QEMU With E2K User Support
Go to file
Laszlo Ersek 3e16d14fd9 Python-lang gdb script to extract x86_64 guest vmcore from qemu coredump
When qemu dies unexpectedly, for example in response to an explicit
abort() call, or (more importantly) when an external signal is delivered
to it that results in a coredump, sometimes it is useful to extract the
guest vmcore from the qemu process' memory image. The guest vmcore might
help understand an emulation problem in qemu, or help debug the guest.

This script reimplements (and cuts many features of) the
qmp_dump_guest_memory() command in gdb/Python,

  https://sourceware.org/gdb/current/onlinedocs/gdb/Python-API.html

working off the saved memory image of the qemu process. The docstring in
the patch (serving as gdb help text) describes the limitations relative to
the QMP command.

Dependencies of qmp_dump_guest_memory() have been reimplemented as needed.
I sought to follow the general structure, sticking to original function
names where possible. However, keeping it simple prevailed in some places.

The patch has been tested with a 4 VCPU, 768 MB, RHEL-6.4
(2.6.32-358.el6.x86_64) guest:

- The script printed

> guest RAM blocks:
> target_start     target_end       host_addr        message count
> ---------------- ---------------- ---------------- ------- -----
> 0000000000000000 00000000000a0000 00007f95d0000000 added       1
> 00000000000a0000 00000000000b0000 00007f960ac00000 added       2
> 00000000000c0000 00000000000ca000 00007f95d00c0000 added       3
> 00000000000ca000 00000000000cd000 00007f95d00ca000 joined      3
> 00000000000cd000 00000000000d0000 00007f95d00cd000 joined      3
> 00000000000d0000 00000000000f0000 00007f95d00d0000 joined      3
> 00000000000f0000 0000000000100000 00007f95d00f0000 joined      3
> 0000000000100000 0000000030000000 00007f95d0100000 joined      3
> 00000000fc000000 00000000fc800000 00007f960ac00000 added       4
> 00000000fffe0000 0000000100000000 00007f9618800000 added       5
> dumping range at 00007f95d0000000 for length 00000000000a0000
> dumping range at 00007f960ac00000 for length 0000000000010000
> dumping range at 00007f95d00c0000 for length 000000002ff40000
> dumping range at 00007f960ac00000 for length 0000000000800000
> dumping range at 00007f9618800000 for length 0000000000020000

- The vmcore was checked with "readelf", comparing the results against a
  vmcore written by qmp_dump_guest_memory():

> --- theirs      2013-09-12 17:38:59.797289404 +0200
> +++ mine        2013-09-12 17:39:03.820289404 +0200
> @@ -27,16 +27,16 @@
>    Type           Offset             VirtAddr           PhysAddr
>                   FileSiz            MemSiz              Flags  Align
>    NOTE           0x0000000000000190 0x0000000000000000 0x0000000000000000
> -                 0x0000000000000ca0 0x0000000000000ca0         0
> -  LOAD           0x0000000000000e30 0x0000000000000000 0x0000000000000000
> +                 0x000000000000001c 0x000000000000001c         0
> +  LOAD           0x00000000000001ac 0x0000000000000000 0x0000000000000000
>                   0x00000000000a0000 0x00000000000a0000         0
> -  LOAD           0x00000000000a0e30 0x0000000000000000 0x00000000000a0000
> +  LOAD           0x00000000000a01ac 0x0000000000000000 0x00000000000a0000
>                   0x0000000000010000 0x0000000000010000         0
> -  LOAD           0x00000000000b0e30 0x0000000000000000 0x00000000000c0000
> +  LOAD           0x00000000000b01ac 0x0000000000000000 0x00000000000c0000
>                   0x000000002ff40000 0x000000002ff40000         0
> -  LOAD           0x000000002fff0e30 0x0000000000000000 0x00000000fc000000
> +  LOAD           0x000000002fff01ac 0x0000000000000000 0x00000000fc000000
>                   0x0000000000800000 0x0000000000800000         0
> -  LOAD           0x00000000307f0e30 0x0000000000000000 0x00000000fffe0000
> +  LOAD           0x00000000307f01ac 0x0000000000000000 0x00000000fffe0000
>                   0x0000000000020000 0x0000000000020000         0
>
>  There is no dynamic section in this file.
> @@ -47,13 +47,6 @@
>
>  No version information found in this file.
>
> -Notes at offset 0x00000190 with length 0x00000ca0:
> +Notes at offset 0x00000190 with length 0x0000001c:
>    Owner                Data size       Description
> -  CORE         0x00000150      NT_PRSTATUS (prstatus structure)
> -  CORE         0x00000150      NT_PRSTATUS (prstatus structure)
> -  CORE         0x00000150      NT_PRSTATUS (prstatus structure)
> -  CORE         0x00000150      NT_PRSTATUS (prstatus structure)
> -  QEMU         0x000001b0      Unknown note type: (0x00000000)
> -  QEMU         0x000001b0      Unknown note type: (0x00000000)
> -  QEMU         0x000001b0      Unknown note type: (0x00000000)
> -  QEMU         0x000001b0      Unknown note type: (0x00000000)
> +  NONE         0x00000005      Unknown note type: (0x00000000)

