search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
scripts/dump-guest-memory.py: Make methods functions
[qemu.git] / scripts / dump-guest-memory.py
blobd0b927a2bca54e4c9a9c8c402bd51047e5572520
1 # This python script adds a new gdb command, "dump-guest-memory". It
2 # should be loaded with "source dump-guest-memory.py" at the (gdb)
3 # prompt.
4 #
5 # Copyright (C) 2013, Red Hat, Inc.
6 #
7 # Authors:
8 # Laszlo Ersek <lersek@redhat.com>
9 #
10 # This work is licensed under the terms of the GNU GPL, version 2 or later. See
11 # the COPYING file in the top-level directory.
12 #
13 # The leading docstring doesn't have idiomatic Python formatting. It is
14 # printed by gdb's "help" command (the first line is printed in the
15 # "help data" summary), and it should match how other help texts look in
16 # gdb.
17
18 import struct
19
20 UINTPTR_T = gdb.lookup_type("uintptr_t")
21
22 TARGET_PAGE_SIZE = 0x1000
23 TARGET_PAGE_MASK = 0xFFFFFFFFFFFFF000
24
25 # Various ELF constants
26 EM_X86_64 = 62 # AMD x86-64 target machine
27 ELFDATA2LSB = 1 # little endian
28 ELFCLASS64 = 2
29 ELFMAG = "\x7FELF"
30 EV_CURRENT = 1
31 ET_CORE = 4
32 PT_LOAD = 1
33 PT_NOTE = 4
34
35 # Special value for e_phnum. This indicates that the real number of
36 # program headers is too large to fit into e_phnum. Instead the real
37 # value is in the field sh_info of section 0.
38 PN_XNUM = 0xFFFF
39
40 # Format strings for packing and header size calculation.
41 ELF64_EHDR = ("4s" # e_ident/magic
42 "B" # e_ident/class
43 "B" # e_ident/data
44 "B" # e_ident/version
45 "B" # e_ident/osabi
46 "8s" # e_ident/pad
47 "H" # e_type
48 "H" # e_machine
49 "I" # e_version
50 "Q" # e_entry
51 "Q" # e_phoff
52 "Q" # e_shoff
53 "I" # e_flags
54 "H" # e_ehsize
55 "H" # e_phentsize
56 "H" # e_phnum
57 "H" # e_shentsize
58 "H" # e_shnum
59 "H" # e_shstrndx
60 )
61 ELF64_PHDR = ("I" # p_type
62 "I" # p_flags
63 "Q" # p_offset
64 "Q" # p_vaddr
65 "Q" # p_paddr
66 "Q" # p_filesz
67 "Q" # p_memsz
68 "Q" # p_align
69 )
70
71 def int128_get64(val):
72 assert (val["hi"] == 0)
73 return val["lo"]
74
75 def qlist_foreach(head, field_str):
76 var_p = head["lh_first"]
77 while (var_p != 0):
78 var = var_p.dereference()
79 yield var
80 var_p = var[field_str]["le_next"]
81
82 def qemu_get_ram_block(ram_addr):
83 ram_blocks = gdb.parse_and_eval("ram_list.blocks")
84 for block in qlist_foreach(ram_blocks, "next"):
85 if (ram_addr - block["offset"] < block["used_length"]):
86 return block
87 raise gdb.GdbError("Bad ram offset %x" % ram_addr)
88
89 def qemu_get_ram_ptr(ram_addr):
90 block = qemu_get_ram_block(ram_addr)
91 return block["host"] + (ram_addr - block["offset"])
92
93 def memory_region_get_ram_ptr(mr):
94 if (mr["alias"] != 0):
95 return (memory_region_get_ram_ptr(mr["alias"].dereference()) +
96 mr["alias_offset"])
97 return qemu_get_ram_ptr(mr["ram_addr"] & TARGET_PAGE_MASK)
98
99 def get_guest_phys_blocks():
100 guest_phys_blocks = []
101 print "guest RAM blocks:"
102 print ("target_start target_end host_addr message "
103 "count")
104 print ("---------------- ---------------- ---------------- ------- "
105 "-----")
106
107 current_map_p = gdb.parse_and_eval("address_space_memory.current_map")
108 current_map = current_map_p.dereference()
109 for cur in range(current_map["nr"]):
110 flat_range = (current_map["ranges"] + cur).dereference()
111 mr = flat_range["mr"].dereference()
112
113 # we only care about RAM
114 if (not mr["ram"]):
115 continue
116
117 section_size = int128_get64(flat_range["addr"]["size"])
