VM core dump support

[liuw]

Implement VM core dump support to so that guest crashes can be analysed with crash.

Split out from #3002.

See also https://wiki.ubuntu.com/DebuggingKernelWithQEMU

[rbradford]

You can use the existing snaphot code to dump the guest memory. Is there anything more than that needed?

[liuw]

The image needs to be analysed by tools like crash. I have not checked if the snapshot can be analysed by it.

If the snapshot's format is not what those tools expect, development work is needed.

[mkbhanda]

How would this feature work in the context of TD, where all memory and CPU state is encrypted. An encrypted dump? To make any sense of it need the encryption key. An attack would be to request/cause a core dump ....

[liuw]

How would this feature work in the context of TD, where all memory and CPU state is encrypted. An encrypted dump? To make any sense of it need the encryption key. An attack would be to request/cause a core dump ....

It won't work with encrypted memory and states.

[leahneukirchen]

For the record, a raw memory dump seems to work with crash, using crash $vmlinux $snap/memory-ranges@0. But many tools expect a ELF-style vmcore file, so that could be a reasonable addition. This does not seem incredibly hard to add: https://github.com/qemu/qemu/blob/master/dump/dump.c#L515

[rbradford]

@leahneukirchen Thank you for sharing that. We also now have gdb support which might already usable for dumping an ELF style coredump already.

@liuw Perhaps you could decide if the gdb core dump and the syntax @leahneukirchen has suggested are sufficient for your request?

[rbradford]

Fixed by #4012