1 /* 2 * Copyright (C) 2017, Emilio G. Cota <cota@braap.org> 3 * Copyright (C) 2019, Linaro 4 * 5 * License: GNU GPL, version 2 or later. 6 * See the COPYING file in the top-level directory. 7 * 8 * SPDX-License-Identifier: GPL-2.0-or-later 9 */ 10 11 #ifndef QEMU_QEMU_PLUGIN_H 12 #define QEMU_QEMU_PLUGIN_H 13 14 #include <glib.h> 15 #include <inttypes.h> 16 #include <stdbool.h> 17 #include <stddef.h> 18 19 /* 20 * For best performance, build the plugin with -fvisibility=hidden so that 21 * QEMU_PLUGIN_LOCAL is implicit. Then, just mark qemu_plugin_install with 22 * QEMU_PLUGIN_EXPORT. For more info, see 23 * https://gcc.gnu.org/wiki/Visibility 24 */ 25 #if defined _WIN32 || defined __CYGWIN__ 26 #ifdef CONFIG_PLUGIN 27 #define QEMU_PLUGIN_EXPORT __declspec(dllimport) 28 #define QEMU_PLUGIN_API __declspec(dllexport) 29 #else 30 #define QEMU_PLUGIN_EXPORT __declspec(dllexport) 31 #define QEMU_PLUGIN_API __declspec(dllimport) 32 #endif 33 #define QEMU_PLUGIN_LOCAL 34 #else 35 #define QEMU_PLUGIN_EXPORT __attribute__((visibility("default"))) 36 #define QEMU_PLUGIN_LOCAL __attribute__((visibility("hidden"))) 37 #define QEMU_PLUGIN_API 38 #endif 39 40 /** 41 * typedef qemu_plugin_id_t - Unique plugin ID 42 */ 43 typedef uint64_t qemu_plugin_id_t; 44 45 /* 46 * Versioning plugins: 47 * 48 * The plugin API will pass a minimum and current API version that 49 * QEMU currently supports. The minimum API will be incremented if an 50 * API needs to be deprecated. 51 * 52 * The plugins export the API they were built against by exposing the 53 * symbol qemu_plugin_version which can be checked. 54 * 55 * version 2: 56 * - removed qemu_plugin_n_vcpus and qemu_plugin_n_max_vcpus 57 * - Remove qemu_plugin_register_vcpu_{tb, insn, mem}_exec_inline. 58 * Those functions are replaced by *_per_vcpu variants, which guarantee 59 * thread-safety for operations. 60 * 61 * version 3: 62 * - modified arguments and return value of qemu_plugin_insn_data to copy 63 * the data into a user-provided buffer instead of returning a pointer 64 * to the data. 65 * 66 * version 4: 67 * - added qemu_plugin_read_memory_vaddr 68 */ 69 70 extern QEMU_PLUGIN_EXPORT int qemu_plugin_version; 71 72 #define QEMU_PLUGIN_VERSION 4 73 74 /** 75 * struct qemu_info_t - system information for plugins 76 * 77 * This structure provides for some limited information about the 78 * system to allow the plugin to make decisions on how to proceed. For 79 * example it might only be suitable for running on some guest 80 * architectures or when under full system emulation. 81 */ 82 typedef struct qemu_info_t { 83 /** @target_name: string describing architecture */ 84 const char *target_name; 85 /** @version: minimum and current plugin API level */ 86 struct { 87 int min; 88 int cur; 89 } version; 90 /** @system_emulation: is this a full system emulation? */ 91 bool system_emulation; 92 union { 93 /** @system: information relevant to system emulation */ 94 struct { 95 /** @system.smp_vcpus: initial number of vCPUs */ 96 int smp_vcpus; 97 /** @system.max_vcpus: maximum possible number of vCPUs */ 98 int max_vcpus; 99 } system; 100 }; 101 } qemu_info_t; 102 103 /** 104 * qemu_plugin_install() - Install a plugin 105 * @id: this plugin's opaque ID 106 * @info: a block describing some details about the guest 107 * @argc: number of arguments 108 * @argv: array of arguments (@argc elements) 109 * 110 * All plugins must export this symbol which is called when the plugin 111 * is first loaded. Calling qemu_plugin_uninstall() from this function 112 * is a bug. 113 * 114 * Note: @info is only live during the call. Copy any information we 115 * want to keep. @argv remains valid throughout the lifetime of the 116 * loaded plugin. 117 * 118 * Return: 0 on successful loading, !0 for an error. 119 */ 120 QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, 121 const qemu_info_t *info, 122 int argc, char **argv); 123 124 /** 125 * typedef qemu_plugin_simple_cb_t - simple callback 126 * @id: the unique qemu_plugin_id_t 127 * 128 * This callback passes no information aside from the unique @id. 129 */ 130 typedef void (*qemu_plugin_simple_cb_t)(qemu_plugin_id_t id); 131 132 /** 133 * typedef qemu_plugin_udata_cb_t - callback with user data 134 * @id: the unique qemu_plugin_id_t 135 * @userdata: a pointer to some user data supplied when the callback 136 * was registered. 