Qira patches to QEMU version 3.1.0

accel/tcg/cpu-exec.c

@@ -142,7 +142,6 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, TranslationBlock *itb)
     uintptr_t ret;
     TranslationBlock *last_tb;
     int tb_exit;
-    uint8_t *tb_ptr = itb->tc.ptr;
 
     qemu_log_mask_and_addr(CPU_LOG_EXEC, itb->pc,
                            "Trace %d: %p ["
@@ -168,7 +167,7 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, TranslationBlock *itb)
 #endif /* DEBUG_DISAS */
 
     cpu->can_do_io = !use_icount;
-    ret = tcg_qemu_tb_exec(env, tb_ptr);
+    ret = tcg_qemu_tb_exec(env, itb);
     cpu->can_do_io = 1;
     last_tb = (TranslationBlock *)(ret & ~TB_EXIT_MASK);
     tb_exit = ret & TB_EXIT_MASK;

disas.c

@@ -421,7 +421,7 @@ static bool cap_disas_monitor(disassemble_info *info, uint64_t pc, int count)
 #endif /* CONFIG_CAPSTONE */
 
 /* Disassemble this for me please... (debugging).  */
-void target_disas(FILE *out, CPUState *cpu, target_ulong code,
+void real_target_disas(FILE *out, CPUState *cpu, target_ulong code,
                   target_ulong size)
 {
     CPUClass *cc = CPU_GET_CLASS(cpu);
@@ -440,6 +440,7 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong code,
     s.info.cap_mode = 0;
     s.info.cap_insn_unit = 4;
     s.info.cap_insn_split = 4;
+    s.info.disassembler_options = (char *)"intel";
 
 #ifdef TARGET_WORDS_BIGENDIAN
     s.info.endian = BFD_ENDIAN_BIG;

include/disas/capstone.h

@@ -3,7 +3,7 @@
 
 #ifdef CONFIG_CAPSTONE
 
-#include <capstone.h>
+#include <capstone/capstone.h>
 
 #else
 

include/disas/disas.h

@@ -8,9 +8,15 @@
 
 /* Disassemble this for me please... (debugging). */
 void disas(FILE *out, void *code, unsigned long size);
+
+// this is hooked in tci.c for qira
 void target_disas(FILE *out, CPUState *cpu, target_ulong code,
                   target_ulong size);
 
+// this is the old function in disas.c
+void real_target_disas(FILE *out, CPUState *cpu, target_ulong code,
+                       target_ulong size);
+
 void monitor_disas(Monitor *mon, CPUState *cpu,
                    target_ulong pc, int nb_insn, int is_physical);
 

include/librarymap.h

@@ -0,0 +1,10 @@
+struct librarymap {
+  struct librarymap *next;
+  abi_ulong begin;
+  abi_ulong end;
+  const char *name;
+};
+
+void init_librarymap(void);
+void add_to_librarymap(const char *name, abi_ulong begin, abi_ulong end);
+bool is_library_addr(abi_ulong addr);

linux-user/elfload.c

@@ -7,6 +7,7 @@
 #include "qemu.h"
 #include "disas/disas.h"
 #include "qemu/path.h"
+#include "librarymap.h"
 
 #ifdef _ARCH_PPC64
 #undef ARCH_DLINFO
@@ -2183,6 +2184,9 @@ static void probe_guest_base(const char *image_name,
 }
 
 
+extern struct library *GLOBAL_librarymap;
+extern const char *filename;
+
 /* Load an ELF image into the address space.
 
    IMAGE_NAME is the filename of the image, to use in error messages.
@@ -2261,6 +2265,12 @@ static void load_elf_image(const char *image_name, int image_fd,
         load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
                                 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
                                 -1, 0);
+
+        if (strcmp(filename, image_name)){
+            if (GLOBAL_librarymap == NULL) init_librarymap();
+            add_to_librarymap(image_name, load_addr, load_addr+(hiaddr-loaddr));
+        }
+
         if (load_addr == -1) {
             goto exit_perror;
         }

linux-user/main.c

@@ -41,7 +41,7 @@
 char *exec_path;
 
 int singlestep;
-static const char *filename;
+const char *filename;
 static const char *argv0;
 static int gdbstub_port;
 static envlist_t *envlist;
@@ -385,6 +385,28 @@ static void handle_arg_trace(const char *arg)
     trace_file = trace_opt_parse(arg);
 }
 
