From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Palmer Dabbelt" <palmer@dabbelt.com>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>,
qemu-riscv@nongnu.org,
"Daniel Henrique Barboza" <dbarboza@ventanamicro.com>,
"Thomas Huth" <thuth@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Alistair Francis" <alistair.francis@wdc.com>,
qemu-arm@nongnu.org, "Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Weiwei Li" <liwei1518@gmail.com>,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Liu Zhiwei" <zhiwei_liu@linux.alibaba.com>,
"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>
Subject: [PATCH 21/25] contrib/plugins/uftrace: implement privilege level tracing
Date: Mon, 22 Sep 2025 10:37:06 +0100 [thread overview]
Message-ID: <20250922093711.2768983-22-alex.bennee@linaro.org> (raw)
In-Reply-To: <20250922093711.2768983-1-alex.bennee@linaro.org>
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
We add new option trace-privilege-level=bool, which will create a
separate trace for each privilege level.
This allows to follow changes of privilege during execution.
We implement aarch64 operations to track current privilege level
accordingly.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-6-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
contrib/plugins/uftrace.c | 190 ++++++++++++++++++++++++++++++++++++--
1 file changed, 182 insertions(+), 8 deletions(-)
diff --git a/contrib/plugins/uftrace.c b/contrib/plugins/uftrace.c
index b9dcd531987..10abad0673c 100644
--- a/contrib/plugins/uftrace.c
+++ b/contrib/plugins/uftrace.c
@@ -46,19 +46,40 @@ typedef struct {
void (*init)(Cpu *cpu);
void (*end)(Cpu *cpu);
uint64_t (*get_frame_pointer)(Cpu *cpu);
+ uint8_t (*get_privilege_level)(Cpu *cpu);
+ uint8_t (*num_privilege_levels)(void);
+ const char *(*get_privilege_level_name)(uint8_t pl);
bool (*does_insn_modify_frame_pointer)(const char *disas);
} CpuOps;
typedef struct Cpu {
Trace *trace;
Callstack *cs;
+ uint8_t privilege_level;
+ GArray *traces; /* Trace *traces [] */
GByteArray *buf;
CpuOps ops;
void *arch;
} Cpu;
+typedef enum {
+ AARCH64_EL0_SECURE,
+ AARCH64_EL0_NONSECURE,
+ AARCH64_EL0_REALM,
+ AARCH64_EL1_SECURE,
+ AARCH64_EL1_NONSECURE,
+ AARCH64_EL1_REALM,
+ AARCH64_EL2_SECURE,
+ AARCH64_EL2_NONSECURE,
+ AARCH64_EL2_REALM,
+ AARCH64_EL3,
+ AARCH64_PRIVILEGE_LEVEL_MAX,
+} Aarch64PrivilegeLevel;
+
typedef struct {
struct qemu_plugin_register *reg_fp;
+ struct qemu_plugin_register *reg_cpsr;
+ struct qemu_plugin_register *reg_scr_el3;
} Aarch64Cpu;
typedef struct {
@@ -74,6 +95,7 @@ typedef enum {
} UftraceRecordType;
static struct qemu_plugin_scoreboard *score;
+static bool trace_privilege_level;
static CpuOps arch_ops;
static uint64_t gettime_ns(void)
@@ -251,6 +273,16 @@ static uint64_t cpu_read_register64(Cpu *cpu, struct qemu_plugin_register *reg)
return *((uint64_t *) buf->data);
}
+static uint32_t cpu_read_register32(Cpu *cpu, struct qemu_plugin_register *reg)
+{
+ GByteArray *buf = cpu->buf;
+ g_byte_array_set_size(buf, 0);
+ size_t sz = qemu_plugin_read_register(reg, buf);
+ g_assert(sz == 4);
+ g_assert(buf->len == 4);
+ return *((uint32_t *) buf->data);
+}
+
static uint64_t cpu_read_memory64(Cpu *cpu, uint64_t addr)
{
g_assert(addr);
@@ -308,6 +340,68 @@ static struct qemu_plugin_register *plugin_find_register(const char *name)
return NULL;
}
+static uint8_t aarch64_num_privilege_levels(void)
+{
+ return AARCH64_PRIVILEGE_LEVEL_MAX;
+}
+
+static const char *aarch64_get_privilege_level_name(uint8_t pl)
+{
+ switch (pl) {
+ case AARCH64_EL0_SECURE: return "S-EL0";
+ case AARCH64_EL0_NONSECURE: return "NS-EL0";
+ case AARCH64_EL0_REALM: return "R-EL0";
+ case AARCH64_EL1_SECURE: return "S-EL1";
+ case AARCH64_EL1_NONSECURE: return "NS-EL1";
+ case AARCH64_EL1_REALM: return "R-EL1";
+ case AARCH64_EL2_SECURE: return "S-EL2";
+ case AARCH64_EL2_NONSECURE: return "NS-EL2";
+ case AARCH64_EL2_REALM: return "R-EL2";
+ case AARCH64_EL3: return "EL3";
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static uint8_t aarch64_get_privilege_level(Cpu *cpu_)
+{
+ Aarch64Cpu *cpu = cpu_->arch;
+ /*
+ * QEMU gdbstub does not provide access to CurrentEL,
+ * so we use CPSR instead.
