/*

 * Derive kernel base from a QEMU saved VM file

 *

 * Copyright (C) 2009, 2010 Red Hat, Inc.

 * Written by Paolo Bonzini.

 *

 * Portions Copyright (C) 2009 David Anderson

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 */

#include <stdlib.h>

#include <errno.h>

#include <stdio.h>

#include <assert.h>

#include "qemu-load.h"

#include "kvmdump.h"

/*

 * Some bits we need to access in the control registers and page tables.

 */

#define MSR_EFER_LMA	(1 << 10)

#define PG_PRESENT_MASK	(1 << 0)

#define PG_PSE_MASK	(1 << 7)

#define CR0_PG_MASK	(1 << 31)

#define CR4_PAE_MASK	(1 << 31)

#define CR4_PSE_MASK	(1 << 31)

static uint32_t

ldl (struct qemu_device_x86 *dx86, struct qemu_device_ram *dram, uint64_t addr)

{

	char buf[4096];

	if (dx86->a20_masked)

		addr &= ~(1LL<<20);

	if (!ram_read_phys_page (dram, buf, addr & ~0xfff))

		return 0;

	assert ((addr & 0xfff) <= 0xffc);

	return *(uint32_t *)(buf + (addr & 0xfff));

}

static uint64_t

ldq (struct qemu_device_x86 *dx86, struct qemu_device_ram *dram, uint64_t addr)

{

	char buf[4096];

	if (dx86->a20_masked)

		addr &= ~(1LL<<20);

	if (!ram_read_phys_page (dram, buf, addr & ~0xfff))

		return 0;

	assert ((addr & 0xfff) <= 0xff8);

	return *(uint64_t *)(buf + (addr & 0xfff));

}

/*

 * Messy x86 TLB fault logic, walking the page tables to find the physical

 * address corresponding to ADDR.  Taken from QEMU.

 */

static uint64_t

get_phys_page(struct qemu_device_x86 *dx86, struct qemu_device_ram *dram,

	      uint64_t addr)

{

	uint64_t pde_addr, pte_addr;

	uint64_t pte, paddr;

	uint32_t page_offset;

	int page_size;

	if ((dx86->cr4 & CR4_PAE_MASK) || (dx86->efer & MSR_EFER_LMA)) {

		uint64_t pdpe_addr;

		uint64_t pde, pdpe;

		if (dx86->cr4 & CR4_PAE_MASK)

			dprintf ("PAE active\n");

		if (dx86->efer & MSR_EFER_LMA) {

			uint64_t pml4e_addr, pml4e;

			int32_t sext;

			dprintf ("long mode active\n");

			/* test virtual address sign extension */

			sext = (int64_t) addr >> 47;

			if (sext != 0 && sext != -1)

				return -1;

			pml4e_addr = ((dx86->cr3 & ~0xfff)

				      + (((addr >> 39) & 0x1ff) << 3));

			pml4e = ldq (dx86, dram, pml4e_addr);

			if (!(pml4e & PG_PRESENT_MASK))

				return -1;

			dprintf ("PML4 page present\n");

			pdpe_addr = ((pml4e & ~0xfff)

				     + (((addr >> 30) & 0x1ff) << 3));

			pdpe = ldq (dx86, dram, pdpe_addr);

			if (!(pdpe & PG_PRESENT_MASK))

				return -1;

			dprintf ("PDPE page present\n");

		} else {

			dprintf ("long mode inactive\n");

			pdpe_addr = ((dx86->cr3 & ~0x1f)

				     + ((addr >> 27) & 0x18));

			pdpe = ldq (dx86, dram, pdpe_addr);

			if (!(pdpe & PG_PRESENT_MASK))

				return -1;

			dprintf ("PDPE page present\n");

		}

		pde_addr = (pdpe & ~0xfff) + (((addr >> 21) & 0x1ff) << 3);

		pde = ldq (dx86, dram, pde_addr);

		if (!(pde & PG_PRESENT_MASK))

			return -1;

		dprintf ("PDE page present\n");

		if (pde & PG_PSE_MASK) {

			/* 2 MB page */

			dprintf ("2MB page\n");

			page_size = 2048 * 1024;

			pte = pde & ~((page_size - 1) & ~0xfff);

		} else {

			/* 4 KB page */

			dprintf ("4 KB PAE page\n");

			pte_addr = ((pde & ~0xfff)

				    + (((addr >> 12) & 0x1ff) << 3));

			page_size = 4096;

			pte = ldq (dx86, dram, pte_addr);

			if (!(pte & PG_PRESENT_MASK))

				return -1;

			dprintf ("PTE page present\n");

		}

	} else {

		/* Not PAE.  */

		uint32_t pde;

		if (!(dx86->cr0 & CR0_PG_MASK)) {

			dprintf ("Paging inactive\n");

			pte = addr;

			page_size = 4096;

		} else {

			/* page directory entry */

			pde_addr = ((dx86->cr3 & ~0xfff)

				    + ((addr >> 20) & 0xffc));

			pde = ldl (dx86, dram, pde_addr);

			if (!(pde & PG_PRESENT_MASK))

				return -1;

			dprintf ("PDE page present\n");

			if ((pde & PG_PSE_MASK) && (dx86->cr4 & CR4_PSE_MASK)) {

				page_size = 4096 * 1024;

				pte = pde & ~((page_size - 1) & ~0xfff);

			} else {

				page_size = 4096;

				pte_addr = ((pde & ~0xfff)

					    + ((addr >> 10) & 0xffc));

				pte = ldl (dx86, dram, pte_addr);

				if (!(pte & PG_PRESENT_MASK))

					return -1;

				dprintf ("PTE page present\n");

			}

		}

	}

	page_offset = (addr & 0xfff) & (page_size - 1);

	paddr = (pte & ~0xfff) + page_offset;

	return paddr;

}

/*

 * I'm using the IDT base as a quick way to find the bottom of the

 * kernel memory.

