mirror of
https://github.com/Vita3K/unicorn.git
synced 2024-11-27 15:20:42 +00:00
del qemu/scripts/dump-guest-memory.py
This commit is contained in:
parent
b9b82591a1
commit
7e2234237c
@ -1,339 +0,0 @@
|
||||
# This python script adds a new gdb command, "dump-guest-memory". It
|
||||
# should be loaded with "source dump-guest-memory.py" at the (gdb)
|
||||
# prompt.
|
||||
#
|
||||
# Copyright (C) 2013, Red Hat, Inc.
|
||||
#
|
||||
# Authors:
|
||||
# Laszlo Ersek <lersek@redhat.com>
|
||||
#
|
||||
# This work is licensed under the terms of the GNU GPL, version 2 or later. See
|
||||
# the COPYING file in the top-level directory.
|
||||
#
|
||||
# The leading docstring doesn't have idiomatic Python formatting. It is
|
||||
# printed by gdb's "help" command (the first line is printed in the
|
||||
# "help data" summary), and it should match how other help texts look in
|
||||
# gdb.
|
||||
|
||||
import struct
|
||||
|
||||
class DumpGuestMemory(gdb.Command):
|
||||
"""Extract guest vmcore from qemu process coredump.
|
||||
|
||||
The sole argument is FILE, identifying the target file to write the
|
||||
guest vmcore to.
|
||||
|
||||
This GDB command reimplements the dump-guest-memory QMP command in
|
||||
python, using the representation of guest memory as captured in the qemu
|
||||
coredump. The qemu process that has been dumped must have had the
|
||||
command line option "-machine dump-guest-core=on".
|
||||
|
||||
For simplicity, the "paging", "begin" and "end" parameters of the QMP
|
||||
command are not supported -- no attempt is made to get the guest's
|
||||
internal paging structures (ie. paging=false is hard-wired), and guest
|
||||
memory is always fully dumped.
|
||||
|
||||
Only x86_64 guests are supported.
|
||||
|
||||
The CORE/NT_PRSTATUS and QEMU notes (that is, the VCPUs' statuses) are
|
||||
not written to the vmcore. Preparing these would require context that is
|
||||
only present in the KVM host kernel module when the guest is alive. A
|
||||
fake ELF note is written instead, only to keep the ELF parser of "crash"
|
||||
happy.
|
||||
|
||||
Dependent on how busted the qemu process was at the time of the
|
||||
coredump, this command might produce unpredictable results. If qemu
|
||||
deliberately called abort(), or it was dumped in response to a signal at
|
||||
a halfway fortunate point, then its coredump should be in reasonable
|
||||
shape and this command should mostly work."""
|
||||
|
||||
TARGET_PAGE_SIZE = 0x1000
|
||||
TARGET_PAGE_MASK = 0xFFFFFFFFFFFFF000
|
||||
|
||||
# Various ELF constants
|
||||
EM_X86_64 = 62 # AMD x86-64 target machine
|
||||
ELFDATA2LSB = 1 # little endian
|
||||
ELFCLASS64 = 2
|
||||
ELFMAG = "\x7FELF"
