Re: [RFC PATCH V2 1/2] linux-user: add a plugin API to filter syscalls

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Richard Henderson <richard.henderson@linaro.org>
To: Ziyang Zhang <functioner@sjtu.edu.cn>,
	qemu-devel <qemu-devel@nongnu.org>
Cc: Riku Voipio <riku.voipio@iki.fi>,
	Laurent Vivier <laurent@vivier.eu>,
	alex bennee <alex.bennee@linaro.org>,
	Alexandre Iooss <erdnaxe@crans.org>,
	Mahmoud Mandour <ma.mandourr@gmail.com>,
	Pierrick Bouvier <pierrick.bouvier@linaro.org>,
	Zhengwei Qi <qizhwei@sjtu.edu.cn>,
	Yun Wang <yunwang94@sjtu.edu.cn>,
	Mingyuan Xia <xiamy@ultrarisc.com>,
	Kailiang Xu <xukl2019@sjtu.edu.cn>
Subject: Re: [RFC PATCH V2 1/2] linux-user: add a plugin API to filter syscalls
Date: Wed, 22 Oct 2025 11:00:20 -0500	[thread overview]
Message-ID: <80029288-4571-4e5a-ab99-b3c5c8daf8b6@linaro.org> (raw)
In-Reply-To: <1236223604.5812631.1761116021855.JavaMail.zimbra@sjtu.edu.cn>

On 10/22/25 01:53, Ziyang Zhang wrote:
> @@ -165,6 +166,10 @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, uint64_t a1,
>                            uint64_t a2, uint64_t a3, uint64_t a4, uint64_t a5,
>                            uint64_t a6, uint64_t a7, uint64_t a8);
>   void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret);
> +bool
> +qemu_plugin_vcpu_syscall_filter(CPUState *cpu, int64_t num, uint64_t a1,
> +                         uint64_t a2, uint64_t a3, uint64_t a4, uint64_t a5,
> +                         uint64_t a6, uint64_t a7, uint64_t a8, uint64_t *ret);

The second and third lines should indented just past the ( on the first line, i.e. with 
CPUState.

> +static inline bool
> +qemu_plugin_vcpu_syscall_filter(CPUState *cpu, int64_t num, uint64_t a1,
> +                                uint64_t a2, uint64_t a3, uint64_t a4,
> +                                uint64_t a5, uint64_t a6, uint64_t a7,
> +                                uint64_t a8, uint64_t *ret)

Like this.

> +typedef bool
> +(*qemu_plugin_vcpu_syscall_filter_cb_t)(qemu_plugin_id_t id,
> +                                unsigned int vcpu_index,
> +                                int64_t num, uint64_t a1, uint64_t a2,
> +                                uint64_t a3, uint64_t a4, uint64_t a5,
> +                                uint64_t a6, uint64_t a7, uint64_t a8,
> +                                uint64_t *ret);

Likewise.

> +static inline bool send_through_syscall_filters(CPUState *cpu, int num,
> +                                  abi_long arg1, abi_long arg2,
> +                                  abi_long arg3, abi_long arg4,
> +                                  abi_long arg5, abi_long arg6,
> +                                  abi_long arg7, abi_long arg8, abi_long *ret)

Do not mark inline; let the compiler decide.

> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index d78b2029fa..b8225f838f 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -14084,8 +14084,11 @@ abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1,
>           print_syscall(cpu_env, num, arg1, arg2, arg3, arg4, arg5, arg6);
>       }
>   
> -    ret = do_syscall1(cpu_env, num, arg1, arg2, arg3, arg4,
> -                      arg5, arg6, arg7, arg8);
> +    if (!send_through_syscall_filters(cpu, num, arg1, arg2, arg3, arg4, arg5,
> +        arg6, arg7, arg8, &ret)) {

Incorrect indent.

> +        ret = do_syscall1(cpu_env, num, arg1, arg2, arg3, arg4,
> +                        arg5, arg6, arg7, arg8);

Likewise.

> diff --git a/plugins/core.c b/plugins/core.c
> index ead09fd2f1..1b2f875fb1 100644
> --- a/plugins/core.c
> +++ b/plugins/core.c
> @@ -538,6 +538,40 @@ void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret)
>       }
>   }
>   
> +/*
> + * Disable CFI checks.
> + * The callback function has been loaded from an external library so we do not
> + * have type information
> + */
> +QEMU_DISABLE_CFI
> +bool
> +qemu_plugin_vcpu_syscall_filter(CPUState *cpu, int64_t num, uint64_t a1,
> +                         uint64_t a2, uint64_t a3, uint64_t a4, uint64_t a5,
> +                         uint64_t a6, uint64_t a7, uint64_t a8, uint64_t *ret)

Likewise.

> +{
> +    struct qemu_plugin_cb *cb, *next;
> +    enum qemu_plugin_event ev = QEMU_PLUGIN_EV_VCPU_SYSCALL_FILTER;
> +
> +    if (!test_bit(ev, cpu->plugin_state->event_mask)) {
> +        return false;
> +    }
> +
> +    bool filtered = false;
> +    QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
> +        qemu_plugin_vcpu_syscall_filter_cb_t func = cb->f.vcpu_syscall_filter;
> +
> +        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
> +        if (func(cb->ctx->id, cpu->cpu_index, num, a1, a2, a3, a4,
> +            a5, a6, a7, a8, ret)) {
> +            filtered = true;
> +            qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
> +            break;
> +        }
> +        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
> +    }
> +    return filtered;
> +}

The loop is better written

     QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
         bool filtered;

         qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
         filtered = cb->f.vcpu_syscall_filter(cb->ctx->id, cpu->cpu_index,
                                              num, a1, a2, a3, a4, a5,
                                              a6, a7, a8, ret);
         qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);

         if (filtered) {
             return true;
         }
     }
     return false;


r~

next prev parent reply	other threads:[~2025-10-22 16:02 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-22  6:52 [RFC PATCH V2 0/2] linux-user: add a syscall-filter plugin API Ziyang Zhang
2025-10-22  6:53 ` [RFC PATCH V2 1/2] linux-user: add a plugin API to filter syscalls Ziyang Zhang
2025-10-22 16:00   ` Richard Henderson [this message]
2025-10-27  7:14     ` Pierrick Bouvier
2025-10-28 11:17       ` Richard Henderson
2025-10-30 13:29         ` Ziyang Zhang
2025-10-22  6:54 ` [RFC PATCH V2 2/2] tcg tests: add a test to verify the syscall filter plugin API Ziyang Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=80029288-4571-4e5a-ab99-b3c5c8daf8b6@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=alex.bennee@linaro.org \
    --cc=erdnaxe@crans.org \
    --cc=functioner@sjtu.edu.cn \
    --cc=laurent@vivier.eu \
    --cc=ma.mandourr@gmail.com \
    --cc=pierrick.bouvier@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qizhwei@sjtu.edu.cn \
    --cc=riku.voipio@iki.fi \
    --cc=xiamy@ultrarisc.com \
    --cc=xukl2019@sjtu.edu.cn \
    --cc=yunwang94@sjtu.edu.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).