Skip to content
Snippets Groups Projects
  1. May 16, 2018
  2. Apr 04, 2018
  3. May 31, 2017
  4. Apr 14, 2017
  5. Mar 15, 2017
  6. Mar 13, 2017
  7. Feb 23, 2017
  8. Feb 20, 2017
  9. Feb 02, 2017
  10. Feb 01, 2017
  11. Jan 18, 2017
    • Markus Metzger's avatar
      version: bump minor version number · 6a5fd7fc
      Markus Metzger authored
      
      Changes:
        - add a new block decoder layer
        - add a new image section cache and image section identifiers
        - add version macros to intel-pt.h
        - shrink or split existing image sections on overlap
        - add decoder-specific configuration flags
        - classify INT, INT1, INT3, and INTO as far calls
        - classify VMLAUNCH/VMRESUME as far call and VMCALL as far return
        - improve instruction length decode performance
        - fix an issue with instructions overlapping image section boundaries
        - fix an off-by-one end of trace indication
        - fix a bug with TMA for low MTC frequencies
        - ptunit:
          - avoid using mktempname
          - fix leaking of temporary files
        - ptdump:
          - fix an issue with ':' in filenames
        - ptxed:
          - allow an offset or range for raw binary files (--raw)
          - add --stat:insn and --stat:block to count instructions and blocks
          - add --block:show-blocks to print blocks
          - add --time to print the estimated TSC at each instruction
          - add --check to check instruction decode and classification against XED
          - fix an issue with ':' in filenames
          - fix a bug with --stat without --quiet
        - pttc:
          - fix a few memory leaks
      
      Change-Id: Ie810479b6a73fb8743efec56b686a53d8b4bec7d
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      v1.6
      6a5fd7fc
    • Markus Metzger's avatar
      libipt: fix doxygen-style comment indication · 4e17ce5c
      Markus Metzger authored
      
      The comment on struct pt_event.variant.enabled.ip lacks the leading ** marking
      it as a doxygen comment.  Add it.
      
      Change-Id: I233f75eec69fd302cdfa99ac36ba3ec4a19d5f40
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      4e17ce5c
    • Markus Metzger's avatar
      script, test: run ptxed with --check · b14c2f6d
      Markus Metzger authored
      
      Change-Id: I02cabf7737ef4ff5be113ba3ded21b0ae8308fa8
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      b14c2f6d
    • Markus Metzger's avatar
      ptxed: check instructions · e30ffc30
      Markus Metzger authored
      
      Add a new option --check that performs some checks.
      
      If --insn-decoder is specified, we check that:
      
        - XED can decode each instruction
        - an instruction's class matches XED's categorization
      
      If --block-decoder is specified, we check that:
      
        - XED can decode each instruction
        - we reach the block's end IP
        - the last instruction's class (if available) matches XED's categorization
      
      The --check option can be combined with --quiet to only print error messages.
      
      Change-Id: I2730384f9257469cb7401eeff4e4a717ecadd5dc
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      e30ffc30
    • Markus Metzger's avatar
      ptxed, block: do not modify the block while printing · 4c22e95f
      Markus Metzger authored
      
      When we print a block, we update block.ninsn and block.ip in order to get the IP
      for reporting decode errors right.  This has been addressed in the previous
      patch so we can now stop updating block.
      
      Change-Id: Ieffa51dfc5006c015dafe6278e3718d495ccccb6
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      4c22e95f
    • Markus Metzger's avatar
      ptxed, block: determine error ip · 28c19656
      Markus Metzger authored
      
      When diagnosing block decode or control-flow reconstruction errors, we report
      "block.ip + block.ninsn" as IP, where the latter is omitted if it is zero.
      
      Change this to use the current IP while printing for diagnosing control-flow
      reconstruction errors and block.end_ip or the next IP for diagnosing block
      decode errors depending on the erro type.
      
      This improves error reporting when --quiet is specified and further frees us
      from having to update block.ip and block.ninsn during printing.
      
      Change-Id: I906bdd18411e092019f19de40bc7bd51162fa225
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      28c19656
    • Markus Metzger's avatar
      ptxed, block: fetch an instruction after printing its IP · 8fc0dda3
      Markus Metzger authored
      
      In case of errors when trying to fetch an instruction, ptxed will print the
      error without the IP of the instruction it failed to fetch.  Reorder the code to
      first print the optional offset and time and the IP.
      
