[mirror_qemu.git] / win_dump.c

/*
 * Windows crashdump
 *
 * Copyright (c) 2018 Virtuozzo International GmbH
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or later.
 * See the COPYING file in the top-level directory.
 *
 */

#include "qemu/osdep.h"
#include "qemu/cutils.h"
#include "elf.h"
#include "cpu.h"
#include "exec/hwaddr.h"
#include "monitor/monitor.h"
#include "sysemu/kvm.h"
#include "sysemu/dump.h"
#include "sysemu/sysemu.h"
#include "sysemu/memory_mapping.h"
#include "sysemu/cpus.h"
#include "qapi/error.h"
#include "qapi/qmp/qerror.h"
#include "qemu/error-report.h"
#include "hw/misc/vmcoreinfo.h"
#include "win_dump.h"

static size_t write_run(WinDumpPhyMemRun64 *run, int fd, Error **errp)
{
    void *buf;
    uint64_t addr = run->BasePage << TARGET_PAGE_BITS;
    uint64_t size = run->PageCount << TARGET_PAGE_BITS;
    uint64_t len = size;

    buf = cpu_physical_memory_map(addr, &len, false);
    if (!buf) {
        error_setg(errp, "win-dump: failed to map run");
        return 0;
    }
    if (len != size) {
        error_setg(errp, "win-dump: failed to map entire run");
        len = 0;
        goto out_unmap;
    }

    len = qemu_write_full(fd, buf, len);
    if (len != size) {
        error_setg(errp, QERR_IO_ERROR);
    }

out_unmap:
    cpu_physical_memory_unmap(buf, addr, false, len);

    return len;
}

static void write_runs(DumpState *s, WinDumpHeader64 *h, Error **errp)
{
    WinDumpPhyMemDesc64 *desc = &h->PhysicalMemoryBlock;
    WinDumpPhyMemRun64 *run = desc->Run;
    Error *local_err = NULL;
    int i;

    for (i = 0; i < desc->NumberOfRuns; i++) {
        s->written_size += write_run(run + i, s->fd, &local_err);
        if (local_err) {
            error_propagate(errp, local_err);
            return;
        }
    }
}

static void patch_mm_pfn_database(WinDumpHeader64 *h, Error **errp)
{
    if (cpu_memory_rw_debug(first_cpu,
            h->KdDebuggerDataBlock + KDBG_MM_PFN_DATABASE_OFFSET64,
            (uint8_t *)&h->PfnDatabase, sizeof(h->PfnDatabase), 0)) {
        error_setg(errp, "win-dump: failed to read MmPfnDatabase");
        return;
    }
}

static void patch_bugcheck_data(WinDumpHeader64 *h, Error **errp)
{
    uint64_t KiBugcheckData;

    if (cpu_memory_rw_debug(first_cpu,
            h->KdDebuggerDataBlock + KDBG_KI_BUGCHECK_DATA_OFFSET64,
            (uint8_t *)&KiBugcheckData, sizeof(KiBugcheckData), 0)) {
        error_setg(errp, "win-dump: failed to read KiBugcheckData");
        return;
    }

    if (cpu_memory_rw_debug(first_cpu,
            KiBugcheckData,
            h->BugcheckData, sizeof(h->BugcheckData), 0)) {
        error_setg(errp, "win-dump: failed to read bugcheck data");
        return;
    }
}

/*
 * This routine tries to correct mistakes in crashdump header.
 */
static void patch_header(WinDumpHeader64 *h)
{
    Error *local_err = NULL;

    h->RequiredDumpSpace = sizeof(WinDumpHeader64) +
            (h->PhysicalMemoryBlock.NumberOfPages << TARGET_PAGE_BITS);
    h->PhysicalMemoryBlock.unused = 0;
    h->unused1 = 0;

    /*
     * We assume h->DirectoryBase and current CR3 are the same when we access
     * memory by virtual address. In other words, we suppose current context
     * is system context. It is definetely true in case of BSOD.
     */

    patch_mm_pfn_database(h, &local_err);
    if (local_err) {
        warn_report_err(local_err);
        local_err = NULL;
    }
    patch_bugcheck_data(h, &local_err);
    if (local_err) {
        warn_report_err(local_err);
    }
}

static void check_header(WinDumpHeader64 *h, Error **errp)
{
    const char Signature[] = "PAGE";
    const char ValidDump[] = "DU64";

    if (memcmp(h->Signature, Signature, sizeof(h->Signature))) {
        error_setg(errp, "win-dump: invalid header, expected '%.4s',"
                         " got '%.4s'", Signature, h->Signature);
        return;
    }

    if (memcmp(h->ValidDump, ValidDump, sizeof(h->ValidDump))) {
        error_setg(errp, "win-dump: invalid header, expected '%.4s',"
                         " got '%.4s'", ValidDump, h->ValidDump);
        return;
    }
}

