From: "Pavel Dovgalyuk" <dovgaluk@ispras.ru>
To: 'Pavel Dovgalyuk' <dovgaluk@ispras.ru>,
'Peter Maydell' <peter.maydell@linaro.org>,
'Pavel Dovgalyuk' <Pavel.Dovgaluk@ispras.ru>
Cc: "'QEMU Developers'" <qemu-devel@nongnu.org>,
maria.klimushenkova@ispras.ru,
"'Paolo Bonzini'" <pbonzini@redhat.com>,
"'Lluís Vilanova'" <vilanova@ac.upc.edu>
Subject: Re: [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype
Date: Mon, 25 Jun 2018 08:46:00 +0300 [thread overview]
Message-ID: <007e01d40c47$cc465640$64d302c0$@ru> (raw)
In-Reply-To: <001d01d3fcc4$3dfd33f0$b9f79bd0$@ru>
Peter, what about this one?
Pavel Dovgalyuk
> -----Original Message-----
> From: Pavel Dovgalyuk [mailto:dovgaluk@ispras.ru]
> Sent: Tuesday, June 05, 2018 2:56 PM
> To: 'Peter Maydell'; 'Pavel Dovgalyuk'
> Cc: 'QEMU Developers'; maria.klimushenkova@ispras.ru; 'Paolo Bonzini'; 'Lluís Vilanova'
> Subject: RE: [RFC PATCH v2 0/7] QEMU binary instrumentation prototype
>
> > From: Peter Maydell [mailto:peter.maydell@linaro.org]
> >
> > This series doesn't seem to add anything to Documentation/ that
> > describes the API we make available to plugins. I'm a lot more
> > interested in reviewing the API that will be used by plugins
> > than I am in the implementation at this stage. Can you provide
> > a description/documentation of the API for review, please?
>
>
> Here is the draft:
>
> Introduction
> ============
>
> This document describes an API for creating the QEMU
> instrumentation plugins.
>
> It is based on the following prior sources:
> - KVM Forum 2017 talk "Instrumenting, Introspection, and Debugging with QEMU"
> https://www.linux-kvm.org/images/3/3d/Introspect.pdf
> - Discussion on Lluis Vilanova instrumentation patch series
> https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg03357.html
>
> The aim of the instrumentation is implementing different runtime
> tracers that can track the executed instructions, memory and
> hardware operations.
>
> Instrumenting the code
> ======================
>
> Instrumentation subsystem exploits TCG helper mechanism to embed
> callbacks into the translation blocks. These callbacks may be inserted
> before the specific instructions, when the plugins require such filtering.
>
> Translator uses two functions for embedding the callbacks:
> - first function checks whether the current instruction should be
> instrumented
> - second function embeds the callback for executing the plugin-specific
> code before that instruction
>
> The similar method may be used for memory access instrumentation.
>
> QEMU->Plugin API
> ================
>
> Instrumentation layer passes the requests from the translator
> to the dynamically loaded plugins. Every plugin may provide
> the following functions to perform the instrumentation:
>
> 1. bool plugin_init(const char *args);
> Initialization function. May return false if the plugin
> can't work in the current environment.
>
> 2. bool plugin_needs_before_insn(uint64_t pc, void *cpu);
> Returns true if the plugin needs to instrument the current instruction.
> It may use the address (pc) for making the decision or the guest
> CPU state (cpu), which can be passed back to QEMU core API
> (e.g., for reading the guest memory).
> This function is called at both translation and execution phases.
>
> 3. void plugin_before_insn(uint64_t pc, void *cpu);
> If the previous function returned true for some instruction,
> then this function will be called. This process is repeated before
> every execution of the instruction, if it was instrumented.
>
> The similar pair of functions will also be added for the memory
> operations.
>
> Plugin->QEMU API
> ================
>
> QEMU core exports some functions to let the plugins introspect the guest
> or perform some interaction with other QEMU services (e.g., logging).
> API doesn't contain any data structures, because their memory layout depend
> on the compilation settings.
>
> QEMU exports the following functions that may be called from the plugins:
>
> 1. void qemulib_log(const char *fmt, ...);
> Wrapper for qemu_log.
