Re: [Crash-utility] Kernel Crash Analysis on Android
by Shankar, AmarX
Hi Dave,
Thanks for your info regarding kexec tool.
I am unable to download kexec from below link.
http://www.kernel.org/pub/linux/kernel/people/horms/kexec-tools/kexec-too...
It says HTTP 404 Page Not Found.
Could you please guide me on this?
Thanks & Regards,
Amar Shankar
> On Wed, Mar 21, 2012 at 06:00:00PM +0000, Shankar, AmarX wrote:
>
> > I want to do kernel crash Analysis on Android Merrifield Target.
> >
> > Could someone please help me how to do it?
>
> Merrifield is pretty much similar than Medfield, e.g it has x86 core. So I
> guess you can follow the instructions how to setup kdump on x86 (see
> Documentation/kdump/kdump.txt) unless you already have that configured.
>
> crash should support this directly presuming you have vmlinux/vmcore files to
> feed it. You can configure crash to support x86 on x86_64 host by running:
>
> % make target=X86
> & make
>
> (or something along those lines).
Right -- just the first make command will suffice, i.e., when running
on an x86_64 host:
$ wget http://people.redhat.com/anderson/crash-6.0.4.tar.gz
$ tar xzf crash-6.0.4.tar.gz
...
$ cd crash-6.0.4
$ make target=X86
...
$ ./crash <path-to>/vmlinux <path-to>/vmcore
Dave
From: Shankar, AmarX
Sent: Wednesday, March 21, 2012 11:30 PM
To: 'crash-utility(a)redhat.com'
Subject: Kernel Crash Analysis on Android
Hi,
I want to do kernel crash Analysis on Android Merrifield Target.
Could someone please help me how to do it?
Thanks & Regards,
Amar Shankar
11 months, 4 weeks
[PATCH] kmem, snap: iomem/ioport display and vmcore snapshot support
by HATAYAMA Daisuke
Some days ago I was in a situation that I had to convert vmcore in
kvmdump format into ELF since some extension module we have locally
can be used only on relatively old crash utility, around version 4,
but such old crash utility cannot handle kvmdump format.
To do the conversion in handy, I used snap command with some modifications
so that it tries to use iomem information in vmcore instead of host's
/proc/iomem. This patch is its cleaned-up version.
In this development, I naturally got down to also making an interface
for an access to resource objects, and so together with the snap
command's patch, I also extended kmem command for iomem/ioport
support. Actually:
kmem -r displays /proc/iomem
crash> kmem -r
00000000-0000ffff : reserved
00010000-0009dbff : System RAM
0009dc00-0009ffff : reserved
000c0000-000c7fff : Video ROM
...
and kmem -R displays /proc/ioport
crash> kmem -R
0000-001f : dma1
0020-0021 : pic1
0040-0043 : timer0
0050-0053 : timer1
...
Looking into old version of kernel source code back, resource structure
has been unchanged since linux-2.4.0. I borrowed the way of walking on
resouce tree in this patch from the lastest v3.3-rc series, but I
guess the logic is also applicable to old kernels. I expect Dave's
regression testsuite.
Also, there would be another command more sutable for iomem/ioport.
If necessay, I'll repost the patch.
---
HATAYAMA Daisuke (4):
Add vmcore snapshot support
Add kmem -r and -R options
Add dump iomem/ioport functions; a helper for resource objects
Add a helper function for iterating resource objects
defs.h | 9 ++++
extensions/snap.c | 54 ++++++++++++++++++++++-
help.c | 2 +
memory.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++--
4 files changed, 180 insertions(+), 7 deletions(-)
--
Thanks.
HATAYAMA Daisuke
11 months, 4 weeks
Re: [Crash-utility] question about phys_base
by Dave Anderson
----- Original Message -----
> >
> > OK, so then I don't understand what you mean by "may be the same"?
> >
> > You didn't answer my original question, but if I understand you correctly,
> > it would be impossible for the qemu host to create a PT_LOAD segment that
> > describes an x86_64 guest's __START_KERNEL_map region, because the host
> > doesn't know that what kind of kernel the guest is running.
>
> Yes. Even if the guest is linux, it is still impossible to do it. Because
> the guest maybe in the second kernel.
>
> qemu-dump walks all guest's page table and collect virtual address and
> physical address mapping. If the page is not used by guest, the virtual is set
> to 0. I create PT_LOAD according to such mapping. So if the guest is linux,
> there may be a PT_LOAD segment that describes __START_KERNEL_map region.
> But the information stored in PT_LOAD maybe for the second kernel. If crash
> uses it, crash will see the second kernel, not the first kernel.
Just to be clear -- what do you mean by the "second" kernel? Do you
mean that a guest kernel crashed guest, and did a kdump operation,
and that second kdump kernel failed somehow, and now you're trying
to do a "virsh dump" on the kdump kernel?
Dave
11 months, 4 weeks
question about phys_base
by Wen Congyang
Hi, Dave
I am implementing a new dump command in the qemu. The vmcore's
format is elf(like kdump). And I try to provide phys_base in
the PT_LOAD. But if the os uses the first vcpu do kdump, the
value of phys_base is wrong.
I find a function x86_64_virt_phys_base() in crash's code.
Is it OK to call this function first? If the function
successes, we do not calculate phys_base according to PT_LOAD.
Thanks
Wen Congyang
11 months, 4 weeks
[PATCH] runq: search current task's runqueue explicitly
by HATAYAMA Daisuke
Currently, runq sub-command doesn't consider CFS runqueue's current
task removed from CFS runqueue. Due to this, the remaining CFS
runqueus that follow the current task's is not displayed. This patch
fixes this by making runq sub-command search current task's runqueue
explicitly.
Note that CFS runqueue exists for each task group, and so does CFS
runqueue's current task, and the above search needs to be done
recursively.