- The vmcore was checked with "crash" too, again comparing the results
  against a vmcore written by qmp_dump_guest_memory():

> --- guest.vmcore.log2   2013-09-12 17:52:27.074289201 +0200
> +++ example.dump.log2   2013-09-12 17:52:15.904289203 +0200
> @@ -22,11 +22,11 @@
>  This GDB was configured as "x86_64-unknown-linux-gnu"...
>
>       KERNEL: /usr/lib/debug/lib/modules/2.6.32-358.el6.x86_64/vmlinux
> -    DUMPFILE: /home/lacos/tmp/guest.vmcore
> +    DUMPFILE: /home/lacos/tmp/example.dump
>          CPUS: 4
> -        DATE: Thu Sep 12 17:16:11 2013
> -      UPTIME: 00:01:09
> -LOAD AVERAGE: 0.07, 0.03, 0.00
> +        DATE: Thu Sep 12 17:17:41 2013
> +      UPTIME: 00:00:38
> +LOAD AVERAGE: 0.18, 0.05, 0.01
>         TASKS: 130
>      NODENAME: localhost.localdomain
>       RELEASE: 2.6.32-358.el6.x86_64
> @@ -38,12 +38,12 @@
>       COMMAND: "swapper"
>          TASK: ffffffff81a8d020  (1 of 4)  [THREAD_INFO: ffffffff81a00000]
>           CPU: 0
> -       STATE: TASK_RUNNING (PANIC)
> +       STATE: TASK_RUNNING (ACTIVE)
> +     WARNING: panic task not found
>
>  crash> bt
>  PID: 0      TASK: ffffffff81a8d020  CPU: 0   COMMAND: "swapper"
> - #0 [ffffffff81a01ed0] default_idle at ffffffff8101495d
> - #1 [ffffffff81a01ef0] cpu_idle at ffffffff81009fc6
> + #0 [ffffffff81a01ef0] cpu_idle at ffffffff81009fc6
>  crash> task ffffffff81a8d020
>  PID: 0      TASK: ffffffff81a8d020  CPU: 0   COMMAND: "swapper"
>  struct task_struct {
> @@ -75,7 +75,7 @@
>        prev = 0xffffffff81a8d080
>      },
>      on_rq = 0,
> -    exec_start = 8618466836,
> +    exec_start = 7469214014,
>      sum_exec_runtime = 0,
>      vruntime = 0,
>      prev_sum_exec_runtime = 0,
> @@ -149,7 +149,7 @@
>    },
>    tasks = {
>      next = 0xffff88002d621948,
> -    prev = 0xffff880029618f28
> +    prev = 0xffff880023b74488
>    },
>    pushable_tasks = {
>      prio = 140,
> @@ -165,7 +165,7 @@
>      }
>    },
>    mm = 0x0,
> -  active_mm = 0xffff88002929b780,
> +  active_mm = 0xffff8800297eb980,
>    exit_state = 0,
>    exit_code = 0,
>    exit_signal = 0,
> @@ -177,7 +177,7 @@
>    sched_reset_on_fork = 0,
>    pid = 0,
>    tgid = 0,
> -  stack_canary = 2483693585637059287,
> +  stack_canary = 7266362296181431986,
>    real_parent = 0xffffffff81a8d020,
>    parent = 0xffffffff81a8d020,
>    children = {
> @@ -224,14 +224,14 @@
>    set_child_tid = 0x0,
>    clear_child_tid = 0x0,
>    utime = 0,
> -  stime = 3,
> +  stime = 2,
>    utimescaled = 0,
> -  stimescaled = 3,
> +  stimescaled = 2,
>    gtime = 0,
>    prev_utime = 0,
>    prev_stime = 0,
>    nvcsw = 0,
> -  nivcsw = 1000,
> +  nivcsw = 1764,
>    start_time = {
>      tv_sec = 0,
>      tv_nsec = 0

- <name_dropping>I asked for Dave Anderson's help with verifying the
  extracted vmcore, and his comments make me think I should post
  this.</name_dropping>

