132) by VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Thu, 17 May 2018 16:24:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ouU3reyFN/JCwjIFKm/oggICdLCEDOh/b4+BI4CcUXY=; b=DZvoh08lkkXwxc2lM3dEnAAuOJc2aa1BGdQ3DjnloaEAl+A8wT1g0jEoERZo9s8lN3dS9Y8n/LpZg0FxzPAhAtM5QTVvDJQp4xUwP4a5ESS4YKHl5DOmabQSR+nXmMT58AZFZM49fVVQSenjiWDWASLWIPHALAEpwADNiJGHJ4Y= From: Viktor Prutyanov To: qemu-devel@nongnu.org Date: Thu, 17 May 2018 19:23:41 +0300 Message-Id: <20180517162342.4330-4-viktor.prutyanov@virtuozzo.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> References: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> MIME-Version: 1.0 X-Originating-IP: [93.175.11.132] X-ClientProxiedBy: AM0PR06CA0027.eurprd06.prod.outlook.com (2603:10a6:208:ab::40) To VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR08MB2862; X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 3:pX731bMoHjzEbcXmMdT0mlq1QXlqhcu9DbH1wVegX/vLi+HdmREVE7qLEVoXVn37061fWZ2dUA4e7RS73Z3NVw/KAeHZQQZECGmKcfWWKwOKQXBCy/JY86xyt6qxVCR+zVba2JUVI4RWZuV4ZDg88u5k8I0+GnSN72B/UJEXnrMcS4Hw5cuaQVTR+3Pl1FyKJgbVzjmV9qWkxXFgu2kVGAO+aUR7ebzbeE3f0yIWuQqak9hns1OJHSJwIkuOMyR7; 25:JK+IbQfUyG8dVcWyPUiernLMwv5DCRsciWRuvo7FlzC4QjTJSvCIaJrZW3uU10RtmMUQk2pWBy4cuOL6ZQZu5sAXLnrSa1veQ4RkXyF2b2M9u3boi9ivby7uVhRKAk+f+cQVGB+aoD5oUhGBfI4km4PYDzm9Ixr9iu1Vd8kRLffWE6CWUOv3OtTXSbdeFSwJpfySy0S5JwdNGi8qKKFOlm5cdhkChzmPABS9VPfd9bvo2kSo5BMEm+liFmOdokdNZScJkhBAj7NDu9k4Dti03jS5AIxDF6ZfbtgVJ0KRdRs295En2AQ8UiFlDw2eu0e3XZmzGdlsVpZkKbmaOExvAg==; 31:IU24OB8wYejo+DyyMsURghp4xmy/jDHA717pd5mymLGrtLCzpH+T7AqbcV9PP3OQbljIir2Dj90R6Zf7roKgxBKWMG1vGe2PJZW28z9UzKJaEGwuJQeE93pU9d+tfrMb9rUwphE0LbUi8cVUdV5G4U4R1k9fOVAANe9ritLqOryoTVI3pgSNYkAruE4BAb6aO6HzvbpqcLnzvO3egyBe7EoMp9pYgiRR8opY+5M7V/A= X-MS-TrafficTypeDiagnostic: VI1PR08MB2862: X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 20:u4rAtLC9ajwGZ5pgwGEyfcojsYpAYRLieVmeMAxY2hNv4wMa49iagRjzQlAAs900j19DmY68heRjwyDWOrDQlwEIsz5WqKSmt0CisHQB476+I57V+AUqa+i4o/9jp9L6trSLmZB3MJbzWOyLLLDWbMgR/XAkOb8JVLPQGZFDlnHSO2UJP7muwTn0JTxM1e3yzgQfWe1gyulbnGqJ91DqLwzTN/KBjax88F4jDeIkufcl1R+UX2ajWppm4PRSq7UrOLEQoUYWckgaSy1SWhW6aw2oOW9x0gDvY1pUFI5Gsr6M0DI2zVMYABju7GQfMYJcVjhLN921Q16TwgB9p8ialbRaP9Oz9jJ2JUuV/zJskJFslSOITvHrKsA9ubT2juLmX2o8F2czgldCT879PiggpYytVXa1GDv5o8ZvY+aqRXtCQbksjr2DpFpPiyLueomodt61x9tqiqy2+XP+gyGh5IsG6lw60gX7LfRyHulKJ8KkkXK7IzQOyGT5xG1NK0eX; 4:aPmHaDiX1dZScrMn9txoPaU9XCYu2qC5Vklwx88PeTiOS0Wfctni7cBkgMNqoBzn6K6HxSjJp6/PxW0sfsTdPw4UC0VNGj9g72iutzTAjRPMMRT0sgKNo7eNXIKWPcSG0cUNVu6T8cqpLrECSamz6wBlIBdVu5irGvVM/09t1m0N+ppYTWk97DmTYNk0h5ZMr5enQ8xKhdsoI82H3xkwk0Y2FWUSaCQxOS+jLfzRu6ltLm/Z4c424ynvVBy34viTtcddFB7r4a2TkUfALd431g== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231254)(944501410)(52105095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:VI1PR08MB2862; BCL:0; PCL:0; RULEID:; SRVR:VI1PR08MB2862; X-Forefront-PRVS: 067553F396 