      Change-Id: Ic5ee512eb55577e0ab12d88611613b8fc6579b23
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      8fc0dda3
    • Markus Metzger's avatar
      ptxed, block: extract fetching an instruction · d6300fec
      Markus Metzger authored
      
      Extract the code for fetching an instruction from a block into a separate
      function.  We will need it in a few more places.
      
      Change-Id: Ibe676184f37f8328a4b684ff7d13a6d38fe8aa82
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      d6300fec
    • Markus Metzger's avatar
      libipt, block: provide instruction class of last instruction if available · d712eadc
      Markus Metzger authored
      
      In most cases the block decoder knows the instruction class of the instruction
      that ended the block.  Provide it to save our callers the effort of decoding the
      instruction in some cases.
      
      If it doesn't know the instruction class, set it to ptic_error and leave it to
      our callers to decide whether they need to decode the last instruction.
      
      Change-Id: I4174b628377635ccce0d5d8a8ebe71853592782c
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      d712eadc
    • Markus Metzger's avatar
      libipt: classify VMX instruction from VM's perspective · 05a98e22
      Markus Metzger authored
      
      We classify VMLAUNCH/VMRESUME as far call and VMCALL as far return.  This is
      from a VMM's perspective that is calling into guests.
      
      This is the opposite of how we handle OS calls where we treat SYSENTER as far
      call and SYSEXIT as far return.
      
      Change the VMX classification to align the two, i.e. classify VMLAUNCH/VMRESUME
      as far return and VMCALL as far call.
      
      Change-Id: I1a914d6c26a5807f820038390cfa3c0847b84071
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      05a98e22
    • Markus Metzger's avatar
      libipt: classify software interrupts as far branches · c63ca1de
      Markus Metzger authored
      
      Software interrupts (INT, INT1, INT3, INTO) are used for software breakpoints
      and for system calls.  The former are typically patched in and removed again
      before trace decode.  The latter remain in the code.  They are currently
      classified as 'other'.
      
      Classify software interrupts as far calls similar to SYSCALL and SYSENTER.
      
      Change-Id: I8aedaa8bded0215e04c3b797445ffc866700d6c9
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      c63ca1de
    • Markus Metzger's avatar
      libipt: software interrupt handling · 8642a937
      Markus Metzger authored
      
      Software interrupts receive FUP(CLIP) + TIP(BLIP?)
      
      We can not reliably determine whether the FUP/TIP belongs to the software
      interrupt or to an asynchronous interrupt that was taken before the instruction.
      
      To distinguish the two cases we would need to read ahead but that may require
      decoding an unknown amount of code (in the kernel or hypervisor or even in
      different processes) until we return either to CLIP if it was an asynchronous
      interrupt or to NLIP (or even to a later IP) if it wasn't.
      
      Instead, we assume that it was an asynchronous interrupt.  Control appears to
      flow from before the software interrupt instruction to the interrupt handler and
      back after the instruction.
      
      This is wrong most of the time.  But it is predictably wrong and it avoids the
      case where we incorrectly assume a synchronous transfer and get out of sync when
      we see the FUP/TIP for the software interrupt.
      
      Update our tests to show the correct trace and the incorrect control flow.
      
      Later patches may add heuristics that read ahead a little bit.
      
      Change-Id: I17849efe3d51d24ace5df00ddda8bd1573b11f7d
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      8642a937
  12. Jan 17, 2017
  13. Jan 04, 2017
  14. Jan 03, 2017
  15. Dec 01, 2016
    • Markus Metzger's avatar
      libipt: add version macros to intel-pt.h · 90a1c89d
      Markus Metzger authored
      
      Add two new macros
      
          LIBIPT_VERSION_MAJOR
          LIBIPT_VERSION_MINOR
      
      derived from the corresponding cmake variables
      
          PT_VERSION_MAJOR
          PT_VERSION_MINOR
      
      and a third macro
      
          LIBIPT_VERSION
      
      that gives the entire version in a single integer constant.
      
      This simplifies checking for new API bits.
      
      Change-Id: I0e212164d969ec94f79221b72f3eec88805db5af
      Signed-off-by: default avatarMarkus Metzger <markus.t.metzger@intel.com>
      90a1c89d
  16. Nov 24, 2016
Loading