1 /*
2  * QEMU Plugin API
3  *
4  * This provides the API that is available to the plugins to interact
5  * with QEMU. We have to be careful not to expose internal details of
6  * how QEMU works so we abstract out things like translation and
7  * instructions to anonymous data types:
8  *
9  *  qemu_plugin_tb
10  *  qemu_plugin_insn
11  *
12  * Which can then be passed back into the API to do additional things.
13  * As such all the public functions in here are exported in
14  * qemu-plugin.h.
15  *
16  * The general life-cycle of a plugin is:
17  *
18  *  - plugin is loaded, public qemu_plugin_install called
19  *    - the install func registers callbacks for events
20  *    - usually an atexit_cb is registered to dump info at the end
21  *  - when a registered event occurs the plugin is called
22  *     - some events pass additional info
23  *     - during translation the plugin can decide to instrument any
24  *       instruction
25  *  - when QEMU exits all the registered atexit callbacks are called
26  *
27  * Copyright (C) 2017, Emilio G. Cota <cota@braap.org>
28  * Copyright (C) 2019, Linaro
29  *
30  * License: GNU GPL, version 2 or later.
31  *   See the COPYING file in the top-level directory.
32  *
33  * SPDX-License-Identifier: GPL-2.0-or-later
34  *
35  */
36 
37 #include "qemu/osdep.h"
38 #include "qemu/plugin.h"
39 #include "cpu.h"
40 #include "sysemu/sysemu.h"
41 #include "tcg/tcg.h"
42 #include "exec/exec-all.h"
43 #include "disas/disas.h"
44 #include "plugin.h"
45 #ifndef CONFIG_USER_ONLY
46 #include "qemu/plugin-memory.h"
47 #include "hw/boards.h"
48 #endif
49 
50 /* Uninstall and Reset handlers */
51 
qemu_plugin_uninstall(qemu_plugin_id_t id,qemu_plugin_simple_cb_t cb)52 void qemu_plugin_uninstall(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb)
53 {
54     plugin_reset_uninstall(id, cb, false);
55 }
56 
qemu_plugin_reset(qemu_plugin_id_t id,qemu_plugin_simple_cb_t cb)57 void qemu_plugin_reset(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb)
58 {
59     plugin_reset_uninstall(id, cb, true);
60 }
61 
62 /*
63  * Plugin Register Functions
64  *
65  * This allows the plugin to register callbacks for various events
66  * during the translation.
67  */
68 
qemu_plugin_register_vcpu_init_cb(qemu_plugin_id_t id,qemu_plugin_vcpu_simple_cb_t cb)69 void qemu_plugin_register_vcpu_init_cb(qemu_plugin_id_t id,
70                                        qemu_plugin_vcpu_simple_cb_t cb)
71 {
72     plugin_register_cb(id, QEMU_PLUGIN_EV_VCPU_INIT, cb);
73 }
74 
qemu_plugin_register_vcpu_exit_cb(qemu_plugin_id_t id,qemu_plugin_vcpu_simple_cb_t cb)75 void qemu_plugin_register_vcpu_exit_cb(qemu_plugin_id_t id,
76                                        qemu_plugin_vcpu_simple_cb_t cb)
77 {
78     plugin_register_cb(id, QEMU_PLUGIN_EV_VCPU_EXIT, cb);
79 }
80 
qemu_plugin_register_vcpu_tb_exec_cb(struct qemu_plugin_tb * tb,qemu_plugin_vcpu_udata_cb_t cb,enum qemu_plugin_cb_flags flags,void * udata)81 void qemu_plugin_register_vcpu_tb_exec_cb(struct qemu_plugin_tb *tb,
82                                           qemu_plugin_vcpu_udata_cb_t cb,
83                                           enum qemu_plugin_cb_flags flags,
84                                           void *udata)
85 {
86     plugin_register_dyn_cb__udata(&tb->cbs[PLUGIN_CB_REGULAR],
87                                   cb, flags, udata);
88 }
89 
qemu_plugin_register_vcpu_tb_exec_inline(struct qemu_plugin_tb * tb,enum qemu_plugin_op op,void * ptr,uint64_t imm)90 void qemu_plugin_register_vcpu_tb_exec_inline(struct qemu_plugin_tb *tb,
91                                               enum qemu_plugin_op op,