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-01-26 13:06:48 +02:00
audio audio: adjust pulse to 100Hz wakeup rate 2013-12-09 09:19:26 +01:00
backends rng: initialize file descriptor to -1 2014-01-06 13:45:46 -05:00
block Merge remote-tracking branch 'bonzini/scsi-next' into staging 2014-01-24 15:50:14 -08:00
bsd-user *-user: Improve documentation for lock_user function 2013-09-20 20:09:24 +04:00
default-configs default-configs: Add config for aarch64-linux-user 2014-01-08 19:07:21 +00:00
disas disas/ppc.c: Fix little endian disassembly 2013-09-02 10:06:41 +02:00
docs docs/memory.txt: Clarify and expand priority/overlap documentation 2013-11-05 19:59:24 -08:00
dtc@bc895d6d09
fpu softfloat: Add support for ties-away rounding 2014-01-08 19:07:22 +00:00
fsdev
gdb-xml target-arm: Support fp registers in gdb stub 2013-12-17 19:42:32 +00:00
hw hda-codec: disable streams on reset 2014-01-24 15:51:39 -08:00
include usb core+hid: add support for microsoft os descriptors 2014-01-24 15:51:23 -08:00
libcacard vscclient: do not add a socket watch if there is not data to send 2013-12-16 10:12:19 +01:00
linux-headers linux-headers: Update from v3.13-rc3 2013-12-06 11:16:09 -07:00
linux-user linux-user: Remove regs parameter of load_elf_binary and load_flt_binary 2014-01-10 08:51:37 +02:00
net misc: Use macro ARRAY_SIZE where possible 2013-12-23 16:02:19 +04:00
pc-bios roms: update vgabios binaries 2013-12-06 08:55:42 +01:00
pixman@97336fad32
po po: Update all *.po files 2013-08-07 12:48:00 -05:00
qapi qapi: fix memleak by adding implict struct functions in dealloc visitor 2013-11-05 19:58:38 -08:00
qga qga: Fix two format strings for MinGW 2013-11-25 20:35:28 -08:00
qobject qapi: extend qdict_flatten() for QLists 2014-01-22 12:07:17 +01:00
qom Merge remote branch 'luiz/queue/qmp' into qmpq 2014-01-14 12:10:08 +10:00
roms roms: enable seabios cross builds 2013-12-06 08:55:42 +01:00
scripts Python-lang gdb script to extract x86_64 guest vmcore from qemu coredump 2014-01-26 13:06:48 +02:00
slirp misc: Spelling and grammar fixes in comments 2013-10-26 13:06:45 +04:00
stubs Merge remote-tracking branch 'kiszka/queues/slirp' into staging 2013-09-17 10:01:24 -05:00
sysconfigs/target
target-alpha misc: Replace 'struct QEMUTimer' by 'QEMUTimer' 2013-12-02 21:03:39 +04:00
target-arm Merge remote branch 'luiz/queue/qmp' into qmpq 2014-01-14 12:10:08 +10:00
target-cris target-cris: Use new qemu_ld/st opcodes 2013-12-08 09:36:02 +01:00
target-i386 Merge remote-tracking branch 'qemu-kvm/uq/master' into staging 2014-01-24 15:52:44 -08:00
target-lm32 target: Include softmmu_exec.h where forgotten 2013-09-02 09:08:30 -07:00
target-m68k Merge remote-tracking branch 'rth/tcg-pull' into staging 2013-10-11 09:36:52 -07:00
target-microblaze Microblaze: Convert Microblaze-pic handling to GPIOs 2014-01-14 11:08:36 +10:00
target-mips target-mips: Use new qemu_ld/st opcodes 2013-12-21 16:42:11 +01:00
target-moxie cpu: Drop cpu_model_str from CPU_COMMON 2013-10-07 11:48:47 +02:00
target-openrisc openrisc: Fix spelling in comment (transaltion -> translation) 2013-12-23 16:02:19 +04:00
target-ppc PPC: Fix compilation with TCG debug 2013-12-22 19:15:55 +01:00
target-s390x s390x/ioinst: CHSC has to set a condition code 2013-12-18 14:24:11 +01:00
target-sh4 target-sh4: Use new qemu_ld/st opcodes 2013-12-21 16:42:15 +01:00
target-sparc SPARC: Fix LEON3 power down instruction 2014-01-15 15:37:33 +10:00
target-unicore32 Merge remote-tracking branch 'rth/tcg-pull' into staging 2013-10-11 09:36:52 -07:00
target-xtensa target-xtensa: add missing DEBUG section to dc233c config 2013-11-08 09:26:07 +04:00
tcg tcg/i386: fix a comment 2013-12-21 16:41:56 +01:00
tests qemu-iotests: Test pwritev RMW logic 2014-01-24 17:40:25 +01:00
trace
ui gtk: Support keyboard translation for hosts running Windows 2014-01-20 19:30:28 +01:00
