You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

win_dump.c 11KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390
  1. /*
  2. * Windows crashdump
  3. *
  4. * Copyright (c) 2018 Virtuozzo International GmbH
  5. *
  6. * This work is licensed under the terms of the GNU GPL, version 2 or later.
  7. * See the COPYING file in the top-level directory.
  8. *
  9. */
  10. #include "qemu/osdep.h"
  11. #include "qemu-common.h"
  12. #include "qemu/cutils.h"
  13. #include "elf.h"
  14. #include "cpu.h"
  15. #include "exec/hwaddr.h"
  16. #include "monitor/monitor.h"
  17. #include "sysemu/kvm.h"
  18. #include "sysemu/dump.h"
  19. #include "sysemu/sysemu.h"
  20. #include "sysemu/memory_mapping.h"
  21. #include "sysemu/cpus.h"
  22. #include "qapi/error.h"
  23. #include "qapi/qmp/qerror.h"
  24. #include "qemu/error-report.h"
  25. #include "hw/misc/vmcoreinfo.h"
  26. #include "win_dump.h"
  27. static size_t write_run(WinDumpPhyMemRun64 *run, int fd, Error **errp)
  28. {
  29. void *buf;
  30. uint64_t addr = run->BasePage << TARGET_PAGE_BITS;
  31. uint64_t size = run->PageCount << TARGET_PAGE_BITS;
  32. uint64_t len, l;
  33. size_t total = 0;
  34. while (size) {
  35. len = size;
  36. buf = cpu_physical_memory_map(addr, &len, false);
  37. if (!buf) {
  38. error_setg(errp, "win-dump: failed to map physical range"
  39. " 0x%016" PRIx64 "-0x%016" PRIx64, addr, addr + size - 1);
  40. return 0;
  41. }
  42. l = qemu_write_full(fd, buf, len);
  43. cpu_physical_memory_unmap(buf, addr, false, len);
  44. if (l != len) {
  45. error_setg(errp, QERR_IO_ERROR);
  46. return 0;
  47. }
  48. addr += l;
  49. size -= l;
  50. total += l;
  51. }
  52. return total;
  53. }
  54. static void write_runs(DumpState *s, WinDumpHeader64 *h, Error **errp)
  55. {
  56. WinDumpPhyMemDesc64 *desc = &h->PhysicalMemoryBlock;
  57. WinDumpPhyMemRun64 *run = desc->Run;
  58. Error *local_err = NULL;
  59. int i;
  60. for (i = 0; i < desc->NumberOfRuns; i++) {
  61. s->written_size += write_run(run + i, s->fd, &local_err);
  62. if (local_err) {
  63. error_propagate(errp, local_err);
  64. return;
  65. }
  66. }
  67. }
  68. static void patch_mm_pfn_database(WinDumpHeader64 *h, Error **errp)
  69. {
  70. if (cpu_memory_rw_debug(first_cpu,
  71. h->KdDebuggerDataBlock + KDBG_MM_PFN_DATABASE_OFFSET64,
  72. (uint8_t *)&h->PfnDatabase, sizeof(h->PfnDatabase), 0)) {
  73. error_setg(errp, "win-dump: failed to read MmPfnDatabase");
  74. return;
  75. }
  76. }
  77. static void patch_bugcheck_data(WinDumpHeader64 *h, Error **errp)
  78. {
  79. uint64_t KiBugcheckData;
  80. if (cpu_memory_rw_debug(first_cpu,
  81. h->KdDebuggerDataBlock + KDBG_KI_BUGCHECK_DATA_OFFSET64,
  82. (uint8_t *)&KiBugcheckData, sizeof(KiBugcheckData), 0)) {
  83. error_setg(errp, "win-dump: failed to read KiBugcheckData");
  84. return;
  85. }
  86. if (cpu_memory_rw_debug(first_cpu,
  87. KiBugcheckData,
  88. h->BugcheckData, sizeof(h->BugcheckData), 0)) {
  89. error_setg(errp, "win-dump: failed to read bugcheck data");
  90. return;
  91. }
  92. /*
  93. * If BugcheckCode wasn't saved, we consider guest OS as alive.
  94. */
  95. if (!h->BugcheckCode) {
  96. h->BugcheckCode = LIVE_SYSTEM_DUMP;
  97. }
  98. }
  99. /*
  100. * This routine tries to correct mistakes in crashdump header.