137 */ 138 typedef void (*qemu_plugin_udata_cb_t)(qemu_plugin_id_t id, void *userdata); 139 140 /** 141 * typedef qemu_plugin_vcpu_simple_cb_t - vcpu callback 142 * @id: the unique qemu_plugin_id_t 143 * @vcpu_index: the current vcpu context 144 */ 145 typedef void (*qemu_plugin_vcpu_simple_cb_t)(qemu_plugin_id_t id, 146 unsigned int vcpu_index); 147 148 /** 149 * typedef qemu_plugin_vcpu_udata_cb_t - vcpu callback 150 * @vcpu_index: the current vcpu context 151 * @userdata: a pointer to some user data supplied when the callback 152 * was registered. 153 */ 154 typedef void (*qemu_plugin_vcpu_udata_cb_t)(unsigned int vcpu_index, 155 void *userdata); 156 157 /** 158 * qemu_plugin_uninstall() - Uninstall a plugin 159 * @id: this plugin's opaque ID 160 * @cb: callback to be called once the plugin has been removed 161 * 162 * Do NOT assume that the plugin has been uninstalled once this function 163 * returns. Plugins are uninstalled asynchronously, and therefore the given 164 * plugin receives callbacks until @cb is called. 165 * 166 * Note: Calling this function from qemu_plugin_install() is a bug. 167 */ 168 QEMU_PLUGIN_API 169 void qemu_plugin_uninstall(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb); 170 171 /** 172 * qemu_plugin_reset() - Reset a plugin 173 * @id: this plugin's opaque ID 174 * @cb: callback to be called once the plugin has been reset 175 * 176 * Unregisters all callbacks for the plugin given by @id. 177 * 178 * Do NOT assume that the plugin has been reset once this function returns. 179 * Plugins are reset asynchronously, and therefore the given plugin receives 180 * callbacks until @cb is called. 181 */ 182 QEMU_PLUGIN_API 183 void qemu_plugin_reset(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb); 184 185 /** 186 * qemu_plugin_register_vcpu_init_cb() - register a vCPU initialization callback 187 * @id: plugin ID 188 * @cb: callback function 189 * 190 * The @cb function is called every time a vCPU is initialized. 191 * 192 * See also: qemu_plugin_register_vcpu_exit_cb() 193 */ 194 QEMU_PLUGIN_API 195 void qemu_plugin_register_vcpu_init_cb(qemu_plugin_id_t id, 196 qemu_plugin_vcpu_simple_cb_t cb); 197 198 /** 199 * qemu_plugin_register_vcpu_exit_cb() - register a vCPU exit callback 200 * @id: plugin ID 201 * @cb: callback function 202 * 203 * The @cb function is called every time a vCPU exits. 204 * 205 * See also: qemu_plugin_register_vcpu_init_cb() 206 */ 207 QEMU_PLUGIN_API 208 void qemu_plugin_register_vcpu_exit_cb(qemu_plugin_id_t id, 209 qemu_plugin_vcpu_simple_cb_t cb); 210 211 /** 212 * qemu_plugin_register_vcpu_idle_cb() - register a vCPU idle callback 213 * @id: plugin ID 214 * @cb: callback function 215 * 216 * The @cb function is called every time a vCPU idles. 217 */ 218 QEMU_PLUGIN_API 219 void qemu_plugin_register_vcpu_idle_cb(qemu_plugin_id_t id, 220 qemu_plugin_vcpu_simple_cb_t cb); 221 222 /** 223 * qemu_plugin_register_vcpu_resume_cb() - register a vCPU resume callback 224 * @id: plugin ID 225 * @cb: callback function 226 * 227 * The @cb function is called every time a vCPU resumes execution. 228 */ 229 QEMU_PLUGIN_API 230 void qemu_plugin_register_vcpu_resume_cb(qemu_plugin_id_t id, 231 qemu_plugin_vcpu_simple_cb_t cb); 232 233 /** struct qemu_plugin_tb - Opaque handle for a translation block */ 234 struct qemu_plugin_tb; 235 /** struct qemu_plugin_insn - Opaque handle for a translated instruction */ 236 struct qemu_plugin_insn; 237 /** struct qemu_plugin_scoreboard - Opaque handle for a scoreboard */ 238 struct qemu_plugin_scoreboard; 239 240 /** 241 * typedef qemu_plugin_u64 - uint64_t member of an entry in a scoreboard 242 * 243 * This field allows to access a specific uint64_t member in one given entry, 244 * located at a specified offset. Inline operations expect this as entry. 245 */ 246 typedef struct { 247 struct qemu_plugin_scoreboard *score; 248 size_t offset; 249 } qemu_plugin_u64; 250 251 /** 252 * enum qemu_plugin_cb_flags - type of callback 253 * 254 * @QEMU_PLUGIN_CB_NO_REGS: callback does not access the CPU's regs 255 * @QEMU_PLUGIN_CB_R_REGS: callback reads the CPU's regs 256 * @QEMU_PLUGIN_CB_RW_REGS: callback reads and writes the CPU's regs 257 * 258 * Note: currently QEMU_PLUGIN_CB_RW_REGS is unused, plugins cannot change 259 * system register state. 