1 files changed, 39 insertions, 0 deletions

diff --git a/hw/goldfish_trace.h b/hw/goldfish_trace.h
index 76b61a8..61d3f4f 100644
--- a/hw/goldfish_trace.h
+++ b/hw/goldfish_trace.h
@@ -17,6 +17,11 @@
 #define CLIENT_PAGE_SIZE        4096
 
 /* trace device registers */
+
+/* The indices below all corresponds to slots that can only be accessed
+ * by the guest kernel. See below for indices reachable from the guest
+ * user-land.
+ */
 #define TRACE_DEV_REG_SWITCH            0
 #define TRACE_DEV_REG_FORK              1
 #define TRACE_DEV_REG_EXECVE_PID        2
@@ -43,6 +48,22 @@
 #define TRACE_DEV_REG_PRINT_NUM_HEX     62
 #define TRACE_DEV_REG_STOP_EMU          90
 #define TRACE_DEV_REG_ENABLE            100
+
+/* NOTE: The device's second physical page is mapped to /dev/qemu_trace
+ *        This means that if you do the following:
+ *
+ *           magicPage = my_mmap("/dev/qemu_trace", ...);
+ *           *(uint32_t*)magicPage[index] = value;
+ *
+ *        The write at address magicPage+index*4 here will be seen
+ *        by the device as a write to the i/o offset 4096 + index*4,
+ *        i.e. (1024 + index)*4.
+ *
+ *        As a consequence, any index defined below corresponds to
+ *        location (index-1024)*4 in the mmapped page in the guest.
+ */
+
+/* The first 64 entries are reserved for VM instrumentation */
 #define TRACE_DEV_REG_METHOD_ENTRY      1024
 #define TRACE_DEV_REG_METHOD_EXIT       1025
 #define TRACE_DEV_REG_METHOD_EXCEPTION  1026
@@ -50,6 +71,24 @@
 #define TRACE_DEV_REG_NATIVE_EXIT       1029
 #define TRACE_DEV_REG_NATIVE_EXCEPTION  1030
 
+/* Next, QEMUD fast pipes */
+#define TRACE_DEV_PIPE_BASE             1280    /* 1024 + (64*4) */
+#define TRACE_DEV_PIPE_COMMAND          (TRACE_DEV_PIPE_BASE + 0)
+#define TRACE_DEV_PIPE_STATUS           (TRACE_DEV_PIPE_BASE + 0)
+#define TRACE_DEV_PIPE_ADDRESS          (TRACE_DEV_PIPE_BASE + 1)
+#define TRACE_DEV_PIPE_SIZE             (TRACE_DEV_PIPE_BASE + 2)
+#define TRACE_DEV_PIPE_CHANNEL          (TRACE_DEV_PIPE_BASE + 3)
+
+/* These entries are reserved for libc instrumentation, i.e. memcheck */
+#if 0  /* see memcheck_common.h */
+#define TRACE_DEV_REG_MEMCHECK              1536  /* 1024 + (128*4) */
+#define TRACE_DEV_REG_LIBC_INIT             (TRACE_DEV_REG_MEMCHECK + MEMCHECK_EVENT_LIBC_INIT)
+#define TRACE_DEV_REG_MALLOC                (TRACE_DEV_REG_MEMCHECK + MEMCHECK_EVENT_MALLOC)
+#define TRACE_DEV_REG_FREE_PTR              (TRACE_DEV_REG_MEMCHECK + MEMCHECK_EVENT_FREE_PTR)
+#define TRACE_DEV_REG_QUERY_MALLOC          (TRACE_DEV_REG_MEMCHECK + MEMCHECK_EVENT_QUERY_MALLOC)
+#define TRACE_DEV_REG_PRINT_USER_STR        (TRACE_DEV_REG_MEMCHECK + MEMCHECK_EVENT_PRINT_USER_STR)
+#endif
+
 /* the virtual trace device state */
 typedef struct {
     struct goldfish_device dev;