fridtjof/qemu-cr16
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

contrib/plugins/uftrace: implement privilege level tracing

Browse source 
We add new option trace-privilege-level=bool, which will create a
separate trace for each privilege level.
This allows to follow changes of privilege during execution.

We implement aarch64 operations to track current privilege level
accordingly.

Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20250902075042.223990-6-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250922093711.2768983-22-alex.bennee@linaro.org>
This commit is contained in:
Pierrick Bouvier 2025-09-22 10:37:06 +01:00 committed by Alex Bennée
parent bba94f7876
commit 308c20108a
1 changed files with 182 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

190
contrib/plugins/uftrace.c
View file

@ -46,19 +46,40 @@ typedef struct {
void (*init)(Cpu *cpu);
void (*end)(Cpu *cpu);
uint64_t (*get_frame_pointer)(Cpu *cpu);
uint8_t (*get_privilege_level)(Cpu *cpu);
uint8_t (*num_privilege_levels)(void);
const char *(*get_privilege_level_name)(uint8_t pl);
bool (*does_insn_modify_frame_pointer)(const char *disas);
} CpuOps;
typedef struct Cpu {
Trace *trace;
Callstack *cs;
uint8_t privilege_level;
GArray *traces; /* Trace *traces [] */
GByteArray *buf;
CpuOps ops;
void *arch;
} Cpu;
typedef enum {
AARCH64_EL0_SECURE,
AARCH64_EL0_NONSECURE,
AARCH64_EL0_REALM,
AARCH64_EL1_SECURE,
AARCH64_EL1_NONSECURE,
AARCH64_EL1_REALM,
AARCH64_EL2_SECURE,
AARCH64_EL2_NONSECURE,
AARCH64_EL2_REALM,
AARCH64_EL3,
AARCH64_PRIVILEGE_LEVEL_MAX,
} Aarch64PrivilegeLevel;
typedef struct {
struct qemu_plugin_register *reg_fp;
struct qemu_plugin_register *reg_cpsr;
struct qemu_plugin_register *reg_scr_el3;
} Aarch64Cpu;
typedef struct {
@ -74,6 +95,7 @@ typedef enum {
} UftraceRecordType;
static struct qemu_plugin_scoreboard *score;
static bool trace_privilege_level;
static CpuOps arch_ops;
static uint64_t gettime_ns(void)
@ -251,6 +273,16 @@ static uint64_t cpu_read_register64(Cpu *cpu, struct qemu_plugin_register *reg)
return *((uint64_t *) buf->data);
}
static uint32_t cpu_read_register32(Cpu *cpu, struct qemu_plugin_register *reg)
{
GByteArray *buf = cpu->buf;
g_byte_array_set_size(buf, 0);
size_t sz = qemu_plugin_read_register(reg, buf);
g_assert(sz == 4);
g_assert(buf->len == 4);
return *((uint32_t *) buf->data);
}
static uint64_t cpu_read_memory64(Cpu *cpu, uint64_t addr)
{
g_assert(addr);
@ -308,6 +340,68 @@ static struct qemu_plugin_register *plugin_find_register(const char *name)
return NULL;
}
static uint8_t aarch64_num_privilege_levels(void)
{
return AARCH64_PRIVILEGE_LEVEL_MAX;
}
static const char *aarch64_get_privilege_level_name(uint8_t pl)
{
switch (pl) {
case AARCH64_EL0_SECURE: return "S-EL0";
case AARCH64_EL0_NONSECURE: return "NS-EL0";
case AARCH64_EL0_REALM: return "R-EL0";
case AARCH64_EL1_SECURE: return "S-EL1";
case AARCH64_EL1_NONSECURE: return "NS-EL1";