Test
====
On vmcore I made 7 task groups:
root group --- A --- AA --- AAA
+ +- AAB
|
+- AB --- ABA
+- ABB
and then I ran three CPU bound tasks, which is exactly the same as
int main(void) { for (;;) continue; return 0; }
for each task group, including root group; so total 24 tasks. For
readability, I annotated each task name with its belonging group name.
For example, loop.ABA belongs to task group ABA.
Look at CPU0 collumn below. [before] lacks 8 tasks and [after]
successfully shows all tasks on the runqueue, which is identical to
the result of [sched debug] that is expected to ouput correct result.
I'll send this vmcore later.
[before]
crash> runq | cat
CPU 0 RUNQUEUE: ffff88000a215f80
CURRENT: PID: 28263 TASK: ffff880037aaa040 COMMAND: "loop.ABA"
RT PRIO_ARRAY: ffff88000a216098
[no tasks queued]
CFS RB_ROOT: ffff88000a216010
[120] PID: 28262 TASK: ffff880037cc40c0 COMMAND: "loop.ABA"
<cut>
[after]
crash_fix> runq
CPU 0 RUNQUEUE: ffff88000a215f80
CURRENT: PID: 28263 TASK: ffff880037aaa040 COMMAND: "loop.ABA"
RT PRIO_ARRAY: ffff88000a216098
[no tasks queued]
CFS RB_ROOT: ffff88000a216010
[120] PID: 28262 TASK: ffff880037cc40c0 COMMAND: "loop.ABA"
[120] PID: 28271 TASK: ffff8800787a8b40 COMMAND: "loop.ABB"
[120] PID: 28272 TASK: ffff880037afd580 COMMAND: "loop.ABB"
[120] PID: 28245 TASK: ffff8800785e8b00 COMMAND: "loop.AB"
[120] PID: 28246 TASK: ffff880078628ac0 COMMAND: "loop.AB"
[120] PID: 28241 TASK: ffff880078616b40 COMMAND: "loop.AA"
[120] PID: 28239 TASK: ffff8800785774c0 COMMAND: "loop.AA"
[120] PID: 28240 TASK: ffff880078617580 COMMAND: "loop.AA"
[120] PID: 28232 TASK: ffff880079b5d4c0 COMMAND: "loop.A"
<cut>
[sched debug]
crash> runq -d
CPU 0
[120] PID: 28232 TASK: ffff880079b5d4c0 COMMAND: "loop.A"
[120] PID: 28239 TASK: ffff8800785774c0 COMMAND: "loop.AA"
[120] PID: 28240 TASK: ffff880078617580 COMMAND: "loop.AA"
[120] PID: 28241 TASK: ffff880078616b40 COMMAND: "loop.AA"
[120] PID: 28245 TASK: ffff8800785e8b00 COMMAND: "loop.AB"
[120] PID: 28246 TASK: ffff880078628ac0 COMMAND: "loop.AB"
[120] PID: 28262 TASK: ffff880037cc40c0 COMMAND: "loop.ABA"
[120] PID: 28263 TASK: ffff880037aaa040 COMMAND: "loop.ABA"
[120] PID: 28271 TASK: ffff8800787a8b40 COMMAND: "loop.ABB"
[120] PID: 28272 TASK: ffff880037afd580 COMMAND: "loop.ABB"
<cut>
Diff stat
=========
defs.h | 1 +
task.c | 37 +++++++++++++++++--------------------
2 files changed, 18 insertions(+), 20 deletions(-)
Thanks.
HATAYAMA, Daisuke
11 months, 4 weeks
[RFC] makedumpfile, crash: LZO compression support
by HATAYAMA Daisuke
Hello,
This is a RFC patch set that adds LZO compression support to
makedumpfile and crash utility. LZO is as good as in size but by far
better in speed than ZLIB, leading to reducing down time during
generation of crash dump and refiltering.
How to build:
1. Get LZO library, which is provided as lzo-devel package on recent
linux distributions, and is also available on author's website:
http://www.oberhumer.com/opensource/lzo/.
2. Apply the patch set to makedumpfile v1.4.0 and crash v6.0.0.
3. Build both using make. But for crash, do the following now:
$ make CFLAGS="-llzo2"
How to use:
I've newly used -l option for lzo compression in this patch. So for
example, do as follows:
$ makedumpfile -l vmcore dumpfile
$ crash vmlinux dumpfile
Request of configure-like feature for crash utility:
I would like configure-like feature on crash utility for users to
select wheather to add LZO feature actually or not in build-time,
that is: ./configure --enable-lzo or ./configure --disable-lzo.
The reason is that support staff often downloads and installs the
latest version of crash utility on machines where lzo library is not
provided.
Looking at the source code, it looks to me that crash does some kind
of configuration processing in a local manner, around configure.c,
and I guess it's difficult to use autoconf tools directly.
Or is there another better way?
Performance Comparison:
Sample Data
Ideally, I must have measured the performance for many enough
vmcores generated from machines that was actually running, but now
I don't have enough sample vmcores, I couldn't do so. So this
comparison doesn't answer question on I/O time improvement. This
is TODO for now.
Instead, I choosed worst and best cases regarding compression
ratio and speed only. Specifically, the former is /dev/urandom and
the latter is /dev/zero.
I get the sample data of 10MB, 100MB and 1GB by doing like this:
$ dd bs=4096 count=$((1024*1024*1024/4096)) if=/dev/urandom of=urandom.1GB
How to measure
Then I performed compression for each block, 4096 bytes, and
measured total compression time and output size. See attached
mycompress.c.
Result
See attached file result.txt.
Discussion
For both kinds of data, lzo's compression was considerably quicker
than zlib's. Compression ratio is about 37% for urandom data, and
about 8.5% for zero data. Actual situation of physical memory
would be in between the two cases, and so I guess average
compression time ratio is between 37% and 8.5%.
