From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1JNXOl-0004BQ-38
	for qemu-devel@nongnu.org; Fri, 08 Feb 2008 12:52:27 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1JNXOk-0004AB-1E
	for qemu-devel@nongnu.org; Fri, 08 Feb 2008 12:52:26 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1JNXOj-0004A1-SI
	for qemu-devel@nongnu.org; Fri, 08 Feb 2008 12:52:25 -0500
Received: from mu-out-0910.google.com ([209.85.134.190])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <blauwirbel@gmail.com>) id 1JNXOj-000695-HN
	for qemu-devel@nongnu.org; Fri, 08 Feb 2008 12:52:25 -0500
Received: by mu-out-0910.google.com with SMTP id w8so3223401mue.4
	for <qemu-devel@nongnu.org>; Fri, 08 Feb 2008 09:52:23 -0800 (PST)
Message-ID: <f43fc5580802080952t7701b291x9e1fbd1c53adcb90@mail.gmail.com>
Date: Fri, 8 Feb 2008 19:52:22 +0200
From: "Blue Swirl" <blauwirbel@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: [Qemu-devel] Kernel memory allocation debugging with Qemu
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel <qemu-devel@nongnu.org>

On KernelTrap there is a story about Linux kernel memory allocation
debugging patch that allows detection of reads from uninitialized
memory (http://kerneltrap.org/Linux/Debugging_With_kmemcheck).

The patch takes a half of the memory and slows down the system. I
think Qemu could be used instead. A channel (IO/MMIO) is created
between the memory allocator in target kernel and Qemu running in the
host. Memory allocator tells the allocated area to Qemu using the
channel. Qemu changes the physical memory mapping for the area to
special memory that will report any reads before writes back to
allocator. Writes change the memory back to standard RAM. The
performance would be comparable to Qemu in general and host kernel +
Qemu only take a few MB of the memory. The system would be directly
usable for other OSes as well.

Similar debugging tool could be used in user space too (instrumenting
libc malloc/free), but that's probably reinventing Valgrind or other
malloc checkers.

The special memory could also report unaligned accesses even on target
where this is normally not detected but not so efficient.