From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59700)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cov@codeaurora.org>) id 1Yliz0-0005vL-SR
	for qemu-devel@nongnu.org; Fri, 24 Apr 2015 15:09:51 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cov@codeaurora.org>) id 1Yliyv-0007DP-Np
	for qemu-devel@nongnu.org; Fri, 24 Apr 2015 15:09:50 -0400
Received: from smtp.codeaurora.org ([198.145.29.96]:36998)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cov@codeaurora.org>) id 1Yliyv-0007Ar-Hn
	for qemu-devel@nongnu.org; Fri, 24 Apr 2015 15:09:45 -0400
Message-ID: <553A94F1.2020305@codeaurora.org>
Date: Fri, 24 Apr 2015 15:09:37 -0400
From: Christopher Covington <cov@codeaurora.org>
MIME-Version: 1.0
References: <CAJtFJtasSgXt3KLE4k2h3Aq0ka5zD2R_w1XgooOL01gto=nG9w@mail.gmail.com>	<CAJtFJtZ2-TAL6eexHCk1D0qj_vKL1vZDW0swzTkGqY=jCK2FpQ@mail.gmail.com>	<CAJtFJtbv8ufTTMCsJS9LJEBvoAhz73BHgSskC=xweZcyVdzg-A@mail.gmail.com>	<CAFEAcA8Qra+PfGSfarKp2X3DGVgnoOfsgWd6WppBZHfrGKkJ3Q@mail.gmail.com>	<CAJtFJta02Q2fHY=r4WDAJsbqcNeZCEth999gTOYDTt2ZpN16=A@mail.gmail.com>	<553A285E.9050406@redhat.com>
	<CAFEAcA8=yxTsgQ4Wmq_oVnT6uva2wns3K9a8p7sDRKrtCuoGKQ@mail.gmail.com>
In-Reply-To: <CAFEAcA8=yxTsgQ4Wmq_oVnT6uva2wns3K9a8p7sDRKrtCuoGKQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] About address mapping between host and guest in
	QEMU
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>, Wenjie Liu <lwj0012@gmail.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>, QEMU Developers <qemu-devel@nongnu.org>, =?UTF-8?Q?Llu=c3=ads_Vilanova?= <vilanova@ac.upc.edu>

On 04/24/2015 08:46 AM, Peter Maydell wrote:
> On 24 April 2015 at 12:26, Paolo Bonzini <pbonzini@redhat.com> wrote:
>> On 24/04/2015 04:10, Wenjie Liu wrote:
>>> The thing I am trying to achieve is to get the data and guest physical
>>> address of every guest memory access, so I need to known which API can
>>> be used to do the address transform.
>>
>> The short answer is that is difficult, because most guest memory
>> accesses do not call any C function.  QEMU has a virtual TLB; if you
>> have a TLB hit, the code generated by the JIT compiler does the conversion.
> 
> In fact on a TLB hit it's possible that it's not actually any
> longer determinable what the guest physical address was. This
> only really happens with buggy guests, but if the guest does
> a load that brings an entry into the TLB and then rewrites the
> page table but fails to do the TLB maintenance operation, then
> at the point when a subsequent load hits in the TLB we know
> the guest virtual address and the host virtual address but not
> the guest physical address, and we can't find the guest physaddr
> any more even if we walk the page tables, because those have
> been changed...
> 
> Wanting to do this kind of memory access tracing is a pretty
> common user request, though, and it would be nice if QEMU
> had the facilities for it. It's just that our current design
> is really not set up to make it easy to implement.

While probably very slow, could the kind of guest memory trace in question be
captured using the GDB stub and a breakpoint on every load an store
instruction (or alternatively, a watchpoint on every possible address)?

Chris

-- 
Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project