+ */
+ uint8_t el = cpu_read_register32(cpu_, cpu->reg_cpsr) >> 2 & 0b11;
+
+ if (el == 3) {
+ return AARCH64_EL3;
+ }
+
+ uint8_t ss = AARCH64_EL0_SECURE;
+ if (!cpu->reg_scr_el3) {
+ ss = AARCH64_EL0_NONSECURE;
+ }
+ uint64_t scr_el3 = cpu_read_register64(cpu_, cpu->reg_scr_el3);
+ uint64_t ns = (scr_el3 >> 0) & 0b1;
+ uint64_t nse = (scr_el3 >> 62) & 0b1;
+ switch (nse << 1 | ns) {
+ case 0b00:
+ ss = AARCH64_EL0_SECURE;
+ break;
+ case 0b01:
+ ss = AARCH64_EL0_NONSECURE;
+ break;
+ case 0b11:
+ ss = AARCH64_EL0_REALM;
+ break;
+ default:
+ g_assert_not_reached();
+ }
+
+ const uint8_t num_ss = 3;
+ Aarch64PrivilegeLevel pl = el * num_ss + ss;
+ return pl;
+}
+
static uint64_t aarch64_get_frame_pointer(Cpu *cpu_)
{
Aarch64Cpu *cpu = cpu_->arch;
@@ -324,6 +418,10 @@ static void aarch64_init(Cpu *cpu_)
"available. Please use an AArch64 cpu (or -cpu max).\n");
g_abort();
}
+ cpu->reg_cpsr = plugin_find_register("cpsr");
+ g_assert(cpu->reg_cpsr);
+ cpu->reg_scr_el3 = plugin_find_register("SCR_EL3");
+ /* scr_el3 is optional */
}
static void aarch64_end(Cpu *cpu)
@@ -345,9 +443,34 @@ static CpuOps aarch64_ops = {
.init = aarch64_init,
.end = aarch64_end,
.get_frame_pointer = aarch64_get_frame_pointer,
+ .get_privilege_level = aarch64_get_privilege_level,
+ .num_privilege_levels = aarch64_num_privilege_levels,
+ .get_privilege_level_name = aarch64_get_privilege_level_name,
.does_insn_modify_frame_pointer = aarch64_does_insn_modify_frame_pointer,
};
+static void track_privilege_change(unsigned int cpu_index, void *udata)
+{
+ Cpu *cpu = qemu_plugin_scoreboard_find(score, cpu_index);
+ uint8_t new_pl = cpu->ops.get_privilege_level(cpu);
+
+ if (new_pl == cpu->privilege_level) {
+ return;
+ }
+
+ uint64_t pc = (uintptr_t) udata;
+ uint64_t timestamp = gettime_ns();
+
+ trace_exit_stack(cpu->trace, cpu->cs, timestamp);
+ callstack_clear(cpu->cs);
+
+ cpu->privilege_level = new_pl;
+ cpu->trace = g_array_index(cpu->traces, Trace*, new_pl);
+
+ cpu_unwind_stack(cpu, cpu->ops.get_frame_pointer(cpu), pc);
+ trace_enter_stack(cpu->trace, cpu->cs, timestamp);
+}
+
static void track_callstack(unsigned int cpu_index, void *udata)
{
uint64_t pc = (uintptr_t) udata;
@@ -400,6 +523,13 @@ static void track_callstack(unsigned int cpu_index, void *udata)
static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
{
size_t n_insns = qemu_plugin_tb_n_insns(tb);
+ uintptr_t tb_pc = qemu_plugin_tb_vaddr(tb);
+
+ if (trace_privilege_level) {
+ qemu_plugin_register_vcpu_tb_exec_cb(tb, track_privilege_change,
+ QEMU_PLUGIN_CB_R_REGS,
+ (void *) tb_pc);
+ }
/*
* Callbacks and inline instrumentation are inserted before an instruction.