static void check_kdbg(WinDumpHeader64 *h, Error **errp)
{
    const char OwnerTag[] = "KDBG";
    char read_OwnerTag[4];

    if (cpu_memory_rw_debug(first_cpu,
            h->KdDebuggerDataBlock + KDBG_OWNER_TAG_OFFSET64,
            (uint8_t *)&read_OwnerTag, sizeof(read_OwnerTag), 0)) {
        error_setg(errp, "win-dump: failed to read OwnerTag");
        return;
    }

    if (memcmp(read_OwnerTag, OwnerTag, sizeof(read_OwnerTag))) {
        error_setg(errp, "win-dump: invalid KDBG OwnerTag,"
                         " expected '%.4s', got '%.4s',"
                         " KdDebuggerDataBlock seems to be encrypted",
                         OwnerTag, read_OwnerTag);
        return;
    }
}

void create_win_dump(DumpState *s, Error **errp)
{
    WinDumpHeader64 *h = (WinDumpHeader64 *)(s->guest_note +
            VMCOREINFO_ELF_NOTE_HDR_SIZE);
    Error *local_err = NULL;

    if (s->guest_note_size != sizeof(WinDumpHeader64) +
            VMCOREINFO_ELF_NOTE_HDR_SIZE) {
        error_setg(errp, "win-dump: invalid vmcoreinfo note size");
        return;
    }

    check_header(h, &local_err);
    if (local_err) {
        error_propagate(errp, local_err);
        return;
    }

    check_kdbg(h, &local_err);
    if (local_err) {
        error_propagate(errp, local_err);
        return;
    }

    patch_header(h);

    s->total_size = h->RequiredDumpSpace;

    s->written_size = qemu_write_full(s->fd, h, sizeof(*h));
    if (s->written_size != sizeof(*h)) {
        error_setg(errp, QERR_IO_ERROR);
        return;
    }