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(366004)(396003)(39850400004)(346002)(39380400002)(376002)(189003)(199004)(8676002)(47776003)(956004)(2616005)(81166006)(81156014)(51416003)(6486002)(6666003)(6916009)(7736002)(486006)(446003)(44832011)(6116002)(3846002)(1076002)(97736004)(11346002)(36756003)(76176011)(476003)(25786009)(53936002)(6512007)(478600001)(86362001)(107886003)(2351001)(106356001)(16586007)(2361001)(386003)(66066001)(2906002)(5660300001)(316002)(68736007)(8936002)(52116002)(50466002)(186003)(48376002)(305945005)(6506007)(50226002)(26005)(6346003)(16526019)(4326008)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR08MB2862; H:localhost.localdomain; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=viktor.prutyanov@virtuozzo.com; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; VI1PR08MB2862; 23:jeolvyYXHcRFeCMDb5AcKw0maQk0tium/htBUgilA?= =?us-ascii?Q?MCK5knBgrIUQNsf/L9NI86lz8Llo5QFH9KGojpwTuhe2Q3chKJvrAQIIgcRT?= =?us-ascii?Q?/dmF7lM2E4o56beCvOY+GwZigvQGLnLlpTqkCU2y6NJ2ZBQjG35cA7DUWqAg?= =?us-ascii?Q?GSJIJJ6Ra8Mic80+z477aeWncXMSwEOTcc3CQVqZRra/XTKr5YBthl8BCvJf?= =?us-ascii?Q?6oocS9RGIWV/18YLAlx6WqMjGLOyD3F/bY8mrsA7GnrgWEYQVs6gVN04hqz8?= =?us-ascii?Q?frbaQW9C3DLdpwnAY+6UqWywVlux9e7Jt8iGTX5OfuMCUPMmGcR22b/a60eJ?= =?us-ascii?Q?NwHWDfa27YH+TJoJMcoVG9Xkm32UpbMtA/ayLIkmHdLAJwUGREM1CrE0OTqx?= =?us-ascii?Q?vNntX7izD9hO0FyzZj/KQ/C6Q8D3htpAoZZMxPcIL++RAHUDZixBSqgXfymM?= =?us-ascii?Q?EadXHaYRH/DF5QST8nAafSZydh8gGEtB3/+djKl5t54MPzsexfw0KrMm7agj?= =?us-ascii?Q?D9Cvi94gYZYT8031jU6Y4cet+iWBcmXeCWajPUGYooI5/vNqKhbyzqb52Kpb?= =?us-ascii?Q?uMS/Bagc64/MaQk7KKjhOCJ2QlYakQvyjB75VYqUl/4CwV8OWYGplPFshior?= =?us-ascii?Q?32CUOaTnNihvlmi0xajbT26ACw/Eq6rCqX0S31ImzmBhR6ar2IwWiqZb/AgJ?= =?us-ascii?Q?WvqCGpviIIHq5UGjbJ0jWz//OIS+87hbO0e4xa8o7A6Ugb6ffnkYMWonzruk?= =?us-ascii?Q?Hg6kzB4X75YF2e2PGYVCmJ8rgADxpmm1jFL41GpFHncJNPyeHHxYXibQT9G8?= =?us-ascii?Q?alJtpfUH3JoUu31oCDHWHq17b5WOXna/2FgKI/CkDqVOV6/7vI8gxbvozVCr?= =?us-ascii?Q?UjxHB5doO+yBjb7ymJhas9F9X9DDSLy7f0ypqqcT600wP3Bmcxyz4IFOTvNp?= =?us-ascii?Q?Xj1KyFszNR5BMfl8D/qj4nX7sn+OP6GPhreGojPch97q/7oQ15kTs59p7nLc?= =?us-ascii?Q?52MME0bKYQ+tsnee+sIWFPisvYdjRqpv/RENz4vZ9ZUJnfOZfAUS3+/DoO05?= =?us-ascii?Q?/8Nrj7/cW02YUyxXqxZq7KABLTj7v+8y6ECN6+b1jX8/zQUsjWTmWx+W2rMV?= =?us-ascii?Q?1K6mnmB2Q2CvTMvBdYgFwaNqx8XL9Jl9ccOQ72rHPArWo8OKxOPLw1JQmRCc?= =?us-ascii?Q?ybs9bXfqR4Z5st57p03UaxXw/oWeIKeogOpmq66TTieEgynP4IK/Y7db0Bfq?= =?us-ascii?Q?rMZWNBZbqgf1nWT6pKwX9SFtp92Ccq+q5C3LR5nXjqyQOuTVgzf040xPf/9F?= =?us-ascii?Q?GdlCOyUAug3D7l07nyBy7E=3D?= X-Microsoft-Antispam-Message-Info: CvUXsJ64KEcSw/vE6GPrs143N068cXsJZtYyx1aCpCOktcM4Wj+LWS/YEhWPa7MLDDSMP+qXhIU9dwERFLeoAxFW/ce+b2aNXKVpL0CGStGvYY51gU7W1C3Ljg0wGoPZGR27M8h+Ga51Q2z1qDo5SWYj2xE629dIPoZ6iyoIHpQ94L3DtORzIJi69hVHELYn X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 6:UqHh/799PhiBZleDyEnbOVCeimvvrPQTCFDygHPsfDmGlakwSv5DttywTDF9sx3gHsc3Bz3F83CY2w7Ws7gvM5tIAGDIeNYZ14YVL6Xi5m71voyAs+0Ga3S5brSYRYDq9p1IoZ5V9YrfZAT0P2ns0353Db1kvFBo60AI9jgXPnKAuzvj2xfFyFOI0LXUSAYPXnZJSVrGs2uleKl5S2bcrUr4tLguHRPJnToUhW+3XfIANkUiJXULplfkG4F3y2rPl+dBp+MbLXmjV8oCsVYiY941VQQRNOVqViXQs/0Ga04WsbS+eNDs3PH/KGiQmklrsuEylurlTtK2LEQMCbpI60enA78hpmuQQ4JReqjXaB0vnXkp2OOYuXgVae9SEB0eyYrj03jqQxqIsvv96kpeoC0r4g+38S0SGcms0CcCbdQQ1e58RUy67D+LTeZUQsPqg1+708H/I7EW7nZEkTRObw==; 5:zIODTuRFlEFY5wzPfEfhJLJks9HT+hCizcfJK2/570hM19d8oRhDuyv2ILSVKLXlL/n3RxLrg8JKEwF5HaJ0U94Tt/LWgdtQHI24njYfs4okyUsgI7YONTBsL7oTijILKbAsxgSbZ0D9qiJ7ugvsyEgsvXsTD4vvdErAhltaoQI=; 24:0qJIrf66Nij/dHvnlRS59RvJkO0332Ddl4p4nBV6TgQxjNxNuav1wHA6u5P2uHFriN5vyqYjeBNHF7+kFhHgtUnW51QhVP1CCuE9y7b+wo8= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 