case AARCH64_EL1_REALM: return "R-EL1";
case AARCH64_EL2_SECURE: return "S-EL2";
case AARCH64_EL2_NONSECURE: return "NS-EL2";
case AARCH64_EL2_REALM: return "R-EL2";
case AARCH64_EL3: return "EL3";
default:
g_assert_not_reached();
}
}
static uint8_t aarch64_get_privilege_level(Cpu *cpu_)
{
Aarch64Cpu *cpu = cpu_->arch;
/*
* QEMU gdbstub does not provide access to CurrentEL,
* so we use CPSR instead.
*/
uint8_t el = cpu_read_register32(cpu_, cpu->reg_cpsr) >> 2 & 0b11;
if (el == 3) {
return AARCH64_EL3;
}
uint8_t ss = AARCH64_EL0_SECURE;
if (!cpu->reg_scr_el3) {
ss = AARCH64_EL0_NONSECURE;
}
uint64_t scr_el3 = cpu_read_register64(cpu_, cpu->reg_scr_el3);
uint64_t ns = (scr_el3 >> 0) & 0b1;
uint64_t nse = (scr_el3 >> 62) & 0b1;
switch (nse << 1 | ns) {
case 0b00:
ss = AARCH64_EL0_SECURE;
break;
case 0b01:
ss = AARCH64_EL0_NONSECURE;
break;
case 0b11:
ss = AARCH64_EL0_REALM;
break;
default:
g_assert_not_reached();
}
const uint8_t num_ss = 3;
Aarch64PrivilegeLevel pl = el * num_ss + ss;
return pl;
}
static uint64_t aarch64_get_frame_pointer(Cpu *cpu_)
{
Aarch64Cpu *cpu = cpu_->arch;
@ -324,6 +418,10 @@ static void aarch64_init(Cpu *cpu_)
"available. Please use an AArch64 cpu (or -cpu max).\n");
g_abort();
}
cpu->reg_cpsr = plugin_find_register("cpsr");
g_assert(cpu->reg_cpsr);
cpu->reg_scr_el3 = plugin_find_register("SCR_EL3");
/* scr_el3 is optional */
}
static void aarch64_end(Cpu *cpu)
@ -345,9 +443,34 @@ static CpuOps aarch64_ops = {
.init = aarch64_init,
.end = aarch64_end,
.get_frame_pointer = aarch64_get_frame_pointer,
.get_privilege_level = aarch64_get_privilege_level,
.num_privilege_levels = aarch64_num_privilege_levels,
.get_privilege_level_name = aarch64_get_privilege_level_name,
.does_insn_modify_frame_pointer = aarch64_does_insn_modify_frame_pointer,
};
static void track_privilege_change(unsigned int cpu_index, void *udata)
{
Cpu *cpu = qemu_plugin_scoreboard_find(score, cpu_index);
uint8_t new_pl = cpu->ops.get_privilege_level(cpu);
if (new_pl == cpu->privilege_level) {
return;
}
uint64_t pc = (uintptr_t) udata;
uint64_t timestamp = gettime_ns();
trace_exit_stack(cpu->trace, cpu->cs, timestamp);
callstack_clear(cpu->cs);
cpu->privilege_level = new_pl;
cpu->trace = g_array_index(cpu->traces, Trace*, new_pl);
cpu_unwind_stack(cpu, cpu->ops.get_frame_pointer(cpu), pc);
trace_enter_stack(cpu->trace, cpu->cs, timestamp);
}
static void track_callstack(unsigned int cpu_index, void *udata)
{
uint64_t pc = (uintptr_t) udata;
@ -400,6 +523,13 @@ static void track_callstack(unsigned int cpu_index, void *udata)
static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
{
size_t n_insns = qemu_plugin_tb_n_insns(tb);
uintptr_t tb_pc = qemu_plugin_tb_vaddr(tb);
if (trace_privilege_level) {
qemu_plugin_register_vcpu_tb_exec_cb(tb, track_privilege_change,
QEMU_PLUGIN_CB_R_REGS,
(void *) tb_pc);
}
/*
* Callbacks and inline instrumentation are inserted before an instruction.
