On 210623 1514, Steven Raasch wrote: > Hi - > > I'm trying to create a hack that will allow me to extract an instruction > trace from QEMU/KVM (i386). The KVM part is important (see below). > > Background: > > - I have used KVM to create a snapshot of a windows-10 guest running a > graphics-intensive app. The *original* issue is that the app does not > execute correctly when re-started from the snapshot using TCG (it doesn't > crash, but it doesn't run correctly, either). So, using the existing "-d > in_asm" won't work. It seemed to me that hacking in tracing to KVM should > be easier than figuring out why the app doesn't work. > - I've poked around the tracing mechanism in the TCG, and extracted what > I need to dump instructions and then added that to kvm_cpu_exec(). > - I'm setting DEBUG & single-step modes by calling cpu_single_step() > from the top of kvm_vcpu_thread_fn(). > - in kvm_cpu_exec() I wait until I get a KVM_EXIT_DEBUG signal before > logging the instruction. > > I have the output of TCG "-d in_asm" from the beginning of the execution, > and I'm comparing the KVM output with that. > > What I don't have right is the PC of the instruction that's been executed. > The TCG is clearly sane, but the KVM output is not. > > My best thought was to extract the PC from kvm_run (run->debug.arch.pc) > after the KVM_RUN ioctl, but that doesn't match up. I also tried > kvm_vcpu_ioctl() with KVM_GET_REGS, and grabbing the rip from cpu->env.rip. > I didn't expect any of these to be *exactly* right, but I thought they > would lead me to something sane. > > Using run->debug.arch.pc gives me the right address for the first > instruction, but nothing makes sense after that. > > Can anyone help me get onto the right track? > > Thanks! > > -Steve
Is there some reason you can't do this using qemu's gdbstub and gdb? It supports single-stepping under KVM. -Alex