From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=54376 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PAMBU-0003KX-RS
	for qemu-devel@nongnu.org; Mon, 25 Oct 2010 08:29:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1PAMBT-0002WS-OV
	for qemu-devel@nongnu.org; Mon, 25 Oct 2010 08:29:52 -0400
Received: from mail-qw0-f45.google.com ([209.85.216.45]:63554)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1PAMBT-0002WO-MQ
	for qemu-devel@nongnu.org; Mon, 25 Oct 2010 08:29:51 -0400
Received: by qwf7 with SMTP id 7so1455406qwf.4
	for <qemu-devel@nongnu.org>; Mon, 25 Oct 2010 05:29:51 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <4CC5783C.8060009@redhat.com>
Date: Mon, 25 Oct 2010 14:29:48 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <cover.1287772322.git.vilanova@ac.upc.edu>	<AANLkTimNx5cXZ3bsvQaKdF5_in+2YF8jym0p=6ekFgcG@mail.gmail.com>
	<87vd4q5yqd.fsf_-_@ginnungagap.bsc.es>
In-Reply-To: <87vd4q5yqd.fsf_-_@ginnungagap.bsc.es>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: [Qemu-devel] Re: backdoor [Was: Re: [PATCH 00/17] [RFC] static
	instrumentation]
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Blue Swirl <blauwirbel@gmail.com>, qemu-devel@nongnu.org, xscript@gmx.net

On 10/25/2010 12:54 PM, Lluís wrote:
> * Backdoor channels need to provide arguments.
> * It's better to provide the same mechanism for both *-user and softmmu
>    (otherwise the application to simulate or the interposed librariy
>    should be compiled differently on every case).

You can add the syscall and, if it returns with ENOSYS, fall back to 
MMIO/PIO (you don't really need a special driver, only some chmod since 
BARs are accessible from /sys) or watchpoint/breakpoint.

> * Some applications are not fully simulated, but just some pre-defined
>    loops are, such that I would run the application (on KVM mode if
>    possible) until the interesting loop starts executing, switch to
>    simulation mode, simulate an arbitrary number of loops, switch back to
>    non-simulated mode, run until another specific loop or iteration is
>    reached, repeat the process again.
>    This obviously requires some application modification to insert the
>    communication points, unless these can be identified using symbol
>    interposition (e.g., calls to the OpenMP runtime to simulate certain
>    parallel loops).

Switching between KVM and TCG is not possible at the moment, even though 
in principle it should be feasible for non-SMP guests.

Paolo