|
||||
EV_CURRENT = 1
|
||||
ET_CORE = 4
|
||||
PT_LOAD = 1
|
||||
PT_NOTE = 4
|
||||
|
||||
# Special value for e_phnum. This indicates that the real number of
|
||||
# program headers is too large to fit into e_phnum. Instead the real
|
||||
# value is in the field sh_info of section 0.
|
||||
PN_XNUM = 0xFFFF
|
||||
|
||||
# Format strings for packing and header size calculation.
|
||||
ELF64_EHDR = ("4s" # e_ident/magic
|
||||
"B" # e_ident/class
|
||||
"B" # e_ident/data
|
||||
"B" # e_ident/version
|
||||
"B" # e_ident/osabi
|
||||
"8s" # e_ident/pad
|
||||
"H" # e_type
|
||||
"H" # e_machine
|
||||
"I" # e_version
|
||||
"Q" # e_entry
|
||||
"Q" # e_phoff
|
||||
"Q" # e_shoff
|
||||
"I" # e_flags
|
||||
"H" # e_ehsize
|
||||
"H" # e_phentsize
|
||||
"H" # e_phnum
|
||||
"H" # e_shentsize
|
||||
"H" # e_shnum
|
||||
"H" # e_shstrndx
|
||||
)
|
||||
ELF64_PHDR = ("I" # p_type
|
||||
"I" # p_flags
|
||||
"Q" # p_offset
|
||||
"Q" # p_vaddr
|
||||
"Q" # p_paddr
|
||||
"Q" # p_filesz
|
||||
"Q" # p_memsz
|
||||
"Q" # p_align
|
||||
)
|
||||
|
||||
def __init__(self):
|
||||
super(DumpGuestMemory, self).__init__("dump-guest-memory",
|
||||
gdb.COMMAND_DATA,
|
||||
gdb.COMPLETE_FILENAME)
|
||||
self.uintptr_t = gdb.lookup_type("uintptr_t")
|
||||
self.elf64_ehdr_le = struct.Struct("<%s" % self.ELF64_EHDR)
|
||||
self.elf64_phdr_le = struct.Struct("<%s" % self.ELF64_PHDR)
|
||||
|
||||
def int128_get64(self, val):
|
||||
assert (val["hi"] == 0)
|
||||
return val["lo"]
|
||||
|
||||
def qtailq_foreach(self, head, field_str):
|
||||
var_p = head["tqh_first"]
|
||||
while (var_p != 0):
|
||||
var = var_p.dereference()
|
||||
yield var
|
||||
var_p = var[field_str]["tqe_next"]
|
||||
|
||||
def qemu_get_ram_block(self, ram_addr):
|
||||
ram_blocks = gdb.parse_and_eval("ram_list.blocks")
|
||||
for block in self.qtailq_foreach(ram_blocks, "next"):
|
||||
if (ram_addr - block["offset"] < block["length"]):
|
||||
return block
|
||||
raise gdb.GdbError("Bad ram offset %x" % ram_addr)
|
||||
|
||||
def qemu_get_ram_ptr(self, ram_addr):
|
||||
block = self.qemu_get_ram_block(ram_addr)
|
||||
return block["host"] + (ram_addr - block["offset"])
|
||||
|
||||
def memory_region_get_ram_ptr(self, mr):
|
||||
if (mr["alias"] != 0):
|
||||
return (self.memory_region_get_ram_ptr(mr["alias"].dereference()) +
|
||||
mr["alias_offset"])
|
||||
return self.qemu_get_ram_ptr(mr["ram_addr"] & self.TARGET_PAGE_MASK)
|
||||
|
||||
def guest_phys_blocks_init(self):
|
||||
self.guest_phys_blocks = []
|
||||
|
||||
def guest_phys_blocks_append(self):
|
||||
print "guest RAM blocks:"
|
||||
print ("target_start target_end host_addr message "
|
||||
"count")
|
||||
print ("---------------- ---------------- ---------------- ------- "
|
||||
"-----")
|
||||
|
||||
current_map_p = gdb.parse_and_eval("address_space_memory.current_map")
|
||||
current_map = current_map_p.dereference()
|
||||
for cur in range(current_map["nr"]):
|
||||
flat_range = (current_map["ranges"] + cur).dereference()
|
||||
mr = flat_range["mr"].dereference()
|
||||
|
||||
# we only care about RAM
|
||||
if (not mr["ram"]):
|
||||
continue
|
||||
|
||||
section_size = self.int128_get64(flat_range["addr"]["size"])
|
||||
target_start = self.int128_get64(flat_range["addr"]["start"])
|
||||
target_end = target_start + section_size
|
||||
host_addr = (self.memory_region_get_ram_ptr(mr) +
|
||||
flat_range["offset_in_region"])
|
||||
predecessor = None
|
||||
|
||||
# find continuity in guest physical address space
|
||||
if (len(self.guest_phys_blocks) > 0):
|
||||
predecessor = self.guest_phys_blocks[-1]
|
||||
predecessor_size = (predecessor["target_end"] -