92                                               void *ptr, uint64_t imm)
93 {
94     plugin_register_inline_op(&tb->cbs[PLUGIN_CB_INLINE], 0, op, ptr, imm);
95 }
96 
qemu_plugin_register_vcpu_insn_exec_cb(struct qemu_plugin_insn * insn,qemu_plugin_vcpu_udata_cb_t cb,enum qemu_plugin_cb_flags flags,void * udata)97 void qemu_plugin_register_vcpu_insn_exec_cb(struct qemu_plugin_insn *insn,
98                                             qemu_plugin_vcpu_udata_cb_t cb,
99                                             enum qemu_plugin_cb_flags flags,
100                                             void *udata)
101 {
102     plugin_register_dyn_cb__udata(&insn->cbs[PLUGIN_CB_INSN][PLUGIN_CB_REGULAR],
103         cb, flags, udata);
104 }
105 
qemu_plugin_register_vcpu_insn_exec_inline(struct qemu_plugin_insn * insn,enum qemu_plugin_op op,void * ptr,uint64_t imm)106 void qemu_plugin_register_vcpu_insn_exec_inline(struct qemu_plugin_insn *insn,
107                                                 enum qemu_plugin_op op,
108                                                 void *ptr, uint64_t imm)
109 {
110     plugin_register_inline_op(&insn->cbs[PLUGIN_CB_INSN][PLUGIN_CB_INLINE],
111                               0, op, ptr, imm);
112 }
113 
114 
115 
qemu_plugin_register_vcpu_mem_cb(struct qemu_plugin_insn * insn,qemu_plugin_vcpu_mem_cb_t cb,enum qemu_plugin_cb_flags flags,enum qemu_plugin_mem_rw rw,void * udata)116 void qemu_plugin_register_vcpu_mem_cb(struct qemu_plugin_insn *insn,
117                                       qemu_plugin_vcpu_mem_cb_t cb,
118                                       enum qemu_plugin_cb_flags flags,
119                                       enum qemu_plugin_mem_rw rw,
120                                       void *udata)
121 {
122     plugin_register_vcpu_mem_cb(&insn->cbs[PLUGIN_CB_MEM][PLUGIN_CB_REGULAR],
123                                 cb, flags, rw, udata);
124 }
125 
qemu_plugin_register_vcpu_mem_inline(struct qemu_plugin_insn * insn,enum qemu_plugin_mem_rw rw,enum qemu_plugin_op op,void * ptr,uint64_t imm)126 void qemu_plugin_register_vcpu_mem_inline(struct qemu_plugin_insn *insn,
127                                           enum qemu_plugin_mem_rw rw,
128                                           enum qemu_plugin_op op, void *ptr,
129                                           uint64_t imm)
130 {
131     plugin_register_inline_op(&insn->cbs[PLUGIN_CB_MEM][PLUGIN_CB_INLINE],
132         rw, op, ptr, imm);
133 }
134 
qemu_plugin_register_vcpu_tb_trans_cb(qemu_plugin_id_t id,qemu_plugin_vcpu_tb_trans_cb_t cb)135 void qemu_plugin_register_vcpu_tb_trans_cb(qemu_plugin_id_t id,
136                                            qemu_plugin_vcpu_tb_trans_cb_t cb)
137 {
138     plugin_register_cb(id, QEMU_PLUGIN_EV_VCPU_TB_TRANS, cb);
139 }
140 
qemu_plugin_register_vcpu_syscall_cb(qemu_plugin_id_t id,qemu_plugin_vcpu_syscall_cb_t cb)141 void qemu_plugin_register_vcpu_syscall_cb(qemu_plugin_id_t id,
142                                           qemu_plugin_vcpu_syscall_cb_t cb)
143 {
144     plugin_register_cb(id, QEMU_PLUGIN_EV_VCPU_SYSCALL, cb);
145 }
146 
147 void
qemu_plugin_register_vcpu_syscall_ret_cb(qemu_plugin_id_t id,qemu_plugin_vcpu_syscall_ret_cb_t cb)148 qemu_plugin_register_vcpu_syscall_ret_cb(qemu_plugin_id_t id,
149                                          qemu_plugin_vcpu_syscall_ret_cb_t cb)
150 {
151     plugin_register_cb(id, QEMU_PLUGIN_EV_VCPU_SYSCALL_RET, cb);
152 }
153 
154 /*
155  * Plugin Queries
156  *
157  * These are queries that the plugin can make to gauge information
158  * from our opaque data types. We do not want to leak internal details
159  * here just information useful to the plugin.
