Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 1 | /* |
| 2 | * Windows crashdump |
| 3 | * |
| 4 | * Copyright (c) 2018 Virtuozzo International GmbH |
| 5 | * |
| 6 | * This work is licensed under the terms of the GNU GPL, version 2 or later. |
| 7 | * See the COPYING file in the top-level directory. |
| 8 | * |
| 9 | */ |
| 10 | |
| 11 | #include "qemu/osdep.h" |
Markus Armbruster | a8d2532 | 2019-05-23 16:35:08 +0200 | [diff] [blame] | 12 | #include "qemu-common.h" |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 13 | #include "qemu/cutils.h" |
| 14 | #include "elf.h" |
| 15 | #include "cpu.h" |
| 16 | #include "exec/hwaddr.h" |
| 17 | #include "monitor/monitor.h" |
| 18 | #include "sysemu/kvm.h" |
| 19 | #include "sysemu/dump.h" |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 20 | #include "sysemu/memory_mapping.h" |
| 21 | #include "sysemu/cpus.h" |
| 22 | #include "qapi/error.h" |
| 23 | #include "qapi/qmp/qerror.h" |
| 24 | #include "qemu/error-report.h" |
| 25 | #include "hw/misc/vmcoreinfo.h" |
| 26 | #include "win_dump.h" |
| 27 | |
| 28 | static size_t write_run(WinDumpPhyMemRun64 *run, int fd, Error **errp) |
| 29 | { |
| 30 | void *buf; |
| 31 | uint64_t addr = run->BasePage << TARGET_PAGE_BITS; |
| 32 | uint64_t size = run->PageCount << TARGET_PAGE_BITS; |
Viktor Prutyanov | 7184de6 | 2018-08-29 21:30:56 +0300 | [diff] [blame] | 33 | uint64_t len, l; |
| 34 | size_t total = 0; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 35 | |
Viktor Prutyanov | 7184de6 | 2018-08-29 21:30:56 +0300 | [diff] [blame] | 36 | while (size) { |
| 37 | len = size; |
| 38 | |
| 39 | buf = cpu_physical_memory_map(addr, &len, false); |
| 40 | if (!buf) { |
| 41 | error_setg(errp, "win-dump: failed to map physical range" |
| 42 | " 0x%016" PRIx64 "-0x%016" PRIx64, addr, addr + size - 1); |
| 43 | return 0; |
| 44 | } |
| 45 | |
| 46 | l = qemu_write_full(fd, buf, len); |
| 47 | cpu_physical_memory_unmap(buf, addr, false, len); |
| 48 | if (l != len) { |
| 49 | error_setg(errp, QERR_IO_ERROR); |
| 50 | return 0; |
| 51 | } |
| 52 | |
| 53 | addr += l; |
| 54 | size -= l; |
| 55 | total += l; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 56 | } |
| 57 | |
Viktor Prutyanov | 7184de6 | 2018-08-29 21:30:56 +0300 | [diff] [blame] | 58 | return total; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 59 | } |
| 60 | |
| 61 | static void write_runs(DumpState *s, WinDumpHeader64 *h, Error **errp) |
| 62 | { |
| 63 | WinDumpPhyMemDesc64 *desc = &h->PhysicalMemoryBlock; |
| 64 | WinDumpPhyMemRun64 *run = desc->Run; |
| 65 | Error *local_err = NULL; |
| 66 | int i; |
| 67 | |
| 68 | for (i = 0; i < desc->NumberOfRuns; i++) { |
| 69 | s->written_size += write_run(run + i, s->fd, &local_err); |
| 70 | if (local_err) { |
| 71 | error_propagate(errp, local_err); |
| 72 | return; |
| 73 | } |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | static void patch_mm_pfn_database(WinDumpHeader64 *h, Error **errp) |
| 78 | { |
| 79 | if (cpu_memory_rw_debug(first_cpu, |
