[panda-users] Adding a callback for clflush/clflushopt/clwb
Brendan Dolan-Gavitt
brendandg at nyu.edu
Sun Mar 18 15:08:01 EDT 2018
Even though it doesn't result in native code generation, you should
still be able to use an instruction hook. Use an insn_translate
callback to check if QEMU is about to translate a
clflush/clflushopt/clwb instruction and then return true from that
callback. Then your insn_exec callback will fire whenever one of those
instructions is executed. Roughly:
bool insn_translate(CPUState *env, target_ulong pc) {
uint8_t bytes[2];
panda_virtual_memory_read(env, pc, bytes, 2);
if (bytes[0] == 0x0F && bytes[1] == 0xAE) return true; // clflush
else return false;
}
int insn_exec(CPUState *env, target_ulong pc) {
printf("Saw a clflush at " TARGET_FMT_lx "\n", pc);
return 0;
}
-Brendan
On Sun, Mar 18, 2018 at 2:59 PM, Vincent Lee <vincent_lee at utexas.edu> wrote:
> Hi all,
>
> I'd like to communicate to a plugin whenever a (x86_64) guest calls the
> clflush, clflushopt, or clwb instructions.
> Does anyone have any pointers or documentation where I should look to begin
> implementing this?
>
> From what I can tell so far:
> * TCG translation of clwb/clflush/clflushopt simply call "gen_nop_modrm",
> which does nothing
> * TCG->native codegen is where panda's memory hooks are inserted
>
> Would this be a valid (if ad-hoc) plan?
> * Modify QEMU TCG to have some concept of "clflush/clwb/clflushopt" and emit
> this from code->TCG translation
> * add a new panda callback type for "clflush/clwb/clflushopt"
> * change TCG->native codegen to inject a call to panda callbacks
>
> Thanks,
> Vincent
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
More information about the panda-users
mailing list