I am trying to use Intel-PT on the host, while I run a general software program in the guest machine. So what I expect is the Intel-PT running in the host will record all the relevant packets(like PIP, FUP, TSC etc.) and also all the VM-based packets like VMCS.
I use the below command -
./perf kvm --host --guest --guestkallsyms=guest-kallsyms --guestmodules=guest-modules record -e intel_pt//
guest-kallsyms and guest-modules are the kallsyms and module files I copied from the guest onto my host.
I will then start my Virtual Machine. I will run a program on the guest machine. Once the program execution is complete, I will press Ctrl + C (SIGINT) in my host to stop the recording.
I see that once I try to use perf report to read the file generated using the below command -
./perf kvm report -i perf.data.kvm
It returns "NO SAMPLES FOUND". This means that Intel-PT has failed to record any samples.
NOTE: I found that the bit 14 for the value in the MSR MSR_IA32_VMX_MISC is 0, for my processor. As per the Intel documentation, this bit should be 1 for Intel-PT to be used in VMX operation. Does this in any way affect why Intel-PT does not record any samples ?
Will INTEL-PT work even when the VM is on ? Or is my method of recording data wrong ?
Edit: I am using Linux Kernel 4.11.3, having Ubuntu 17.04 and a Broadwell CPU, which supports Intel-PT.
Since I now have a clear idea of why Intel-PT does not work with QEMU-KVM on, I will post an answer.
As I mentioned in the question, the main reason for this not to work is the fact that the bit 14 for the value in the MSR MSR_IA32_VMX_MISC is 0, for my processor. As per the Intel documentation, this bit should be 1 for Intel-PT to be used in VMX root operation(between VMXON and VMXOFF).
The main problem is that when the above bit is 0, a VMXON instruction will set the TraceEn component of IA32_RTIT_CTL MSR to 0. This component controls the tracing operation, if this is reset, no tracing data is written to the buffer. This reset is controlled at the hardware level.
To perform this activity, it is necessary to have a Skylake processor, at least. I was using a Broadwell system, which, as it looks now, will not work.