| 80 | h->KdDebuggerDataBlock + KDBG_MM_PFN_DATABASE_OFFSET64, |
| 81 | (uint8_t *)&h->PfnDatabase, sizeof(h->PfnDatabase), 0)) { |
| 82 | error_setg(errp, "win-dump: failed to read MmPfnDatabase"); |
| 83 | return; |
| 84 | } |
| 85 | } |
| 86 | |
| 87 | static void patch_bugcheck_data(WinDumpHeader64 *h, Error **errp) |
| 88 | { |
| 89 | uint64_t KiBugcheckData; |
| 90 | |
| 91 | if (cpu_memory_rw_debug(first_cpu, |
| 92 | h->KdDebuggerDataBlock + KDBG_KI_BUGCHECK_DATA_OFFSET64, |
| 93 | (uint8_t *)&KiBugcheckData, sizeof(KiBugcheckData), 0)) { |
| 94 | error_setg(errp, "win-dump: failed to read KiBugcheckData"); |
| 95 | return; |
| 96 | } |
| 97 | |
| 98 | if (cpu_memory_rw_debug(first_cpu, |
| 99 | KiBugcheckData, |
| 100 | h->BugcheckData, sizeof(h->BugcheckData), 0)) { |
| 101 | error_setg(errp, "win-dump: failed to read bugcheck data"); |
| 102 | return; |
| 103 | } |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 104 | |
| 105 | /* |
| 106 | * If BugcheckCode wasn't saved, we consider guest OS as alive. |
| 107 | */ |
| 108 | |
| 109 | if (!h->BugcheckCode) { |
| 110 | h->BugcheckCode = LIVE_SYSTEM_DUMP; |
| 111 | } |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 112 | } |
| 113 | |
| 114 | /* |
| 115 | * This routine tries to correct mistakes in crashdump header. |
| 116 | */ |
| 117 | static void patch_header(WinDumpHeader64 *h) |
| 118 | { |
| 119 | Error *local_err = NULL; |
| 120 | |
| 121 | h->RequiredDumpSpace = sizeof(WinDumpHeader64) + |
| 122 | (h->PhysicalMemoryBlock.NumberOfPages << TARGET_PAGE_BITS); |
| 123 | h->PhysicalMemoryBlock.unused = 0; |
| 124 | h->unused1 = 0; |
| 125 | |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 126 | patch_mm_pfn_database(h, &local_err); |
| 127 | if (local_err) { |
| 128 | warn_report_err(local_err); |
| 129 | local_err = NULL; |
| 130 | } |
| 131 | patch_bugcheck_data(h, &local_err); |
| 132 | if (local_err) { |
| 133 | warn_report_err(local_err); |
| 134 | } |
| 135 | } |
| 136 | |
| 137 | static void check_header(WinDumpHeader64 *h, Error **errp) |
| 138 | { |
| 139 | const char Signature[] = "PAGE"; |
| 140 | const char ValidDump[] = "DU64"; |
| 141 | |
| 142 | if (memcmp(h->Signature, Signature, sizeof(h->Signature))) { |
| 143 | error_setg(errp, "win-dump: invalid header, expected '%.4s'," |
| 144 | " got '%.4s'", Signature, h->Signature); |
| 145 | return; |
| 146 | } |
| 147 | |
| 148 | if (memcmp(h->ValidDump, ValidDump, sizeof(h->ValidDump))) { |
| 149 | error_setg(errp, "win-dump: invalid header, expected '%.4s'," |
| 150 | " got '%.4s'", ValidDump, h->ValidDump); |
| 151 | return; |
| 152 | } |
| 153 | } |
| 154 | |
| 155 | static void check_kdbg(WinDumpHeader64 *h, Error **errp) |
| 156 | { |
| 157 | const char OwnerTag[] = "KDBG"; |
| 158 | char read_OwnerTag[4]; |
Viktor Prutyanov | 2ababfc | 2018-05-17 19:23:41 +0300 | [diff] [blame] | 159 | uint64_t KdDebuggerDataBlock = h->KdDebuggerDataBlock; |
| 160 | bool try_fallback = true; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 161 | |
