qemu intel_pt: improve VM tracing #3365
Conversation
Marcondiro
force-pushed
the
for_upstream
branch
4 times, most recently
from
0c42ca4 to
3251229
Compare
Marcondiro
force-pushed
the
for_upstream
branch
5 times, most recently
from
e739390 to
39c2114
Compare
|
Hi, is there any chance someone could take a look at this? Thanks :) |
Marcondiro
force-pushed
the
for_upstream
branch
from
39c2114 to
9e8bdbd
Compare
crates/libafl_intelpt/src/linux.rs
Outdated
| .map(|filter| { | ||
| let size = filter.end() - filter.start(); | ||
| format!("filter {:#016x}/{:#016x} ", filter.start(), size) | ||
| let size = filter.to - filter.from; |
There was a problem hiding this comment.
isn't it filter.to - filter.from + 1 (it seems to be an inclusive range)?
i only found little information in the intel manual about this, at section 34.2.5.3 - Filtering by IP.
It could be interesting to add a method len to AddrFilter, and maybe some traits implemented by RangeInclusive that could be relevant.
There was a problem hiding this comment.
good catch, there is indeed a -1 on the perf side https://elixir.bootlin.com/linux/v6.16.4/source/arch/x86/events/intel/pt.c#L1467
fixing it
| let str_filter = filters | ||
| .iter() | ||
| .filter(|f| f.filter_type == AddrFilterType::FILTER) |
There was a problem hiding this comment.
what about AddrFilterType::STOP and AddrFilterType::DISABLED? they seem to be unused.
i saw you create AddrFilterType in libipt. why not use the same names as in the manual (FilterEn and TraceStop)?
by the way, the name of the cfg register in the doc is wrong. it's not IA32_RTIT_ADDRn_CFG, but IA32_RTIT_CTL. or at least i couldn't find this name in the latest version of the intel manual.
There was a problem hiding this comment.
what about AddrFilterType::STOP and AddrFilterType::DISABLED?
They are not supported here at the moment, I add a note to the function docs
why not use the same names as in the manual (FilterEn and TraceStop)?
These were the names already in use in libipt-rs, that are aligned with the ones used by perf
it's not IA32_RTIT_ADDRn_CFG, but IA32_RTIT_CTL
I add the missing _CTL. thanks
There was a problem hiding this comment.
They are not supported here at the moment, I add a note to the function docs
in that case, i'd say it's better to return an error if something different from FILTER is used then.
These were the names already in use in libipt-rs, that are aligned with the ones used by perf
since libipt refers to architectural stuff, i think it makes more sense to keep the naming consistent with the manual, but i guess that's a matter of preference.
however, shouldn't STOP be TRACE_STOP instead according to the perf nomenclature?
There was a problem hiding this comment.
in that case, i'd say it's better to return an error if something different from FILTER is used then.
Ok adding it
however, shouldn't STOP be TRACE_STOP instead according to the perf nomenclature?
yes
- Better filter out the VMX root traces during decoding thanks to the new `resync` API in libipt (bumped to 0.4.0). - Extract the Decoder from the linux intel_pt file, since the file/struct was getting too big and the decoder will eventually be compatible with windows. - PT tracing is now enabled manually by fuzzers to have more precise control, instead of beeing always on in vm operations. - Add KVM dirty tracing option to qemu config and raw string options
Instead of hardcoding the addresses (that are compiler dependent), read them from the binary.
Marcondiro
force-pushed
the
for_upstream
branch
from
9e8bdbd to
dc1098d
Compare
Description
This PR improves VM tracing in libafl_qemu with Intel PT.
resyncAPI in libipt (bumped to 0.4.0).Checklist
./scripts/precommit.shand addressed all comments