Although beyond the topic of this patch set, we can estimate worst
compression time on more data size since compression is performed
block size wise and the compression time increases
linearly. Estimated worst time on 2TB memory is about 15 hours for
lzo and about 40 hours for zlib. In this case, compressed data
size is larger than the original, so they are really not used,
compression time is fully meaningless. I think compression must be
done in parallel, and I'll post such patch later.
Diffstat
* makedumpfile
diskdump_mod.h | 3 +-
makedumpfile.c | 98 +++++++++++++++++++++++++++++++++++++++++++++++++------
makedumpfile.h | 12 +++++++
3 files changed, 101 insertions(+), 12 deletions(-)
* crash
defs.h | 1 +
diskdump.c | 20 +++++++++++++++++++-
diskdump.h | 3 ++-
3 files changed, 22 insertions(+), 2 deletions(-)
TODO
* evaluation including I/O time using actual vmcores
Thanks.
HATAYAMA, Daisuke
11 months, 4 weeks
Re: [Crash-utility] [RFI] Support Fujitsu's sadump dump format
by tachibana@mxm.nes.nec.co.jp
Hi Hatayama-san,
On 2011/06/29 12:12:18 +0900, HATAYAMA Daisuke <d.hatayama(a)jp.fujitsu.com> wrote:
> From: Dave Anderson <anderson(a)redhat.com>
> Subject: Re: [Crash-utility] [RFI] Support Fujitsu's sadump dump format
> Date: Tue, 28 Jun 2011 08:57:42 -0400 (EDT)
>
> >
> >
> > ----- Original Message -----
> >> Fujitsu has stand-alone dump mechanism based on firmware level
> >> functionality, which we call SADUMP, in short.
> >>
> >> We've maintained utility tools internally but now we're thinking that
> >> the best is crash utility and makedumpfile supports the sadump format
> >> for the viewpoint of both portability and maintainability.
> >>
> >> We'll be of course responsible for its maintainance in a continuous
> >> manner. The sadump dump format is very similar to diskdump format and
> >> so kdump (compressed) format, so we estimate patch set would be a
> >> relatively small size.
> >>
> >> Could you tell me whether crash utility and makedumpfile can support
> >> the sadump format? If OK, we'll start to make patchset.
I think it's not bad to support sadump by makedumpfile. However I have
several questions.
- Do you want to use makedumpfile to make an existing file that sadump has
dumped small?
- It isn't possible to support the same form as kdump-compressed format
now, is it?
- When the information that makedumpfile reads from a note of /proc/vmcore
(or a header of kdump-compressed format) is added by an extension of
makedumpfile, do you need to modify sadump?
Thanks
tachibana
> >
> > Sure, yes, the crash utility can always support another dumpfile format.
> >
>
> Thanks. It helps a lot.
>
> > It's unclear to me how similar SADUMP is to diskdump/compressed-kdump.
> > Does your internal version patch diskdump.c, or do you maintain your
> > own "sadump.c"? I ask because if your patchset is at all intrusive,
> > I'd prefer it be kept in its own file, primarily for maintainability,
> > but also because SADUMP is essentially a black-box to anybody outside
> > Fujitsu.
>
> What I meant when I used ``similar'' is both literally and
> logically. The format consists of diskdump header-like header, two
> kinds of bitmaps used for the same purpose as those in diskump format,
> and memory data. They can be handled in common with the existing data
> structure, diskdump_data, non-intrusively, so I hope they are placed
> in diskdump.c.
>
> On the other hand, there's a code to be placed at such specific
> area. sadump is triggered depending on kdump's progress and so
> register values to be contained in vmcore varies according to the
> progress: If crash_notes has been initialized when sadump is
> triggered, sadump packs the register values in crash_notes; if not
> yet, packs registers gathered by firmware. This is sadump specific
> processing, so I think putting it in specific sadump.c file is a
> natural and reasonable choise.
>
> Anyway, I have not made any patch set for this. I'll post a patch set
> when I complete.
>
> Again, thanks a lot for the positive answer.
>
> Thanks.
> HATAYAMA, Daisuke
>
>
> _______________________________________________
> kexec mailing list
> kexec(a)lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
11 months, 4 weeks
[PATCH v4 0/6] Generalize KASLR calculation and use it for KDUMPs
by Sergio Lopez
Commit 45b74b89530d611b3fa95a1041e158fbb865fa84 added support for
calculating phys_base and kernel offset for KASLR-enabled kernels on
SADUMPs by using a technique developed by Takao Indoh. Originally, the
patchset included support for KDUMPs, but this was dropped in v2, as it
was deemed unnecessary due to the implementation of the vmcoreinfo
device in QEMU.
Sadly, there are many reasons for which the vmcoreinfo device may not be
present in the moment of taking the memory dump from a VM, ranging from
a Host running older QEMU/libvirt versions, to misconfigured VMs or
environments running Hypervisors that doesn't support this device.
This patchset generalizes the kaslr related functions from sadump.c
moving them to kaslr_helper.c, and makes KDUMP analysis fallback to
KASLR offset calculation if vmcoreinfo data is missing.
These changes have been successfully tested with a 3.10.0-830.el7.x86_64
under the following conditions:
- kdump with KASLR and vmcoreinfo
- kdump with KASLR but no vmcoreinfo
- kdump without KASLR ("nokaslr" kernel command line option)
It was also tested that a "crash" patched with these changes still
builds and runs (live and kdump debugging) on an aarch64 machine.
changelog:
v4:
- Add missing brackets in map_cpus_to_prstatus_kdump_cmprs (thanks
Dave)
- Apply coding style suggestions.