Viktor Prutyanov | 2ababfc | 2018-05-17 19:23:41 +0300 | [diff] [blame] | 162 | try_again: |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 163 | if (cpu_memory_rw_debug(first_cpu, |
Viktor Prutyanov | 2ababfc | 2018-05-17 19:23:41 +0300 | [diff] [blame] | 164 | KdDebuggerDataBlock + KDBG_OWNER_TAG_OFFSET64, |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 165 | (uint8_t *)&read_OwnerTag, sizeof(read_OwnerTag), 0)) { |
| 166 | error_setg(errp, "win-dump: failed to read OwnerTag"); |
| 167 | return; |
| 168 | } |
| 169 | |
| 170 | if (memcmp(read_OwnerTag, OwnerTag, sizeof(read_OwnerTag))) { |
Viktor Prutyanov | 2ababfc | 2018-05-17 19:23:41 +0300 | [diff] [blame] | 171 | if (try_fallback) { |
| 172 | /* |
| 173 | * If attempt to use original KDBG failed |
| 174 | * (most likely because of its encryption), |
| 175 | * we try to use KDBG obtained by guest driver. |
| 176 | */ |
| 177 | |
| 178 | KdDebuggerDataBlock = h->BugcheckParameter1; |
| 179 | try_fallback = false; |
| 180 | goto try_again; |
| 181 | } else { |
| 182 | error_setg(errp, "win-dump: invalid KDBG OwnerTag," |
| 183 | " expected '%.4s', got '%.4s'", |
| 184 | OwnerTag, read_OwnerTag); |
| 185 | return; |
| 186 | } |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 187 | } |
Viktor Prutyanov | 2ababfc | 2018-05-17 19:23:41 +0300 | [diff] [blame] | 188 | |
| 189 | h->KdDebuggerDataBlock = KdDebuggerDataBlock; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 190 | } |
| 191 | |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 192 | struct saved_context { |
| 193 | WinContext ctx; |
| 194 | uint64_t addr; |
| 195 | }; |
| 196 | |
| 197 | static void patch_and_save_context(WinDumpHeader64 *h, |
| 198 | struct saved_context *saved_ctx, |
| 199 | Error **errp) |
| 200 | { |
| 201 | uint64_t KiProcessorBlock; |
| 202 | uint16_t OffsetPrcbContext; |
| 203 | CPUState *cpu; |
| 204 | int i = 0; |
| 205 | |
| 206 | if (cpu_memory_rw_debug(first_cpu, |
| 207 | h->KdDebuggerDataBlock + KDBG_KI_PROCESSOR_BLOCK_OFFSET64, |
| 208 | (uint8_t *)&KiProcessorBlock, sizeof(KiProcessorBlock), 0)) { |
| 209 | error_setg(errp, "win-dump: failed to read KiProcessorBlock"); |
| 210 | return; |
| 211 | } |
| 212 | |
| 213 | if (cpu_memory_rw_debug(first_cpu, |
| 214 | h->KdDebuggerDataBlock + KDBG_OFFSET_PRCB_CONTEXT_OFFSET64, |
| 215 | (uint8_t *)&OffsetPrcbContext, sizeof(OffsetPrcbContext), 0)) { |
| 216 | error_setg(errp, "win-dump: failed to read OffsetPrcbContext"); |
| 217 | return; |
| 218 | } |
| 219 | |
| 220 | CPU_FOREACH(cpu) { |
| 221 | X86CPU *x86_cpu = X86_CPU(cpu); |
| 222 | CPUX86State *env = &x86_cpu->env; |
| 223 | uint64_t Prcb; |
| 224 | uint64_t Context; |
| 225 | WinContext ctx; |
| 226 | |
| 227 | if (cpu_memory_rw_debug(first_cpu, |
| 228 | KiProcessorBlock + i * sizeof(uint64_t), |
| 229 | (uint8_t *)&Prcb, sizeof(Prcb), 0)) { |
| 230 | error_setg(errp, "win-dump: failed to read" |
| 231 | " CPU #%d PRCB location", i); |
| 232 | return; |