util qemu_memalign: Allow small alignments 2014-01-24 17:40:01 +01:00
.exrc
.gitignore .gitignore: Ignore config.status 2013-12-02 21:02:57 +04:00
.gitmodules Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
.mailmap Update mailmap 2013-09-05 09:40:31 -05:00
.travis.yml .travis.yml: Add aarch64-* targets 2014-01-08 19:07:20 +00:00
aio-posix.c aio: make aio_poll(ctx, true) block with no fds 2013-12-06 16:53:51 +01:00
aio-win32.c aio: make aio_poll(ctx, true) block with no fds 2013-12-06 16:53:51 +01:00
arch_init.c migration: synchronize memory bitmap 64bits at a time 2014-01-13 14:04:55 +01:00
async.c aio / timers: aio_ctx_prepare sets timeout from AioContext timers 2013-08-22 19:10:28 +02:00
balloon.c
block-migration.c block: per caller dirty bitmap 2013-11-29 13:40:33 +01:00
block.c block: Switch bdrv_io_limits_intercept() to byte granularity 2014-01-24 17:40:28 +01:00
blockdev-nbd.c nbd: use BlockDriverState refcnt 2013-09-06 15:25:08 +02:00
blockdev.c qmp: Allow to take external snapshots on bs graphs node. 2014-01-24 16:07:08 +01:00
blockjob.c qapi: make use of new BlockJobType 2013-10-11 10:52:54 +02:00
bt-host.c
bt-vhci.c
Changelog Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
CODING_STYLE
configure gluster: Implement .bdrv_co_write_zeroes for gluster 2014-01-22 12:07:16 +01:00
COPYING
COPYING.LIB
coroutine-gthread.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
cpu-exec.c QOM CPUState refactorings / X86CPU 2014-01-10 11:04:31 -08:00
cpus.c target-i386: Move apic_state field from CPUX86State to X86CPU 2013-12-23 16:30:40 +01:00
cputlb.c memory: split cpu_physical_memory_* functions to its own include 2014-01-13 14:04:54 +01:00
device_tree.c device_tree: qemu_fdt_setprop: Rename val_array arg 2013-12-20 01:58:12 +01:00
device-hotplug.c
disas.c disas: Implement fallback to dump object code as hex 2013-08-24 07:26:45 +02:00
dma-helpers.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
dump.c dump-guest-memory: Check for the correct return value 2013-10-25 23:25:48 +02:00
exec.c Merge remote-tracking branch 'qemu-kvm/uq/master' into staging 2014-01-24 15:52:44 -08:00
gdbstub.c vl: allow "cont" from panicked state 2013-11-04 15:39:41 +02:00
HACKING
hmp-commands.hx block: update block commit documentation regarding image truncation 2014-01-24 16:12:49 +01:00
hmp.c qmp: Allow to take external snapshots on bs graphs node. 2014-01-24 16:07:08 +01:00
hmp.h monitor: add object-add (QMP) and object_add (HMP) command 2014-01-06 13:45:47 -05:00
iohandler.c
ioport.c portio: Allow to mark portio lists as coalesced MMIO flushing 2013-10-17 17:24:15 +02:00
kvm-all.c Merge remote-tracking branch 'qemu-kvm/uq/master' into staging 2014-01-24 15:52:44 -08:00
kvm-stub.c kvm irqfd: support direct msimessage to irq translation 2013-09-20 12:37:52 +02:00
LICENSE LICENSE: clarify 2013-08-12 09:15:12 -05:00
main-loop.c slirp: set mainloop timeout with more precise value 2013-09-17 12:26:05 +02:00
MAINTAINERS MAINTAINERS: add myself as cocoa UI co-maintainer 2014-01-12 22:27:10 +00:00
Makefile sun4m: Add FCode ROM for TCX framebuffer 2013-11-21 17:38:52 +01:00
Makefile.objs readline: move readline to a generic location 2014-01-22 12:07:17 +01:00
Makefile.target default-configs/: CONFIG_GDBSTUB_XML removed 2013-10-16 18:21:01 +02:00
memory_mapping.c cpu: Use QTAILQ for CPU list 2013-09-03 12:25:55 +02:00
memory.c memory: split cpu_physical_memory_* functions to its own include 2014-01-13 14:04:54 +01:00
migration-exec.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
migration-fd.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
migration-rdma.c rdma: constify ram_chunk_{index, start, end} 2013-09-24 13:22:50 +02:00
migration-tcp.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
