Re: [Qemu-devel] [RFC PATCH v2 7/7] plugins: add syscall logging plugin sample

From: "Pavel Dovgalyuk" <dovgaluk@ispras.ru>
To: "'Alex Bennée'" <alex.bennee@linaro.org>,
	"'Pavel Dovgalyuk'" <Pavel.Dovgaluk@ispras.ru>
Cc: qemu-devel@nongnu.org, peter.maydell@linaro.org,
	maria.klimushenkova@ispras.ru, pbonzini@redhat.com,
	vilanova@ac.upc.edu
Subject: Re: [Qemu-devel] [RFC PATCH v2 7/7] plugins: add syscall logging plugin sample
Date: Mon, 10 Sep 2018 12:18:19 +0300	[thread overview]
Message-ID: <001501d448e7$37421570$a5c64050$@ru> (raw)
In-Reply-To: <87pnxpz9jf.fsf@linaro.org>

> From: Alex Bennée [mailto:alex.bennee@linaro.org]
> Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> writes:
> 
> > This is an example of plugin which instruments only specific instructions:
> > sysenter and sysexit. When executing them, it prints system call id
> > and return code to the QEMU log.
> 
> Again I'm not sure this is a very useful example either. It doesn't
> achieve anything we can't already do with the existing logging/strace
> stuff and it is quite ugly in it's knowledge of a single architecture to
> try and figure out what's going on.

Not exactly. strace is intrusive, when running within the VM.
And this plugin does not affect the emulated system at all (except the slowdown).

Pavel Dovgalyuk
> 
> >
> > Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
> > ---
> >  plugins/syscall-log/Makefile      |   19 ++++++++++++++++
> >  plugins/syscall-log/syscall-log.c |   44 +++++++++++++++++++++++++++++++++++++
> >  2 files changed, 63 insertions(+)
> >  create mode 100644 plugins/syscall-log/Makefile
> >  create mode 100644 plugins/syscall-log/syscall-log.c
> >
> > diff --git a/plugins/syscall-log/Makefile b/plugins/syscall-log/Makefile
> > new file mode 100644
> > index 0000000..1bbdf04
> > --- /dev/null
> > +++ b/plugins/syscall-log/Makefile
> > @@ -0,0 +1,19 @@
> > +CFLAGS += -I../include -fno-PIE -fPIC -O3
> > +LDFLAGS += -shared
> > +# TODO: Windows
> > +DSOSUF := .so
> > +
> > +NAME:= syscall-log
> > +BIN := $(NAME)$(DSOSUF)
> > +
> > +FILES := syscall-log.o
> > +
> > +%.o: %.c
> > +	$(CC) -c -o $@ $< $(CFLAGS)
> > +
> > +all: $(FILES)
> > +	$(CC) $(LDFLAGS) -o $(BIN) $(FILES)
> > +
> > +clean:
> > +	rm $(FILES)
> > +	rm $(BIN)
> > diff --git a/plugins/syscall-log/syscall-log.c b/plugins/syscall-log/syscall-log.c
> > new file mode 100644
> > index 0000000..1f5d55f
> > --- /dev/null
> > +++ b/plugins/syscall-log/syscall-log.c
> > @@ -0,0 +1,44 @@
> > +#include <stdint.h>
> > +#include <stdio.h>
> > +#include "plugins.h"
> > +
> > +bool plugin_init(const char *args)
> > +{
> > +    return true;
> > +}
> > +
> > +bool plugin_needs_before_insn(uint64_t pc, void *cpu)
> > +{
> > +    uint8_t code = 0;
> > +    if (!qemulib_read_memory(cpu, pc, &code, 1)
> > +        && code == 0x0f) {
> > +        if (qemulib_read_memory(cpu, pc + 1, &code, 1)) {
> > +            return false;
> > +        }
> > +        if (code == 0x34) {
> > +            /* sysenter */
> > +            return true;
> > +        }
> > +        if (code == 0x35) {
> > +            /* sysexit */
> > +            return true;
> > +        }
> > +    }
> > +    return false;
> > +}
> > +
> > +void plugin_before_insn(uint64_t pc, void *cpu)
> > +{
> > +    uint8_t code = 0;
> > +    uint32_t reg;
> > +    qemulib_read_memory(cpu, pc + 1, &code, 1);
> > +    /* Read EAX. There should be a header with register ids
> > +       or a function for reading the register by the name */
> > +    qemulib_read_register(cpu, (uint8_t*)&reg, 0);
> > +    /* log system calls */
> > +    if (code == 0x34) {
> > +        qemulib_log("sysenter %x\n", reg);
> > +    } else if (code == 0x35) {
> > +        qemulib_log("sysexit %x\n", reg);
> > +    }
> > +}
> 
> 
> --
> Alex Bennée