[panda-users] Tracing instructions from kernel space
Jayashree Mohan
jayashree2912 at gmail.com
Fri Nov 9 21:06:09 EST 2018
Hi Brendan,
We verified by enabling tracing the entire memory region rather than
confining it to 1-2G. However, the writes still cannot be traced. The
behaviour we see if rather interesting. When we write something less
than a cacheline(64B) using a write system call followed by fsync, it
gets traced by PANDA during the PANDA_CB_VIRT_MEM_AFTER_WRITE
callback. However, when we write anything in multiples of aligned
cachelines, we don't see any memory write traces. For example, if I
write 258B into a file, I can see the last two bytes of data alone.
This seems weird as PANDA is not tracing full aligned cachelines. Do
you seem to understand why this could be happening?
Thanks,
Jayashree Mohan
On Fri, Nov 9, 2018 at 11:41 AM Brendan Dolan-Gavitt <brendandg at nyu.edu> wrote:
>
> The only thing I can think of from looking at your code briefly is
> your use of the physical address range to restrict it to only log
> writes in the 1-2GB range. Could it be that the kernel does
> copy_from_user at the start and copies it into someplace outside that
> range, then writes it back with copy_to_user at the end?
>
> On Fri, Nov 9, 2018 at 11:01 AM, Jayashree Mohan
> <jayashree2912 at gmail.com> wrote:
> > Hi Brendan,
> >
> > Thanks for the reply.
> >
> > Take a look at the plugin here :
> > https://github.com/williewillus/panda_scratchpad/blob/master/personal_plugins/panda/plugins/writetracker/writetracker.cpp
> >
> > We load this plugin, and in the VM, write a simple program that writes to
> > the pmem device mounted within the memory region being tracked. I see memcpy
> > writes being traced, but not the ones due to write system call.
> >
> > I'll try checking if any of my writes originate in the kernel.
> >
> > Thanks,
> > Jayashree Mohan
> >
> >
> >
> > Thanks,
> > Jayashree Mohan
> >
> >
> >
> > On Fri, Nov 9, 2018 at 9:56 AM Brendan Dolan-Gavitt <brendandg at nyu.edu>
> > wrote:
> >>
> >> Yes, it should definitely be tracing memory accesses in the kernel (it
> >> traces all memory accesses on the system) – could you post your plugin
> >> code?
> >>
> >> You may also want to simply log all memory accesses, along with the
> >> current program counter and (optionally) whether or not they originate
> >> in the kernel (using the panda_in_kernel API) to debug.
> >>
> >> On Fri, Nov 9, 2018 at 10:35 AM, Jayashree Mohan
> >> <jayashree2912 at gmail.com> wrote:
> >> > Hi all,
> >> >
> >> > I am using PANDA to trace all store instructions in an emulated pmem
> >> > device. I do this by writing a plugin that issues calbacks on
> >> > "PANDA_CB_VIRT_MEM_AFTER_WRITE" events. If I run a simple workload
> >> > that does write() system calls followed by mmap and memcpy, I can see
> >> > the callbacks being triggered for the user-space memcpy calls to a
> >> > file, but not anytime during the write system call. Does PANDA allow
> >> > tracing instructions from the kernel space?
> >> >
> >> > Thanks,
> >> > Jayashree Mohan
> >> > _______________________________________________
> >> > panda-users mailing list
> >> > panda-users at mit.edu
> >> >
> >> > https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_panda-2Dusers&d=DwICAg&c=slrrB7dE8n7gBJbeO0g-IQ&r=A4wu5Zmpus3hDmokNWeJTO0SLjrxguzCAxn30Hc-o48&m=t_XD-sNNGDpfuGLf63sp5f-I-OP6dhEVNn-r9F-giQU&s=o4Ml-SG3gwaAZ7JrRz3N2W7BvJdTyZvua-jgEyicY2Q&e=
> >>
> >>
> >>
> >> --
> >> Brendan Dolan-Gavitt
> >> Assistant Professor, Department of Computer Science and Engineering
> >> NYU Tandon School of Engineering
>
>
>
> --
> Brendan Dolan-Gavitt
> Assistant Professor, Department of Computer Science and Engineering
> NYU Tandon School of Engineering
More information about the panda-users
mailing list