[RFC,0/1] QEMU TCG plugin interface extensions

Message ID	20210821094527.491232-1-florian.hauschild@fs.ei.tum.de (mailing list archive)
Headers	show Return-Path: <SRS0=I8z5=NM=nongnu.org=qemu-devel-bounces+qemu-devel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org DCD9061184 From: Florian Hauschild <florian.hauschild@fs.ei.tum.de> To: qemu-devel@nongnu.org Cc: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, Alexandre Iooss <erdnaxe@crans.org>, Mahmoud Mandour <ma.mandourr@gmail.com>, Florian Hauschild <florian.hauschild@fs.ei.tum.de> Subject: [RFC PATCH 0/1] QEMU TCG plugin interface extensions Date: Sat, 21 Aug 2021 11:45:26 +0200 Message-Id: <20210821094527.491232-1-florian.hauschild@fs.ei.tum.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=129.187.54.7; envelope-from=florian.hauschild@fs.ei.tum.de; helo=mail.fs.ei.tum.de X-Spam_score_int: -42 X-Spam_score: -4.3 X-Spam_bar: ---- X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	QEMU TCG plugin interface extensions \| expand [RFC,0/1] QEMU TCG plugin interface extensions [RFC,1/1] QEMU plugin interface extension

Message ID

20210821094527.491232-1-florian.hauschild@fs.ei.tum.de (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org DCD9061184
From: Florian Hauschild <florian.hauschild@fs.ei.tum.de>
To: qemu-devel@nongnu.org
Cc: =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>,
 Alexandre Iooss <erdnaxe@crans.org>, Mahmoud Mandour <ma.mandourr@gmail.com>,
 Florian Hauschild <florian.hauschild@fs.ei.tum.de>
Subject: [RFC PATCH 0/1] QEMU TCG plugin interface extensions
Date: Sat, 21 Aug 2021 11:45:26 +0200
Message-Id: <20210821094527.491232-1-florian.hauschild@fs.ei.tum.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=129.187.54.7;
 envelope-from=florian.hauschild@fs.ei.tum.de; helo=mail.fs.ei.tum.de
X-Spam_score_int: -42
X-Spam_score: -4.3
X-Spam_bar: ----
X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>

Series

QEMU TCG plugin interface extensions | expand

Message

Florian Hauschild Aug. 21, 2021, 9:45 a.m. UTC

Hi all,

I extended the plugin interface with additional functionalities.
I wrote the extensions for fault injection/exploration reasearch using
QEMU. The additional functionalities for a plugin are:
  * Read and write guest memory
  * Read and write guest registers
  * Allow plugin to force QEMU into single step mode
  * Flush TB cache from plugin

Currently the changes are stored inside its own c file.
Should it be moved into one of the other plugin files?
Should a new config option be added to only enable the additional
extensions if set?

Best regards,
Florian


Florian Hauschild (1):
  QEMU plugin interface extension

 include/qemu/qemu-plugin.h   |  35 ++++++++++++
 plugins/meson.build          |   1 +
 plugins/readwriteextension.c | 106 +++++++++++++++++++++++++++++++++++
 3 files changed, 142 insertions(+)
 create mode 100644 plugins/readwriteextension.c

Comments

Alexandre IOOSS Aug. 21, 2021, 10:42 a.m. UTC | #1

On 8/21/21 11:45 AM, Florian Hauschild wrote:
> Hi all,
> 
> I extended the plugin interface with additional functionalities.
> I wrote the extensions for fault injection/exploration reasearch using
> QEMU. The additional functionalities for a plugin are:
>    * Read and write guest memory
>    * Read and write guest registers
>    * Allow plugin to force QEMU into single step mode
>    * Flush TB cache from plugin

If something is added to read a register from a plugin, then execlog 
plugin could print the operands value of each instruction. This would 
definitely be helpful for side-channel analysis: the Hamming weight (sum 
of bits) of the last operand roughly models the power consumption 
side-channel leakage.

If I recall correctly, there are some concerns about allowing to access 
registers inside plugins. Past threads about reading/writing registers:
https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg08741.html
https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg04588.html

Thanks,
-- Alexandre