260 */ 261 enum qemu_plugin_cb_flags { 262 QEMU_PLUGIN_CB_NO_REGS, 263 QEMU_PLUGIN_CB_R_REGS, 264 QEMU_PLUGIN_CB_RW_REGS, 265 }; 266 267 enum qemu_plugin_mem_rw { 268 QEMU_PLUGIN_MEM_R = 1, 269 QEMU_PLUGIN_MEM_W, 270 QEMU_PLUGIN_MEM_RW, 271 }; 272 273 enum qemu_plugin_mem_value_type { 274 QEMU_PLUGIN_MEM_VALUE_U8, 275 QEMU_PLUGIN_MEM_VALUE_U16, 276 QEMU_PLUGIN_MEM_VALUE_U32, 277 QEMU_PLUGIN_MEM_VALUE_U64, 278 QEMU_PLUGIN_MEM_VALUE_U128, 279 }; 280 281 /* typedef qemu_plugin_mem_value - value accessed during a load/store */ 282 typedef struct { 283 enum qemu_plugin_mem_value_type type; 284 union { 285 uint8_t u8; 286 uint16_t u16; 287 uint32_t u32; 288 uint64_t u64; 289 struct { 290 uint64_t low; 291 uint64_t high; 292 } u128; 293 } data; 294 } qemu_plugin_mem_value; 295 296 /** 297 * enum qemu_plugin_cond - condition to enable callback 298 * 299 * @QEMU_PLUGIN_COND_NEVER: false 300 * @QEMU_PLUGIN_COND_ALWAYS: true 301 * @QEMU_PLUGIN_COND_EQ: is equal? 302 * @QEMU_PLUGIN_COND_NE: is not equal? 303 * @QEMU_PLUGIN_COND_LT: is less than? 304 * @QEMU_PLUGIN_COND_LE: is less than or equal? 305 * @QEMU_PLUGIN_COND_GT: is greater than? 306 * @QEMU_PLUGIN_COND_GE: is greater than or equal? 307 */ 308 enum qemu_plugin_cond { 309 QEMU_PLUGIN_COND_NEVER, 310 QEMU_PLUGIN_COND_ALWAYS, 311 QEMU_PLUGIN_COND_EQ, 312 QEMU_PLUGIN_COND_NE, 313 QEMU_PLUGIN_COND_LT, 314 QEMU_PLUGIN_COND_LE, 315 QEMU_PLUGIN_COND_GT, 316 QEMU_PLUGIN_COND_GE, 317 }; 318 319 /** 320 * typedef qemu_plugin_vcpu_tb_trans_cb_t - translation callback 321 * @id: unique plugin id 322 * @tb: opaque handle used for querying and instrumenting a block. 323 */ 324 typedef void (*qemu_plugin_vcpu_tb_trans_cb_t)(qemu_plugin_id_t id, 325 struct qemu_plugin_tb *tb); 326 327 /** 328 * qemu_plugin_register_vcpu_tb_trans_cb() - register a translate cb 329 * @id: plugin ID 330 * @cb: callback function 331 * 332 * The @cb function is called every time a translation occurs. The @cb 333 * function is passed an opaque qemu_plugin_type which it can query 334 * for additional information including the list of translated 335 * instructions. At this point the plugin can register further 336 * callbacks to be triggered when the block or individual instruction 337 * executes. 338 */ 339 QEMU_PLUGIN_API 340 void qemu_plugin_register_vcpu_tb_trans_cb(qemu_plugin_id_t id, 341 qemu_plugin_vcpu_tb_trans_cb_t cb); 342 343 /** 344 * qemu_plugin_register_vcpu_tb_exec_cb() - register execution callback 345 * @tb: the opaque qemu_plugin_tb handle for the translation 346 * @cb: callback function 347 * @flags: does the plugin read or write the CPU's registers? 348 * @userdata: any plugin data to pass to the @cb? 349 * 350 * The @cb function is called every time a translated unit executes. 351 */ 352 QEMU_PLUGIN_API 353 void qemu_plugin_register_vcpu_tb_exec_cb(struct qemu_plugin_tb *tb, 354 qemu_plugin_vcpu_udata_cb_t cb, 355 enum qemu_plugin_cb_flags flags, 356 void *userdata); 357 358 /** 359 * qemu_plugin_register_vcpu_tb_exec_cond_cb() - register conditional callback 360 * @tb: the opaque qemu_plugin_tb handle for the translation 361 * @cb: callback function 362 * @cond: condition to enable callback 363 * @entry: first operand for condition 364 * @imm: second operand for condition 365 * @flags: does the plugin read or write the CPU's registers? 366 * @userdata: any plugin data to pass to the @cb? 367 * 368 * The @cb function is called when a translated unit executes if 369 * entry @cond imm is true. 370 * If condition is QEMU_PLUGIN_COND_ALWAYS, condition is never interpreted and 371 * this function is equivalent to qemu_plugin_register_vcpu_tb_exec_cb. 372 * If condition QEMU_PLUGIN_COND_NEVER, condition is never interpreted and 373 * callback is never installed. 