Message ID | cover.1593519420.git.michal.leszczynski@cert.pl (mailing list archive) |
---|---|
Headers | show |
Series | Implement support for external IPT monitoring | expand |
On 6/30/20 2:33 PM, Michał Leszczyński wrote: > From: Michal Leszczynski <michal.leszczynski@cert.pl> > > Intel Processor Trace is an architectural extension available in modern Intel > family CPUs. It allows recording the detailed trace of activity while the > processor executes the code. One might use the recorded trace to reconstruct > the code flow. It means, to find out the executed code paths, determine > branches taken, and so forth. > > The abovementioned feature is described in Intel(R) 64 and IA-32 Architectures > Software Developer's Manual Volume 3C: System Programming Guide, Part 3, > Chapter 36: "Intel Processor Trace." > > This patch series implements an interface that Dom0 could use in order to > enable IPT for particular vCPUs in DomU, allowing for external monitoring. Such > a feature has numerous applications like malware monitoring, fuzzing, or > performance testing. > > Also thanks to Tamas K Lengyel for a few preliminary hints before > first version of this patch was submitted to xen-devel. > > Changed since v1: > * MSR_RTIT_CTL is managed using MSR load lists > * other PT-related MSRs are modified only when vCPU goes out of context > * trace buffer is now acquired as a resource > * added vmtrace_pt_size parameter in xl.cfg, the size of trace buffer > must be specified in the moment of domain creation > * trace buffers are allocated on domain creation, destructed on > domain destruction > * HVMOP_vmtrace_ipt_enable/disable is limited to enabling/disabling PT > these calls don't manage buffer memory anymore > * lifted 32 MFN/GFN array limit when acquiring resources > * minor code style changes according to review > > Changed since v2: > * trace buffer is now allocated on domain creation (in v2 it was > allocated when hvm param was set) > * restored 32-item limit in mfn/gfn arrays in acquire_resource > and instead implemented hypercall continuations > * code changes according to Jan's and Roger's review > > Changed since v3: > * vmtrace HVMOPs are not implemented as DOMCTLs > * patches splitted up according to Andrew's comments > * code changes according to v3 review on the mailing list > > > Michal Leszczynski (10): > x86/vmx: add Intel PT MSR definitions > x86/vmx: add IPT cpu feature > tools/libxl: add vmtrace_pt_size parameter > x86/vmx: implement processor tracing for VMX > common/domain: allocate vmtrace_pt_buffer > memory: batch processing in acquire_resource() > x86/mm: add vmtrace_buf resource type > x86/domctl: add XEN_DOMCTL_vmtrace_op > tools/libxc: add xc_vmtrace_* functions > tools/proctrace: add proctrace tool > > docs/man/xl.cfg.5.pod.in | 10 + > tools/golang/xenlight/helpers.gen.go | 2 + > tools/golang/xenlight/types.gen.go | 1 + > tools/libxc/Makefile | 1 + > tools/libxc/include/xenctrl.h | 39 +++ > tools/libxc/xc_vmtrace.c | 73 +++++ > tools/libxl/libxl.h | 8 + > tools/libxl/libxl_create.c | 1 + > tools/libxl/libxl_types.idl | 2 + > tools/proctrace/COPYING | 339 ++++++++++++++++++++ > tools/proctrace/Makefile | 48 +++ > tools/proctrace/proctrace.c | 163 ++++++++++ > tools/xl/xl_parse.c | 20 ++ > xen/arch/x86/domain.c | 11 + > xen/arch/x86/domctl.c | 48 +++ > xen/arch/x86/hvm/vmx/vmcs.c | 7 +- > xen/arch/x86/hvm/vmx/vmx.c | 89 +++++ > xen/arch/x86/mm.c | 25 ++ > xen/common/domain.c | 46 +++ > xen/common/memory.c | 32 +- > xen/include/asm-x86/cpufeature.h | 1 + > xen/include/asm-x86/domain.h | 4 + > xen/include/asm-x86/hvm/hvm.h | 38 +++ > xen/include/asm-x86/hvm/vmx/vmcs.h | 4 + > xen/include/asm-x86/hvm/vmx/vmx.h | 14 + > xen/include/asm-x86/msr-index.h | 37 +++ > xen/include/public/arch-x86/cpufeatureset.h | 1 + > xen/include/public/domctl.h | 27 ++ > xen/include/public/memory.h | 1 + > xen/include/xen/domain.h | 2 + > xen/include/xen/sched.h | 4 + > 31 files changed, 1094 insertions(+), 4 deletions(-) > create mode 100644 tools/libxc/xc_vmtrace.c > create mode 100644 tools/proctrace/COPYING > create mode 100644 tools/proctrace/Makefile > create mode 100644 tools/proctrace/proctrace.c > FYI, this patchset is also available at: https://github.com/icedevml/xen/tree/ipt-patch-v4 Hubert Jasudowicz
