[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype
|
From: |
Pavel Dovgalyuk |
|
Subject: |
[Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype |
|
Date: |
Tue, 05 Jun 2018 13:39:15 +0300 |
|
User-agent: |
StGit/0.17.1-dirty |
The following series implements dynamic binary instrumentation upon QEMU.
It is based on the following prior sources:
- KVM Forum 2017 talk "Instrumenting, Introspection, and Debugging with QEMU"
https://www.linux-kvm.org/images/3/3d/Introspect.pdf
- Discussion on Lluis Vilanova instrumentation patch series
https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg03357.html
There are many implementations of the instrumentation for QEMU.
We have our own attempt on github: https://github.com/ispras/qemu/tree/plugins
But this series differ from that approach and it is intended
to provide a stable interface for adding and extending the QEMU binary
analysis functions.
We propose adding new instrumentation API for QEMU which will include
the following parts:
- some translator modifications to enable instrumenting the instructions
(and memory operations in the next version of the patches)
- dynamic binary instrumentation part (a sample which is currently submitted
in this RFC series)
- subsystem for dynamically loaded plugins that interact with this API
The aim of the instrumentation is implementing different runtime
tracers that can track the executed instructions, memory and
hardware operations. The implementation should not incur too much
overhead to make memory tracing as efficient as it is possible
for this heavy task.
The plugins should not have too many dependencies from the QEMU
core. They should be built as a separate projects using just
a couple of the headers.
For the current patches the plugins should provide the following
callbacks:
- "needs" callback to check whether the specific instruction
should be instrumented by this plugin
- "run" callback which called before executing the instuction
Our instrumentation subsystem exploits TCG helper mechanism to embed
callbacks into the translation blocks. These callbacks may be inserted
before the specific instructions.
The aim of submission of this series at that early stage is to get
the feedback which will guide the development process. We are faced
the following questions:
1. Does every plugins should have its own callback embedded into the TB
(which will cause TB extra growth in case of multiple plugins),
or the instrumentation layer's callback should invoke the plugins
that wanted to instrument that specific instruction?
2. How the plugins should function? Will they work as a binary dynamic
libraries or a script on some interpreted language?
3. Should the plugins reuse QEMU configuration script results?
Now there is no possibility for using platform-specific macros
generated by QEMU configure.
4. Maybe QEMU module infrastructure should be extended to support
plugins too?
5. How the GDB-related CPU inspection interface may be used better?
We should pass a register code to read the value. These codes
are not described in any of the files. Maybe a function for
accessing register by name should be added?
v2 changes:
- added a subsystem for the plugins
- added QEMU side API for plugins
- added sample plugins for simple tracing
---
Pavel Dovgalyuk (7):
tcg: add headers for non-target helpers
Add plugin support
plugins: provide helper functions for plugins
tcg: add instrumenting module
plugins: add plugin template
plugin: add instruction execution logger
plugins: add syscall logging plugin sample
Makefile.target | 1
accel/tcg/translator.c | 5 +
configure | 14 ++++
include/exec/helper-register.h | 53 +++++++++++++++
include/qemu/instrument.h | 7 ++
include/qemu/plugins.h | 8 ++
plugins/exec-log/Makefile | 19 +++++
plugins/exec-log/exec-log.c | 18 +++++
plugins/helper.h | 1
plugins/include/plugins.h | 18 +++++
plugins/plugins.c | 132 +++++++++++++++++++++++++++++++++++++
plugins/qemulib.c | 31 +++++++++
plugins/syscall-log/Makefile | 19 +++++
plugins/syscall-log/syscall-log.c | 44 ++++++++++++
plugins/template/Makefile | 19 +++++
plugins/template/template.c | 19 +++++
qemu-options.hx | 10 +++
tcg/tcg.c | 12 +++
tcg/tcg.h | 3 +
vl.c | 8 ++
20 files changed, 440 insertions(+), 1 deletion(-)
create mode 100644 include/exec/helper-register.h
create mode 100644 include/qemu/instrument.h
create mode 100644 include/qemu/plugins.h
create mode 100644 plugins/exec-log/Makefile
create mode 100644 plugins/exec-log/exec-log.c
create mode 100644 plugins/helper.h
create mode 100644 plugins/include/plugins.h
create mode 100644 plugins/plugins.c
create mode 100644 plugins/qemulib.c
create mode 100644 plugins/syscall-log/Makefile
create mode 100644 plugins/syscall-log/syscall-log.c
create mode 100644 plugins/template/Makefile
create mode 100644 plugins/template/template.c
--
Pavel Dovgalyuk
- [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype,
Pavel Dovgalyuk <=
- [Qemu-devel] [RFC PATCH v2 1/7] tcg: add headers for non-target helpers, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 2/7] Add plugin support, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 3/7] plugins: provide helper functions for plugins, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 4/7] tcg: add instrumenting module, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 5/7] plugins: add plugin template, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 6/7] plugin: add instruction execution logger, Pavel Dovgalyuk, 2018/06/05
- [Qemu-devel] [RFC PATCH v2 7/7] plugins: add syscall logging plugin sample, Pavel Dovgalyuk, 2018/06/05
- Re: [Qemu-devel] [RFC PATCH v2 0/7] QEMU binary instrumentation prototype, Peter Maydell, 2018/06/05