----- Original Message ----- > On 10/25/2011 10:23 AM, Avi Kivity wrote: > > On 10/25/2011 10:06 AM, Wen Congyang wrote: > >> Hi, Avi Kivity, Dave Anderson > >> > >> I have two questions about it: > >> > >> 1. How to know the guest's physical base address in qemu? > > > > In fact, it's impossible. > > > > Perhaps crash can scan through the core looking for a signature. Need > > to be careful since multiple signatures may be detected (a kdump kernel, > > a kernel image in pagecache, or a nested guest). > > Crash uses a heuristic based on the IDT base to identify the base from > migrate-to-file output. It also needs CR3 in order to read from virtual > address.
Just to clarify -- the need for the IDT base and cr3 is *only* true for KVM dumps using the "savevm" format. With ELF-format kdumps, the phys_base is simply determined from the PT_LOAD segment that describes the kernel's __START_KERNEL_map region. I don't know why that couldn't be done in this proposed case. Dave