migration-unix.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
migration.c Merge remote branch 'luiz/queue/qmp' into qmpq 2014-01-14 12:10:08 +10:00
monitor.c readline: move readline to a generic location 2014-01-22 12:07:17 +01:00
nbd.c nbd: don't change socket block during negotiate 2013-12-16 10:12:20 +01:00
os-posix.c
os-win32.c
page_cache.c
qapi-schema.json blkdebug: Make required alignment configurable 2014-01-24 17:40:03 +01:00
qdev-monitor.c Merge remote branch 'luiz/queue/qmp' into qmpq 2014-01-14 12:10:08 +10:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c misc: Use macro ARRAY_SIZE where possible 2013-12-23 16:02:19 +04:00
qemu-coroutine-io.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
qemu-coroutine-lock.c coroutine: remove qemu_co_queue_wait_insert_head 2013-12-02 17:11:49 +01:00
qemu-coroutine-sleep.c coroutine: add co_aio_sleep_ns() to allow sleep in block drivers 2013-10-30 12:22:09 +01:00
qemu-coroutine.c coroutine: add ./configure --disable-coroutine-pool 2013-09-12 10:12:48 +02:00
qemu-doc.texi docs: qcow2 compat=1.1 is now the default 2014-01-22 12:07:16 +01:00
qemu-file.c qemu-file: Move QEMUFile code to qemu-file.c 2014-01-13 12:39:49 +01:00
qemu-img-cmds.hx qemu-img: add -l for snapshot in convert 2013-12-04 15:19:00 +01:00
qemu-img.c qemu-option: Remove qemu_opts_create_nofail 2014-01-06 15:02:30 -05:00
qemu-img.texi block: update block commit documentation regarding image truncation 2014-01-24 16:12:49 +01:00
qemu-io-cmds.c qemu-io: New command 'sleep' 2014-01-24 17:40:03 +01:00
qemu-io.c qemu-io: Make filename optional 2014-01-22 12:07:18 +01:00
qemu-log.c
qemu-nbd.c qemu-nbd: add doc for option -f 2013-12-04 15:19:00 +01:00
qemu-nbd.texi qemu-nbd: add doc for option -f 2013-12-04 15:19:00 +01:00
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx doc: Mention chardev:id in available devices for -serial 2014-01-01 18:03:55 +04:00
qemu-seccomp.c seccomp: add some basic shared memory syscalls to the whitelist 2014-01-20 11:19:34 -02:00
qemu-tech.texi
qemu-timer.c timer: add timer_mod_anticipate and timer_mod_anticipate_ns 2013-10-17 17:31:00 +02:00
qemu.nsi nsis: Improved support for parallel installation of 32 and 64 bit code 2013-11-07 07:02:44 +01:00
qemu.sasl
qmp-commands.hx block: update block commit documentation regarding image truncation 2014-01-24 16:12:49 +01:00
qmp.c monitor: add object-add (QMP) and object_add (HMP) command 2014-01-06 13:45:47 -05:00
qtest.c qtest: split configuration of qtest accelerator and chardev 2013-12-10 12:29:56 +02:00
README Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
rules.mak rules.mak: New string testing functions 2013-10-16 18:21:00 +02:00
savevm.c savevm: Small comment about why timer QEMUFile/VMState code is in savevm.c 2014-01-13 12:39:49 +01:00
spice-qemu-char.c spice-char: implement chardev port event 2013-12-16 10:12:20 +01:00
tcg-runtime.c
tci.c misc: Use new rotate functions 2013-09-25 21:23:05 +02:00
thread-pool.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
thunk.c
tpm.c
trace-events usb: add support for microsoft os descriptors 2014-01-16 12:59:59 +01:00
translate-all.c cputlb: Tidy memset() of arrays 2013-12-23 15:32:36 +01:00
translate-all.h split definitions for exec.c and translate-all.c radix trees 2013-12-10 12:29:56 +02:00
user-exec.c
VERSION Open 2.0 development tree 2013-11-27 14:02:45 -08:00
version.rc Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
vl.c Merge remote branch 'luiz/queue/qmp' into qmpq 2014-01-14 12:10:08 +10:00
vmstate.c vmstate: Move VMState code to vmstate.c 2014-01-13 12:39:49 +01:00
xbzrle.c
xen-all.c xen: fix two errors when debug is enabled 2013-12-01 18:25:48 +00:00
xen-mapcache.c
xen-stub.c pc: Initializing ram_memory under Xen. 2013-09-09 16:22:19 +00:00

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team