- Add support for VMWARE VMSS dumps (vmware_vmss)
- Update copyright and authors on kaslr_helper.c and vmware_vmss.c
v3:
- Merge *get_cr3 and *get_idtr functions and move them to
kaslr_helper.c
- diskdump: drop kaslr_phys_base addition and use
sub_header_kdump->phys_base instead.
- Unconditionally call x86_64_virt_phys_base after grabbing phys_base
v2:
- Limit application to QEMU ELF and QEMU COMPRESSED dumps (thanks Dave)
- Add support for QEMU COMPRESSED dumps (diskdump)
Sergio Lopez (6):
Move kaslr related functions from sadump.c to kaslr_helper.c
Move QEMUCPU* structs from netdump.h to defs.h
netdump: infer kaslr offset for QEMU ELF dumps without vmcoreinfo
diskdump: infer kaslr offset for QEMU COMPRESSED dumps without
vmcoreinfo
vmware_vmss: infer kaslr offset for VMSS dumps
kaslr_helper/vmware_vmss: update copyright and authors
Makefile | 7 +-
defs.h | 43 +++++
diskdump.c | 66 +++++++-
kaslr_helper.c | 494 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
netdump.c | 57 +++++++
netdump.h | 24 +--
sadump.c | 486 ++++----------------------------------------------------
symbols.c | 30 +++-
vmware_vmss.c | 32 +++-
vmware_vmss.h | 1 +
x86_64.c | 34 +++-
11 files changed, 788 insertions(+), 486 deletions(-)
create mode 100644 kaslr_helper.c
--
2.14.3
6 years, 7 months
[PATCH v3] vmware_vmss: read vCPUs regs and show them in 'bt'
by Sergio Lopez
VMSS dump files contain the state of each vCPU at the time of suspending
the VM. This change enables 'crash' to read some relevant registers from
each vCPU state to display them in 'bt' and adds additional output for
commands 'help -D', 'help -r' and 'help -p'.
This is also the first step towards implementing kaslr offset
calculation for VMSS dump files.
---
defs.h | 5 +
help.c | 3 +
kernel.c | 2 +
main.c | 3 +
memory.c | 2 +
vmware_vmss.c | 391 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
vmware_vmss.h | 31 +++++
x86_64.c | 13 +-
8 files changed, 440 insertions(+), 10 deletions(-)
diff --git a/defs.h b/defs.h
index 7998ebf..44efc8a 100644
--- a/defs.h
+++ b/defs.h
@@ -283,6 +283,7 @@ struct number_option {
#define LKCD_KERNTYPES() (pc->flags & KERNTYPES)
#define KVMDUMP_DUMPFILE() (pc->flags & KVMDUMP)
#define SADUMP_DUMPFILE() (pc->flags & SADUMP)
+#define VMSS_DUMPFILE() (pc->flags & VMWARE_VMSS)
#define NETDUMP_LOCAL (0x1) /* netdump_data flags */
#define NETDUMP_REMOTE (0x2)
@@ -6388,6 +6389,10 @@ int vmware_vmss_init(char *filename, FILE *ofp);
uint vmware_vmss_page_size(void);
int read_vmware_vmss(int, void *, int, ulong, physaddr_t);
int write_vmware_vmss(int, void *, int, ulong, physaddr_t);
+void vmware_vmss_display_regs(int, FILE *);
+void get_vmware_vmss_regs(struct bt_info *, ulong *, ulong *);
+int vmware_vmss_memory_dump(FILE *);
+void dump_registers_for_vmss_dump(void);
/*
* gnu_binutils.c
diff --git a/help.c b/help.c
index 5f6d9be..06b7961 100644
--- a/help.c
+++ b/help.c
@@ -710,6 +710,9 @@ dump_registers(void)
} else if (NETDUMP_DUMPFILE() || KDUMP_DUMPFILE()) {
dump_registers_for_elf_dumpfiles();
return;
+ } else if (VMSS_DUMPFILE()) {
+ dump_registers_for_vmss_dump();
+ return;
}
error(FATAL, "-r option not supported on %s\n",
diff --git a/kernel.c b/kernel.c
index 1bf6251..7642217 100644
--- a/kernel.c
+++ b/kernel.c
@@ -2969,6 +2969,8 @@ back_trace(struct bt_info *bt)
get_xendump_regs(bt, &eip, &esp);
else if (SADUMP_DUMPFILE())
get_sadump_regs(bt, &eip, &esp);
+ else if (VMSS_DUMPFILE())
+ get_vmware_vmss_regs(bt, &eip, &esp);
else if (REMOTE_PAUSED()) {
if (!is_task_active(bt->task) || !get_remote_regs(bt, &eip, &esp))
machdep->get_stack_frame(bt, &eip, &esp);
diff --git a/main.c b/main.c
index 2aae0c6..15834cb 100644
--- a/main.c
+++ b/main.c
@@ -1361,6 +1361,9 @@ dump_program_context(void)
if (pc->flags & DISKDUMP)
sprintf(&buf[strlen(buf)],