@@ -433,18 +563,36 @@ static void vcpu_init(qemu_plugin_id_t id, unsigned int vcpu_index)
cpu->ops.init(cpu);
cpu->buf = g_byte_array_new();
+ cpu->traces = g_array_new(0, 0, sizeof(Trace *));
g_assert(vcpu_index < UINT32_MAX / TRACE_ID_SCALE);
- /* trace_id is: cpu_number * TRACE_ID_SCALE */
+ g_assert(cpu->ops.num_privilege_levels() < TRACE_ID_SCALE);
+ /* trace_id is: cpu_number * TRACE_ID_SCALE + privilege_level */
uint32_t trace_id = (vcpu_index + 1) * TRACE_ID_SCALE;
- g_autoptr(GString) trace_name = g_string_new(NULL);
- g_string_append_printf(trace_name, "cpu%u", vcpu_index);
- cpu->trace = trace_new(trace_id, trace_name);
- /* create/truncate trace file */
- trace_flush(cpu->trace, false);
+ if (trace_privilege_level) {
+ for (uint8_t pl = 0; pl < cpu->ops.num_privilege_levels(); ++pl) {
+ g_autoptr(GString) trace_name = g_string_new(NULL);
+ g_string_append_printf(trace_name, "cpu%u %s", vcpu_index,
+ cpu->ops.get_privilege_level_name(pl));
+ Trace *t = trace_new(trace_id + pl, trace_name);
+ g_array_append_val(cpu->traces, t);
+ }
+ } else {
+ g_autoptr(GString) trace_name = g_string_new(NULL);
+ g_string_append_printf(trace_name, "cpu%u", vcpu_index);
+ Trace *t = trace_new(trace_id, trace_name);
+ g_array_append_val(cpu->traces, t);
+ }
+
+ for (size_t i = 0; i < cpu->traces->len; ++i) {
+ /* create/truncate trace files */
+ Trace *t = g_array_index(cpu->traces, Trace*, i);
+ trace_flush(t, false);
+ }
cpu->cs = callstack_new();
+ cpu->trace = g_array_index(cpu->traces, Trace*, cpu->privilege_level);
}
static void vcpu_end(unsigned int vcpu_index)
@@ -452,7 +600,12 @@ static void vcpu_end(unsigned int vcpu_index)
Cpu *cpu = qemu_plugin_scoreboard_find(score, vcpu_index);
g_byte_array_free(cpu->buf, true);
- trace_free(cpu->trace);
+ for (size_t i = 0; i < cpu->traces->len; ++i) {
+ Trace *t = g_array_index(cpu->traces, Trace*, i);
+ trace_free(t);
+ }
+
+ g_array_free(cpu->traces, true);
callstack_free(cpu->cs);
memset(cpu, 0, sizeof(Cpu));
}
@@ -461,7 +614,13 @@ static void at_exit(qemu_plugin_id_t id, void *data)
{
for (size_t i = 0; i < qemu_plugin_num_vcpus(); ++i) {
Cpu *cpu = qemu_plugin_scoreboard_find(score, i);
- trace_flush(cpu->trace, true);
+ for (size_t j = 0; j < cpu->traces->len; ++j) {
+ Trace *t = g_array_index(cpu->traces, Trace*, j);
+ trace_flush(t, true);
+ }
+ }
+
+ for (size_t i = 0; i < qemu_plugin_num_vcpus(); ++i) {
vcpu_end(i);
}
@@ -472,6 +631,21 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
const qemu_info_t *info,
int argc, char **argv)
{
+ for (int i = 0; i < argc; i++) {
+ char *opt = argv[i];
+ g_auto(GStrv) tokens = g_strsplit(opt, "=", 2);
+ if (g_strcmp0(tokens[0], "trace-privilege-level") == 0) {
+ if (!qemu_plugin_bool_parse(tokens[0], tokens[1],
+ &trace_privilege_level)) {
+ fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
+ return -1;
+ }
+ } else {
+ fprintf(stderr, "option parsing failed: %s\n", opt);
+ return -1;
+ }
+ }
+
if (!strcmp(info->target_name, "aarch64")) {
arch_ops = aarch64_ops;
} else {
--
2.47.3
next prev parent reply other threads:[~2025-09-22 9:47 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-22 9:36 [PATCH 00/25] September maintainer updates (docs, plugins, semihosting) pre-PR Alex Bennée