118 target_start = int128_get64(flat_range["addr"]["start"])
119 target_end = target_start + section_size
120 host_addr = (memory_region_get_ram_ptr(mr) +
121 flat_range["offset_in_region"])
122 predecessor = None
123
124 # find continuity in guest physical address space
125 if (len(guest_phys_blocks) > 0):
126 predecessor = guest_phys_blocks[-1]
127 predecessor_size = (predecessor["target_end"] -
128 predecessor["target_start"])
129
130 # the memory API guarantees monotonically increasing
131 # traversal
132 assert (predecessor["target_end"] <= target_start)
133
134 # we want continuity in both guest-physical and
135 # host-virtual memory
136 if (predecessor["target_end"] < target_start or
137 predecessor["host_addr"] + predecessor_size != host_addr):
138 predecessor = None
139
140 if (predecessor is None):
141 # isolated mapping, add it to the list
142 guest_phys_blocks.append({"target_start": target_start,
143 "target_end" : target_end,
144 "host_addr" : host_addr})
145 message = "added"
146 else:
147 # expand predecessor until @target_end; predecessor's
148 # start doesn't change
149 predecessor["target_end"] = target_end
150 message = "joined"
151
152 print ("%016x %016x %016x %-7s %5u" %
153 (target_start, target_end, host_addr.cast(UINTPTR_T),
154 message, len(guest_phys_blocks)))
155
156 return guest_phys_blocks
157
158
159 class DumpGuestMemory(gdb.Command):
160 """Extract guest vmcore from qemu process coredump.
161
162 The sole argument is FILE, identifying the target file to write the
163 guest vmcore to.
164
165 This GDB command reimplements the dump-guest-memory QMP command in
166 python, using the representation of guest memory as captured in the qemu
167 coredump. The qemu process that has been dumped must have had the
168 command line option "-machine dump-guest-core=on".
169
170 For simplicity, the "paging", "begin" and "end" parameters of the QMP
171 command are not supported -- no attempt is made to get the guest's
172 internal paging structures (ie. paging=false is hard-wired), and guest
173 memory is always fully dumped.
174
175 Only x86_64 guests are supported.
176
177 The CORE/NT_PRSTATUS and QEMU notes (that is, the VCPUs' statuses) are
178 not written to the vmcore. Preparing these would require context that is
179 only present in the KVM host kernel module when the guest is alive. A
180 fake ELF note is written instead, only to keep the ELF parser of "crash"
181 happy.
182
183 Dependent on how busted the qemu process was at the time of the
184 coredump, this command might produce unpredictable results. If qemu
185 deliberately called abort(), or it was dumped in response to a signal at
186 a halfway fortunate point, then its coredump should be in reasonable
187 shape and this command should mostly work."""
188
189 def __init__(self):
190 super(DumpGuestMemory, self).__init__("dump-guest-memory",
191 gdb.COMMAND_DATA,
192 gdb.COMPLETE_FILENAME)
193 self.elf64_ehdr_le = struct.Struct("<%s" % ELF64_EHDR)
194 self.elf64_phdr_le = struct.Struct("<%s" % ELF64_PHDR)
195 self.guest_phys_blocks = None
196
197 def cpu_get_dump_info(self):
198 # We can't synchronize the registers with KVM post-mortem, and
199 # the bits in (first_x86_cpu->env.hflags) seem to be stale; they
200 # may not reflect long mode for example. Hence just assume the
201 # most common values. This also means that instruction pointer
202 # etc. will be bogus in the dump, but at least the RAM contents
203 # should be valid.