"%sDISKDUMP", others++ ? "|" : "");
+ if (pc->flags & VMWARE_VMSS)
+ sprintf(&buf[strlen(buf)],
+ "%sVMWARE_VMSS", others++ ? "|" : "");
if (pc->flags & SYSMAP)
sprintf(&buf[strlen(buf)],
"%sSYSMAP", others++ ? "|" : "");
diff --git a/memory.c b/memory.c
index 0669276..9f752c2 100644
--- a/memory.c
+++ b/memory.c
@@ -16909,6 +16909,8 @@ dumpfile_memory(int cmd)
retval = kcore_memory_dump(fp);
else if (pc->flags & SADUMP)
retval = sadump_memory_dump(fp);
+ else if (pc->flags & VMWARE_VMSS)
+ retval = vmware_vmss_memory_dump(fp);
break;
case DUMPFILE_ENVIRONMENT:
diff --git a/vmware_vmss.c b/vmware_vmss.c
index 667676a..3bf0325 100644
--- a/vmware_vmss.c
+++ b/vmware_vmss.c
@@ -25,6 +25,8 @@
#define VMW_PAGE_SIZE (4096)
#define VMW_PAGE_SHIFT (12)
+#define MAX_BLOCK_DUMP (128)
+
static vmssdata vmss = { 0 };
int
@@ -128,7 +130,8 @@ vmware_vmss_init(char *filename, FILE *ofp)
DEBUG_PARSE_PRINT((ofp, LOGPRX"Group: %-20s offset=%#llx size=0x%#llx.\n",
grps[i].name, (ulonglong)grps[i].position, (ulonglong)grps[i].size));
- if (strcmp(grps[i].name, "memory") != 0) {
+ if (strcmp(grps[i].name, "memory") != 0 &&
+ (strcmp(grps[i].name, "cpu") != 0 || !machine_type("X86_64"))) {
continue;
}
@@ -198,12 +201,6 @@ vmware_vmss_init(char *filename, FILE *ofp)
}
blockpos += padsize;
- if (fseek(fp, blockpos + nbytes, SEEK_SET) == -1) {
- error(INFO, LOGPRX"Cannot seek past block at %#llx.\n",
- (ulonglong)(blockpos + nbytes));
- break;
- }
-
if (strcmp(name, "Memory") == 0) {
/* The things that we really care about...*/
vmss.memoffset = blockpos;
@@ -217,11 +214,61 @@ vmware_vmss_init(char *filename, FILE *ofp)
result = FALSE;
goto exit;
}
+
+ if (fseek(fp, blockpos + nbytes, SEEK_SET) == -1) {
+ error(INFO, LOGPRX"Cannot seek past block at %#llx.\n",
+ (ulonglong)(blockpos + nbytes));
+ break;
+ }
+ } else if (strcmp(name, "gpregs") == 0 &&
+ nbytes == VMW_GPREGS_SIZE &&
+ idx[0] < vmss.num_vcpus) {
+ int cpu = idx[0];
+
+ if (fread(vmss.regs64[cpu], VMW_GPREGS_SIZE, 1, fp) != 1) {
+ error(INFO, LOGPRX"Failed to read '%s': [Error %d] %s\n",
+ filename, errno, strerror(errno));
+ break;
+ }
+ } else if (strcmp(name, "CR64") == 0 &&
+ nbytes == VMW_CR64_SIZE &&
+ idx[0] < vmss.num_vcpus) {
+ int cpu = idx[0];
+
+ if (fread(&vmss.regs64[cpu]->cr[0], VMW_CR64_SIZE, 1, fp) != 1) {
+ error(INFO, LOGPRX"Failed to read '%s': [Error %d] %s\n",
+ filename, errno, strerror(errno));
+ break;
+ }
+ } else if (strcmp(name, "IDTR") == 0 &&
+ nbytes == VMW_IDTR_SIZE &&
+ idx[0] < vmss.num_vcpus) {
+ int cpu = idx[0];
+ uint64_t idtr;
+
+ if (fseek(fp, blockpos + 2, SEEK_SET) == -1) {
+ error(INFO, LOGPRX"Cannot seek past block at %#llx.\n",
+ (ulonglong)(blockpos + 2));
+ break;
+ }
+ if (fread(&idtr, sizeof(idtr), 1, fp) != 1) {
+ error(INFO, LOGPRX"Failed to read '%s': [Error %d] %s\n",
+ filename, errno, strerror(errno));
+ break;
+ }
+ vmss.regs64[cpu]->idtr = idtr;
+ } else {
+ if (fseek(fp, blockpos + nbytes, SEEK_SET) == -1) {
+ error(INFO, LOGPRX"Cannot seek past block at %#llx.\n",
+ (ulonglong)(blockpos + nbytes));
+ break;
+ }
}
} else {
union {
uint8_t val[TAG_VALSIZE_MASK];
uint32_t val32;
+ uint64_t val64;
} u;
unsigned k;
unsigned valsize = TAG_VALSIZE(tag);
@@ -253,6 +300,30 @@ vmware_vmss_init(char *filename, FILE *ofp)
if (strcmp(name, "align_mask") == 0) {
vmss.alignmask = u.val32;
}
+ } else if (strcmp(grps[i].name, "cpu") == 0) {
+ if (strcmp(name, "cpu:numVCPUs") == 0) {
+ if (vmss.regs64 != NULL) {
+ error(INFO, LOGPRX"Duplicated cpu:numVCPUs entry.\n");
+ break;
+ }
+
+ vmss.num_vcpus = u.val32;
+ vmss.regs64 = malloc(vmss.num_vcpus * sizeof(void *));
+
+ for (k = 0; k < vmss.num_vcpus; k++) {
+ vmss.regs64[k] = malloc(sizeof(vmssregs64));
+ memset(vmss.regs64[k], 0, sizeof(vmssregs64));
+ }
+ } else if (strcmp(name, "rip") == 0) {