| 233 | } |
| 234 | |
| 235 | if (cpu_memory_rw_debug(first_cpu, |
| 236 | Prcb + OffsetPrcbContext, |
| 237 | (uint8_t *)&Context, sizeof(Context), 0)) { |
| 238 | error_setg(errp, "win-dump: failed to read" |
| 239 | " CPU #%d ContextFrame location", i); |
| 240 | return; |
| 241 | } |
| 242 | |
| 243 | saved_ctx[i].addr = Context; |
| 244 | |
| 245 | ctx = (WinContext){ |
| 246 | .ContextFlags = WIN_CTX_ALL, |
| 247 | .MxCsr = env->mxcsr, |
| 248 | |
| 249 | .SegEs = env->segs[0].selector, |
| 250 | .SegCs = env->segs[1].selector, |
| 251 | .SegSs = env->segs[2].selector, |
| 252 | .SegDs = env->segs[3].selector, |
| 253 | .SegFs = env->segs[4].selector, |
| 254 | .SegGs = env->segs[5].selector, |
| 255 | .EFlags = cpu_compute_eflags(env), |
| 256 | |
| 257 | .Dr0 = env->dr[0], |
| 258 | .Dr1 = env->dr[1], |
| 259 | .Dr2 = env->dr[2], |
| 260 | .Dr3 = env->dr[3], |
| 261 | .Dr6 = env->dr[6], |
| 262 | .Dr7 = env->dr[7], |
| 263 | |
| 264 | .Rax = env->regs[R_EAX], |
| 265 | .Rbx = env->regs[R_EBX], |
| 266 | .Rcx = env->regs[R_ECX], |
| 267 | .Rdx = env->regs[R_EDX], |
| 268 | .Rsp = env->regs[R_ESP], |
| 269 | .Rbp = env->regs[R_EBP], |
| 270 | .Rsi = env->regs[R_ESI], |
| 271 | .Rdi = env->regs[R_EDI], |
| 272 | .R8 = env->regs[8], |
| 273 | .R9 = env->regs[9], |
| 274 | .R10 = env->regs[10], |
| 275 | .R11 = env->regs[11], |
| 276 | .R12 = env->regs[12], |
| 277 | .R13 = env->regs[13], |
| 278 | .R14 = env->regs[14], |
| 279 | .R15 = env->regs[15], |
| 280 | |
| 281 | .Rip = env->eip, |
| 282 | .FltSave = { |
| 283 | .MxCsr = env->mxcsr, |
| 284 | }, |
| 285 | }; |
| 286 | |
| 287 | if (cpu_memory_rw_debug(first_cpu, Context, |
| 288 | (uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 0)) { |
| 289 | error_setg(errp, "win-dump: failed to save CPU #%d context", i); |
| 290 | return; |
| 291 | } |
| 292 | |
| 293 | if (cpu_memory_rw_debug(first_cpu, Context, |
| 294 | (uint8_t *)&ctx, sizeof(WinContext), 1)) { |
| 295 | error_setg(errp, "win-dump: failed to write CPU #%d context", i); |
| 296 | return; |
| 297 | } |
| 298 | |
| 299 | i++; |
| 300 | } |
| 301 | } |
| 302 | |
| 303 | static void restore_context(WinDumpHeader64 *h, |
| 304 | struct saved_context *saved_ctx) |
| 305 | { |
| 306 | int i; |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 307 | |
| 308 | for (i = 0; i < h->NumberProcessors; i++) { |
| 309 | if (cpu_memory_rw_debug(first_cpu, saved_ctx[i].addr, |
| 310 | (uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 1)) { |
Vladimir Sementsov-Ogievskiy | b0e7095 | 2020-03-24 18:36:27 +0300 | [diff] [blame] | 311 | warn_report("win-dump: failed to restore CPU #%d context", i); |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 312 | } |
| 313 | } |
| 314 | } |
| 315 | |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 316 | void create_win_dump(DumpState *s, Error **errp) |
| 317 | { |
| 318 | WinDumpHeader64 *h = (WinDumpHeader64 *)(s->guest_note + |
| 319 | VMCOREINFO_ELF_NOTE_HDR_SIZE); |
