Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Discussion/Feature Request] Viability of Cannoli on qemu-system #14

Open
mariaWitch opened this issue May 13, 2023 · 2 comments
Open

[Discussion/Feature Request] Viability of Cannoli on qemu-system #14

mariaWitch opened this issue May 13, 2023 · 2 comments

Comments

@mariaWitch
Copy link

A little bit of background here:
I am currently trying to port over Cannoli to XEMU, which is running a custom infrastructure for QEMU 6 in order to emulate the original Xbox. During the efforts I made porting the patches over, I noticed a comment that specifically mentioned that while Cannoli could run on qemu-system, it shouldn't as it would be pointless, due to loss of granularity.

Could you elaborate on what exactly is lost in the switch from qemu-user to qemu-system? And what would it take to actually get feature parity for Cannoli on qemu-system, if at all possible?
@gamozolabs
Copy link
Collaborator

So @palleiko I think is working on qemu-system support right now (not sure how specific it is to a given target). The main issue is that with qemu-system there is no information about interrupts, processes, task switching, etc that is handled at the OS level. While cannoli should work (might just need a few tweaks if I made any assumptions), the traces would be nearly unusable since you'd see execution "teleporting" around when the OS gets interrupts or switches threads. This makes it very hard to track a stream of execution for an actual process or thread, since you'd see everything. This gets even harder as processes have different address spaces which cause execution streams to potentially execute similar addresses, but of different code.

That being said, cannoli should not really be too specific to user. I'm sure I've made some assumptions that I'm only in a user mode, but I think if the user check is removed it might be very close to "just working". You'd get the high performance trace and memory accesses, but wouldn't be able to assign much meaning until there's hooks added to monitor page table changes, interrupts ,etc. If that makes sense.

Been a while since I've worked on it, so it's hard to say, but I imagine just to get cannoli working in qemu-system would be <1 day of effort. Getting it useful/OS aware is effectively a limitless task as it can always get better.

@akshithg
Copy link

Hi! If you don't mind me adding on to this.

Say I want to get a process specific trace on just qemu-system-x86_64. I could use a combination of values from registers like PC, CR3, the interrupt flag and maybe a few other values to accomplish this right? The code will definitely be x86 specific.

Are there any gotchas I need to look out for while I try to implement this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@akshithg @gamozolabs @mariaWitch