374 */ 375 QEMU_PLUGIN_API 376 void qemu_plugin_register_vcpu_tb_exec_cond_cb(struct qemu_plugin_tb *tb, 377 qemu_plugin_vcpu_udata_cb_t cb, 378 enum qemu_plugin_cb_flags flags, 379 enum qemu_plugin_cond cond, 380 qemu_plugin_u64 entry, 381 uint64_t imm, 382 void *userdata); 383 384 /** 385 * enum qemu_plugin_op - describes an inline op 386 * 387 * @QEMU_PLUGIN_INLINE_ADD_U64: add an immediate value uint64_t 388 * @QEMU_PLUGIN_INLINE_STORE_U64: store an immediate value uint64_t 389 */ 390 391 enum qemu_plugin_op { 392 QEMU_PLUGIN_INLINE_ADD_U64, 393 QEMU_PLUGIN_INLINE_STORE_U64, 394 }; 395 396 /** 397 * qemu_plugin_register_vcpu_tb_exec_inline_per_vcpu() - execution inline op 398 * @tb: the opaque qemu_plugin_tb handle for the translation 399 * @op: the type of qemu_plugin_op (e.g. ADD_U64) 400 * @entry: entry to run op 401 * @imm: the op data (e.g. 1) 402 * 403 * Insert an inline op on a given scoreboard entry. 404 */ 405 QEMU_PLUGIN_API 406 void qemu_plugin_register_vcpu_tb_exec_inline_per_vcpu( 407 struct qemu_plugin_tb *tb, 408 enum qemu_plugin_op op, 409 qemu_plugin_u64 entry, 410 uint64_t imm); 411 412 /** 413 * qemu_plugin_register_vcpu_insn_exec_cb() - register insn execution cb 414 * @insn: the opaque qemu_plugin_insn handle for an instruction 415 * @cb: callback function 416 * @flags: does the plugin read or write the CPU's registers? 417 * @userdata: any plugin data to pass to the @cb? 418 * 419 * The @cb function is called every time an instruction is executed 420 */ 421 QEMU_PLUGIN_API 422 void qemu_plugin_register_vcpu_insn_exec_cb(struct qemu_plugin_insn *insn, 423 qemu_plugin_vcpu_udata_cb_t cb, 424 enum qemu_plugin_cb_flags flags, 425 void *userdata); 426 427 /** 428 * qemu_plugin_register_vcpu_insn_exec_cond_cb() - conditional insn execution cb 429 * @insn: the opaque qemu_plugin_insn handle for an instruction 430 * @cb: callback function 431 * @flags: does the plugin read or write the CPU's registers? 432 * @cond: condition to enable callback 433 * @entry: first operand for condition 434 * @imm: second operand for condition 435 * @userdata: any plugin data to pass to the @cb? 436 * 437 * The @cb function is called when an instruction executes if 438 * entry @cond imm is true. 439 * If condition is QEMU_PLUGIN_COND_ALWAYS, condition is never interpreted and 440 * this function is equivalent to qemu_plugin_register_vcpu_insn_exec_cb. 441 * If condition QEMU_PLUGIN_COND_NEVER, condition is never interpreted and 442 * callback is never installed. 443 */ 444 QEMU_PLUGIN_API 445 void qemu_plugin_register_vcpu_insn_exec_cond_cb( 446 struct qemu_plugin_insn *insn, 447 qemu_plugin_vcpu_udata_cb_t cb, 448 enum qemu_plugin_cb_flags flags, 449 enum qemu_plugin_cond cond, 450 qemu_plugin_u64 entry, 451 uint64_t imm, 452 void *userdata); 453 454 /** 455 * qemu_plugin_register_vcpu_insn_exec_inline_per_vcpu() - insn exec inline op 456 * @insn: the opaque qemu_plugin_insn handle for an instruction 457 * @op: the type of qemu_plugin_op (e.g. ADD_U64) 458 * @entry: entry to run op 459 * @imm: the op data (e.g. 1) 460 * 461 * Insert an inline op to every time an instruction executes. 462 */ 463 QEMU_PLUGIN_API 464 void qemu_plugin_register_vcpu_insn_exec_inline_per_vcpu( 465 struct qemu_plugin_insn *insn, 466 enum qemu_plugin_op op, 467 qemu_plugin_u64 entry, 468 uint64_t imm); 469 470 /** 471 * qemu_plugin_tb_n_insns() - query helper for number of insns in TB 472 * @tb: opaque handle to TB passed to callback 473 * 474 * Returns: number of instructions in this block 475 */ 476 QEMU_PLUGIN_API 477 size_t qemu_plugin_tb_n_insns(const struct qemu_plugin_tb *tb); 478 479 /** 480 * qemu_plugin_tb_vaddr() - query helper for vaddr of TB start 481 * @tb: opaque handle to TB passed to callback 482 * 483 * Returns: virtual address of block start 484 */ 485 QEMU_PLUGIN_API 486 uint64_t qemu_plugin_tb_vaddr(const struct qemu_plugin_tb *tb); 487 488 /** 489 * qemu_plugin_tb_get_insn() - retrieve handle for instruction 490 * @tb: opaque handle to TB passed to callback 491 * @idx: instruction number, 0 indexed 492 * 493 * The returned handle can be used in follow up helper queries as well 494 * as when instrumenting an instruction. It is only valid for the 495 * lifetime of the callback. 