7:Lqj+tFUYOmJAY8x/lYDKE+ijNWKhOoWwI4kIPRUDIDaSibj6SbIeR9hAhyFyymBfmfd6NNxH887ax0ritk3l5cFA4R2iSOpUVDlZgAPtZi7glF49KaAVKwj69nthePESemzK+h1XPKt7w3jfxLNWVNqP7qrom5zIVkrjCd6qdpZGJjwW/ao1aoigK1+YQT9fUTNOJQ3fsD6GQ+1IWyJARXYuNQEZeBbQb62KieHC8PJVoE4vEtjpbf+6F8CCgT1w; 20:tvdWmRoeLWWct3AxcUNX3h7SUTvloEL8vwIU8JqwaVUuAl3PI4Qp/Cox+D2OUBkYeHKcZywGh8Q01I9Srr+Vv4jkWMrM3y56mg5yws/oAKMTUtpy6a0SwkgydIUINlnybhix/z89/QiHoVH45U5My5nRyCVq4nCnTVlxQk00TIA= X-MS-Office365-Filtering-Correlation-Id: d43ebfd4-528b-4de7-4d1e-08d5bc12a34d X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2018 16:24:17.2197 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d43ebfd4-528b-4de7-4d1e-08d5bc12a34d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2862 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.5.97 Subject: [Qemu-devel] [PATCH 3/4] dump: add fallback KDBG using in Windows dump X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: marcandre.lureau@redhat.com, Viktor Prutyanov , rkagan@virtuozzo.com, armbru@redhat.com, dgilbert@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" KdDebuggerDataBlock may be encrypted in guest memory and dump will be useless in this case. But guest driver can obtain decrypted KDBG and expose its address through BugcheckParameter1 field in raw header. After this patch, QEMU will be able to use fallback KdDebuggerDataBlock. Signed-off-by: Viktor Prutyanov --- win_dump.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/win_dump.c b/win_dump.c index 7d956ca996..2d9afb514e 100644 --- a/win_dump.c +++ b/win_dump.c @@ -144,21 +144,37 @@ static void check_kdbg(WinDumpHeader64 *h, Error **er= rp) { const char OwnerTag[] =3D "KDBG"; char read_OwnerTag[4]; + uint64_t KdDebuggerDataBlock =3D h->KdDebuggerDataBlock; + bool try_fallback =3D true; =20 +try_again: if (cpu_memory_rw_debug(first_cpu, - h->KdDebuggerDataBlock + KDBG_OWNER_TAG_OFFSET64, + KdDebuggerDataBlock + KDBG_OWNER_TAG_OFFSET64, (uint8_t *)&read_OwnerTag, sizeof(read_OwnerTag), 0)) { error_setg(errp, "win-dump: failed to read OwnerTag"); return; } =20 if (memcmp(read_OwnerTag, OwnerTag, sizeof(read_OwnerTag))) { - error_setg(errp, "win-dump: invalid KDBG OwnerTag," - " expected '%.4s', got '%.4s'," - " KdDebuggerDataBlock seems to be encrypted", - OwnerTag, read_OwnerTag); - return; + if (try_fallback) { + /* + * If attempt to use original KDBG failed + * (most likely because of its encryption), + * we try to use KDBG obtained by guest driver. + */ + + KdDebuggerDataBlock =3D h->BugcheckParameter1; + try_fallback =3D false; + goto try_again; + } else { + error_setg(errp, "win-dump: invalid KDBG OwnerTag," + " expected '%.4s', got '%.4s'", + OwnerTag, read_OwnerTag); + return; + } } + + h->KdDebuggerDataBlock =3D KdDebuggerDataBlock; } =20 void create_win_dump(DumpState *s, Error **errp) --=20 2.14.3 From nobody Fri May 3 05:08:23 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=virtuozzo.