Extracting PC information from QEMU/KVM during single-step

[Steven Raasch]

Hi -

I'm trying to create a hack that will allow me to extract an instruction trace from QEMU/KVM (i386). The KVM part is important (see below).

Background:

• I have used KVM to create a snapshot of a windows-10 guest running a graphics-intensive app. The *original* issue is that the app does not execute correctly when re-started from the snapshot using TCG (it doesn't crash, but it doesn't run correctly, either). So, using the existing "-d in_asm" won't work. It seemed to me that hacking in tracing to KVM should be easier than figuring out why the app doesn't work.
• I've poked around the tracing mechanism in the TCG, and extracted what I need to dump instructions and then added that to kvm_cpu_exec().
• I'm setting DEBUG & single-step modes by calling cpu_single_step() from the top of kvm_vcpu_thread_fn().
• in kvm_cpu_exec() I wait until I get a KVM_EXIT_DEBUG signal before logging the instruction.

I have the output of TCG "-d in_asm" from the beginning of the execution, and I'm comparing the KVM output with that.

What I don't have right is the PC of the instruction that's been executed. The TCG is clearly sane, but the KVM output is not.

My best thought was to extract the PC from kvm_run (run->debug.arch.pc) after the KVM_RUN ioctl, but that doesn't match up. I also tried kvm_vcpu_ioctl() with KVM_GET_REGS, and grabbing the rip from cpu->env.rip. I didn't expect any of these to be exactly right, but I thought they would lead me to something sane.

Using run->debug.arch.pc gives me the right address for the first instruction, but nothing makes sense after that.

Can anyone help me get onto the right track?

Thanks!

-Steve