496 * 497 * Returns: opaque handle to instruction 498 */ 499 QEMU_PLUGIN_API 500 struct qemu_plugin_insn * 501 qemu_plugin_tb_get_insn(const struct qemu_plugin_tb *tb, size_t idx); 502 503 /** 504 * qemu_plugin_insn_data() - copy instruction data 505 * @insn: opaque instruction handle from qemu_plugin_tb_get_insn() 506 * @dest: destination into which data is copied 507 * @len: length of dest 508 * 509 * Returns the number of bytes copied, minimum of @len and insn size. 510 */ 511 QEMU_PLUGIN_API 512 size_t qemu_plugin_insn_data(const struct qemu_plugin_insn *insn, 513 void *dest, size_t len); 514 515 /** 516 * qemu_plugin_insn_size() - return size of instruction 517 * @insn: opaque instruction handle from qemu_plugin_tb_get_insn() 518 * 519 * Returns: size of instruction in bytes 520 */ 521 QEMU_PLUGIN_API 522 size_t qemu_plugin_insn_size(const struct qemu_plugin_insn *insn); 523 524 /** 525 * qemu_plugin_insn_vaddr() - return vaddr of instruction 526 * @insn: opaque instruction handle from qemu_plugin_tb_get_insn() 527 * 528 * Returns: virtual address of instruction 529 */ 530 QEMU_PLUGIN_API 531 uint64_t qemu_plugin_insn_vaddr(const struct qemu_plugin_insn *insn); 532 533 /** 534 * qemu_plugin_insn_haddr() - return hardware addr of instruction 535 * @insn: opaque instruction handle from qemu_plugin_tb_get_insn() 536 * 537 * Returns: hardware (physical) target address of instruction 538 */ 539 QEMU_PLUGIN_API 540 void *qemu_plugin_insn_haddr(const struct qemu_plugin_insn *insn); 541 542 /** 543 * typedef qemu_plugin_meminfo_t - opaque memory transaction handle 544 * 545 * This can be further queried using the qemu_plugin_mem_* query 546 * functions. 547 */ 548 typedef uint32_t qemu_plugin_meminfo_t; 549 /** struct qemu_plugin_hwaddr - opaque hw address handle */ 550 struct qemu_plugin_hwaddr; 551 552 /** 553 * qemu_plugin_mem_size_shift() - get size of access 554 * @info: opaque memory transaction handle 555 * 556 * Returns: size of access in ^2 (0=byte, 1=16bit, 2=32bit etc...) 557 */ 558 QEMU_PLUGIN_API 559 unsigned int qemu_plugin_mem_size_shift(qemu_plugin_meminfo_t info); 560 /** 561 * qemu_plugin_mem_is_sign_extended() - was the access sign extended 562 * @info: opaque memory transaction handle 563 * 564 * Returns: true if it was, otherwise false 565 */ 566 QEMU_PLUGIN_API 567 bool qemu_plugin_mem_is_sign_extended(qemu_plugin_meminfo_t info); 568 /** 569 * qemu_plugin_mem_is_big_endian() - was the access big endian 570 * @info: opaque memory transaction handle 571 * 572 * Returns: true if it was, otherwise false 573 */ 574 QEMU_PLUGIN_API 575 bool qemu_plugin_mem_is_big_endian(qemu_plugin_meminfo_t info); 576 /** 577 * qemu_plugin_mem_is_store() - was the access a store 578 * @info: opaque memory transaction handle 579 * 580 * Returns: true if it was, otherwise false 581 */ 582 QEMU_PLUGIN_API 583 bool qemu_plugin_mem_is_store(qemu_plugin_meminfo_t info); 584 585 /** 586 * qemu_plugin_mem_get_mem_value() - return last value loaded/stored 587 * @info: opaque memory transaction handle 588 * 589 * Returns: memory value 590 */ 591 QEMU_PLUGIN_API 592 qemu_plugin_mem_value qemu_plugin_mem_get_value(qemu_plugin_meminfo_t info); 593 594 /** 595 * qemu_plugin_get_hwaddr() - return handle for memory operation 596 * @info: opaque memory info structure 597 * @vaddr: the virtual address of the memory operation 598 * 599 * For system emulation returns a qemu_plugin_hwaddr handle to query 600 * details about the actual physical address backing the virtual 601 * address. For linux-user guests it just returns NULL. 602 * 603 * This handle is *only* valid for the duration of the callback. Any 604 * information about the handle should be recovered before the 605 * callback returns. 606 */ 607 QEMU_PLUGIN_API 608 struct qemu_plugin_hwaddr *qemu_plugin_get_hwaddr(qemu_plugin_meminfo_t info, 609 uint64_t vaddr); 610 611 /* 612 * The following additional queries can be run on the hwaddr structure to 613 * return information about it - namely whether it is for an IO access and the 614 * physical address associated with the access. 615 */ 616 617 /** 618 * qemu_plugin_hwaddr_is_io() - query whether memory operation is IO 619 * @haddr: address handle from qemu_plugin_get_hwaddr() 620 * 621 * Returns true if the handle's memory operation is to memory-mapped IO, or 622 * false if it is to RAM 623 */ 624 QEMU_PLUGIN_API 625 bool qemu_plugin_hwaddr_is_io(const struct qemu_plugin_hwaddr *haddr); 626 627 /** 628 * qemu_plugin_hwaddr_phys_addr() - query physical address for memory operation 629 * @haddr: address handle from qemu_plugin_get_hwaddr() 630 * 631 * Returns the physical address associated with the memory operation 632 * 633 * Note that the returned physical address may not be unique if you are dealing 634 * with multiple address spaces. 