|
||||
predecessor["target_start"])
|
||||
|
||||
# the memory API guarantees monotonically increasing
|
||||
# traversal
|
||||
assert (predecessor["target_end"] <= target_start)
|
||||
|
||||
# we want continuity in both guest-physical and
|
||||
# host-virtual memory
|
||||
if (predecessor["target_end"] < target_start or
|
||||
predecessor["host_addr"] + predecessor_size != host_addr):
|
||||
predecessor = None
|
||||
|
||||
if (predecessor is None):
|
||||
# isolated mapping, add it to the list
|
||||
self.guest_phys_blocks.append({"target_start": target_start,
|
||||
"target_end" : target_end,
|
||||
"host_addr" : host_addr})
|
||||
message = "added"
|
||||
else:
|
||||
# expand predecessor until @target_end; predecessor's
|
||||
# start doesn't change
|
||||
predecessor["target_end"] = target_end
|
||||
message = "joined"
|
||||
|
||||
print ("%016x %016x %016x %-7s %5u" %
|
||||
(target_start, target_end, host_addr.cast(self.uintptr_t),
|
||||
message, len(self.guest_phys_blocks)))
|
||||
|
||||
def cpu_get_dump_info(self):
|
||||
# We can't synchronize the registers with KVM post-mortem, and
|
||||
# the bits in (first_x86_cpu->env.hflags) seem to be stale; they
|
||||
# may not reflect long mode for example. Hence just assume the
|
||||
# most common values. This also means that instruction pointer
|
||||
# etc. will be bogus in the dump, but at least the RAM contents
|
||||
# should be valid.
|
||||
self.dump_info = {"d_machine": self.EM_X86_64,
|
||||
"d_endian" : self.ELFDATA2LSB,
|
||||
"d_class" : self.ELFCLASS64}
|
||||
|
||||
def encode_elf64_ehdr_le(self):
|
||||
return self.elf64_ehdr_le.pack(
|
||||
self.ELFMAG, # e_ident/magic
|
||||
self.dump_info["d_class"], # e_ident/class
|
||||
self.dump_info["d_endian"], # e_ident/data
|
||||
self.EV_CURRENT, # e_ident/version
|
||||
0, # e_ident/osabi
|
||||
"", # e_ident/pad
|
||||
self.ET_CORE, # e_type
|
||||
self.dump_info["d_machine"], # e_machine
|
||||
self.EV_CURRENT, # e_version
|
||||
0, # e_entry
|
||||
self.elf64_ehdr_le.size, # e_phoff
|
||||
0, # e_shoff
|
||||
0, # e_flags
|
||||
self.elf64_ehdr_le.size, # e_ehsize
|
||||
self.elf64_phdr_le.size, # e_phentsize
|
||||
self.phdr_num, # e_phnum
|
||||
0, # e_shentsize
|
||||
0, # e_shnum
|
||||
0 # e_shstrndx
|
||||
)
|
||||
|
||||
def encode_elf64_note_le(self):
|
||||
return self.elf64_phdr_le.pack(self.PT_NOTE, # p_type
|
||||
0, # p_flags
|
||||
(self.memory_offset -
|
||||
len(self.note)), # p_offset
|
||||
0, # p_vaddr
|
||||
0, # p_paddr
|
||||
len(self.note), # p_filesz
|
||||
len(self.note), # p_memsz
|
||||
0 # p_align
|
||||
)
|
||||
|
||||
def encode_elf64_load_le(self, offset, start_hwaddr, range_size):
|
||||
return self.elf64_phdr_le.pack(self.PT_LOAD, # p_type
|
||||
0, # p_flags
|
||||
offset, # p_offset
|
||||
0, # p_vaddr
|
||||
start_hwaddr, # p_paddr
|
||||
range_size, # p_filesz
|
||||
range_size, # p_memsz
|
||||
0 # p_align
|
||||
)
|
||||
|
||||
def note_init(self, name, desc, type):
|
||||
# name must include a trailing NUL
|
||||
namesz = (len(name) + 1 + 3) / 4 * 4
|
||||
descsz = (len(desc) + 3) / 4 * 4
|
||||
fmt = ("<" # little endian
|
||||
"I" # n_namesz
|
||||
"I" # n_descsz
|
||||
"I" # n_type
|
||||
"%us" # name
|
||||
"%us" # desc
|
||||
% (namesz, descsz))
|
||||
self.note = struct.pack(fmt,
|
||||
len(name) + 1, len(desc), type, name, desc)
|
||||
|
||||
def dump_init(self):
|
||||
self.guest_phys_blocks_init()
|
||||
self.guest_phys_blocks_append()
|
||||
self.cpu_get_dump_info()
|
||||
# we have no way to retrieve the VCPU status from KVM
|
||||
# post-mortem
|
||||
self.note_init("NONE", "EMPTY", 0)
