Re: Extracting PC information from QEMU/KVM during single-step

[Alexander Bulekov]

On 210623 1514, Steven Raasch wrote:
> Hi -
> 
> I'm trying to create a hack that will allow me to extract an instruction
> trace from QEMU/KVM (i386). The KVM part is important (see below).
> 
> Background:
> 
>    - I have used KVM to create a snapshot of a windows-10 guest running a
>    graphics-intensive app. The *original* issue is that the app does not
>    execute correctly when re-started from the snapshot using TCG (it doesn't
>    crash, but it doesn't run correctly, either). So, using the existing "-d
>    in_asm" won't work. It seemed to me that hacking in tracing to KVM should
>    be easier than figuring out why the app doesn't work.
>    - I've poked around the tracing mechanism in the TCG, and extracted what
>    I need to dump instructions and then added that to kvm_cpu_exec().
>    - I'm setting DEBUG & single-step modes by calling cpu_single_step()
>    from the top of kvm_vcpu_thread_fn().
>    - in kvm_cpu_exec() I wait until I get a KVM_EXIT_DEBUG signal before
>    logging the instruction.
> 
> I have the output of TCG "-d in_asm" from the beginning of the execution,
> and I'm comparing the KVM output with that.
> 
> What I don't have right is the PC of the instruction that's been executed.
> The TCG is clearly sane, but the KVM output is not.
> 
> My best thought was to extract the PC from kvm_run (run->debug.arch.pc)
> after the KVM_RUN ioctl, but that doesn't match up. I also tried
> kvm_vcpu_ioctl() with KVM_GET_REGS, and grabbing the rip from cpu->env.rip.
> I didn't expect any of these to be *exactly* right, but I thought they
> would lead me to something sane.
> 
> Using run->debug.arch.pc gives me the right address for the first
> instruction, but nothing makes sense after that.
> 
> Can anyone help me get onto the right track?
> 
> Thanks!
> 
> -Steve

Is there some reason you can't do this using qemu's gdbstub and gdb? It
supports single-stepping under KVM. 

-Alex