----- "Bob Clark" <bclark(a)marathontechnologies.com> wrote:
I'm trying to analyze a xen linux guest crashdump and I'm
receiving
the
following error:
crash: cannot determine vcpu_guest_context.ctrlreg offset
The crashdump was produced from Xen 5.0.0 by setting the
actions-after-crash parameter to coredump_and_restart, and then
crashing
the guest VM. I'm using crash version 4.0-7.4.
Thanks in advance for any help.
Bob
My experience is with Red Hat's Xen 3.1.x-era xendumps only, but
the crash utility needs the cr3 register value from the guest's
vcpu_guest_context structure, which contains the starting mfn
value (the page directory value) required for translating
pseudo-physical memory to machine memory (p2m), and from that
value, the location in the dumpfile.
In any case, the cr3 has always been found in the vcpu_guest_context
structure's ctrlreg[] array. Take the vmlinux file that you are
using, and do this:
# gdb vmlinux
GNU gdb Red Hat Linux (6.5-37.el5rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/i686/nosegneg/libthread_db.so.1".
(gdb) ptype struct vcpu_guest_context
type = struct vcpu_guest_context {
struct {
char x[512];
} fpu_ctxt;
long unsigned int flags;
struct cpu_user_regs user_regs;
struct trap_info trap_ctxt[256];
long unsigned int ldt_base;
long unsigned int ldt_ents;
long unsigned int gdt_frames[16];
long unsigned int gdt_ents;
long unsigned int kernel_ss;
long unsigned int kernel_sp;
long unsigned int ctrlreg[8]; <--- this is what's required by crash
long unsigned int debugreg[8];
long unsigned int event_callback_cs;
long unsigned int event_callback_eip;
long unsigned int failsafe_callback_cs;
long unsigned int failsafe_callback_eip;
long unsigned int vm_assist;
}
(gdb)
Has xen 5.0.0 changed the structure's declaration?
Dave