Viktor Prutyanov | 92d1b3d | 2018-05-17 19:23:40 +0300 | [diff] [blame] | 320 | X86CPU *first_x86_cpu = X86_CPU(first_cpu); |
| 321 | uint64_t saved_cr3 = first_x86_cpu->env.cr[3]; |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 322 | struct saved_context *saved_ctx = NULL; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 323 | Error *local_err = NULL; |
| 324 | |
| 325 | if (s->guest_note_size != sizeof(WinDumpHeader64) + |
| 326 | VMCOREINFO_ELF_NOTE_HDR_SIZE) { |
| 327 | error_setg(errp, "win-dump: invalid vmcoreinfo note size"); |
| 328 | return; |
| 329 | } |
| 330 | |
| 331 | check_header(h, &local_err); |
| 332 | if (local_err) { |
| 333 | error_propagate(errp, local_err); |
| 334 | return; |
| 335 | } |
| 336 | |
Viktor Prutyanov | 92d1b3d | 2018-05-17 19:23:40 +0300 | [diff] [blame] | 337 | /* |
| 338 | * Further access to kernel structures by virtual addresses |
| 339 | * should be made from system context. |
| 340 | */ |
| 341 | |
| 342 | first_x86_cpu->env.cr[3] = h->DirectoryTableBase; |
| 343 | |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 344 | check_kdbg(h, &local_err); |
| 345 | if (local_err) { |
| 346 | error_propagate(errp, local_err); |
Viktor Prutyanov | 92d1b3d | 2018-05-17 19:23:40 +0300 | [diff] [blame] | 347 | goto out_cr3; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 348 | } |
| 349 | |
| 350 | patch_header(h); |
| 351 | |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 352 | saved_ctx = g_new(struct saved_context, h->NumberProcessors); |
| 353 | |
| 354 | /* |
| 355 | * Always patch context because there is no way |
| 356 | * to determine if the system-saved context is valid |
| 357 | */ |
| 358 | |
| 359 | patch_and_save_context(h, saved_ctx, &local_err); |
| 360 | if (local_err) { |
| 361 | error_propagate(errp, local_err); |
| 362 | goto out_free; |
| 363 | } |
| 364 | |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 365 | s->total_size = h->RequiredDumpSpace; |
| 366 | |
| 367 | s->written_size = qemu_write_full(s->fd, h, sizeof(*h)); |
| 368 | if (s->written_size != sizeof(*h)) { |
| 369 | error_setg(errp, QERR_IO_ERROR); |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 370 | goto out_restore; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 371 | } |
| 372 | |
| 373 | write_runs(s, h, &local_err); |
| 374 | if (local_err) { |
| 375 | error_propagate(errp, local_err); |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 376 | goto out_restore; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 377 | } |
Viktor Prutyanov | 92d1b3d | 2018-05-17 19:23:40 +0300 | [diff] [blame] | 378 | |
Viktor Prutyanov | 2ad9b50 | 2018-05-17 19:23:42 +0300 | [diff] [blame] | 379 | out_restore: |
| 380 | restore_context(h, saved_ctx); |
| 381 | out_free: |
| 382 | g_free(saved_ctx); |
Viktor Prutyanov | 92d1b3d | 2018-05-17 19:23:40 +0300 | [diff] [blame] | 383 | out_cr3: |
| 384 | first_x86_cpu->env.cr[3] = saved_cr3; |
| 385 | |
| 386 | return; |
Viktor Prutyanov | 2da91b5 | 2018-05-17 19:23:39 +0300 | [diff] [blame] | 387 | } |