|
||||
|
||||
# Account for PT_NOTE.
|
||||
self.phdr_num = 1
|
||||
|
||||
# We should never reach PN_XNUM for paging=false dumps: there's
|
||||
# just a handful of discontiguous ranges after merging.
|
||||
self.phdr_num += len(self.guest_phys_blocks)
|
||||
assert (self.phdr_num < self.PN_XNUM)
|
||||
|
||||
# Calculate the ELF file offset where the memory dump commences:
|
||||
#
|
||||
# ELF header
|
||||
# PT_NOTE
|
||||
# PT_LOAD: 1
|
||||
# PT_LOAD: 2
|
||||
# ...
|
||||
# PT_LOAD: len(self.guest_phys_blocks)
|
||||
# ELF note
|
||||
# memory dump
|
||||
self.memory_offset = (self.elf64_ehdr_le.size +
|
||||
self.elf64_phdr_le.size * self.phdr_num +
|
||||
len(self.note))
|
||||
|
||||
def dump_begin(self, vmcore):
|
||||
vmcore.write(self.encode_elf64_ehdr_le())
|
||||
vmcore.write(self.encode_elf64_note_le())
|
||||
running = self.memory_offset
|
||||
for block in self.guest_phys_blocks:
|
||||
range_size = block["target_end"] - block["target_start"]
|
||||
vmcore.write(self.encode_elf64_load_le(running,
|
||||
block["target_start"],
|
||||
range_size))
|
||||
running += range_size
|
||||
vmcore.write(self.note)
|
||||
|
||||
def dump_iterate(self, vmcore):
|
||||
qemu_core = gdb.inferiors()[0]
|
||||
for block in self.guest_phys_blocks:
|
||||
cur = block["host_addr"]
|
||||
left = block["target_end"] - block["target_start"]
|
||||
print ("dumping range at %016x for length %016x" %
|
||||
(cur.cast(self.uintptr_t), left))
|
||||
while (left > 0):
|
||||
chunk_size = min(self.TARGET_PAGE_SIZE, left)
|
||||
chunk = qemu_core.read_memory(cur, chunk_size)
|
||||
vmcore.write(chunk)
|
||||
cur += chunk_size
|
||||
left -= chunk_size
|
||||
|
||||
def create_vmcore(self, filename):
|
||||
vmcore = open(filename, "wb")
|
||||
self.dump_begin(vmcore)
|
||||
self.dump_iterate(vmcore)
|
||||
vmcore.close()
|
||||
|
||||
def invoke(self, args, from_tty):
|
||||
# Unwittingly pressing the Enter key after the command should
|
||||
# not dump the same multi-gig coredump to the same file.
|
||||
self.dont_repeat()
|
||||
|
||||
argv = gdb.string_to_argv(args)
|
||||
if (len(argv) != 1):
|
||||
raise gdb.GdbError("usage: dump-guest-memory FILE")
|
||||
|
||||
self.dump_init()
|
||||
self.create_vmcore(argv[0])
|
||||
|
||||
DumpGuestMemory()
|
Loading…
Reference in New Issue
Block a user