Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20150714-1' into staging
[qemu/ar7.git] / scripts / dump-guest-memory.py
blobdc8e44acf8714a22ba4fbbf96fddf7f0232c6336
1 # This python script adds a new gdb command, "dump-guest-memory". It
2 # should be loaded with "source dump-guest-memory.py" at the (gdb)
3 # prompt.
5 # Copyright (C) 2013, Red Hat, Inc.
7 # Authors:
8 # Laszlo Ersek <lersek@redhat.com>
10 # This work is licensed under the terms of the GNU GPL, version 2 or later. See
11 # the COPYING file in the top-level directory.
13 # The leading docstring doesn't have idiomatic Python formatting. It is
14 # printed by gdb's "help" command (the first line is printed in the
15 # "help data" summary), and it should match how other help texts look in
16 # gdb.
18 import struct
20 class DumpGuestMemory(gdb.Command):
21 """Extract guest vmcore from qemu process coredump.
23 The sole argument is FILE, identifying the target file to write the
24 guest vmcore to.
26 This GDB command reimplements the dump-guest-memory QMP command in
27 python, using the representation of guest memory as captured in the qemu
28 coredump. The qemu process that has been dumped must have had the
29 command line option "-machine dump-guest-core=on".
31 For simplicity, the "paging", "begin" and "end" parameters of the QMP
32 command are not supported -- no attempt is made to get the guest's
33 internal paging structures (ie. paging=false is hard-wired), and guest
34 memory is always fully dumped.
36 Only x86_64 guests are supported.
38 The CORE/NT_PRSTATUS and QEMU notes (that is, the VCPUs' statuses) are
39 not written to the vmcore. Preparing these would require context that is
40 only present in the KVM host kernel module when the guest is alive. A
41 fake ELF note is written instead, only to keep the ELF parser of "crash"
42 happy.
44 Dependent on how busted the qemu process was at the time of the
45 coredump, this command might produce unpredictable results. If qemu
46 deliberately called abort(), or it was dumped in response to a signal at
47 a halfway fortunate point, then its coredump should be in reasonable
48 shape and this command should mostly work."""
50 TARGET_PAGE_SIZE = 0x1000
51 TARGET_PAGE_MASK = 0xFFFFFFFFFFFFF000
53 # Various ELF constants
54 EM_X86_64 = 62 # AMD x86-64 target machine
55 ELFDATA2LSB = 1 # little endian
56 ELFCLASS64 = 2
57 ELFMAG = "\x7FELF"
58 EV_CURRENT = 1
59 ET_CORE = 4
60 PT_LOAD = 1
61 PT_NOTE = 4
63 # Special value for e_phnum. This indicates that the real number of
64 # program headers is too large to fit into e_phnum. Instead the real
65 # value is in the field sh_info of section 0.
66 PN_XNUM = 0xFFFF
68 # Format strings for packing and header size calculation.
69 ELF64_EHDR = ("4s" # e_ident/magic
70 "B" # e_ident/class
71 "B" # e_ident/data
72 "B" # e_ident/version
73 "B" # e_ident/osabi
74 "8s" # e_ident/pad
75 "H" # e_type
76 "H" # e_machine
77 "I" # e_version
78 "Q" # e_entry
79 "Q" # e_phoff
80 "Q" # e_shoff
81 "I" # e_flags
82 "H" # e_ehsize
83 "H" # e_phentsize
84 "H" # e_phnum
85 "H" # e_shentsize
86 "H" # e_shnum
87 "H" # e_shstrndx
89 ELF64_PHDR = ("I" # p_type
90 "I" # p_flags
91 "Q" # p_offset
92 "Q" # p_vaddr
93 "Q" # p_paddr
94 "Q" # p_filesz
95 "Q" # p_memsz
96 "Q" # p_align
99 def __init__(self):
100 super(DumpGuestMemory, self).__init__("dump-guest-memory",
101 gdb.COMMAND_DATA,
102 gdb.COMPLETE_FILENAME)
103 self.uintptr_t = gdb.lookup_type("uintptr_t")