>
> 2. int qemulib_read_memory(void *cpu, uint64_t addr, uint8_t *buf, int len);
> Reads guest memory into the buffer. Wrapper for cpu_memory_rw_debug.
>
> 3. int qemulib_read_register(void *cpu, uint8_t *mem_buf, int reg);
> Uses target gdb interface for accessing the guest registers.
> 'reg' is the id of the desired register as it is coded by gdb.
>
> There also should be a function for flushing the translated blocks to
> ensure that the instrumentation will occur in the case of changing
> the internal plugin state.
>
next prev parent reply other threads:[~2018-06-25 5:46 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-05 10:39 [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype Pavel Dovgalyuk
2018-06-05 10:39 ` [Qemu-devel] [RFC PATCH v2 1/7] tcg: add headers for non-target helpers Pavel Dovgalyuk
2018-06-05 13:07 ` Thomas Huth
2018-06-06 7:30 ` Pavel Dovgalyuk
2018-09-07 12:16 ` Alex Bennée
2018-06-05 10:39 ` [Qemu-devel] [RFC PATCH v2 2/7] Add plugin support Pavel Dovgalyuk
2018-09-07 10:11 ` Alex Bennée
2018-09-13 6:40 ` Pavel Dovgalyuk
2018-09-07 12:34 ` Alex Bennée
2018-09-10 8:30 ` Pavel Dovgalyuk
2018-09-07 14:14 ` Alex Bennée
2018-09-10 11:41 ` Pavel Dovgalyuk
2018-06-05 10:39 ` [Qemu-devel] [RFC PATCH v2 3/7] plugins: provide helper functions for plugins Pavel Dovgalyuk
2018-09-07 13:06 ` Alex Bennée
2018-06-05 10:39 ` [Qemu-devel] [RFC PATCH v2 4/7] tcg: add instrumenting module Pavel Dovgalyuk
2018-09-07 13:36 ` Alex Bennée
2018-09-13 6:55 ` Pavel Dovgalyuk
2018-06-05 10:39 ` [Qemu-devel] [RFC PATCH v2 5/7] plugins: add plugin template Pavel Dovgalyuk
2018-09-07 13:41 ` Alex Bennée
2018-06-05 10:39 ` [Qemu-devel] [RFC PATCH v2 6/7] plugin: add instruction execution logger Pavel Dovgalyuk
2018-09-07 13:59 ` Alex Bennée
2018-06-05 10:39 ` [Qemu-devel] [RFC PATCH v2 7/7] plugins: add syscall logging plugin sample Pavel Dovgalyuk
2018-09-07 14:06 ` Alex Bennée
2018-09-10 9:18 ` Pavel Dovgalyuk
2018-09-10 13:58 ` Alex Bennée
2018-06-05 10:49 ` [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype Peter Maydell
2018-06-05 11:56 ` Pavel Dovgalyuk
2018-06-25 5:46 ` Pavel Dovgalyuk [this message]
2018-06-25 9:06 ` Peter Maydell
2018-09-07 14:10 ` Alex Bennée
2018-07-10 13:06 ` Stefan Hajnoczi
2018-07-11 6:02 ` Pavel Dovgalyuk
2018-07-30 13:26 ` Pavel Dovgalyuk
2018-08-29 5:39 ` Pavel Dovgalyuk
2018-08-29 19:57 ` Peter Maydell
2018-08-30 4:03 ` Alex Bennée
2018-06-06 8:52 ` no-reply
2018-06-06 9:21 ` no-reply
2018-06-06 10:45 ` no-reply
2018-09-07 14:39 ` Alex Bennée
2018-09-08 0:57 ` Peter Maydell
2018-09-10 9:01 ` Alex Bennée
2018-09-10 11:44 ` Pavel Dovgalyuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='007e01d40c47$cc465640$64d302c0$@ru' \
--to=dovgaluk@ispras.ru \
--cc=Pavel.Dovgaluk@ispras.ru \
--cc=maria.klimushenkova@ispras.ru \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=vilanova@ac.upc.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).