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526574504039831.595818330856; Thu, 17 May 2018 09:28:24 -0700 (PDT) Received: from localhost ([::1]:35441 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLlP-0001dc-33 for importer@patchew.org; Thu, 17 May 2018 12:28:23 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34455) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJLhX-0006aX-Is for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJLhU-0007KR-VV for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:23 -0400 Received: from mail-eopbgr50097.outbound.protection.outlook.com ([40.107.5.97]:20608 helo=EUR03-VE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJLhU-0007FD-Og for qemu-devel@nongnu.org; Thu, 17 May 2018 12:24:20 -0400 Received: from localhost.localdomain (93.175.11.132) by VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Thu, 17 May 2018 16:24:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a2/DVcFwbpKTSI8cYSpaeUQNb0ARAELMlcRY9Eg1C7g=; b=MaahivIqlgvMJTscTlvJ3Yum0e1BXjlbV0YI5NwrRqt5wwRCBewQSbdh04y0AIU69ebMFwLr7Y1euUxxm5FpuIM7kdrBS9dupPlhTk3F00/BIEQ6+Cl2rOIOquoFs6p+g2JocHcrRfbQ6x+6V9GkFoTZgvQJFwvNsbaSL3WM7ew= From: Viktor Prutyanov To: qemu-devel@nongnu.org Date: Thu, 17 May 2018 19:23:42 +0300 Message-Id: <20180517162342.4330-5-viktor.prutyanov@virtuozzo.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> References: <20180517162342.4330-1-viktor.prutyanov@virtuozzo.com> MIME-Version: 1.0 X-Originating-IP: [93.175.11.132] X-ClientProxiedBy: AM0PR06CA0027.eurprd06.prod.outlook.com (2603:10a6:208:ab::40) To VI1PR08MB2862.eurprd08.prod.outlook.com (2603:10a6:802:1f::10) X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR08MB2862; X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 3:RdtuOlnZ9J6dEjXGvUv7+feOK+gD26B6sDSCd8UlyFqCS4egySOkuTKAdzHl8V9a/IOGi1u3iXn7i1w0q542P4WSNukJQt/NgRF0Rk24ILhW9lUuNeMCX1wYfjlqE991GWTuXZj+UPCGtz91E9hrWQn5kgIb6NRT74Oiy8RjHNTpUCkx8DOJS3grJCBseQRZPVFb3dnL48um2qaJT1W4K+LHC76FsiwbWKMYmHUSqtbfmrhcUbsgsjYpXArPixwZ; 25:x7ii1dKvDGqAmZC0aLfMps5qejFkofdU1pPNP0e9ppGWW0Pc0rFTjEIjkswtQBwDUiaG13lkK/IkxzPcbw1Rh+ECy6aLOzEQ/OZYMiLHPfeFKeK2o3KCCVRpL4H6/Cxo13DwOSFzYCoGsK3IIQp1Y79obwcERY9uuQ/mbaUPn2W1ib7MWvlWHZrf/926q5v2GxNhk4Dd3hgtmj0PpIYaDyWRz8J7xNbv3mUrCVktxKQuoxmb5J8zvDnmSDI3SadLz50Udu2XaYnQYll1YW4NH1sCSDiqi6HNP6qQFrRiU0TumdiUd4w3KMx6PmmultO6cArFY5EL/ZaZTpSWyp1eZQ==; 31:T9VkooewutSpp5v3bwiu7fpQxkHKNxfYBYk5EkaCAsuXZ0LQRlvxoj77WQqPq0+RiII9XqY0vOyeoX4aknKfAwVslPjopRkLi9hK/nl35u08yVoEZj6ntUkBmANehR70JTxezfIAelEp+BJ6Fwd+5kTs2FeBnkErR8DAftbXggJ0htoKv1xAEQ1mSGHTXaMq6WPkE5921BUdCh5d0SsOWvH22veXdz8GyM+dqEJxcFE= X-MS-TrafficTypeDiagnostic: VI1PR08MB2862: X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 20:0+xLeBDULtTsG2OB7TlB8fSuRP1HJky49LxNz4yEhYhTu7XGv9JyJf8bObirjdDO0TWYG5HfLHEHTHzsMWtElHPmriaRygiOXdU1H14wkJfilgktbPP1DWd33Q2IIFK/m43B55x6N9Z0tin+4XxPv9ha6YeFnaJ4bUd/69zodUR6jQLRXht3LZKazo6I8Sbu4fzcKoP0ok0c2k9JV2MjyGpF8qvVyqiIFSVYyME4zCt7hQnSTON7MZGW1mlHbU1FjfCnXAWNFvvrvDR5WoN2smyT0GNSGi9OcAR/lJZRFaewo8DvUdQ+bN18eO71iXNBWfkOwfAm1lDtkaNVap23QeiIwMT2RNtoXghRHqkPgTctuew/LEb30f4QiCR/pdAH7IkBN5aNuI5bsre0tBothERWg2ad398GvfUfOZfAo2IRzLoJZzLClMzT1ajQc9uw0lVjD4tZDvu1mmE4ZiZLkDRjX/C+jCuHtRn+VTT7w6sbxjXb5SDkUTZA1bFx4hcl; 4:17CKytNUZWNp/AfQy4EgELuVTwppa3MT2CBFbccZm2F195jEj+ntv7unlFYYyT+s18aA3ur0SLhGIwyuz/GJZuyoEQ2IfEHU1ikXcp23pU7Py72yC9Igp8HE0QOe9DWn9Sgp/o1rI0C3Yp5uOJKVQzjpl2HOfQpeibI3aMUDHCG1j66yQjvRnSW/aC5qbFkwsTI7PE0oHBAV42NOgjQJ5LfhW2GHuXV3YKDSRWqPjSm/wR+6l1c2to8uE+KnWRW6Zy0DnG8YNyyxZfVNdCV+o9xTpDPhNVaBlByNd38hiyfpqRjNX9cZjBOJkDpIRwvS