2025-09-22 9:36 ` [PATCH 01/25] docs/devel: fix typo in code-provenance.rst Alex Bennée
2025-09-22 11:32 ` Thomas Huth
2025-09-22 9:36 ` [PATCH 02/25] scripts/ci: add gitlab-failure-analysis script Alex Bennée
2025-09-22 9:36 ` [PATCH 03/25] checkpatch: Ignore removed lines in license check Alex Bennée
2025-09-22 9:36 ` [PATCH 04/25] semihosting/syscalls: compile once in system and per target for user mode Alex Bennée
2025-09-22 9:36 ` [PATCH 05/25] semihosting/syscalls: replace uint64_t with vaddr where appropriate Alex Bennée
2025-09-22 9:36 ` [PATCH 06/25] semihosting/guestfd: compile once for system/user Alex Bennée
2025-09-22 9:36 ` [PATCH 07/25] semihosting/arm-compat-semi: change common_semi_sys_exit_extended Alex Bennée
2025-09-22 9:36 ` [PATCH 08/25] target/riscv/common-semi-target: remove sizeof(target_ulong) Alex Bennée
2025-09-22 9:36 ` [PATCH 09/25] target/{arm, riscv}/common-semi-target: eradicate target_ulong Alex Bennée
2025-09-22 9:36 ` [PATCH 10/25] include/semihosting/common-semi: extract common_semi API Alex Bennée
2025-09-22 9:36 ` [PATCH 11/25] semihosting/arm-compat-semi: eradicate sizeof(target_ulong) Alex Bennée
2025-09-22 11:52 ` Philippe Mathieu-Daudé
2025-09-22 9:36 ` [PATCH 12/25] semihosting/arm-compat-semi: replace target_ulong with vaddr Alex Bennée
2025-09-22 11:53 ` Philippe Mathieu-Daudé
2025-09-22 12:43 ` Alex Bennée
2025-09-25 21:13 ` Pierrick Bouvier
2025-09-22 9:36 ` [PATCH 13/25] semihosting/arm-compat-semi: eradicate target_long Alex Bennée
2025-09-22 9:36 ` [PATCH 14/25] semihosting/arm-compat-semi: remove dependency on cpu.h Alex Bennée
2025-09-22 9:37 ` [PATCH 15/25] semihosting/arm-compat-semi: compile once in system and per target for user mode Alex Bennée
2025-09-22 9:37 ` [PATCH 16/25] contrib/plugins/execlog: Explicitly check for qemu_plugin_read_register() failure Alex Bennée
2025-09-22 9:37 ` [PATCH 17/25] contrib/plugins/uftrace: skeleton file Alex Bennée
2025-09-22 9:37 ` [PATCH 18/25] contrib/plugins/uftrace: define cpu operations and implement aarch64 Alex Bennée
2025-09-22 9:37 ` [PATCH 19/25] contrib/plugins/uftrace: track callstack Alex Bennée
2025-09-22 9:37 ` [PATCH 20/25] contrib/plugins/uftrace: implement tracing Alex Bennée
2025-09-22 9:37 ` Alex Bennée [this message]
2025-09-22 9:37 ` [PATCH 22/25] contrib/plugins/uftrace: generate additional files for uftrace Alex Bennée
2025-09-22 9:37 ` [PATCH 23/25] contrib/plugins/uftrace: implement x64 support Alex Bennée
2025-09-22 9:37 ` [PATCH 24/25] contrib/plugins/uftrace_symbols.py Alex Bennée
2025-09-22 9:37 ` [PATCH 25/25] contrib/plugins/uftrace: add documentation Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250922093711.2768983-22-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=alistair.francis@wdc.com \
--cc=dbarboza@ventanamicro.com \
--cc=erdnaxe@crans.org \
--cc=liwei1518@gmail.com \
--cc=ma.mandourr@gmail.com \
--cc=manos.pitsidianakis@linaro.org \
--cc=palmer@dabbelt.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=thuth@redhat.com \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).