+ int cpu = idx[0];
+ vmss.regs64[cpu]->rip = u.val64;
+ } else if (strcmp(name, "eflags") == 0) {
+ int cpu = idx[0];
+ vmss.regs64[cpu]->rflags |= u.val32;
+ } else if (strcmp(name, "EFLAGS") == 0) {
+ int cpu = idx[0];
+ vmss.regs64[cpu]->rflags |= u.val32;
+ }
}
DEBUG_PARSE_PRINT((ofp, "\n"));
@@ -350,3 +421,309 @@ write_vmware_vmss(int fd, void *bufptr, int cnt, ulong addr, physaddr_t paddr)
return SEEK_ERROR;
}
+void
+vmware_vmss_display_regs(int cpu, FILE *ofp)
+{
+ if (cpu >= vmss.num_vcpus)
+ return;
+
+ if (machine_type("X86_64")) {
+ fprintf(ofp,
+ " RIP: %016llx RSP: %016llx RFLAGS: %08llx\n"
+ " RAX: %016llx RBX: %016llx RCX: %016llx\n"
+ " RDX: %016llx RSI: %016llx RDI: %016llx\n"
+ " RBP: %016llx R8: %016llx R9: %016llx\n"
+ " R10: %016llx R11: %016llx R12: %016llx\n"
+ " R13: %016llx R14: %016llx R15: %016llx\n",
+ (ulonglong)vmss.regs64[cpu]->rip,
+ (ulonglong)vmss.regs64[cpu]->rsp,
+ (ulonglong)vmss.regs64[cpu]->rflags,
+ (ulonglong)vmss.regs64[cpu]->rax,
+ (ulonglong)vmss.regs64[cpu]->rbx,
+ (ulonglong)vmss.regs64[cpu]->rcx,
+ (ulonglong)vmss.regs64[cpu]->rdx,
+ (ulonglong)vmss.regs64[cpu]->rsi,
+ (ulonglong)vmss.regs64[cpu]->rdi,
+ (ulonglong)vmss.regs64[cpu]->rbp,
+ (ulonglong)vmss.regs64[cpu]->r8,
+ (ulonglong)vmss.regs64[cpu]->r9,
+ (ulonglong)vmss.regs64[cpu]->r10,
+ (ulonglong)vmss.regs64[cpu]->r11,
+ (ulonglong)vmss.regs64[cpu]->r12,
+ (ulonglong)vmss.regs64[cpu]->r13,
+ (ulonglong)vmss.regs64[cpu]->r14,
+ (ulonglong)vmss.regs64[cpu]->r15
+ );
+ }
+}
+
+void
+get_vmware_vmss_regs(struct bt_info *bt, ulong *ipp, ulong *spp)
+{
+ ulong ip, sp;
+
+ ip = sp = 0;
+
+ if (!is_task_active(bt->task)) {
+ machdep->get_stack_frame(bt, ipp, spp);
+ return;
+ }
+
+ bt->flags |= BT_DUMPFILE_SEARCH;
+ if (machine_type("X86_64"))
+ machdep->get_stack_frame(bt, ipp, spp);
+ else if (machine_type("X86"))
+ get_netdump_regs_x86(bt, ipp, spp);
+ if (bt->flags & BT_DUMPFILE_SEARCH)
+ return;
+
+ if ((vmss.regs64 == NULL) ||
+ (bt->tc->processor >= vmss.num_vcpus))
+ return;
+
+ ip = (ulong)vmss.regs64[bt->tc->processor]->rip;
+ sp = (ulong)vmss.regs64[bt->tc->processor]->rsp;
+ if (is_kernel_text(ip) &&
+ (((sp >= GET_STACKBASE(bt->task)) &&
+ (sp < GET_STACKTOP(bt->task))) ||
+ in_alternate_stack(bt->tc->processor, sp))) {
+ *ipp = ip;
+ *spp = sp;
+ bt->flags |= BT_KERNEL_SPACE;
+ return;
+ }
+
+ if (!is_kernel_text(ip) &&
+ in_user_stack(bt->tc->task, sp))
+ bt->flags |= BT_USER_SPACE;
+}
+
+int
+vmware_vmss_memory_dump(FILE *fp)
+{
+ cptdumpheader hdr;
+ cptgroupdesc *grps = NULL;
+ unsigned grpsize;
+ unsigned i;
+ int result = TRUE;
+
+ if (fseek(vmss.dfp, 0, SEEK_SET) != 0) {
+ fprintf(fp, "Error seeking to position 0.\n");
+ return FALSE;
+ }
+
+ if (fread(&hdr, sizeof(cptdumpheader), 1, vmss.dfp) != 1) {
+ fprintf(fp, "Failed to read vmss file: [Error %d] %s\n",
+ errno, strerror(errno));
+ return FALSE;
+ }
+
+ fprintf(fp, "vmware_vmss:\n");
+ fprintf(fp, " Header: id=%x version=%d numgroups=%d\n",
+ hdr.id, hdr.version, hdr.numgroups);
+
+ vmss.cpt64bit = (hdr.id != CPTDUMP_OLD_MAGIC_NUMBER);
+ fprintf(fp, " Checkpoint is %d-bit\n", vmss.cpt64bit ? 64 : 32);
+
+ grpsize = hdr.numgroups * sizeof (cptgroupdesc);
+ grps = (cptgroupdesc *) malloc(grpsize * sizeof(cptgroupdesc));
+ if (grps == NULL) {
+ fprintf(fp, "Failed to allocate memory! [Error %d] %s\n",
+ errno, strerror(errno));
+ return FALSE;
+ }
+
+ if (fread(grps, sizeof(cptgroupdesc), grpsize, vmss.dfp) != grpsize) {
+ fprintf(fp, "Failed to read vmss file: [Error %d] %s\n",
+ errno, strerror(errno));
+ result = FALSE;
+ goto exit;
+ }
+
+ for (i = 0; i < hdr.numgroups; i++) {
+ if (fseek(vmss.dfp, grps[i].position, SEEK_SET) == -1) {
+ fprintf(fp, "Bad offset of VMSS Group['%s'] in vmss file at %#llx.\n",
