This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Model-Specific Register

From: "Frank Ch. Eigler" <fche at redhat dot com>
To: Lorenzo Cavallaro <sullivan at idea dot sec dot dico dot unimi dot it>
Cc: systemtap at sources dot redhat dot com
Date: Tue, 10 Oct 2006 15:46:29 -0400
Subject: Re: Model-Specific Register
References: <20061009233835.GA19664@fermi>

Hi -

On Mon, Oct 09, 2006 at 07:38:35PM -0400, Lorenzo Cavallaro wrote:
> [...]

[forwarding to mailing list, please excuse less than usual trimming]

>    I'm an italian PhD student in Computer Science at Universita` degli Studi
>    di Milano, Italy.

Welcome.

>    I just recently came accross System Tap and I think it's an amazing
>    framework (along with Kprobe, of course), even if I didn't have the
>    opportunity to try it out yet.
> 
>    I would like to ask you few questions about Model-Specific Register, if
>    you don't mind... [...]

Sorry, I'm not very familiar with them.

>    Beside that, I would like to measure (count) the number of branches (call,
>    jmp, jcc, loop) executed so far by a given process while it's executing in
>    user space. Do you think MSR (in particular) branch_retired register could
>    be useful for what I'm trying to do?

Certainly.  Systemtap proper does not expose those registers yet, but
using e.g.  inline C code, it should be able to pull out such
information.

>    Moreover, I would like to save this register (or a combo of
>    registers) into the process task_struct since I would like to
>    keep this counter accross processes' context switch [...]

Check out the perfmon2 patches for the kernel.  Among other things, they
do this sort of context switch tracking.

(An aside for systemtap developers: Now that I think about it though,
systemtap might be able to emulate this part of perfmon2 also, by
hooking context switching events, and saving/restoring data within
per-task systemtap arrays.  I wonder how far we might be able to go
emulating perfmon2's kernel-side code using a clever set of probes!)

>    As a complication, I would like to instrument at run-time a
>    process behavior by means of ptrace system call, so I think some
>    modification to that part of kernel code have to be done as well
>    [...]

ptrace is a way of performing low-level manipulation of a user-space
program's code/data from another user-space program.  Why do you
suspect kernel patches are needed?

>    Btw, there's a paper by Dunlap et al. titled ``ReVirt: Enabling Intrusion
>    Analysis through Virtual-Machine Logging and Reply'' that makes use of
>    branch_retired for somehow getting something similar to what I'd like to
>    have... [...]

http://www.eecs.umich.edu/~kingst/revirt.pdf

Interesting paper, dealing with use of virtualization for
security/checkpoint domain containment.

- FChE

Attachment: pgp00000.pgp
Description: PGP signature

Follow-Ups:
- Re: Model-Specific Register
  - From: Lorenzo Cavallaro

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]