635 */ 636 QEMU_PLUGIN_API 637 uint64_t qemu_plugin_hwaddr_phys_addr(const struct qemu_plugin_hwaddr *haddr); 638 639 /* 640 * Returns a string representing the device. The string is valid for 641 * the lifetime of the plugin. 642 */ 643 QEMU_PLUGIN_API 644 const char *qemu_plugin_hwaddr_device_name(const struct qemu_plugin_hwaddr *h); 645 646 /** 647 * typedef qemu_plugin_vcpu_mem_cb_t - memory callback function type 648 * @vcpu_index: the executing vCPU 649 * @info: an opaque handle for further queries about the memory 650 * @vaddr: the virtual address of the transaction 651 * @userdata: any user data attached to the callback 652 */ 653 typedef void (*qemu_plugin_vcpu_mem_cb_t) (unsigned int vcpu_index, 654 qemu_plugin_meminfo_t info, 655 uint64_t vaddr, 656 void *userdata); 657 658 /** 659 * qemu_plugin_register_vcpu_mem_cb() - register memory access callback 660 * @insn: handle for instruction to instrument 661 * @cb: callback of type qemu_plugin_vcpu_mem_cb_t 662 * @flags: (currently unused) callback flags 663 * @rw: monitor reads, writes or both 664 * @userdata: opaque pointer for userdata 665 * 666 * This registers a full callback for every memory access generated by 667 * an instruction. If the instruction doesn't access memory no 668 * callback will be made. 669 * 670 * The callback reports the vCPU the access took place on, the virtual 671 * address of the access and a handle for further queries. The user 672 * can attach some userdata to the callback for additional purposes. 673 * 674 * Other execution threads will continue to execute during the 675 * callback so the plugin is responsible for ensuring it doesn't get 676 * confused by making appropriate use of locking if required. 677 */ 678 QEMU_PLUGIN_API 679 void qemu_plugin_register_vcpu_mem_cb(struct qemu_plugin_insn *insn, 680 qemu_plugin_vcpu_mem_cb_t cb, 681 enum qemu_plugin_cb_flags flags, 682 enum qemu_plugin_mem_rw rw, 683 void *userdata); 684 685 /** 686 * qemu_plugin_register_vcpu_mem_inline_per_vcpu() - inline op for mem access 687 * @insn: handle for instruction to instrument 688 * @rw: apply to reads, writes or both 689 * @op: the op, of type qemu_plugin_op 690 * @entry: entry to run op 691 * @imm: immediate data for @op 692 * 693 * This registers a inline op every memory access generated by the 694 * instruction. 695 */ 696 QEMU_PLUGIN_API 697 void qemu_plugin_register_vcpu_mem_inline_per_vcpu( 698 struct qemu_plugin_insn *insn, 699 enum qemu_plugin_mem_rw rw, 700 enum qemu_plugin_op op, 701 qemu_plugin_u64 entry, 702 uint64_t imm); 703 704 /** 705 * qemu_plugin_request_time_control() - request the ability to control time 706 * 707 * This grants the plugin the ability to control system time. Only one 708 * plugin can control time so if multiple plugins request the ability 709 * all but the first will fail. 710 * 711 * Returns an opaque handle or NULL if fails 712 */ 713 QEMU_PLUGIN_API 714 const void *qemu_plugin_request_time_control(void); 715 716 /** 717 * qemu_plugin_update_ns() - update system emulation time 718 * @handle: opaque handle returned by qemu_plugin_request_time_control() 719 * @time: time in nanoseconds 720 * 721 * This allows an appropriately authorised plugin (i.e. holding the 722 * time control handle) to move system time forward to @time. For 723 * user-mode emulation the time is not changed by this as all reported 724 * time comes from the host kernel. 725 * 726 * Start time is 0. 727 */ 728 QEMU_PLUGIN_API 729 void qemu_plugin_update_ns(const void *handle, int64_t time); 730 731 typedef void 732 (*qemu_plugin_vcpu_syscall_cb_t)(qemu_plugin_id_t id, unsigned int vcpu_index, 733 int64_t num, uint64_t a1, uint64_t a2, 734 uint64_t a3, uint64_t a4, uint64_t a5, 735 uint64_t a6, uint64_t a7, uint64_t a8); 736 737 QEMU_PLUGIN_API 738 void qemu_plugin_register_vcpu_syscall_cb(qemu_plugin_id_t id, 739 qemu_plugin_vcpu_syscall_cb_t cb); 740 741 typedef void 742 (*qemu_plugin_vcpu_syscall_ret_cb_t)(qemu_plugin_id_t id, unsigned int vcpu_idx, 743 int64_t num, int64_t ret); 744 745 QEMU_PLUGIN_API 746 void 747 qemu_plugin_register_vcpu_syscall_ret_cb(qemu_plugin_id_t id, 748 qemu_plugin_vcpu_syscall_ret_cb_t cb); 749 750 751 /** 752 * qemu_plugin_insn_disas() - return disassembly string for instruction 753 * @insn: instruction reference 754 * 755 * Returns an allocated string containing the disassembly 756 */ 757 758 QEMU_PLUGIN_API 759 char *qemu_plugin_insn_disas(const struct qemu_plugin_insn *insn); 760 761 /** 762 * qemu_plugin_insn_symbol() - best effort symbol lookup 763 * @insn: instruction reference 764 * 765 * Return a static string referring to the symbol. This is dependent 766 * on the binary QEMU is running having provided a symbol table. 