+extern int GLOBAL_parent_id, GLOBAL_start_clnum, GLOBAL_id;
+
+static void handle_arg_qirachild(const char *arg) {
+  singlestep = 1; // always
+
+  int ret = sscanf(arg, "%d %d %d", &GLOBAL_parent_id, &GLOBAL_start_clnum, &GLOBAL_id);
+  if (ret != 3) {
+    printf("CORRUPT qirachild\n");
+  }
+}
+
+extern int GLOBAL_tracelibraries;
+
+static void handle_arg_tracelibraries(const char *arg) {
+  GLOBAL_tracelibraries = 1;
+}
+
+extern uint64_t GLOBAL_gatetrace;
+static void handle_arg_gatetrace(const char *arg) {
+  GLOBAL_gatetrace = strtoull(arg, NULL, 0);
+}
+
 struct qemu_argument {
     const char *argv;
     const char *env;
@@ -430,6 +452,12 @@ static const struct qemu_argument arg_table[] = {
      "pagesize",   "set the host page size to 'pagesize'"},
     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,
      "",           "run in singlestep mode"},
+    {"qirachild",  "QIRA_CHILD",  true, handle_arg_qirachild,
+     "",           "parent_id, start_clnum, id"},
+    {"tracelibraries",  "QIRA_TRACELIBRARIES",  false, handle_arg_tracelibraries,
+     "",           ""},
+    {"gatetrace",  "QIRA_GATETRACE",  true, handle_arg_gatetrace,
+     "",           "address to gate starting trace on"},
     {"strace",     "QEMU_STRACE",      false, handle_arg_strace,
      "",           "log system calls"},
     {"seed",       "QEMU_RAND_SEED",   true,  handle_arg_randseed,

linux-user/qemu.h

@@ -18,6 +18,9 @@
 #include "exec/gdbstub.h"
 #include "qemu/queue.h"
 
+#define QIRA_TRACKING
+
+
 /* This is the size of the host kernel's sigset_t, needed where we make
  * direct system calls that take a sigset_t pointer and a size.
  */
@@ -596,10 +599,16 @@ abi_long copy_to_user(abi_ulong gaddr, void *hptr, size_t len);
    any byteswapping.  lock_user may return either a pointer to the guest
    memory, or a temporary buffer.  */
 
+#ifdef QIRA_TRACKING
+void track_kernel_read(void *host_addr, target_ulong guest_addr, long len);
+void track_kernel_write(void *host_addr, target_ulong guest_addr, long len);
+#endif
+
 /* Lock an area of guest memory into the host.  If copy is true then the
    host area will have the same contents as the guest.  */
 static inline void *lock_user(int type, abi_ulong guest_addr, long len, int copy)
 {
+    void *ret;
     if (!access_ok(type, guest_addr, len))
         return NULL;
 #ifdef DEBUG_REMAP
@@ -610,11 +619,18 @@ static inline void *lock_user(int type, abi_ulong guest_addr, long len, int copy
             memcpy(addr, g2h(guest_addr), len);
         else
             memset(addr, 0, len);
-        return addr;
+        ret = addr;
     }
 #else
-    return g2h(guest_addr);
+    ret = g2h(guest_addr);
 #endif
+
+#ifdef QIRA_TRACKING
+    if (type == VERIFY_READ) {
+      track_kernel_read(ret, guest_addr, len);
+    }
+#endif
+    return ret;
 }
 
 /* Unlock an area of guest memory.  The first LEN bytes must be
@@ -623,6 +639,11 @@ static inline void *lock_user(int type, abi_ulong guest_addr, long len, int copy
 static inline void unlock_user(void *host_ptr, abi_ulong guest_addr,
                                long len)
 {
+#ifdef QIRA_TRACKING
+    if (len > 0) {
+      track_kernel_write(host_ptr, guest_addr, len);
+    }
+#endif
 
 #ifdef DEBUG_REMAP
     if (!host_ptr)

linux-user/strace.c

@@ -11,6 +11,18 @@
 #include <sched.h>
 #include "qemu.h"
 
+#undef TARGET_ABI_FMT_lx
+#ifdef TARGET_ABI32
+typedef unsigned int abi_ulonglong;
+#define TARGET_ABI_FMT_lx "%x"
+#else
+typedef unsigned long long abi_ulonglong;
+#define TARGET_ABI_FMT_lx "%llx"
+#endif
+
+extern FILE *GLOBAL_strace_file;
+#define gemu_log(x...) { fprintf(GLOBAL_strace_file, x); fflush(GLOBAL_strace_file); }
+
 int do_strace=0;
 
 struct syscallname {
@@ -627,7 +639,7 @@ print_semctl(const struct syscallname *name,
 {
     gemu_log("%s(" TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld ",", name->name, arg1, arg2);
     print_ipc_cmd(arg3);
-    gemu_log(",0x" TARGET_ABI_FMT_lx ")", arg4);
+    gemu_log(",0x" TARGET_ABI_FMT_lx ")", (abi_ulonglong)arg4);
 }
 #endif
 