160  */
161 
162 /*
163  * Translation block information:
164  *
165  * A plugin can query the virtual address of the start of the block
166  * and the number of instructions in it. It can also get access to
167  * each translated instruction.
168  */
169 
qemu_plugin_tb_n_insns(const struct qemu_plugin_tb * tb)170 size_t qemu_plugin_tb_n_insns(const struct qemu_plugin_tb *tb)
171 {
172     return tb->n;
173 }
174 
qemu_plugin_tb_vaddr(const struct qemu_plugin_tb * tb)175 uint64_t qemu_plugin_tb_vaddr(const struct qemu_plugin_tb *tb)
176 {
177     return tb->vaddr;
178 }
179 
180 struct qemu_plugin_insn *
qemu_plugin_tb_get_insn(const struct qemu_plugin_tb * tb,size_t idx)181 qemu_plugin_tb_get_insn(const struct qemu_plugin_tb *tb, size_t idx)
182 {
183     if (unlikely(idx >= tb->n)) {
184         return NULL;
185     }
186     return g_ptr_array_index(tb->insns, idx);
187 }
188 
189 /*
190  * Instruction information
191  *
192  * These queries allow the plugin to retrieve information about each
193  * instruction being translated.
194  */
195 
qemu_plugin_insn_data(const struct qemu_plugin_insn * insn)196 const void *qemu_plugin_insn_data(const struct qemu_plugin_insn *insn)
197 {
198     return insn->data->data;
199 }
200 
qemu_plugin_insn_size(const struct qemu_plugin_insn * insn)201 size_t qemu_plugin_insn_size(const struct qemu_plugin_insn *insn)
202 {
203     return insn->data->len;
204 }
205 
qemu_plugin_insn_vaddr(const struct qemu_plugin_insn * insn)206 uint64_t qemu_plugin_insn_vaddr(const struct qemu_plugin_insn *insn)
207 {
208     return insn->vaddr;
209 }
210 
qemu_plugin_insn_haddr(const struct qemu_plugin_insn * insn)211 void *qemu_plugin_insn_haddr(const struct qemu_plugin_insn *insn)
212 {
213     return insn->haddr;
214 }
215 
qemu_plugin_insn_disas(const struct qemu_plugin_insn * insn)216 char *qemu_plugin_insn_disas(const struct qemu_plugin_insn *insn)
217 {
218     CPUState *cpu = current_cpu;
219     return plugin_disas(cpu, insn->vaddr, insn->data->len);
220 }
221 
222 /*
223  * The memory queries allow the plugin to query information about a
224  * memory access.