767 */ 768 QEMU_PLUGIN_API 769 const char *qemu_plugin_insn_symbol(const struct qemu_plugin_insn *insn); 770 771 /** 772 * qemu_plugin_vcpu_for_each() - iterate over the existing vCPU 773 * @id: plugin ID 774 * @cb: callback function 775 * 776 * The @cb function is called once for each existing vCPU. 777 * 778 * See also: qemu_plugin_register_vcpu_init_cb() 779 */ 780 QEMU_PLUGIN_API 781 void qemu_plugin_vcpu_for_each(qemu_plugin_id_t id, 782 qemu_plugin_vcpu_simple_cb_t cb); 783 784 QEMU_PLUGIN_API 785 void qemu_plugin_register_flush_cb(qemu_plugin_id_t id, 786 qemu_plugin_simple_cb_t cb); 787 788 /** 789 * qemu_plugin_register_atexit_cb() - register exit callback 790 * @id: plugin ID 791 * @cb: callback 792 * @userdata: user data for callback 793 * 794 * The @cb function is called once execution has finished. Plugins 795 * should be able to free all their resources at this point much like 796 * after a reset/uninstall callback is called. 797 * 798 * In user-mode it is possible a few un-instrumented instructions from 799 * child threads may run before the host kernel reaps the threads. 800 */ 801 QEMU_PLUGIN_API 802 void qemu_plugin_register_atexit_cb(qemu_plugin_id_t id, 803 qemu_plugin_udata_cb_t cb, void *userdata); 804 805 /* returns how many vcpus were started at this point */ 806 QEMU_PLUGIN_API 807 int qemu_plugin_num_vcpus(void); 808 809 /** 810 * qemu_plugin_outs() - output string via QEMU's logging system 811 * @string: a string 812 */ 813 QEMU_PLUGIN_API 814 void qemu_plugin_outs(const char *string); 815 816 /** 817 * qemu_plugin_bool_parse() - parses a boolean argument in the form of 818 * "<argname>=[on|yes|true|off|no|false]" 819 * 820 * @name: argument name, the part before the equals sign 821 * @val: argument value, what's after the equals sign 822 * @ret: output return value 823 * 824 * returns true if the combination @name=@val parses correctly to a boolean 825 * argument, and false otherwise 826 */ 827 QEMU_PLUGIN_API 828 bool qemu_plugin_bool_parse(const char *name, const char *val, bool *ret); 829 830 /** 831 * qemu_plugin_path_to_binary() - path to binary file being executed 832 * 833 * Return a string representing the path to the binary. For user-mode 834 * this is the main executable. For system emulation we currently 835 * return NULL. The user should g_free() the string once no longer 836 * needed. 837 */ 838 QEMU_PLUGIN_API 839 const char *qemu_plugin_path_to_binary(void); 840 841 /** 842 * qemu_plugin_start_code() - returns start of text segment 843 * 844 * Returns the nominal start address of the main text segment in 845 * user-mode. Currently returns 0 for system emulation. 846 */ 847 QEMU_PLUGIN_API 848 uint64_t qemu_plugin_start_code(void); 849 850 /** 851 * qemu_plugin_end_code() - returns end of text segment 852 * 853 * Returns the nominal end address of the main text segment in 854 * user-mode. Currently returns 0 for system emulation. 855 */ 856 QEMU_PLUGIN_API 857 uint64_t qemu_plugin_end_code(void); 858 859 /** 860 * qemu_plugin_entry_code() - returns start address for module 861 * 862 * Returns the nominal entry address of the main text segment in 863 * user-mode. Currently returns 0 for system emulation. 864 */ 865 QEMU_PLUGIN_API 866 uint64_t qemu_plugin_entry_code(void); 867 868 /** struct qemu_plugin_register - Opaque handle for register access */ 869 struct qemu_plugin_register; 870 871 /** 872 * typedef qemu_plugin_reg_descriptor - register descriptions 873 * 874 * @handle: opaque handle for retrieving value with qemu_plugin_read_register 875 * @name: register name 876 * @feature: optional feature descriptor, can be NULL 877 */ 878 typedef struct { 879 struct qemu_plugin_register *handle; 880 const char *name; 881 const char *feature; 882 } qemu_plugin_reg_descriptor; 883 884 /** 885 * qemu_plugin_get_registers() - return register list for current vCPU 886 * 887 * Returns a potentially empty GArray of qemu_plugin_reg_descriptor. 