204 self.dump_info = {"d_machine": EM_X86_64,
205 "d_endian" : ELFDATA2LSB,
206 "d_class" : ELFCLASS64}
207
208 def encode_elf64_ehdr_le(self):
209 return self.elf64_ehdr_le.pack(
210 ELFMAG, # e_ident/magic
211 self.dump_info["d_class"], # e_ident/class
212 self.dump_info["d_endian"], # e_ident/data
213 EV_CURRENT, # e_ident/version
214 0, # e_ident/osabi
215 "", # e_ident/pad
216 ET_CORE, # e_type
217 self.dump_info["d_machine"], # e_machine
218 EV_CURRENT, # e_version
219 0, # e_entry
220 self.elf64_ehdr_le.size, # e_phoff
221 0, # e_shoff
222 0, # e_flags
223 self.elf64_ehdr_le.size, # e_ehsize
224 self.elf64_phdr_le.size, # e_phentsize
225 self.phdr_num, # e_phnum
226 0, # e_shentsize
227 0, # e_shnum
228 0 # e_shstrndx
229 )
230
231 def encode_elf64_note_le(self):
232 return self.elf64_phdr_le.pack(PT_NOTE, # p_type
233 0, # p_flags
234 (self.memory_offset -
235 len(self.note)), # p_offset
236 0, # p_vaddr
237 0, # p_paddr
238 len(self.note), # p_filesz
239 len(self.note), # p_memsz
240 0 # p_align
241 )
242
243 def encode_elf64_load_le(self, offset, start_hwaddr, range_size):
244 return self.elf64_phdr_le.pack(PT_LOAD, # p_type
245 0, # p_flags
246 offset, # p_offset
247 0, # p_vaddr
248 start_hwaddr, # p_paddr
249 range_size, # p_filesz
250 range_size, # p_memsz
251 0 # p_align
252 )
253
254 def note_init(self, name, desc, type):
255 # name must include a trailing NUL
256 namesz = (len(name) + 1 + 3) / 4 * 4
257 descsz = (len(desc) + 3) / 4 * 4
258 fmt = ("<" # little endian
259 "I" # n_namesz
260 "I" # n_descsz
261 "I" # n_type
262 "%us" # name
263 "%us" # desc
264 % (namesz, descsz))
265 self.note = struct.pack(fmt,
266 len(name) + 1, len(desc), type, name, desc)
267
268 def dump_init(self):
269 self.guest_phys_blocks = get_guest_phys_blocks()
270 self.cpu_get_dump_info()
271 # we have no way to retrieve the VCPU status from KVM
272 # post-mortem
273 self.note_init("NONE", "EMPTY", 0)
274
275 # Account for PT_NOTE.
276 self.phdr_num = 1
277
278 # We should never reach PN_XNUM for paging=false dumps: there's
279 # just a handful of discontiguous ranges after merging.
280 self.phdr_num += len(self.guest_phys_blocks)
281 assert (self.phdr_num < PN_XNUM)
282
283 # Calculate the ELF file offset where the memory dump commences:
284 #
285 # ELF header
286 # PT_NOTE
287 # PT_LOAD: 1
288 # PT_LOAD: 2
289 # ...
290 # PT_LOAD: len(self.guest_phys_blocks)
291 # ELF note
292 # memory dump
293 self.memory_offset = (self.elf64_ehdr_le.size +
294 self.elf64_phdr_le.size * self.phdr_num +
295 len(self.note))
296
297 def dump_begin(self, vmcore):
298 vmcore.write(self.encode_elf64_ehdr_le())
299 vmcore.write(self.encode_elf64_note_le())
300 running = self.memory_offset
301 for block in self.guest_phys_blocks:
302 range_size = block["target_end"] - block["target_start"]
303 vmcore.write(self.encode_elf64_load_le(running,
304 block["target_start"],
305 range_size))
306 running += range_size
307 vmcore.write(self.note)
308
309 def dump_iterate(self, vmcore):
310 qemu_core = gdb.inferiors()[0]
311 for block in self.guest_phys_blocks:
312 cur = block["host_addr"]
313 left = block["target_end"] - block["target_start"]
314 print ("dumping range at %016x for length %016x" %
315 (cur.cast(UINTPTR_T), left))
316 while (left > 0):
317 chunk_size = min(TARGET_PAGE_SIZE, left)
318 chunk = qemu_core.read_memory(cur, chunk_size)
319 vmcore.write(chunk)
320 cur += chunk_size
321 left -= chunk_size
322
323 def create_vmcore(self, filename):
324 vmcore = open(filename, "wb")
325 self.dump_begin(vmcore)
326 self.dump_iterate(vmcore)
327 vmcore.close()
328
329 def invoke(self, args, from_tty):
330 # Unwittingly pressing the Enter key after the command should
331 # not dump the same multi-gig coredump to the same file.
332 self.dont_repeat()
333
334 argv = gdb.string_to_argv(args)
335 if (len(argv) != 1):
336 raise gdb.GdbError("usage: dump-guest-memory FILE")
337
338 self.dump_init()
339 self.create_vmcore(argv[0])
340
341 DumpGuestMemory()
QEmu