+ grps[i].name, (ulonglong)grps[i].position);
+ continue;
+ }
+ fprintf(fp, "\nGroup: %s offset=%#llx size=0x%#llx\n",
+ grps[i].name, (ulonglong)grps[i].position, (ulonglong)grps[i].size);
+
+ for (;;) {
+ uint16_t tag;
+ char name[TAG_NAMELEN_MASK + 1];
+ unsigned nameLen;
+ unsigned nindx;
+ int idx[3];
+ unsigned j;
+ int nextgroup = FALSE;
+
+ if (fread(&tag, sizeof(tag), 1, vmss.dfp) != 1) {
+ fprintf(fp, "Cannot read tag.\n");
+ break;
+ }
+ if (tag == NULL_TAG)
+ break;
+
+ nameLen = TAG_NAMELEN(tag);
+ if (fread(name, nameLen, 1, vmss.dfp) != 1) {
+ fprintf(fp, "Cannot read tag name.\n");
+ break;
+ }
+ name[nameLen] = 0;
+ fprintf(fp, " Item %20s", name);
+
+ nindx = TAG_NINDX(tag);
+ if (nindx > 3) {
+ fprintf(fp, "Too many indexes %d (> 3).\n", nindx);
+ break;
+ }
+ idx[0] = idx[1] = idx[2] = NO_INDEX;
+ for (j= 0; j < 3; j++) {
+ if (j < nindx) {
+ if (fread(&idx[j], sizeof(idx[0]), 1, vmss.dfp) != 1) {
+ fprintf(fp, "Cannot read index.\n");
+ nextgroup = TRUE;
+ break;
+ }
+ fprintf(fp, "[%d]", idx[j]);
+ } else
+ fprintf(fp, " ");
+ }
+ if (nextgroup)
+ break;
+
+ if (IS_BLOCK_TAG(tag)) {
+ uint64_t nbytes;
+ uint64_t blockpos;
+ uint64_t nbytesinmem;
+ int compressed = IS_BLOCK_COMPRESSED_TAG(tag);
+ uint16_t padsize;
+ unsigned k, l;
+ char byte;
+
+ if (fread(&nbytes, sizeof(nbytes), 1, vmss.dfp) != 1) {
+ fprintf(fp, "Cannot read block size.\n");
+ break;
+ }
+ if (fread(&nbytesinmem, sizeof(nbytesinmem), 1, vmss.dfp) != 1) {
+ fprintf(fp, "Cannot read block memory size.\n");
+ break;
+ }
+ if (fread(&padsize, sizeof(padsize), 1, vmss.dfp) != 1) {
+ fprintf(fp, "Cannot read block padding size.\n");
+ break;
+ }
+ if ((blockpos = ftell(vmss.dfp)) == -1) {
+ fprintf(fp, "Cannot determine location within VMSS file.\n");
+ break;
+ }
+ blockpos += padsize;
+
+ fprintf(fp, " => %sBLOCK: position=%#llx size=%#llx memsize=%#llx\n",
+ compressed ? "COMPRESSED " : "",
+ (ulonglong)blockpos, (ulonglong)nbytes, (ulonglong)nbytesinmem);
+
+ if (nbytes && nbytes <= MAX_BLOCK_DUMP && !compressed) {
+ fprintf(fp, "Hex dump: \n");
+ l = 0;
+ for (k = 0; k < nbytes; k++) {
+ if (fread(&byte, 1, 1, vmss.dfp) != 1) {
+ fprintf(fp, "Cannot read byte.\n");
+ result = FALSE;
+ goto exit;
+ }
+
+ fprintf(fp, " %02hhX", byte);
+
+ if (l++ == 15) {
+ fprintf(fp, "\n");
+ l = 0;
+ }
+ }
+ if (l)
+ fprintf(fp, "\n\n");
+ else
+ fprintf(fp, "\n");
+ } else {
+ if (fseek(vmss.dfp, blockpos + nbytes, SEEK_SET) == -1) {
+ fprintf(fp, "Cannot seek past block at %#llx.\n",
+ (ulonglong)(blockpos + nbytes));
+ result = FALSE;
+ goto exit;
+ }
+ }
+ } else {
+ union {
+ uint8_t val[TAG_VALSIZE_MASK];
+ uint32_t val32;
+ uint64_t val64;
+ } u;
+ unsigned k;
+ unsigned valsize = TAG_VALSIZE(tag);
+ uint64_t blockpos = ftell(vmss.dfp);
+
+ fprintf(fp, " => position=%#llx size=%#x: ",
+ (ulonglong)blockpos, valsize);
+
+ if (fread(u.val, sizeof(u.val[0]), valsize, vmss.dfp) != valsize) {
+ fprintf(fp, "Cannot read item.\n");
+ break;
+ }
+ for (k = 0; k < valsize; k++) {
+ /* Assume Little Endian */
+ fprintf(fp, "%02X", u.val[valsize - k - 1]);
+ }
+
+
+ fprintf(fp, "\n");
+ }
+ }
+ }
+
+exit:
+ if (grps)
+ free(grps);
+
+ return result;
+}
+
+void
+dump_registers_for_vmss_dump(void)
+{
+ int i;
+ vmssregs64 *regs;
+
+ if (!machine_type("X86_64")) {
+ fprintf(fp, "-r option not supported on this dumpfile type\n");
+ return;
+ }
+
+ for (i = 0; i < vmss.num_vcpus; i++) {
+ regs = vmss.regs64[i];
+
+ if (i)
+ fprintf(fp, "\n");
+
+ fprintf(fp, "CPU %d:\n", i);
+
+ fprintf(fp, " RAX: %016llx RBX: %016llx RCX: %016llx\n",
+ (ulonglong)regs->rax, (ulonglong)regs->rbx, (ulonglong)regs->rcx);
+ fprintf(fp, " RDX: %016llx RSI: %016llx RDI: %016llx\n",
+ (ulonglong)regs->rdx, (ulonglong)regs->rsi, (ulonglong)regs->rdi);
+ fprintf(fp, " RSP: %016llx RBP: %016llx R8: %016llx\n",