  101. */
  102. static void patch_header(WinDumpHeader64 *h)
  103. {
  104. Error *local_err = NULL;
  105. h->RequiredDumpSpace = sizeof(WinDumpHeader64) +
  106. (h->PhysicalMemoryBlock.NumberOfPages << TARGET_PAGE_BITS);
  107. h->PhysicalMemoryBlock.unused = 0;
  108. h->unused1 = 0;
  109. patch_mm_pfn_database(h, &local_err);
  110. if (local_err) {
  111. warn_report_err(local_err);
  112. local_err = NULL;
  113. }
  114. patch_bugcheck_data(h, &local_err);
  115. if (local_err) {
  116. warn_report_err(local_err);
  117. }
  118. }
  119. static void check_header(WinDumpHeader64 *h, Error **errp)
  120. {
  121. const char Signature[] = "PAGE";
  122. const char ValidDump[] = "DU64";
  123. if (memcmp(h->Signature, Signature, sizeof(h->Signature))) {
  124. error_setg(errp, "win-dump: invalid header, expected '%.4s',"
  125. " got '%.4s'", Signature, h->Signature);
  126. return;
  127. }
  128. if (memcmp(h->ValidDump, ValidDump, sizeof(h->ValidDump))) {
  129. error_setg(errp, "win-dump: invalid header, expected '%.4s',"
  130. " got '%.4s'", ValidDump, h->ValidDump);
  131. return;
  132. }
  133. }
  134. static void check_kdbg(WinDumpHeader64 *h, Error **errp)
  135. {
  136. const char OwnerTag[] = "KDBG";
  137. char read_OwnerTag[4];
  138. uint64_t KdDebuggerDataBlock = h->KdDebuggerDataBlock;
  139. bool try_fallback = true;
  140. try_again:
  141. if (cpu_memory_rw_debug(first_cpu,
  142. KdDebuggerDataBlock + KDBG_OWNER_TAG_OFFSET64,
  143. (uint8_t *)&read_OwnerTag, sizeof(read_OwnerTag), 0)) {
  144. error_setg(errp, "win-dump: failed to read OwnerTag");
  145. return;
  146. }
  147. if (memcmp(read_OwnerTag, OwnerTag, sizeof(read_OwnerTag))) {
  148. if (try_fallback) {
  149. /*
  150. * If attempt to use original KDBG failed
  151. * (most likely because of its encryption),
  152. * we try to use KDBG obtained by guest driver.
  153. */
  154. KdDebuggerDataBlock = h->BugcheckParameter1;
  155. try_fallback = false;
  156. goto try_again;
  157. } else {
  158. error_setg(errp, "win-dump: invalid KDBG OwnerTag,"
  159. " expected '%.4s', got '%.4s'",
  160. OwnerTag, read_OwnerTag);
  161. return;
  162. }
  163. }
  164. h->KdDebuggerDataBlock = KdDebuggerDataBlock;
  165. }
  166. struct saved_context {
  167. WinContext ctx;
  168. uint64_t addr;
  169. };
  170. static void patch_and_save_context(WinDumpHeader64 *h,
  171. struct saved_context *saved_ctx,
  172. Error **errp)
  173. {
  174. uint64_t KiProcessorBlock;
  175. uint16_t OffsetPrcbContext;
  176. CPUState *cpu;
  177. int i = 0;
  178. if (cpu_memory_rw_debug(first_cpu,
  179. h->KdDebuggerDataBlock + KDBG_KI_PROCESSOR_BLOCK_OFFSET64,
  180. (uint8_t *)&KiProcessorBlock, sizeof(KiProcessorBlock), 0)) {
  181. error_setg(errp, "win-dump: failed to read KiProcessorBlock");
  182. return;
  183. }
  184. if (cpu_memory_rw_debug(first_cpu,
  185. h->KdDebuggerDataBlock + KDBG_OFFSET_PRCB_CONTEXT_OFFSET64,
  186. (uint8_t *)&OffsetPrcbContext, sizeof(OffsetPrcbContext), 0)) {
  187. error_setg(errp, "win-dump: failed to read OffsetPrcbContext");
  188. return;
  189. }
  190. CPU_FOREACH(cpu) {
  191. X86CPU *x86_cpu = X86_CPU(cpu);
  192. CPUX86State *env = &x86_cpu->env;
  193. uint64_t Prcb;
  194. uint64_t Context;
  195. WinContext ctx;
  196. if (cpu_memory_rw_debug(first_cpu,
  197. KiProcessorBlock + i * sizeof(uint64_t),
  198. (uint8_t *)&Prcb, sizeof(Prcb), 0)) {
  199. error_setg(errp, "win-dump: failed to read"
  200. " CPU #%d PRCB location", i);
  201. return;
  202. }
  203. if (cpu_memory_rw_debug(first_cpu,
  204. Prcb + OffsetPrcbContext,
  205. (uint8_t *)&Context, sizeof(Context), 0)) {
  206. error_setg(errp, "win-dump: failed to read"
  207. " CPU #%d ContextFrame location", i);
  208. return;
  209. }
  210. saved_ctx[i].addr = Context;
  211. ctx = (WinContext){
