From: "Alex Bennée" <alex.bennee@linaro.org>
To: Florian Hofhammer <florian.hofhammer@epfl.ch>
Cc: qemu-devel@nongnu.org, pierrick.bouvier@linaro.org,
richard.henderson@linaro.org, laurent@vivier.eu,
imp@bsdimp.com, berrange@redhat.com
Subject: Re: [RFC PATCH v2 2/2] tests/tcg: add test for qemu_plugin_set_pc API
Date: Fri, 12 Dec 2025 12:40:29 +0000 [thread overview]
Message-ID: <877burub42.fsf@draig.linaro.org> (raw)
In-Reply-To: <0b65f1ca-c960-4d9a-9029-23974218da80@epfl.ch> (Florian Hofhammer's message of "Mon, 6 Oct 2025 15:23:18 +0200")
Florian Hofhammer <florian.hofhammer@epfl.ch> writes:
> The test executes a non-existent syscall, which the syscall plugin
> intercepts and redirects to a clean exit.
> Due to architecture-specific quirks, the Makefile requires setting
> specific compiler and linker flags for some architectures.
>
> Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
> ---
> tests/tcg/multiarch/Makefile.target | 42 +++++++++++++++++++
> .../tcg/multiarch/test-plugin-skip-syscalls.c | 26 ++++++++++++
> tests/tcg/plugins/syscall.c | 6 +++
> 3 files changed, 74 insertions(+)
> create mode 100644 tests/tcg/multiarch/test-plugin-skip-syscalls.c
>
> diff --git a/tests/tcg/multiarch/Makefile.target b/tests/tcg/multiarch/Makefile.target
> index f5b4d2b813..7df3da2aba 100644
> --- a/tests/tcg/multiarch/Makefile.target
> +++ b/tests/tcg/multiarch/Makefile.target
> @@ -204,6 +204,48 @@ run-plugin-test-plugin-mem-access-with-libmem.so: \
> $(QEMU) $<
>
> EXTRA_RUNS_WITH_PLUGIN += run-plugin-test-plugin-mem-access-with-libmem.so
> +
> +# Test plugin control flow redirection by skipping system calls
> +ifeq ($(TARGET),arm-linux-user)
> +# Require emitting arm32 instructions, otherwise the vCPU might accidentally
> +# try to execute Thumb instructions in arm32 mode after qemu_plugin_set_pc()
> +test-plugin-skip-syscalls: CFLAGS+=-marm
> +endif
> +ifneq ($(filter mips64%-linux-user,$(TARGET)),)
> +# Require no ABI calls to avoid $t9-relative .got address calculation
> +test-plugin-skip-syscalls: CFLAGS+=-mno-abicalls -fno-pie
> +test-plugin-skip-syscalls: LDFLAGS+=-no-pie
> +endif
> +ifneq ($(filter mips%-linux-user,\
> + $(filter-out mips64%-linux-user,\
> + $(TARGET))),)
> +# qemu-mips(el) returns ENOSYS without triggering syscall plugin callbacks
> +run-plugin-test-plugin-skip-syscalls-with-libsyscall.so:
> + $(call skip-test, $<, "qemu-mips(el) does not execute invalid syscalls")
> +endif
> +ifeq ($(TARGET),sparc64-linux-user)
> +# The defined addresses for the binary are not aligned correctly for sparc64
> +# but adjusting them breaks other architectures, so just skip it on sparc64.
> +run-plugin-test-plugin-skip-syscalls-with-libsyscall.so:
> + $(call skip-test, $<, "qemu-sparc64 does not allow mapping at our given fixed address")
> +endif
> +ifeq ($(TARGET),hexagon-linux-user)
> +# hexagon uses clang/lld which does not support -Ttext-segment but GNU ld does
> +# not generally support --image-base.