@ -433,18 +563,36 @@ static void vcpu_init(qemu_plugin_id_t id, unsigned int vcpu_index)
cpu->ops.init(cpu);
cpu->buf = g_byte_array_new();
cpu->traces = g_array_new(0, 0, sizeof(Trace *));
g_assert(vcpu_index < UINT32_MAX / TRACE_ID_SCALE);
/* trace_id is: cpu_number * TRACE_ID_SCALE */
g_assert(cpu->ops.num_privilege_levels() < TRACE_ID_SCALE);
/* trace_id is: cpu_number * TRACE_ID_SCALE + privilege_level */
uint32_t trace_id = (vcpu_index + 1) * TRACE_ID_SCALE;
g_autoptr(GString) trace_name = g_string_new(NULL);
g_string_append_printf(trace_name, "cpu%u", vcpu_index);
cpu->trace = trace_new(trace_id, trace_name);
/* create/truncate trace file */
trace_flush(cpu->trace, false);
if (trace_privilege_level) {
for (uint8_t pl = 0; pl < cpu->ops.num_privilege_levels(); ++pl) {
g_autoptr(GString) trace_name = g_string_new(NULL);
g_string_append_printf(trace_name, "cpu%u %s", vcpu_index,
cpu->ops.get_privilege_level_name(pl));
Trace *t = trace_new(trace_id + pl, trace_name);
g_array_append_val(cpu->traces, t);
}
} else {
g_autoptr(GString) trace_name = g_string_new(NULL);
g_string_append_printf(trace_name, "cpu%u", vcpu_index);
Trace *t = trace_new(trace_id, trace_name);
g_array_append_val(cpu->traces, t);
}
for (size_t i = 0; i < cpu->traces->len; ++i) {
/* create/truncate trace files */
Trace *t = g_array_index(cpu->traces, Trace*, i);
trace_flush(t, false);
}
cpu->cs = callstack_new();
cpu->trace = g_array_index(cpu->traces, Trace*, cpu->privilege_level);
}
static void vcpu_end(unsigned int vcpu_index)
@ -452,7 +600,12 @@ static void vcpu_end(unsigned int vcpu_index)
Cpu *cpu = qemu_plugin_scoreboard_find(score, vcpu_index);
g_byte_array_free(cpu->buf, true);
trace_free(cpu->trace);
for (size_t i = 0; i < cpu->traces->len; ++i) {
Trace *t = g_array_index(cpu->traces, Trace*, i);
trace_free(t);
}
g_array_free(cpu->traces, true);
callstack_free(cpu->cs);
memset(cpu, 0, sizeof(Cpu));
}
@ -461,7 +614,13 @@ static void at_exit(qemu_plugin_id_t id, void *data)
{
for (size_t i = 0; i < qemu_plugin_num_vcpus(); ++i) {
Cpu *cpu = qemu_plugin_scoreboard_find(score, i);
trace_flush(cpu->trace, true);
for (size_t j = 0; j < cpu->traces->len; ++j) {
Trace *t = g_array_index(cpu->traces, Trace*, j);
trace_flush(t, true);
}
}
for (size_t i = 0; i < qemu_plugin_num_vcpus(); ++i) {
vcpu_end(i);
}
@ -472,6 +631,21 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
const qemu_info_t *info,
int argc, char **argv)
{
for (int i = 0; i < argc; i++) {
char *opt = argv[i];
g_auto(GStrv) tokens = g_strsplit(opt, "=", 2);
if (g_strcmp0(tokens[0], "trace-privilege-level") == 0) {
if (!qemu_plugin_bool_parse(tokens[0], tokens[1],
&trace_privilege_level)) {
fprintf(stderr, "boolean argument parsing failed: %s\n", opt);
return -1;
}
} else {
fprintf(stderr, "option parsing failed: %s\n", opt);
return -1;
}
}
if (!strcmp(info->target_name, "aarch64")) {
arch_ops = aarch64_ops;
} else {