@@ -697,7 +709,7 @@ print_syscall_ret_addr(const struct syscallname *name, abi_long ret)
     if (errstr) {
         gemu_log(" = -1 errno=%d (%s)\n", (int)-ret, errstr);
     } else {
-        gemu_log(" = 0x" TARGET_ABI_FMT_lx "\n", ret);
+        gemu_log(" = 0x" TARGET_ABI_FMT_lx "\n", (abi_ulonglong)ret);
     }
 }
 
@@ -1143,10 +1155,11 @@ print_raw_param(const char *fmt, abi_long param, int last)
 static void
 print_pointer(abi_long p, int last)
 {
-    if (p == 0)
+    if (p == 0) {
         gemu_log("NULL%s", get_comma(last));
-    else
-        gemu_log("0x" TARGET_ABI_FMT_lx "%s", p, get_comma(last));
+    } else {
+        gemu_log("0x" TARGET_ABI_FMT_lx "%s", (abi_ulonglong)p, get_comma(last));
+    }
 }
 
 /*
@@ -2609,6 +2622,8 @@ static const struct syscallname scnames[] = {
 
 static int nsyscalls = ARRAY_SIZE(scnames);
 
+uint32_t get_current_clnum(void);
+
 /*
  * The public interface to this module.
  */
@@ -2620,6 +2635,7 @@ print_syscall(int num,
     int i;
     const char *format="%s(" TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld ")";
 
+    gemu_log("%d ", get_current_clnum() );
     gemu_log("%d ", getpid() );
 
     for(i=0;i<nsyscalls;i++)

linux-user/strace.list

@@ -1077,7 +1077,7 @@
 { TARGET_NR_quotactl, "quotactl" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_read
-{ TARGET_NR_read, "read" , "%s(%d,%#x,%d)", NULL, NULL },
+{ TARGET_NR_read, "read" , "%s(%d,0x"TARGET_ABI_FMT_lx",%d)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_readahead
 { TARGET_NR_readahead, "readahead" , NULL, NULL, NULL },
@@ -1627,7 +1627,7 @@
 { TARGET_NR_waitpid, "waitpid" , "%s(%d,%p,%#x)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_write
-{ TARGET_NR_write, "write" , "%s(%d,%#x,%d)", NULL, NULL },
+{ TARGET_NR_write, "write" , "%s(%d,0x"TARGET_ABI_FMT_lx",%d)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_writev
 { TARGET_NR_writev, "writev" , "%s(%d,%p,%#x)", NULL, NULL },

linux-user/syscall.c

@@ -6886,6 +6886,8 @@ static int host_to_target_cpu_mask(const unsigned long *host_mask,
     return 0;
 }
 
+extern void add_to_librarymap(const char *name, abi_ulong begin, abi_ulong end);
+
 /* This is an internal helper for do_syscall so that it is easier
  * to have a single return point, so that actions, such as logging
  * of syscall results, can be performed.
@@ -11515,6 +11517,25 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                           arg5, arg6, arg7, arg8);
     }
 
+#ifdef TARGET_NR_mmap2
+    if (num == TARGET_NR_mmap || num == TARGET_NR_mmap2){
+#else
+    if (num == TARGET_NR_mmap){
+#endif
+        int fd = arg5;
+        target_ulong mapaddr = ret;
+        target_ulong size = arg2;
+        if (fd >= 30){
+            add_to_librarymap("unknown", mapaddr, mapaddr+size);
+        }
+#ifdef TARGET_NR_open
+    }else if (num == TARGET_NR_open){
+        /* here we could store the fd->libname mapping */
+#endif
+    }else if (num == TARGET_NR_close){
+        /* here we could clear the fd->libname mapping */
+    }
+
     trace_guest_user_syscall_ret(cpu, num, ret);
     return ret;
 }

tcg/tcg.h

@@ -1260,10 +1260,10 @@ static inline unsigned get_mmuidx(TCGMemOpIdx oi)
 #define TB_EXIT_REQUESTED 3
 
 #ifdef HAVE_TCG_QEMU_TB_EXEC
-uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr);
+uintptr_t tcg_qemu_tb_exec(CPUArchState *env, TranslationBlock *tb);
 #else
-# define tcg_qemu_tb_exec(env, tb_ptr) \
-    ((uintptr_t (*)(void *, void *))tcg_ctx->code_gen_prologue)(env, tb_ptr)
+# define tcg_qemu_tb_exec(env, tb) \
+    ((uintptr_t (*)(void *, void *))tcg_ctx->code_gen_prologue)(env, tb)
 #endif
 
 void tcg_register_jit(void *buf, size_t buf_size);