> +test-plugin-skip-syscalls: LDFLAGS+=-Wl,--image-base=0x40000
> +else
> +test-plugin-skip-syscalls: LDFLAGS+=-Wl,-Ttext-segment=0x40000
> +endif
> +test-plugin-skip-syscalls: LDFLAGS+=-Wl,--section-start,.redirect=0x20000
> +run-plugin-test-plugin-skip-syscalls-with-libsyscall.so:
All these arch specific hacks should be moved to the arch specific
makefiles. We do this for example for the sha1 alt builds.
> +
> +EXTRA_RUNS_WITH_PLUGIN += run-plugin-test-plugin-skip-syscalls-with-libsyscall.so
> +
> +else # CONFIG_PLUGIN=n
> +# Do not build the syscall skipping test if it's not tested with a plugin
> +# because it will simply return an error and fail the test.
> +MULTIARCH_TESTS := $(filter-out "test-plugin-skip-syscalls", $(MULTIARCH_TESTS))
> +
rather than filtering it out lets move it into a subdir (plugin-tests?)
and conditionally include it like we do with linux above?
> endif
>
> # Update TESTS
> diff --git a/tests/tcg/multiarch/test-plugin-skip-syscalls.c b/tests/tcg/multiarch/test-plugin-skip-syscalls.c
> new file mode 100644
> index 0000000000..1f5cbc3851
> --- /dev/null
> +++ b/tests/tcg/multiarch/test-plugin-skip-syscalls.c
> @@ -0,0 +1,26 @@
> +/*
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + *
> + * This test attempts to execute an invalid syscall. The syscall test plugin
> + * should intercept this.
> + */
> +#include <stdint.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <unistd.h>
> +
> +void exit_success(void) __attribute__((section(".redirect"), noinline,
> + noreturn, used));
> +
> +void exit_success(void) {
> + _exit(EXIT_SUCCESS);
> +}
> +
> +int main(int argc, char *argv[]) {
> + long ret = syscall(0xc0deUL);
> + if (ret != 0L) {
> + perror("");
> + }
> + /* We should never get here */
> + return EXIT_FAILURE;
> +}
> diff --git a/tests/tcg/plugins/syscall.c b/tests/tcg/plugins/syscall.c
> index 42801f5c86..c5bac2d928 100644
> --- a/tests/tcg/plugins/syscall.c
> +++ b/tests/tcg/plugins/syscall.c
> @@ -148,6 +148,12 @@ static void vcpu_syscall(qemu_plugin_id_t id, unsigned int vcpu_index,
> fprintf(stderr, "Error reading memory from vaddr %"PRIu64"\n", a2);
> }
> }
> +
> + if (num == 0xc0deUL) {
> + /* Special syscall to test the control flow redirection functionality. */
> + qemu_plugin_outs("Marker syscall detected, jump to clean exit\n");
> + qemu_plugin_set_pc(0x20000);
> + }
> }
>
> static void vcpu_syscall_ret(qemu_plugin_id_t id, unsigned int vcpu_idx,
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2025-12-12 12:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-06 13:21 [RFC PATCH v2 0/2] Enable PC diversion via the plugin API Florian Hofhammer
2025-10-06 13:22 ` [RFC PATCH v2 1/2] plugins: Add PC diversion API function Florian Hofhammer
2025-12-12 12:35 ` Alex Bennée
2025-10-06 13:23 ` [RFC PATCH v2 2/2] tests/tcg: add test for qemu_plugin_set_pc API Florian Hofhammer
2025-12-12 12:40 ` Alex Bennée [this message]
2025-10-29 15:57 ` [RFC PATCH v2 0/2] Enable PC diversion via the plugin API Florian Hofhammer
2025-12-12 12:02 ` Alex Bennée
2025-12-12 17:36 ` Pierrick Bouvier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877burub42.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=berrange@redhat.com \
--cc=florian.hofhammer@epfl.ch \
--cc=imp@bsdimp.com \
--cc=laurent@vivier.eu \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).