From: Florian Hofhammer <florian.hofhammer@epfl.ch>
To: qemu-devel@nongnu.org
Subject: New capabilities for plugins
Date: Mon, 4 Aug 2025 12:14:06 +0200 [thread overview]
Message-ID: <205e6753-53a4-4739-99ed-26344403a437@epfl.ch> (raw)
Hello,
I'm currently working a lot with QEMU plugins for dynamic analysis of
userspace binaries (i.e., running under qemu-user). While working on
that, I found that the QEMU plugin API luckily has been getting more and
more capabilities with recent versions but that I'm still lacking some
functionality for my use cases.
More specifically, the "vcpu_syscall_cb" and "vcpu_syscall_ret"
callbacks already allow me to instrument syscall translation entry and
exit points. While the register read/write APIs also allow me to modify
register contents in my syscall callback implementations, there is
currently no good way to emulate a syscall myself in the plugin or
explicitly set the syscall return value (as it will be overwritten with
the original syscall's return value again, even if I set the
corresponding guest register).
I was wondering whether the QEMU community would be open to extending
the plugin API so that a plugin can fully emulate a syscall without the
original syscall being executed by QEMU. I had multiple approaches for
that in mind, with some working patches locally that I'd be happy to
share and build such a feature on:
1. Change the API of the existing callbacks so that the syscall entry
point callback returns "bool" instead of "void" and if any of the
registered callbacks returns true, execution of the actual syscall is
skipped.
2. Introduce a new API function that sets a flag for a specific syscall
to be skipped:
2a. A function that's called once in the manner of "always skip the
syscall with this specific syscall number" or
2b. a function that's called every time in the syscall entry point
callback in the manner of "skip this specific instance of the syscall".
I'd be happy to get your opinion on those proposals and to
develop/submit the corresponding patches!
Thanks in advance and best regards,
Florian
next reply other threads:[~2025-08-04 13:42 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-04 10:14 Florian Hofhammer [this message]
2025-08-04 16:05 ` New capabilities for plugins Alex Bennée
2025-08-05 13:22 ` Florian Hofhammer
2025-08-05 14:16 ` Alex Bennée
2025-08-05 14:30 ` Florian Hofhammer
2025-08-05 15:30 ` Alex Bennée
2025-08-21 16:02 ` Florian Hofhammer
2025-08-22 8:44 ` Alex Bennée
2025-08-26 14:37 ` Florian Hofhammer
2025-08-05 16:12 ` Daniel P. Berrangé
2025-08-21 15:58 ` Florian Hofhammer
2025-08-22 8:41 ` Alex Bennée
2025-08-04 17:01 ` Pierrick Bouvier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=205e6753-53a4-4739-99ed-26344403a437@epfl.ch \
--to=florian.hofhammer@epfl.ch \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).