From: Michal Leszczynski <michal.leszczynski@cert.pl> Intel Processor Trace is an architectural extension available in modern Intel family CPUs. It allows recording the detailed trace of activity while the processor executes the code. One might use the recorded trace to reconstruct the code flow. It means, to find out the executed code paths, determine branches taken, and so forth. The abovementioned feature is described in Intel(R) 64 and IA-32 Architectures Software Developer's Manual Volume 3C: System Programming Guide, Part 3, Chapter 36: "Intel Processor Trace." This patch series implements an interface that Dom0 could use in order to enable IPT for particular vCPUs in DomU, allowing for external monitoring. Such a feature has numerous applications like malware monitoring, fuzzing, or performance testing. Also thanks to Tamas K Lengyel for a few preliminary hints before first version of this patch was submitted to xen-devel. Changed since v1: * MSR_RTIT_CTL is managed using MSR load lists * other PT-related MSRs are modified only when vCPU goes out of context * trace buffer is now acquired as a resource * added vmtrace_pt_size parameter in xl.cfg, the size of trace buffer must be specified in the moment of domain creation * trace buffers are allocated on domain creation, destructed on domain destruction * HVMOP_vmtrace_ipt_enable/disable is limited to enabling/disabling PT these calls don't manage buffer memory anymore * lifted 32 MFN/GFN array limit when acquiring resources * minor code style changes according to review Changed since v2: * trace buffer is now allocated on domain creation (in v2 it was allocated when hvm param was set) * restored 32-item limit in mfn/gfn arrays in acquire_resource and instead implemented hypercall continuations * code changes according to Jan's and Roger's review Changed since v3: * vmtrace HVMOPs are not implemented as DOMCTLs * patches splitted up according to Andrew's comments * code changes according to v3 review on the mailing list Michal Leszczynski (10): x86/vmx: add Intel PT MSR definitions x86/vmx: add IPT cpu feature tools/libxl: add vmtrace_pt_size parameter x86/vmx: implement processor tracing for VMX common/domain: allocate vmtrace_pt_buffer memory: batch processing in acquire_resource() x86/mm: add vmtrace_buf resource type x86/domctl: add XEN_DOMCTL_vmtrace_op tools/libxc: add xc_vmtrace_* functions tools/proctrace: add proctrace tool docs/man/xl.cfg.5.pod.in | 10 + tools/golang/xenlight/helpers.gen.go | 2 + tools/golang/xenlight/types.gen.go | 1 + tools/libxc/Makefile | 1 + tools/libxc/include/xenctrl.h | 39 +++ tools/libxc/xc_vmtrace.c | 73 +++++ tools/libxl/libxl.h | 8 + tools/libxl/libxl_create.c | 1 + tools/libxl/libxl_types.idl | 2 + tools/proctrace/COPYING | 339 ++++++++++++++++++++ tools/proctrace/Makefile | 48 +++ tools/proctrace/proctrace.c | 163 ++++++++++ tools/xl/xl_parse.c | 20 ++ xen/arch/x86/domain.c | 11 + xen/arch/x86/domctl.c | 48 +++ xen/arch/x86/hvm/vmx/vmcs.c | 7 +- xen/arch/x86/hvm/vmx/vmx.c | 89 +++++ xen/arch/x86/mm.c | 25 ++ xen/common/domain.c | 46 +++ xen/common/memory.c | 32 +- xen/include/asm-x86/cpufeature.h | 1 + xen/include/asm-x86/domain.h | 4 + xen/include/asm-x86/hvm/hvm.h | 38 +++ xen/include/asm-x86/hvm/vmx/vmcs.h | 4 + xen/include/asm-x86/hvm/vmx/vmx.h | 14 + xen/include/asm-x86/msr-index.h | 37 +++ xen/include/public/arch-x86/cpufeatureset.h | 1 + xen/include/public/domctl.h | 27 ++ xen/include/public/memory.h | 1 + xen/include/xen/domain.h | 2 + xen/include/xen/sched.h | 4 + 31 files changed, 1094 insertions(+), 4 deletions(-) create mode 100644 tools/libxc/xc_vmtrace.c create mode 100644 tools/proctrace/COPYING create mode 100644 tools/proctrace/Makefile create mode 100644 tools/proctrace/proctrace.c