X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(6846125436962); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231254)(944501410)(52105095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:VI1PR08MB2862; BCL:0; PCL:0; RULEID:; SRVR:VI1PR08MB2862; X-Forefront-PRVS: 067553F396 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(366004)(396003)(39850400004)(346002)(39380400002)(376002)(189003)(199004)(8676002)(47776003)(956004)(2616005)(81166006)(81156014)(59450400001)(51416003)(6486002)(6666003)(6916009)(7736002)(486006)(446003)(44832011)(6116002)(3846002)(1076002)(97736004)(11346002)(36756003)(76176011)(476003)(25786009)(53936002)(6512007)(478600001)(86362001)(107886003)(2351001)(106356001)(16586007)(2361001)(386003)(66066001)(2906002)(5660300001)(316002)(68736007)(8936002)(52116002)(50466002)(186003)(48376002)(305945005)(6506007)(50226002)(26005)(6346003)(16526019)(4326008)(105586002); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR08MB2862; H:localhost.localdomain; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=viktor.prutyanov@virtuozzo.com; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; VI1PR08MB2862; 23:BcqKkjfrxb5LkjVI7KKqKX+57WdR7amKG+F1/MLxW?= =?us-ascii?Q?okpS/gjDkqCEngxMKZjF+WcabTCml5qSaCSGozfOSV3WPGnLQSwc6EmR4dZR?= =?us-ascii?Q?24nmmdIqfEyMYNshtAg19ICHwimENKtmHlg2NLIM+wreCx36gCYk75szi3qk?= =?us-ascii?Q?8CJOm6kHC03JpV0XSjJmjdb2I0Fr+j1NiQxvDwYpkkMcqM+SRj/UsCwVPEUu?= =?us-ascii?Q?fieHkzxZfCyiihhWOq89/mHSSBJ72ybPGbbxbIXxJZ2Ye8fV6iI0RVrJAf8B?= =?us-ascii?Q?icnf7U3QIX6g030XhBWjxIZyfUdXO/kNWSkUzXblUdJ3xwmrBV1Hm51C7jKl?= =?us-ascii?Q?wI6QOOXudE9EqWmFYyx3e1c2QgWRYWQsvNpUkRnrdRaUMOUvYyDJONmhpQxz?= =?us-ascii?Q?BfmRr1b4p7c74oYEDTlYcBrjbmxTo2lx6r8PwpGs1/V8Qs4N7jjdwZrQCZZJ?= =?us-ascii?Q?msHAr8QUMVt9pPGxoZn+TyEHIEkM71MHKZ7KsD4PRJfXRkwZPKFpRJREWi/q?= =?us-ascii?Q?Puygf1NnfbkZN1RfbKCG0WHWlLoQJHPfU76dSc1r25GMZprnMVLek5cjtRvz?= =?us-ascii?Q?APQ7Mju1u22VhWcHZTaMTbkMq+HOK3oI8W2Np6b81eKzLRUCg9w4LPGKCbTW?= =?us-ascii?Q?ngMH+nAAjngHEg8Z7ol3MJ6xzXTRy+Q4M5KZlDKOxFK9anX/nV6qYsVewAOz?= =?us-ascii?Q?B//Xwx5MAQFHxCgzCu2XegS5Pe3uaLTloaA5+JTbg4S9pxeXFGUZ24FWipkK?= =?us-ascii?Q?PRry25GWEEaErT4AHqty6Ddslt8LT07eg/lVwIc0vs8pwkopk8/h27iyLkqO?= =?us-ascii?Q?wTvVI1NZ2Q9OX0M9ibYJPRKjYX+NY8iilON6kqkd1UVXN875f0Jpb3QiaG1z?= =?us-ascii?Q?VrgEhysawx3Soy1jMFMsqbay0za6LhzGxnxfPV6jkv97xPdi36y+RTIUFjvb?= =?us-ascii?Q?s6k7FIqbeK7axE6WIUGXRa+SblxUnbmsVYJ8s/mODIeGSHtkfmEy0mDRMoAW?= =?us-ascii?Q?tu99/szNm/0PFxk7QfY9J7bNRY/SnA9zVkvs9KAylfHLsBUndrTnuAwfUsgO?= =?us-ascii?Q?O01mmFHCYMaVrwPJue8c/M6aEvfQKnJIj94sLW/EHzd2RZdWCCNY9QfAlmGi?= =?us-ascii?Q?N7DpNc7D6ojHklSYsKyJ+JMK1EKAi/uJMHgyFXrEVznCeAwaS7QVBEX7zYLb?= =?us-ascii?Q?KX+4O77/LwsME4HpX4L8zKk7WF/Zf9m8lxOL6ALfXvPks1dqRVnTZjlaQOeG?= =?us-ascii?Q?zs4szocu3Eze3RHDnXM2TniclmyxhrVLwXBFtqjTxlrowIJVWSezaTZkYxKU?= =?us-ascii?Q?wuXqNZ3SKjeSAIf89Ts661gBwEBCKFy5u4vHJsI+Uzt?