104 self.elf64_ehdr_le = struct.Struct("<%s" % self.ELF64_EHDR)
105 self.elf64_phdr_le = struct.Struct("<%s" % self.ELF64_PHDR)
107 def int128_get64(self, val):
108 assert (val["hi"] == 0)
109 return val["lo"]
111 def qlist_foreach(self, head, field_str):
112 var_p = head["lh_first"]
113 while (var_p != 0):
114 var = var_p.dereference()
115 yield var
116 var_p = var[field_str]["le_next"]
118 def qemu_get_ram_block(self, ram_addr):
119 ram_blocks = gdb.parse_and_eval("ram_list.blocks")
120 for block in self.qlist_foreach(ram_blocks, "next"):
121 if (ram_addr - block["offset"] < block["length"]):
122 return block
123 raise gdb.GdbError("Bad ram offset %x" % ram_addr)
125 def qemu_get_ram_ptr(self, ram_addr):
126 block = self.qemu_get_ram_block(ram_addr)
127 return block["host"] + (ram_addr - block["offset"])
129 def memory_region_get_ram_ptr(self, mr):
130 if (mr["alias"] != 0):
131 return (self.memory_region_get_ram_ptr(mr["alias"].dereference()) +
132 mr["alias_offset"])
133 return self.qemu_get_ram_ptr(mr["ram_addr"] & self.TARGET_PAGE_MASK)
135 def guest_phys_blocks_init(self):
136 self.guest_phys_blocks = []
138 def guest_phys_blocks_append(self):
139 print "guest RAM blocks:"
140 print ("target_start target_end host_addr message "
141 "count")
142 print ("---------------- ---------------- ---------------- ------- "
143 "-----")
145 current_map_p = gdb.parse_and_eval("address_space_memory.current_map")
146 current_map = current_map_p.dereference()
147 for cur in range(current_map["nr"]):
148 flat_range = (current_map["ranges"] + cur).dereference()
149 mr = flat_range["mr"].dereference()
151 # we only care about RAM
152 if (not mr["ram"]):
153 continue
155 section_size = self.int128_get64(flat_range["addr"]["size"])
156 target_start = self.int128_get64(flat_range["addr"]["start"])
157 target_end = target_start + section_size
158 host_addr = (self.memory_region_get_ram_ptr(mr) +
159 flat_range["offset_in_region"])
160 predecessor = None
162 # find continuity in guest physical address space
163 if (len(self.guest_phys_blocks) > 0):
164 predecessor = self.guest_phys_blocks[-1]
165 predecessor_size = (predecessor["target_end"] -
166 predecessor["target_start"])
168 # the memory API guarantees monotonically increasing
169 # traversal
170 assert (predecessor["target_end"] <= target_start)
172 # we want continuity in both guest-physical and
173 # host-virtual memory
174 if (predecessor["target_end"] < target_start or
175 predecessor["host_addr"] + predecessor_size != host_addr):
176 predecessor = None
178 if (predecessor is None):
179 # isolated mapping, add it to the list
180 self.guest_phys_blocks.append({"target_start": target_start,
181 "target_end" : target_end,
182 "host_addr" : host_addr})
183 message = "added"
184 else:
185 # expand predecessor until @target_end; predecessor's
186 # start doesn't change
187 predecessor["target_end"] = target_end
188 message = "joined"
190 print ("%016x %016x %016x %-7s %5u" %
191 (target_start, target_end, host_addr.cast(self.uintptr_t),
192 message, len(self.guest_phys_blocks)))
194 def cpu_get_dump_info(self):
195 # We can't synchronize the registers with KVM post-mortem, and
196 # the bits in (first_x86_cpu->env.hflags) seem to be stale; they
197 # may not reflect long mode for example. Hence just assume the
198 # most common values. This also means that instruction pointer
199 # etc. will be bogus in the dump, but at least the RAM contents
200 # should be valid.