888 * Caller frees the array (but not the const strings). 889 * 890 * Should be used from a qemu_plugin_register_vcpu_init_cb() callback 891 * after the vCPU is initialised, i.e. in the vCPU context. 892 */ 893 QEMU_PLUGIN_API 894 GArray *qemu_plugin_get_registers(void); 895 896 /** 897 * qemu_plugin_read_memory_vaddr() - read from memory using a virtual address 898 * 899 * @addr: A virtual address to read from 900 * @data: A byte array to store data into 901 * @len: The number of bytes to read, starting from @addr 902 * 903 * @len bytes of data is read starting at @addr and stored into @data. If @data 904 * is not large enough to hold @len bytes, it will be expanded to the necessary 905 * size, reallocating if necessary. @len must be greater than 0. 906 * 907 * This function does not ensure writes are flushed prior to reading, so 908 * callers should take care when calling this function in plugin callbacks to 909 * avoid attempting to read data which may not yet be written and should use 910 * the memory callback API instead. 911 * 912 * Returns true on success and false on failure. 913 */ 914 QEMU_PLUGIN_API 915 bool qemu_plugin_read_memory_vaddr(uint64_t addr, 916 GByteArray *data, size_t len); 917 918 /** 919 * qemu_plugin_read_register() - read register for current vCPU 920 * 921 * @handle: a @qemu_plugin_reg_handle handle 922 * @buf: A GByteArray for the data owned by the plugin 923 * 924 * This function is only available in a context that register read access is 925 * explicitly requested via the QEMU_PLUGIN_CB_R_REGS flag. 926 * 927 * Returns the size of the read register. The content of @buf is in target byte 928 * order. On failure returns -1. 929 */ 930 QEMU_PLUGIN_API 931 int qemu_plugin_read_register(struct qemu_plugin_register *handle, 932 GByteArray *buf); 933 934 /** 935 * qemu_plugin_scoreboard_new() - alloc a new scoreboard 936 * 937 * @element_size: size (in bytes) for one entry 938 * 939 * Returns a pointer to a new scoreboard. It must be freed using 940 * qemu_plugin_scoreboard_free. 941 */ 942 QEMU_PLUGIN_API 943 struct qemu_plugin_scoreboard *qemu_plugin_scoreboard_new(size_t element_size); 944 945 /** 946 * qemu_plugin_scoreboard_free() - free a scoreboard 947 * @score: scoreboard to free 948 */ 949 QEMU_PLUGIN_API 950 void qemu_plugin_scoreboard_free(struct qemu_plugin_scoreboard *score); 951 952 /** 953 * qemu_plugin_scoreboard_find() - get pointer to an entry of a scoreboard 954 * @score: scoreboard to query 955 * @vcpu_index: entry index 956 * 957 * Returns address of entry of a scoreboard matching a given vcpu_index. This 958 * address can be modified later if scoreboard is resized. 959 */ 960 QEMU_PLUGIN_API 961 void *qemu_plugin_scoreboard_find(struct qemu_plugin_scoreboard *score, 962 unsigned int vcpu_index); 963 964 /* Macros to define a qemu_plugin_u64 */ 965 #define qemu_plugin_scoreboard_u64(score) \ 966 (qemu_plugin_u64) {score, 0} 967 #define qemu_plugin_scoreboard_u64_in_struct(score, type, member) \ 968 (qemu_plugin_u64) {score, offsetof(type, member)} 969 970 /** 971 * qemu_plugin_u64_add() - add a value to a qemu_plugin_u64 for a given vcpu 972 * @entry: entry to query 973 * @vcpu_index: entry index 974 * @added: value to add 975 */ 976 QEMU_PLUGIN_API 977 void qemu_plugin_u64_add(qemu_plugin_u64 entry, unsigned int vcpu_index, 978 uint64_t added); 979 980 /** 981 * qemu_plugin_u64_get() - get value of a qemu_plugin_u64 for a given vcpu 982 * @entry: entry to query 983 * @vcpu_index: entry index 984 */ 985 QEMU_PLUGIN_API 986 uint64_t qemu_plugin_u64_get(qemu_plugin_u64 entry, unsigned int vcpu_index); 987 988 /** 989 * qemu_plugin_u64_set() - set value of a qemu_plugin_u64 for a given vcpu 990 * @entry: entry to query 991 * @vcpu_index: entry index 992 * @val: new value 993 */ 994 QEMU_PLUGIN_API 995 void qemu_plugin_u64_set(qemu_plugin_u64 entry, unsigned int vcpu_index, 996 uint64_t val); 997 998 /** 999 * qemu_plugin_u64_sum() - return sum of all vcpu entries in a scoreboard 1000 * @entry: entry to sum 1001 */ 1002 QEMU_PLUGIN_API 1003 uint64_t qemu_plugin_u64_sum(qemu_plugin_u64 entry); 1004 1005 #endif /* QEMU_QEMU_PLUGIN_H */ 1006