225  */
226 
qemu_plugin_mem_size_shift(qemu_plugin_meminfo_t info)227 unsigned qemu_plugin_mem_size_shift(qemu_plugin_meminfo_t info)
228 {
229     return info & TRACE_MEM_SZ_SHIFT_MASK;
230 }
231 
qemu_plugin_mem_is_sign_extended(qemu_plugin_meminfo_t info)232 bool qemu_plugin_mem_is_sign_extended(qemu_plugin_meminfo_t info)
233 {
234     return !!(info & TRACE_MEM_SE);
235 }
236 
qemu_plugin_mem_is_big_endian(qemu_plugin_meminfo_t info)237 bool qemu_plugin_mem_is_big_endian(qemu_plugin_meminfo_t info)
238 {
239     return !!(info & TRACE_MEM_BE);
240 }
241 
qemu_plugin_mem_is_store(qemu_plugin_meminfo_t info)242 bool qemu_plugin_mem_is_store(qemu_plugin_meminfo_t info)
243 {
244     return !!(info & TRACE_MEM_ST);
245 }
246 
247 /*
248  * Virtual Memory queries
249  */
250 
251 #ifdef CONFIG_SOFTMMU
252 static __thread struct qemu_plugin_hwaddr hwaddr_info;
253 
qemu_plugin_get_hwaddr(qemu_plugin_meminfo_t info,uint64_t vaddr)254 struct qemu_plugin_hwaddr *qemu_plugin_get_hwaddr(qemu_plugin_meminfo_t info,
255                                                   uint64_t vaddr)
256 {
257     CPUState *cpu = current_cpu;
258     unsigned int mmu_idx = info >> TRACE_MEM_MMU_SHIFT;
259     hwaddr_info.is_store = info & TRACE_MEM_ST;
260 
261     if (!tlb_plugin_lookup(cpu, vaddr, mmu_idx,
262                            info & TRACE_MEM_ST, &hwaddr_info)) {
263         error_report("invalid use of qemu_plugin_get_hwaddr");
264         return NULL;
265     }
266 
267     return &hwaddr_info;
268 }
269 #else
qemu_plugin_get_hwaddr(qemu_plugin_meminfo_t info,uint64_t vaddr)270 struct qemu_plugin_hwaddr *qemu_plugin_get_hwaddr(qemu_plugin_meminfo_t info,
271                                                   uint64_t vaddr)
272 {
273     return NULL;
274 }
275 #endif
276 
qemu_plugin_hwaddr_is_io(struct qemu_plugin_hwaddr * hwaddr)277 bool qemu_plugin_hwaddr_is_io(struct qemu_plugin_hwaddr *hwaddr)
278 {
279 #ifdef CONFIG_SOFTMMU
280     return hwaddr->is_io;
281 #else
282     return false;
283 #endif
284 }
285 
qemu_plugin_hwaddr_device_offset(const struct qemu_plugin_hwaddr * haddr)286 uint64_t qemu_plugin_hwaddr_device_offset(const struct qemu_plugin_hwaddr *haddr)
287 {
288 #ifdef CONFIG_SOFTMMU
289     if (haddr) {
290         if (!haddr->is_io) {
291             ram_addr_t ram_addr = qemu_ram_addr_from_host((void *) haddr->v.ram.hostaddr);
292             if (ram_addr == RAM_ADDR_INVALID) {
293                 error_report("Bad ram pointer %"PRIx64"", haddr->v.ram.hostaddr);
294                 abort();
295             }
296             return ram_addr;
297         } else {
298             return haddr->v.io.offset;
299         }
300     }
301 #endif
302     return 0;
303 }
304 
305 /*
306  * Queries to the number and potential maximum number of vCPUs there
307  * will be. This helps the plugin dimension per-vcpu arrays.
308  */
309 
310 #ifndef CONFIG_USER_ONLY
get_ms(void)311 static MachineState * get_ms(void)
312 {
313     return MACHINE(qdev_get_machine());
314 }
315 #endif
316 
qemu_plugin_n_vcpus(void)317 int qemu_plugin_n_vcpus(void)
318 {
319 #ifdef CONFIG_USER_ONLY
320     return -1;
321 #else
322     return get_ms()->smp.cpus;
323 #endif
324 }
325 
qemu_plugin_n_max_vcpus(void)326 int qemu_plugin_n_max_vcpus(void)
327 {
328 #ifdef CONFIG_USER_ONLY
329     return -1;
330 #else
331     return get_ms()->smp.max_cpus;
332 #endif
333 }
334 
335 /*
336  * Plugin output
337  */
qemu_plugin_outs(const char * string)338 void qemu_plugin_outs(const char *string)
339 {
340     qemu_log_mask(CPU_LOG_PLUGIN, "%s", string);
341 }
342