201 self.dump_info = {"d_machine": self.EM_X86_64,
202 "d_endian" : self.ELFDATA2LSB,
203 "d_class" : self.ELFCLASS64}
205 def encode_elf64_ehdr_le(self):
206 return self.elf64_ehdr_le.pack(
207 self.ELFMAG, # e_ident/magic
208 self.dump_info["d_class"], # e_ident/class
209 self.dump_info["d_endian"], # e_ident/data
210 self.EV_CURRENT, # e_ident/version
211 0, # e_ident/osabi
212 "", # e_ident/pad
213 self.ET_CORE, # e_type
214 self.dump_info["d_machine"], # e_machine
215 self.EV_CURRENT, # e_version
216 0, # e_entry
217 self.elf64_ehdr_le.size, # e_phoff
218 0, # e_shoff
219 0, # e_flags
220 self.elf64_ehdr_le.size, # e_ehsize
221 self.elf64_phdr_le.size, # e_phentsize
222 self.phdr_num, # e_phnum
223 0, # e_shentsize
224 0, # e_shnum
225 0 # e_shstrndx
228 def encode_elf64_note_le(self):
229 return self.elf64_phdr_le.pack(self.PT_NOTE, # p_type
230 0, # p_flags
231 (self.memory_offset -
232 len(self.note)), # p_offset
233 0, # p_vaddr
234 0, # p_paddr
235 len(self.note), # p_filesz
236 len(self.note), # p_memsz
237 0 # p_align
240 def encode_elf64_load_le(self, offset, start_hwaddr, range_size):
241 return self.elf64_phdr_le.pack(self.PT_LOAD, # p_type
242 0, # p_flags
243 offset, # p_offset
244 0, # p_vaddr
245 start_hwaddr, # p_paddr
246 range_size, # p_filesz
247 range_size, # p_memsz
248 0 # p_align
251 def note_init(self, name, desc, type):
252 # name must include a trailing NUL
253 namesz = (len(name) + 1 + 3) / 4 * 4
254 descsz = (len(desc) + 3) / 4 * 4
255 fmt = ("<" # little endian
256 "I" # n_namesz
257 "I" # n_descsz
258 "I" # n_type
259 "%us" # name
260 "%us" # desc
261 % (namesz, descsz))
262 self.note = struct.pack(fmt,
263 len(name) + 1, len(desc), type, name, desc)
265 def dump_init(self):
266 self.guest_phys_blocks_init()
267 self.guest_phys_blocks_append()
268 self.cpu_get_dump_info()
269 # we have no way to retrieve the VCPU status from KVM
270 # post-mortem
271 self.note_init("NONE", "EMPTY", 0)
273 # Account for PT_NOTE.
274 self.phdr_num = 1
276 # We should never reach PN_XNUM for paging=false dumps: there's
277 # just a handful of discontiguous ranges after merging.
278 self.phdr_num += len(self.guest_phys_blocks)
279 assert (self.phdr_num < self.PN_XNUM)
281 # Calculate the ELF file offset where the memory dump commences:
283 # ELF header
284 # PT_NOTE
285 # PT_LOAD: 1
286 # PT_LOAD: 2
287 # ...
288 # PT_LOAD: len(self.guest_phys_blocks)
289 # ELF note
290 # memory dump
291 self.memory_offset = (self.elf64_ehdr_le.size +
292 self.elf64_phdr_le.size * self.phdr_num +
293 len(self.note))
295 def dump_begin(self, vmcore):
296 vmcore.write(self.encode_elf64_ehdr_le())
297 vmcore.write(self.encode_elf64_note_le())
298 running = self.memory_offset
299 for block in self.guest_phys_blocks:
300 range_size = block["target_end"] - block["target_start"]
301 vmcore.write(self.encode_elf64_load_le(running,
302 block["target_start"],
303 range_size))
304 running += range_size
305 vmcore.write(self.note)
307 def dump_iterate(self, vmcore):
308 qemu_core = gdb.inferiors()[0]
309 for block in self.guest_phys_blocks:
310 cur = block["host_addr"]
311 left = block["target_end"] - block["target_start"]
312 print ("dumping range at %016x for length %016x" %
313 (cur.cast(self.uintptr_t), left))
314 while (left > 0):
315 chunk_size = min(self.TARGET_PAGE_SIZE, left)
316 chunk = qemu_core.read_memory(cur, chunk_size)
317 vmcore.write(chunk)
318 cur += chunk_size
319 left -= chunk_size
321 def create_vmcore(self, filename):
322 vmcore = open(filename, "wb")
323 self.dump_begin(vmcore)
324 self.dump_iterate(vmcore)
325 vmcore.close()
327 def invoke(self, args, from_tty):
328 # Unwittingly pressing the Enter key after the command should
329 # not dump the same multi-gig coredump to the same file.
330 self.dont_repeat()
332 argv = gdb.string_to_argv(args)
333 if (len(argv) != 1):
334 raise gdb.GdbError("usage: dump-guest-memory FILE")
336 self.dump_init()
337 self.create_vmcore(argv[0])
339 DumpGuestMemory()