  212. .ContextFlags = WIN_CTX_ALL,
  213. .MxCsr = env->mxcsr,
  214. .SegEs = env->segs[0].selector,
  215. .SegCs = env->segs[1].selector,
  216. .SegSs = env->segs[2].selector,
  217. .SegDs = env->segs[3].selector,
  218. .SegFs = env->segs[4].selector,
  219. .SegGs = env->segs[5].selector,
  220. .EFlags = cpu_compute_eflags(env),
  221. .Dr0 = env->dr[0],
  222. .Dr1 = env->dr[1],
  223. .Dr2 = env->dr[2],
  224. .Dr3 = env->dr[3],
  225. .Dr6 = env->dr[6],
  226. .Dr7 = env->dr[7],
  227. .Rax = env->regs[R_EAX],
  228. .Rbx = env->regs[R_EBX],
  229. .Rcx = env->regs[R_ECX],
  230. .Rdx = env->regs[R_EDX],
  231. .Rsp = env->regs[R_ESP],
  232. .Rbp = env->regs[R_EBP],
  233. .Rsi = env->regs[R_ESI],
  234. .Rdi = env->regs[R_EDI],
  235. .R8 = env->regs[8],
  236. .R9 = env->regs[9],
  237. .R10 = env->regs[10],
  238. .R11 = env->regs[11],
  239. .R12 = env->regs[12],
  240. .R13 = env->regs[13],
  241. .R14 = env->regs[14],
  242. .R15 = env->regs[15],
  243. .Rip = env->eip,
  244. .FltSave = {
  245. .MxCsr = env->mxcsr,
  246. },
  247. };
  248. if (cpu_memory_rw_debug(first_cpu, Context,
  249. (uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 0)) {
  250. error_setg(errp, "win-dump: failed to save CPU #%d context", i);
  251. return;
  252. }
  253. if (cpu_memory_rw_debug(first_cpu, Context,
  254. (uint8_t *)&ctx, sizeof(WinContext), 1)) {
  255. error_setg(errp, "win-dump: failed to write CPU #%d context", i);
  256. return;
  257. }
  258. i++;
  259. }
  260. }
  261. static void restore_context(WinDumpHeader64 *h,
  262. struct saved_context *saved_ctx)
  263. {
  264. int i;
  265. Error *err = NULL;
  266. for (i = 0; i < h->NumberProcessors; i++) {
  267. if (cpu_memory_rw_debug(first_cpu, saved_ctx[i].addr,
  268. (uint8_t *)&saved_ctx[i].ctx, sizeof(WinContext), 1)) {
  269. error_setg(&err, "win-dump: failed to restore CPU #%d context", i);
  270. warn_report_err(err);
  271. }
  272. }
  273. }
  274. void create_win_dump(DumpState *s, Error **errp)
  275. {
  276. WinDumpHeader64 *h = (WinDumpHeader64 *)(s->guest_note +
  277. VMCOREINFO_ELF_NOTE_HDR_SIZE);
  278. X86CPU *first_x86_cpu = X86_CPU(first_cpu);
  279. uint64_t saved_cr3 = first_x86_cpu->env.cr[3];
  280. struct saved_context *saved_ctx = NULL;
  281. Error *local_err = NULL;
  282. if (s->guest_note_size != sizeof(WinDumpHeader64) +
  283. VMCOREINFO_ELF_NOTE_HDR_SIZE) {
  284. error_setg(errp, "win-dump: invalid vmcoreinfo note size");
  285. return;
  286. }
  287. check_header(h, &local_err);
  288. if (local_err) {
  289. error_propagate(errp, local_err);
  290. return;
  291. }
  292. /*
  293. * Further access to kernel structures by virtual addresses
  294. * should be made from system context.
  295. */
  296. first_x86_cpu->env.cr[3] = h->DirectoryTableBase;
  297. check_kdbg(h, &local_err);
  298. if (local_err) {
  299. error_propagate(errp, local_err);
  300. goto out_cr3;
  301. }
  302. patch_header(h);
  303. saved_ctx = g_new(struct saved_context, h->NumberProcessors);
  304. /*
  305. * Always patch context because there is no way
  306. * to determine if the system-saved context is valid
  307. */
  308. patch_and_save_context(h, saved_ctx, &local_err);
  309. if (local_err) {
  310. error_propagate(errp, local_err);
  311. goto out_free;
  312. }
  313. s->total_size = h->RequiredDumpSpace;
  314. s->written_size = qemu_write_full(s->fd, h, sizeof(*h));
  315. if (s->written_size != sizeof(*h)) {
  316. error_setg(errp, QERR_IO_ERROR);
  317. goto out_restore;
  318. }
  319. write_runs(s, h, &local_err);
  320. if (local_err) {
  321. error_propagate(errp, local_err);
  322. goto out_restore;
  323. }
  324. out_restore:
  325. restore_context(h, saved_ctx);
  326. out_free:
  327. g_free(saved_ctx);
  328. out_cr3:
  329. first_x86_cpu->env.cr[3] = saved_cr3;
  330. return;
  331. }