 */

static uint64_t

get_idt_base(struct qemu_device_list *dl)

{

	struct qemu_device_x86 *dx86 = (struct qemu_device_x86 *)

		device_find_instance (dl, "cpu", 0);

	return dx86->idt.base;

}

static uint64_t

get_kernel_base(struct qemu_device_list *dl)

{

	int i;

	uint64_t kernel_base = -1;

	uint64_t base_vaddr, last, mask;

	struct qemu_device_x86 *dx86 = (struct qemu_device_x86 *)

		device_find_instance (dl, "cpu", 0);

	struct qemu_device_ram *dram = (struct qemu_device_ram *)

		device_find_instance (dl, "ram", 0);

	for (i = 30, last = -1; (kernel_base == -1) && (i >= 20); i--)

        {

                mask = ~((1LL << i) - 1);

                base_vaddr = dx86->idt.base & mask;

		if (base_vaddr == last)

			continue;

		if (base_vaddr < kvm->kvbase) {

			fprintf(stderr, 

			    "WARNING: IDT base contains: %llx\n         "

			    "cannot determine physical base address: defaulting to 0\n\n", 

				(unsigned long long)base_vaddr);

			return 0;

		}

		dprintf("get_kernel_base: %llx\n", (unsigned long long)base_vaddr);

                kernel_base = get_phys_page(dx86, dram, base_vaddr);

		last = base_vaddr;

        }

        if (kernel_base != -1) {

		dprintf("kvbase: %llx vaddr used: %llx physical: %llx\n",

			(unsigned long long)kvm->kvbase,

			(unsigned long long)base_vaddr,

			(unsigned long long)kernel_base);

		/*

		 *  Subtract the offset between the virtual address used

		 *  and the kernel's base virtual address.

		 */

                kernel_base -= (base_vaddr - kvm->kvbase);

        } else {

		dprintf("WARNING: cannot determine physical base address:"

			" defaulting to 0\n\n");

		kernel_base = 0;

		kvm->flags |= NO_PHYS_BASE;

	}

	return kernel_base;

}

#ifdef MAIN_FROM_TEST_C

int main (int argc, char **argv)

{

	struct qemu_device_list *dl;

	FILE *fp;

	if (argc != 2) {

		fprintf (stderr, "Usage: test SAVE-FILE\n");

		exit (1);

	}

	fp = fopen(argv[1], "r");

	if (!fp) {

		fprintf (stderr, "Error: %s\n", strerror (errno));

		exit (1);

	}

#ifdef HOST_32BIT

	dl = qemu_load (devices_x86_32, QEMU_FEATURE_CPU|QEMU_FEATURE_RAM, fp);

#else

	dl = qemu_load (devices_x86_64, QEMU_FEATURE_CPU|QEMU_FEATURE_RAM, fp);

#endif

	printf ("IDT at %llx\n", get_idt_base (dl));

	printf ("Physical kernel base at %llx\n", get_kernel_base (dl));

	device_list_free (dl);

	fclose (fp);

	exit (0);

}

#endif

/*

 *  crash utility adaptation

 */

#include "defs.h"

int 

qemu_init(char *filename)

{

	struct qemu_device_list *dl;

	struct qemu_device_ram *dram;

	uint64_t idt = 0;

	if (CRASHDEBUG(1))

		dump_qemu_header(kvm->ofp);

	rewind(kvm->vmp);

	if (kvm->flags & (MAPFILE|MAPFILE_APPENDED))

		return TRUE;

	please_wait("scanning KVM dumpfile");

	if (kvm->flags & KVMHOST_32)

		dl = qemu_load(devices_x86_32, 

			QEMU_FEATURE_CPU|QEMU_FEATURE_RAM, kvm->vmp);

	else

		dl = qemu_load(devices_x86_64, 

			QEMU_FEATURE_CPU|QEMU_FEATURE_RAM, kvm->vmp);

	please_wait_done();

	if (dl) {

		if (machine_type("X86_64")) {

			idt = get_idt_base(dl);

			kvm->mapinfo.phys_base = get_kernel_base(dl);

		}

		dram = (struct qemu_device_ram *) 

			device_find_instance (dl, "ram", 0);

		if (CRASHDEBUG(1)) {

			if (machine_type("X86_64")) {

				fprintf(kvm->ofp, "IDT: %llx\n", 

					(ulonglong)idt);

				fprintf(kvm->ofp, "physical kernel base: %llx\n", 

					(ulonglong)kvm->mapinfo.phys_base); 

			}

			fprintf(kvm->ofp, "last RAM offset: %llx\n", 

				(ulonglong)dram->last_ram_offset); 

		}

		device_list_free (dl);

	} else

		fclose(kvm->vmp);

	return dl ? TRUE : FALSE;

}