[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qemu-discuss
Subject:    Re: Recording virtual memory addresses made by the Guest
From:       Alex =?utf-8?Q?Benn=C3=A9e?= <alex.bennee () linaro ! org>
Date:       2021-11-12 9:58:48
Message-ID: 87mtm9held.fsf () linaro ! org
[Download RAW message or body]


Arnabjyoti Kalita <akalita@cs.stonybrook.edu> writes:

> Hello all,
>
> I have a requirement to record all the load and store addresses that a
> guest makes. I have determined that the load and store address
> information can be determined from the below functions -
>
> static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr, ...);
>
> and
>
> static inline void QEMU_ALWAYS_INLINE cpu_store_helper(CPUArchState
> *env, target_ulong addr, ...);
>
> I have instrumented these functions and am recording the values of
> "addr" in both cases. Am I instrumenting the correct functions?

Yes and no.. the helpers are on the slow path and only get called when a
memory access isn't resolved in the fast path in the JIT code. Besides
you really don't want to be messing with the guts of the TCG to do this.
We have a feature known as TCG plugins which allows for this sort of
thing. Have a look at tests/plugins/mem.c for a basic memory plugin that
observes all memory accesses. There are more elaborate plugins in
contrib/plugins.

  https://qemu.readthedocs.io/en/latest/devel/tcg-plugins.html

> For context, I am using QEMU version 5.0.1. The guest uses x86_64
> architecture and is running Linux kernel 4.4.0.

TCG plugins have been available from v4.2 but needed to be enabled
specifically in the build. As of 6.1 plugins are enabled by default for
all TCG builds although I would recommend running from master if you
want to be sure to have all the latest facilities and fixes.

>
> Thank you very much.
>
> Best Regards,
> Arnabjyoti Kalita


-- 
Alex Bennée

[prev in list] [next in list] [prev in thread] [next in thread]