[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
backdoor [Was: Re: [Qemu-devel] [PATCH 00/17] [RFC] static instrumentati
From: |
Lluís |
Subject: |
backdoor [Was: Re: [Qemu-devel] [PATCH 00/17] [RFC] static instrumentation] |
Date: |
Mon, 25 Oct 2010 12:54:34 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) |
Blue Swirl writes:
> On Fri, Oct 22, 2010 at 6:32 PM, Lluís <address@hidden> wrote:
>> Lluís Vilanova (17):
>> backdoor: Declare host-side backdoor helpers
>> backdoor: [all] Include backdoor helper declarations
>> backdoor: Declare guest-side interface macros
>> backdoor: [i386] Decode backdoor instructions
>> backdoor: [i386] Declare guest-side interface macros
>> backdoor: Add a simple example
> The backdoor instruction is problematic. For example, handling that in
> KVM may be difficult
I thought about implementing guest-directed KVM control, such that the
guest will be able to enable/disable KVM at will, but I'm not sure how
this can be accomplished in a generic way (i.e., x86 has vmcall/vmmcall
as you told me a lot of time ago).
> and there are guest visible side effects.
I don't understand what you mean with guest-visible effects.
> The same effect can be achieved with a MMIO/PIO device or instrumented
> breakpoints/watchpoints.
> For the MMIO/PIO device solution, there are several PV devices
> available, for example virtio devices and fw_cfg. Instead of a
> backdoor instruction, the guest should simply issue MMIO or PIO using
> regular instructions. For Linux user, a new syscall can be added.
> Anyway, the guest still needs to be modified.
> Instrumenting GDB watchpoint and/or breakpoint support would be more
> attractive because this would be completely invisible to the guest and
> it may be controlled from GDB.
Ok, so far I see different approaches available:
* MMIO/PIO device
Needs no undocumented extensions to the ISA, but requires modifying
the guest OS (adding a device driver).
* New syscall
Needs no undocumented extensions to the ISA, but will only work with
*-user emulation.
* watchpoint/breapoint
Needs no undocumented extensions to the ISA, but will only work with
softmmu emulation, and only as long as the backdoor channel requires
no arguments.
* ISA extensions
Needs a per-target decoding of the instruction and won't work when
running under KVM.
What I used until now (with my old bochs-based implementation), is the
presented ISA extensions, which are used through library interposition
(e.g., in softmmu emulation, launch the application with a library in
LD_PRELOAD that enables/disables simulation using a
constructor/destructor attribute, plus some extra backdoor communication
to simulate specific processes by interposing on the fork/clone
syscall).
My requirements here are:
* Backdoor channels need to provide arguments.
* It's better to provide the same mechanism for both *-user and softmmu
(otherwise the application to simulate or the interposed librariy
should be compiled differently on every case).
* Some applications are not fully simulated, but just some pre-defined
loops are, such that I would run the application (on KVM mode if
possible) until the interesting loop starts executing, switch to
simulation mode, simulate an arbitrary number of loops, switch back to
non-simulated mode, run until another specific loop or iteration is
reached, repeat the process again.
This obviously requires some application modification to insert the
communication points, unless these can be identified using symbol
interposition (e.g., calls to the OpenMP runtime to simulate certain
parallel loops).
The instrumented watchpoint/breakpoint sounds as an interesting
approach, but I don't see how I can:
* Differentiate among instrumented and non-instrumented
watchpoints/breakpoints
* Pass arguments to the instrumentation backend
Thanks,
Lluis
--
"And it's much the same thing with knowledge, for whenever you learn
something new, the whole world becomes that much richer."
-- The Princess of Pure Reason, as told by Norton Juster in The Phantom
Tollbooth
- [Qemu-devel] [PATCH 04/18] backdoor: Declare guest-side interface macros, (continued)
- [Qemu-devel] [PATCH 04/18] backdoor: Declare guest-side interface macros, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 08/18] instrument: Handle config-time activation, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 12/18] instrument: [all] Include instrumentation helper declarations, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 07/18] backdoor: Add a simple example, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 11/18] instrument: Code-generation macros, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 05/18] backdoor: [i386] Decode backdoor instructions, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 06/18] backdoor: [i386] Declare guest-side interface macros, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 09/18] instrument: Add initial instrumentation example, Lluís, 2010/10/22
- [Qemu-devel] [PATCH 10/18] instrument: Dynamic per-CPU state of static instrumentation points, Lluís, 2010/10/22
- Re: [Qemu-devel] [PATCH 00/17] [RFC] static instrumentation, Blue Swirl, 2010/10/23
- backdoor [Was: Re: [Qemu-devel] [PATCH 00/17] [RFC] static instrumentation],
Lluís <=
- [Qemu-devel] Re: backdoor [Was: Re: [PATCH 00/17] [RFC] static instrumentation], Paolo Bonzini, 2010/10/25
- Re: [Qemu-devel] Re: backdoor, Lluís, 2010/10/25
- Re: [Qemu-devel] Re: backdoor, Anthony Liguori, 2010/10/25
- Re: [Qemu-devel] Re: backdoor, Lluís, 2010/10/25
- Re: [Qemu-devel] Re: backdoor, Anthony Liguori, 2010/10/25
- Re: [Qemu-devel] Re: backdoor, Lluís, 2010/10/26
- Re: backdoor [Was: Re: [Qemu-devel] [PATCH 00/17] [RFC] static instrumentation], Blue Swirl, 2010/10/25
- [Qemu-devel] Re: backdoor, Lluís, 2010/10/25
instrument [Was: Re: [Qemu-devel] [PATCH 00/17] [RFC] static instrumentation], Lluís, 2010/10/25