    write_runs(s, h, &local_err);
    if (local_err) {
        error_propagate(errp, local_err);
        return;
    }
}
Commit	Line	Data
2da91b54 VP	1	/*
	2	* Windows crashdump
	3	*
	4	* Copyright (c) 2018 Virtuozzo International GmbH
	5	*
	6	* This work is licensed under the terms of the GNU GPL, version 2 or later.
	7	* See the COPYING file in the top-level directory.
	8	*
	9	*/
	10
	11	#include "qemu/osdep.h"
	12	#include "qemu/cutils.h"
	13	#include "elf.h"
	14	#include "cpu.h"
	15	#include "exec/hwaddr.h"
	16	#include "monitor/monitor.h"
	17	#include "sysemu/kvm.h"
	18	#include "sysemu/dump.h"
	19	#include "sysemu/sysemu.h"
	20	#include "sysemu/memory_mapping.h"
	21	#include "sysemu/cpus.h"
	22	#include "qapi/error.h"
	23	#include "qapi/qmp/qerror.h"
	24	#include "qemu/error-report.h"
	25	#include "hw/misc/vmcoreinfo.h"
	26	#include "win_dump.h"
	27
	28	static size_t write_run(WinDumpPhyMemRun64 run, int fd, Error *errp)
	29	{
	30	void *buf;
	31	uint64_t addr = run->BasePage << TARGET_PAGE_BITS;
	32	uint64_t size = run->PageCount << TARGET_PAGE_BITS;
	33	uint64_t len = size;
	34
	35	buf = cpu_physical_memory_map(addr, &len, false);
	36	if (!buf) {
	37	error_setg(errp, "win-dump: failed to map run");
	38	return 0;
	39	}
	40	if (len != size) {
	41	error_setg(errp, "win-dump: failed to map entire run");
	42	len = 0;
	43	goto out_unmap;
	44	}
	45
	46	len = qemu_write_full(fd, buf, len);
	47	if (len != size) {
	48	error_setg(errp, QERR_IO_ERROR);
	49	}
	50
	51	out_unmap:
	52	cpu_physical_memory_unmap(buf, addr, false, len);
	53
	54	return len;
	55	}
	56
	57	static void write_runs(DumpState s, WinDumpHeader64 h, Error **errp)
	58	{
	59	WinDumpPhyMemDesc64 *desc = &h->PhysicalMemoryBlock;
	60	WinDumpPhyMemRun64 *run = desc->Run;
	61	Error *local_err = NULL;
	62	int i;
	63
	64	for (i = 0; i < desc->NumberOfRuns; i++) {
65	s->written_size += write_run(run + i, s->fd, &local_err);
66	if (local_err) {
67	error_propagate(errp, local_err);
68	return;
69	}
70	}
71	}
72
73	static void patch_mm_pfn_database(WinDumpHeader64 h, Error *errp)
74	{
75	if (cpu_memory_rw_debug(first_cpu,
76	h->KdDebuggerDataBlock + KDBG_MM_PFN_DATABASE_OFFSET64,
77	(uint8_t *)&h->PfnDatabase, sizeof(h->PfnDatabase), 0)) {
78	error_setg(errp, "win-dump: failed to read MmPfnDatabase");
79	return;
80	}
81	}
82
83	static void patch_bugcheck_data(WinDumpHeader64 h, Error *errp)
84	{
85	uint64_t KiBugcheckData;
86
87	if (cpu_memory_rw_debug(first_cpu,
88	h->KdDebuggerDataBlock + KDBG_KI_BUGCHECK_DATA_OFFSET64,
89	(uint8_t *)&KiBugcheckData, sizeof(KiBugcheckData), 0)) {
90	error_setg(errp, "win-dump: failed to read KiBugcheckData");
91	return;
92	}
93
94	if (cpu_memory_rw_debug(first_cpu,
95	KiBugcheckData,
96	h->BugcheckData, sizeof(h->BugcheckData), 0)) {
97	error_setg(errp, "win-dump: failed to read bugcheck data");
98	return;
99	}
100	}
101
102	/*
103	* This routine tries to correct mistakes in crashdump header.
104	*/
105	static void patch_header(WinDumpHeader64 *h)
106	{
107	Error *local_err = NULL;
108
109	h->RequiredDumpSpace = sizeof(WinDumpHeader64) +
110	(h->PhysicalMemoryBlock.NumberOfPages << TARGET_PAGE_BITS);
111	h->PhysicalMemoryBlock.unused = 0;
112	h->unused1 = 0;
113
114	/*
115	* We assume h->DirectoryBase and current CR3 are the same when we access
116	* memory by virtual address. In other words, we suppose current context
117	* is system context. It is definetely true in case of BSOD.
118	*/
119
120	patch_mm_pfn_database(h, &local_err);
121	if (local_err) {
122	warn_report_err(local_err);
123	local_err = NULL;
124	}
125	patch_bugcheck_data(h, &local_err);
126	if (local_err) {
127	warn_report_err(local_err);
128	}
129	}
130
131	static void check_header(WinDumpHeader64 h, Error *errp)
132	{
133	const char Signature[] = "PAGE";
134	const char ValidDump[] = "DU64";
135
136	if (memcmp(h->Signature, Signature, sizeof(h->Signature))) {
137	error_setg(errp, "win-dump: invalid header, expected '%.4s',"
138	" got '%.4s'", Signature, h->Signature);
139	return;
140	}
141
142	if (memcmp(h->ValidDump, ValidDump, sizeof(h->ValidDump))) {
143	error_setg(errp, "win-dump: invalid header, expected '%.4s',"
144	" got '%.4s'", ValidDump, h->ValidDump);
145	return;
146	}
147	}
148
149	static void check_kdbg(WinDumpHeader64 h, Error *errp)
150	{
151	const char OwnerTag[] = "KDBG";
152	char read_OwnerTag[4];
153
154	if (cpu_memory_rw_debug(first_cpu,
155	h->KdDebuggerDataBlock + KDBG_OWNER_TAG_OFFSET64,
156	(uint8_t *)&read_OwnerTag, sizeof(read_OwnerTag), 0)) {
157	error_setg(errp, "win-dump: failed to read OwnerTag");
158	return;
159	}
160
161	if (memcmp(read_OwnerTag, OwnerTag, sizeof(read_OwnerTag))) {
162	error_setg(errp, "win-dump: invalid KDBG OwnerTag,"
163	" expected '%.4s', got '%.4s',"
164	" KdDebuggerDataBlock seems to be encrypted",
165	OwnerTag, read_OwnerTag);
166	return;
167	}
168	}
169
170	void create_win_dump(DumpState s, Error *errp)
171	{
172	WinDumpHeader64 h = (WinDumpHeader64 )(s->guest_note +
173	VMCOREINFO_ELF_NOTE_HDR_SIZE);
174	Error *local_err = NULL;
175
176	if (s->guest_note_size != sizeof(WinDumpHeader64) +
177	VMCOREINFO_ELF_NOTE_HDR_SIZE) {
178	error_setg(errp, "win-dump: invalid vmcoreinfo note size");
179	return;
180	}
181
182	check_header(h, &local_err);
183	if (local_err) {
184	error_propagate(errp, local_err);
185	return;
186	}
187
188	check_kdbg(h, &local_err);
189	if (local_err) {
190	error_propagate(errp, local_err);
191	return;
192	}
193
194	patch_header(h);
195
196	s->total_size = h->RequiredDumpSpace;
197
198	s->written_size = qemu_write_full(s->fd, h, sizeof(*h));
199	if (s->written_size != sizeof(*h)) {
200	error_setg(errp, QERR_IO_ERROR);
201	return;
202	}
203
204	write_runs(s, h, &local_err);
205	if (local_err) {
206	error_propagate(errp, local_err);
207	return;
208	}
209	}