= X-Microsoft-Antispam-Message-Info: 2/kP/7aZVv8P6UNp31Rpo3uoWa/Qt4Eh2kxOll9fC07PlGeEo7nzrwEeb2ANaeJYFYhXrPY25KNzDnzMs9smVpUPs0iaXjh/dGolrSROMvFCqe8QvX8xMNZvmSud9MvoX900uHM39Qj4sYqLNOJ2nSHmK55htWJRFiyTgXJyzxPn1Pu6UIwfv7h80YMVsci4 X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 6:yJ3l7B4uqY4f7N0eUdPBO0poHUWVjSUJUz3Mgfni8rZ+ZXXtjNj2UObw7zvXoCr6oYGiGVwVvegtumg/Zdlo65sFq+Uq9E4aO5tN15RbjAeQvfBBTli2xtroLlk3qscJ1xEpXLMVoFfPt61ePG/ZWXcOQSpraro81GZVBVz+1FMMUzuFRnZRLwBovN4k1a1440qmSJALXMO0lejLH32Cyx28izKeBdranQzODDvmBDpVXCDF5XqbfGgdRZErFICW7Zyg7VR1sw9GIysUd2aN5O0YaWgZ3jkDNBdn3n/5ctxl2CY1YUiCK1BgzeZc8B4L94ZLmQDLitKn5BMzdbTGRXITrx8k5jfngMQpeI74z2D409q4r++4bj6cNhIjdhBXLAOKByGGi6gqFYcM2OVPKbm2mMNw+Z/MrfkDFbLcSgKGPTbno3kvboXBc4aPVC8puhYXbN4XHQ/CndjOO63T9w==; 5:CwQNT1dAp1anxp13YgzgQWr3qYFKCT4mmHx1rhkJuT6XqDchcY3k6IthkpNW6SdAah0fBhnDKw2bUvZwhGvyP4ncbn2Zo+uMFZ3/H+aXfbdzdRs9vodSunuIHiG6ycFy8rmjWQx+colciquqrD+JXDLP7JdYxgx4PdcxXnqegBU=; 24:sqthBL9eqY8DLSiolcHOlltkublz2SBIrEMd1myb5MtmBGAFcWUFnAo6HXurUTF84qrt6/pmIRg8qbxb8ff1ORh1oAG4winp+/DqmFLKlAI= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; VI1PR08MB2862; 7:6SSRshPyTgcErARLtT7bBIjk2YugAKl+ZD/InXiU/O3zLecQhuPFkSaFjYwG/ZCJYvic48FCwmqPWiZB46b68tKCZ4EeoL3p0MY2LG/ZtYTsLJ8fhs1Hiqi9PIdwjj/gDq5/5YWBeKSynJKmwvNjRll9KAUwFPx0ktPgVdZnSSbabxEgp6NX0WxOLtR77LOOghSYe2qEl1XHtVDYDZ++DaZZn6+HqrHHdljGnMIpKXBV2io+oHVUjY+OyqU93uyG; 20:EwYC48m05NMtZw+3Rkl3SumalZ7lP/3TJujPM0EfXg0qEAJcYIY1kicZR65TC790UbX9Is+AHl0rbAKTkN62RPl95gDqPkhz1iDxCM0zDxWCjM+LwTNhtQ1YeBhp83xAQ9U1E/yH1j81XbpEGn1ty6iXP6viQof5dNR85NmFyOc= X-MS-Office365-Filtering-Correlation-Id: 7f13362b-af3c-4cab-95bd-08d5bc12a3d7 X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2018 16:24:18.1103 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7f13362b-af3c-4cab-95bd-08d5bc12a3d7 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2862 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.5.97 Subject: [Qemu-devel] [PATCH 4/4] dump: add Windows live system dump X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: marcandre.lureau@redhat.com, Viktor Prutyanov , rkagan@virtuozzo.com, armbru@redhat.com, dgilbert@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Unlike dying Windows, live system memory doesn't contain correct register contexts. But they can be populated with QEMU register values. After this patch, QEMU will be able to produce guest Windows live system dump. Signed-off-by: Viktor Prutyanov --- win_dump.c | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++- win_dump.h | 95 +++++++++++++++++++++++++++++++++++-- 2 files changed, 246 insertions(+), 5 deletions(-) diff --git a/win_dump.c b/win_dump.c index 2d9afb514e..b15c191ad7 100644 --- a/win_dump.c +++ b/win_dump.c @@ -97,6 +97,14 @@ static void patch_bugcheck_data(WinDumpHeader64 *h, Erro= r **errp) error_setg(errp, "win-dump: failed to read bugcheck data"); return; } + + /* + * If BugcheckCode wasn't saved, we consider guest OS as alive. + */ + + if (!h->BugcheckCode) { + h->BugcheckCode =3D LIVE_SYSTEM_DUMP; + } } =20 /* @@ -177,12 +185,139 @@ try_again: h->KdDebuggerDataBlock =3D KdDebuggerDataBlock; } =20 +struct saved_context { + WinContext ctx; + uint64_t addr; +}; + +static void patch_and_save_context(WinDumpHeader64 *h, + struct saved_context *saved_ctx, + Error **errp) +{ + uint64_t KiProcessorBlock; + uint16_t OffsetPrcbContext; + CPUState *cpu; + int i =3D 0; + + if (cpu_memory_rw_debug(first_cpu, + h->KdDebuggerDataBlock + KDBG_KI_PROCESSOR_BLOCK_OFFSET64, + (uint8_t *)&KiProcessorBlock, sizeof(KiProcessorBlock), 0)) { + error_setg(errp, "win-dump: failed to read KiProcessorBlock"); + return; + } + + if (cpu_memory_rw_debug(first_cpu, + h->KdDebuggerDataBlock + KDBG_OFFSET_PRCB_CONTEXT_OFFSET64, + (uint8_t *)&OffsetPrcbContext, sizeof(OffsetPrcbContext), 0)) { + error_setg(errp, "win-dump: failed to read OffsetPrcbContext"); + return; + } + + CPU_FOREACH(cpu) { + X86CPU *x86_cpu =3D X86_CPU(cpu); + CPUX86State *env =3D &x86_cpu->env; + uint64_t Prcb; + uint64_t Context; + WinContext ctx; + + if (cpu_memory_rw_debug(first_cpu, + KiProcessorBlock + i * sizeof(uint64_t), + (uint8_t *)&Prcb, sizeof(Prcb), 0)) { + error_setg(errp, "win-dump: failed to read" + " CPU #%d PRCB location", i); + return; + } + + if (cpu_memory_rw_debug(first_cpu, + Prcb + OffsetPrcbContext, + (uint8_t *)&Context, sizeof(Context), 0)) { + error_setg(errp, "win-dump: failed to read" + " CPU #%d ContextFrame location", i); + return; + } + + saved_ctx[i].addr =3D Context; + + ctx =3D (WinContext){ + .ContextFlags =3D WIN_CTX_ALL, + .MxCsr =3D env->mxcsr, + + .SegEs =3D env->segs[0].selector, + .SegCs =3D env->segs[1].selector, + .SegSs =3D env->segs[2].selector, + .SegDs =3D env->segs[3].selector, + .SegFs =3D env->segs[4].selector, + .SegGs =3D env->segs[5].selector, + .EFlags =3D cpu_compute_eflags(env), + + .Dr0 =3D env->dr[0], + .Dr1 =3D env->dr[1], + .Dr2 =3D env->dr[2], + .Dr3 =3D env->dr[3], + .Dr6 =3D env->dr[6], + .Dr7 =3D env->dr[7], + + .Rax =3D env->regs[R_EAX], + .Rbx =3D env->regs[R_EBX], + .Rcx =3D env->regs[R_ECX], + .Rdx =3D env->regs[R_EDX], + .Rsp =3D env->regs[R_ESP], + .Rbp =3D env->regs[R_EBP], + .Rsi =3D env->regs[R_ESI], + .Rdi =3D env->regs[R_EDI], + .R8 =3D env->regs[8], + .R9 =3D env->regs[9], + .R10 =3D env->regs[10], + .R11 =3D env->regs[11], + .R12 =3D env->regs[12], + .R13 =3D env->regs[13], + .R14 =3D env->regs[14], + .R15 =3D env->regs[15], + + .Rip =3D env->eip, + .FltSave =3D { + .MxCsr =3D env->mxcsr, + }, + }; + + if (cpu_memory_rw_debug(first_cpu, Context, + (uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 0)) { + error_setg(errp, "win-dump: failed to save CPU #%d context", i= ); + return; + } + + if (cpu_memory_rw_debug(first_cpu, Context, + (uint8_t *)&ctx, sizeof(WinContext), 1)) { + error_setg(errp, "win-dump: failed to write CPU #%d context", = i); + return; + } + + i++; + } +} + +static void restore_context(WinDumpHeader64 *h, + struct saved_context *saved_ctx) +{ + int i; + Error *err =3D NULL; + + for (i =3D 0; i < h->NumberProcessors; i++) { + if (cpu_memory_rw_debug(first_cpu, saved_ctx[i].addr, + (uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 1)) { + error_setg(&err, "win-dump: failed to restore CPU #%d context"= , i); + warn_report_err(err); + } + } +} + void create_win_dump(DumpState *s, Error **errp) { WinDumpHeader64 *h =3D (WinDumpHeader64 *)(s->guest_note + VMCOREINFO_ELF_NOTE_HDR_SIZE); X86CPU *first_x86_cpu =3D X86_CPU(first_cpu); uint64_t saved_cr3 =3D first_x86_cpu->env.cr[3]; + struct saved_context *saved_ctx =3D NULL; Error *local_err =3D NULL; =20 if (s->guest_note_size !