From nobody Tue Nov  4 15:31:25 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 15302185714781016.1964894209976;
 Thu, 28 Jun 2018 13:42:51 -0700 (PDT)
Received: from localhost ([::1]:38484 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fYdkg-0004tn-Gi
	for importer@patchew.org; Thu, 28 Jun 2018 16:42:50 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38473)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1fYdBB-0007tf-5h
	for qemu-devel@nongnu.org; Thu, 28 Jun 2018 16:06:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1fYdBA-0001Oc-78
	for qemu-devel@nongnu.org; Thu, 28 Jun 2018 16:06:09 -0400
Received: from mail-wr0-x243.google.com ([2a00:1450:400c:c0c::243]:38583)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <paolo.bonzini@gmail.com>)
	id 1fYdBA-0001Li-0j
	for qemu-devel@nongnu.org; Thu, 28 Jun 2018 16:06:08 -0400
Received: by mail-wr0-x243.google.com with SMTP id e18-v6so6692293wrs.5
	for <qemu-devel@nongnu.org>; Thu, 28 Jun 2018 13:06:07 -0700 (PDT)
Received: from 640k.lan ([82.84.124.111]) by smtp.gmail.com with ESMTPSA id
	127-v6sm6211110wmd.18.2018.06.28.13.06.06
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 28 Jun 2018 13:06:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=YmiUtSDzsLXe4lgYznzawmq90OdH7hPnhbdZR6+GcLM=;
	b=ImR8QH0LfmMr9PpMHavGPmwDkNqfMnHqsQdGg7fSkfZZSqhzrS0YSp0J0xJEihHgmy
	MLgfSFkfnW79BidiZEXYzmG6OaGpB9Pi5IfV5CQkKibinFV7va3qO9DaERGvO38wUzGb
	3vX6yX60iMN5PCDsStdmHdwajZJ2Cq5WJQlOjBL0mNjdAp16Ifx8NesTNnpG3vgsbabm
	sk1edOmN2B2WJLsGUdKfXj6v49GmHT722w2ObrTTiZVO+AaJKZrec8yl9dK4684UrVL3
	wRz9ZQAVlo9ZDJgnzDGx3z/8laK7Udlk2mBjpfJWRv59180oklGWt+nuZOPhMyAqe9YV
	rpxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=YmiUtSDzsLXe4lgYznzawmq90OdH7hPnhbdZR6+GcLM=;
	b=qtdWHt58Y+rOOqUgTVjo7Bf9RI0Fsnd43pbU7RNAGPevw0txpoknKqS2NdevYHdeeQ
	2i2ht8v44ufqfD/DIuo6nrQ8z4QrnozI3paFJJYFtG5HYoug6d8AhOOxvgZ1T/dgaIEc
	pYP3HIuDa/0Cgf8wDywSXvOgourQ38HSZd4hGxzjVYFcT3gGrlfmcFjJm9G4H98JuBwM
	eTsWStzsbM6yL+EIwZgQqNnBdLr00DZtyNeBGU45XT2+mCJDvr6sETkFJi6b9CMASAvr
	IZwLEJF//79nW8vARIYV6neOXoLqkAJRTHr66ahYS+RKJkYFFS4Am9s5lioEN1v3iT69
	Yc5g==
X-Gm-Message-State: APt69E2TEV5dsuL+pzcbTnRUyWRqrs6kjRyCCTsLuxQ2vuJ5/t0noh3v
	NSD0eQGDg4sqO6wfS1qlUlEiACDE
X-Google-Smtp-Source: 
 AAOMgpfJfFij27ECeASOKrOPyH1L/MW/w4JskyWPwg9IOicwCRpwyzKX/ADslsXVoUrmdtVRi6pRUw==
X-Received: by 2002:adf:bb08:: with SMTP id
	r8-v6mr2016825wrg.244.1530216366768;
	Thu, 28 Jun 2018 13:06:06 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Thu, 28 Jun 2018 22:05:04 +0200
Message-Id: <1530216310-52873-55-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1530216310-52873-1-git-send-email-pbonzini@redhat.com>
References: <1530216310-52873-1-git-send-email-pbonzini@redhat.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c0c::243
Subject: [Qemu-devel] [PULL 54/60] dump: use system context in Windows dump
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

From: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com>

We use CPU #0 to access guest virtual memory, but it can execute user
thread at that moment. So, switch CR3 to PageDirectoryBase from header
and restore original value at the end.

Signed-off-by: Viktor Prutyanov <viktor.prutyanov@virtuozzo.com>
Message-Id: <20180517162342.4330-3-viktor.prutyanov@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 win_dump.c | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/win_dump.c b/win_dump.c
index 58255c1..7d956ca 100644
--- a/win_dump.c
+++ b/win_dump.c
@@ -111,12 +111,6 @@ static void patch_header(WinDumpHeader64 *h)
     h->PhysicalMemoryBlock.unused =3D 0;
     h->unused1 =3D 0;
=20
-    /*
-     * We assume h->DirectoryBase and current CR3 are the same when we acc=
ess
-     * memory by virtual address. In other words, we suppose current conte=
xt
-     * is system context. It is definetely true in case of BSOD.
-     */
-
     patch_mm_pfn_database(h, &local_err);
     if (local_err) {
         warn_report_err(local_err);
@@ -171,6 +165,8 @@ void create_win_dump(DumpState *s, Error **errp)
 {
     WinDumpHeader64 *h =3D (WinDumpHeader64 *)(s->guest_note +
             VMCOREINFO_ELF_NOTE_HDR_SIZE);
+    X86CPU *first_x86_cpu =3D X86_CPU(first_cpu);
+    uint64_t saved_cr3 =3D first_x86_cpu->env.cr[3];
     Error *local_err =3D NULL;
=20
     if (s->guest_note_size !=3D sizeof(WinDumpHeader64) +
@@ -185,10 +181,17 @@ void create_win_dump(DumpState *s, Error **errp)
         return;
     }
=20
+    /*
+     * Further access to kernel structures by virtual addresses
+     * should be made from system context.
+     */
+
+    first_x86_cpu->env.cr[3] =3D h->DirectoryTableBase;
+
     check_kdbg(h, &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
-        return;
+        goto out_cr3;
     }
=20
     patch_header(h);
@@ -198,12 +201,17 @@ void create_win_dump(DumpState *s, Error **errp)
     s->written_size =3D qemu_write_full(s->fd, h, sizeof(*h));
     if (s->written_size !=3D sizeof(*h)) {
         error_setg(errp, QERR_IO_ERROR);
-        return;
+        goto out_cr3;
     }
=20
     write_runs(s, h, &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
-        return;
+        goto out_cr3;
     }
+
+out_cr3:
+    first_x86_cpu->env.cr[3] =3D saved_cr3;
+
+    return;
 }
--=20
1.8.3.1