+ (ulonglong)regs->rsp, (ulonglong)regs->rbp, (ulonglong)regs->r8);
+ fprintf(fp, " R9: %016llx R10: %016llx R11: %016llx\n",
+ (ulonglong)regs->r9, (ulonglong)regs->r10, (ulonglong)regs->r11);
+ fprintf(fp, " R12: %016llx R13: %016llx R14: %016llx\n",
+ (ulonglong)regs->r12, (ulonglong)regs->r13, (ulonglong)regs->r14);
+ fprintf(fp, " R15: %016llx RIP: %016llx RFLAGS: %08llx\n",
+ (ulonglong)regs->r15, (ulonglong)regs->rip, (ulonglong)regs->rflags);
+ fprintf(fp, " IDT: base: %016llx\n",
+ (ulonglong)regs->idtr);
+ fprintf(fp, " CR0: %016llx CR1: %016llx CR2: %016llx\n",
+ (ulonglong)regs->cr[0], (ulonglong)regs->cr[1], (ulonglong)regs->cr[2]);
+ fprintf(fp, " CR3: %016llx CR4: %016llx\n",
+ (ulonglong)regs->cr[3], (ulonglong)regs->cr[4]);
+ }
+}
diff --git a/vmware_vmss.h b/vmware_vmss.h
index a4b8937..41d14c3 100644
--- a/vmware_vmss.h
+++ b/vmware_vmss.h
@@ -89,6 +89,35 @@ struct memregion {
};
typedef struct memregion memregion;
+#define VMW_GPREGS_SIZE (128)
+#define VMW_CR64_SIZE (72)
+#define VMW_IDTR_SIZE (10)
+struct vmssregs64 {
+ /* read from vmss */
+ uint64_t rax;
+ uint64_t rcx;
+ uint64_t rdx;
+ uint64_t rbx;
+ uint64_t rbp;
+ uint64_t rsp;
+ uint64_t rsi;
+ uint64_t rdi;
+ uint64_t r8;
+ uint64_t r9;
+ uint64_t r10;
+ uint64_t r11;
+ uint64_t r12;
+ uint64_t r13;
+ uint64_t r14;
+ uint64_t r15;
+ /* manually managed */
+ uint64_t idtr;
+ uint64_t cr[VMW_CR64_SIZE / 8];
+ uint64_t rip;
+ uint64_t rflags;
+};
+typedef struct vmssregs64 vmssregs64;
+
#define MAX_REGIONS 3
struct vmssdata {
int32_t cpt64bit;
@@ -99,6 +128,8 @@ struct vmssdata {
memregion regions[MAX_REGIONS];
uint64_t memoffset;
uint64_t memsize;
+ uint64_t num_vcpus;
+ vmssregs64 **regs64;
};
typedef struct vmssdata vmssdata;
diff --git a/x86_64.c b/x86_64.c
index 0d5e150..7b02761 100644
--- a/x86_64.c
+++ b/x86_64.c
@@ -3273,6 +3273,8 @@ x86_64_low_budget_back_trace_cmd(struct bt_info *bt_in)
diskdump_display_regs(bt->tc->processor, ofp);
else if (SADUMP_DUMPFILE())
sadump_display_regs(bt->tc->processor, ofp);
+ else if (VMSS_DUMPFILE())
+ vmware_vmss_display_regs(bt->tc->processor, ofp);
return;
}
@@ -3295,13 +3297,16 @@ x86_64_low_budget_back_trace_cmd(struct bt_info *bt_in)
diskdump_display_regs(bt->tc->processor, ofp);
else if (SADUMP_DUMPFILE())
sadump_display_regs(bt->tc->processor, ofp);
+ else if (VMSS_DUMPFILE())
+ vmware_vmss_display_regs(bt->tc->processor, ofp);
else if (pc->flags2 & QEMU_MEM_DUMP_ELF)
display_regs_from_elf_notes(bt->tc->processor, ofp);
return;
} else if ((bt->flags & BT_KERNEL_SPACE) &&
(KVMDUMP_DUMPFILE() ||
(ELF_NOTES_VALID() && DISKDUMP_DUMPFILE()) ||
- SADUMP_DUMPFILE() || (pc->flags2 & QEMU_MEM_DUMP_ELF))) {
+ SADUMP_DUMPFILE() || (pc->flags2 & QEMU_MEM_DUMP_ELF) ||
+ VMSS_DUMPFILE())) {
fprintf(ofp, " [exception RIP: ");
if ((sp = value_search(bt->instptr, &offset))) {
fprintf(ofp, "%s", sp->name);
@@ -3317,6 +3322,8 @@ x86_64_low_budget_back_trace_cmd(struct bt_info *bt_in)
diskdump_display_regs(bt->tc->processor, ofp);
else if (SADUMP_DUMPFILE())
sadump_display_regs(bt->tc->processor, ofp);
+ else if (VMSS_DUMPFILE())
+ vmware_vmss_display_regs(bt->tc->processor, ofp);
else if (pc->flags2 & QEMU_MEM_DUMP_ELF)
display_regs_from_elf_notes(bt->tc->processor, ofp);
@@ -4941,7 +4948,7 @@ skip_stage:
if (halt_rip && halt_rsp) {
*rip = halt_rip;
*rsp = halt_rsp;
- if (KVMDUMP_DUMPFILE() || SADUMP_DUMPFILE())
+ if (KVMDUMP_DUMPFILE() || SADUMP_DUMPFILE() || VMSS_DUMPFILE())
bt_in->flags &= ~(ulonglong)BT_DUMPFILE_SEARCH;
return;
}
@@ -4986,7 +4993,7 @@ skip_stage:
machdep->get_stack_frame(bt, rip, rsp);
- if (KVMDUMP_DUMPFILE() || SADUMP_DUMPFILE())
+ if (KVMDUMP_DUMPFILE() || SADUMP_DUMPFILE() || VMSS_DUMPFILE())
bt_in->flags &= ~(ulonglong)BT_DUMPFILE_SEARCH;
}
--
2.14.3
6 years, 7 months