=3D sizeof(WinDumpHeader64) + @@ -212,20 +347,37 @@ void create_win_dump(DumpState *s, Error **errp) =20 patch_header(h); =20 + saved_ctx =3D g_new(struct saved_context, h->NumberProcessors); + + /* + * Always patch context because there is no way + * to determine if the system-saved context is valid + */ + + patch_and_save_context(h, saved_ctx, &local_err); + if (local_err) { + error_propagate(errp, local_err); + goto out_free; + } + s->total_size =3D h->RequiredDumpSpace; =20 s->written_size =3D qemu_write_full(s->fd, h, sizeof(*h)); if (s->written_size !=3D sizeof(*h)) { error_setg(errp, QERR_IO_ERROR); - goto out_cr3; + goto out_restore; } =20 write_runs(s, h, &local_err); if (local_err) { error_propagate(errp, local_err); - goto out_cr3; + goto out_restore; } =20 +out_restore: + restore_context(h, saved_ctx); +out_free: + g_free(saved_ctx); out_cr3: first_x86_cpu->env.cr[3] =3D saved_cr3; =20 diff --git a/win_dump.h b/win_dump.h index 281241881e..f9e1faf8eb 100644 --- a/win_dump.h +++ b/win_dump.h @@ -80,8 +80,97 @@ typedef struct WinDumpHeader64 { =20 void create_win_dump(DumpState *s, Error **errp); =20 -#define KDBG_OWNER_TAG_OFFSET64 0x10 -#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 -#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 +#define KDBG_OWNER_TAG_OFFSET64 0x10 +#define KDBG_MM_PFN_DATABASE_OFFSET64 0xC0 +#define KDBG_KI_BUGCHECK_DATA_OFFSET64 0x88 +#define KDBG_KI_PROCESSOR_BLOCK_OFFSET64 0x218 +#define KDBG_OFFSET_PRCB_CONTEXT_OFFSET64 0x338 =20 #define VMCOREINFO_ELF_NOTE_HDR_SIZE 24 + +#define WIN_CTX_X64 0x00100000L + +#define WIN_CTX_CTL 0x00000001L +#define WIN_CTX_INT 0x00000002L +#define WIN_CTX_SEG 0x00000004L +#define WIN_CTX_FP 0x00000008L +#define WIN_CTX_DBG 0x00000010L + +#define WIN_CTX_FULL (WIN_CTX_X64 | WIN_CTX_CTL | WIN_CTX_INT | WIN_CTX= _FP) +#define WIN_CTX_ALL (WIN_CTX_FULL | WIN_CTX_SEG | WIN_CTX_DBG) + +#define LIVE_SYSTEM_DUMP 0x00000161 + +typedef struct WinM128A { + uint64_t low; + int64_t high; +} QEMU_ALIGNED(16) WinM128A; + +typedef struct WinContext { + uint64_t PHome[6]; + + uint32_t ContextFlags; + uint32_t MxCsr; + + uint16_t SegCs; + uint16_t SegDs; + uint16_t SegEs; + uint16_t SegFs; + uint16_t SegGs; + uint16_t SegSs; + uint32_t EFlags; + + uint64_t Dr0; + uint64_t Dr1; + uint64_t Dr2; + uint64_t Dr3; + uint64_t Dr6; + uint64_t Dr7; + + uint64_t Rax; + uint64_t Rcx; + uint64_t Rdx; + uint64_t Rbx; + uint64_t Rsp; + uint64_t Rbp; + uint64_t Rsi; + uint64_t Rdi; + uint64_t R8; + uint64_t R9; + uint64_t R10; + uint64_t R11; + uint64_t R12; + uint64_t R13; + uint64_t R14; + uint64_t R15; + + uint64_t Rip; + + struct { + uint16_t ControlWord; + uint16_t StatusWord; + uint8_t TagWord; + uint8_t Reserved1; + uint16_t ErrorOpcode; + uint32_t ErrorOffset; + uint16_t ErrorSelector; + uint16_t Reserved2; + uint32_t DataOffset; + uint16_t DataSelector; + uint16_t Reserved3; + uint32_t MxCsr; + uint32_t MxCsr_Mask; + WinM128A FloatRegisters[8]; + WinM128A XmmRegisters[16]; + uint8_t Reserved4[96]; + } FltSave; + + WinM128A VectorRegister[26]; + uint64_t VectorControl; + + uint64_t DebugControl; + uint64_t LastBranchToRip; + uint64_t LastBranchFromRip; + uint64_t LastExceptionToRip; + uint64_t LastExceptionFromRip; +} QEMU_ALIGNED(16) WinContext; --=20 2.14.3