From: "Alex Bennée" <alex.bennee@linaro.org>
To: Florian Hofhammer <florian.hofhammer@epfl.ch>
Cc: qemu-devel@nongnu.org, pierrick.bouvier@linaro.org,
richard.henderson@linaro.org, laurent@vivier.eu,
imp@bsdimp.com, berrange@redhat.com
Subject: Re: [RFC PATCH v2 1/2] plugins: Add PC diversion API function
Date: Fri, 12 Dec 2025 12:35:34 +0000 [thread overview]
Message-ID: <87cy4jubc9.fsf@draig.linaro.org> (raw)
In-Reply-To: <b461feb8-4ad5-481d-a497-dcb10b12ee79@epfl.ch> (Florian Hofhammer's message of "Mon, 6 Oct 2025 15:22:27 +0200")
Florian Hofhammer <florian.hofhammer@epfl.ch> writes:
> This patch adds a plugin API function that allows diverting the program
> counter during execution. A potential use case for this functionality is
> to skip over parts of the code, e.g., by hooking into a specific
> instruction and setting the PC to the next instruction in the callback.
>
> Redirecting control flow via cpu_loop_exit() works fine in callbacks
> that are triggered during code execution due to cpu_exec_setjmp() still
> being part of the call stack. If we want to use the new API in syscall
> callbacks, cpu_exec_setjmp() already returned and the longjmp()
> triggered by cpu_loop_exit() is undefined behavior. For this reason, we
> introduce a new return constant QEMU_ESETPC and do another setjmp()
> before executing syscall plugin callbacks and potentially the syscall
> itself.
>
> Link: https://lists.nongnu.org/archive/html/qemu-devel/2025-08/msg00656.html
>
> Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
> ---
> include/qemu/qemu-plugin.h | 15 +++++++++++++++
> linux-user/aarch64/cpu_loop.c | 2 +-
> linux-user/alpha/cpu_loop.c | 2 +-
> linux-user/arm/cpu_loop.c | 2 +-
> linux-user/hexagon/cpu_loop.c | 2 +-
> linux-user/hppa/cpu_loop.c | 4 ++++
> linux-user/i386/cpu_loop.c | 8 +++++---
> linux-user/include/special-errno.h | 8 ++++++++
> linux-user/loongarch64/cpu_loop.c | 5 +++--
> linux-user/m68k/cpu_loop.c | 2 +-
> linux-user/microblaze/cpu_loop.c | 2 +-
> linux-user/mips/cpu_loop.c | 5 +++--
> linux-user/openrisc/cpu_loop.c | 2 +-
> linux-user/ppc/cpu_loop.c | 6 ++++--
> linux-user/riscv/cpu_loop.c | 2 +-
> linux-user/s390x/cpu_loop.c | 2 +-
> linux-user/sh4/cpu_loop.c | 2 +-
> linux-user/sparc/cpu_loop.c | 4 +++-
> linux-user/syscall.c | 8 ++++++++
> linux-user/xtensa/cpu_loop.c | 3 +++
> plugins/api.c | 17 ++++++++++++++++-
> plugins/core.c | 25 ++++++++++++++-----------
> 22 files changed, 96 insertions(+), 32 deletions(-)
>
> diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
> index c450106af1..be72ef9d70 100644
> --- a/include/qemu/qemu-plugin.h
> +++ b/include/qemu/qemu-plugin.h
> @@ -261,11 +261,14 @@ typedef struct {
> * @QEMU_PLUGIN_CB_NO_REGS: callback does not access the CPU's regs
> * @QEMU_PLUGIN_CB_R_REGS: callback reads the CPU's regs
> * @QEMU_PLUGIN_CB_RW_REGS: callback reads and writes the CPU's regs
> + * @QEMU_PLUGIN_CB_RW_REGS_PC: callback reads and writes the CPU's
> + * regs and updates the PC
> */
> enum qemu_plugin_cb_flags {
> QEMU_PLUGIN_CB_NO_REGS,
> QEMU_PLUGIN_CB_R_REGS,
> QEMU_PLUGIN_CB_RW_REGS,
> + QEMU_PLUGIN_CB_RW_REGS_PC,
> };
>
> enum qemu_plugin_mem_rw {
> @@ -943,6 +946,18 @@ QEMU_PLUGIN_API
> int qemu_plugin_write_register(struct qemu_plugin_register *handle,
> GByteArray *buf);
>
> +/**
> + * qemu_plugin_set_pc() - set the program counter for the current vCPU
> + *
> + * @vaddr: the new virtual (guest) address for the program counter
> + *
> + * This function sets the program counter for the current vCPU to @vaddr and
> + * resumes execution at that address. This function only returns in case of
> + * errors.
> + */
> +QEMU_PLUGIN_API
> +void qemu_plugin_set_pc(uint64_t vaddr);
> +
> /**
> * qemu_plugin_read_memory_vaddr() - read from memory using a virtual address
> *
> diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
> index 50a4c99535..d220d18696 100644
> --- a/linux-user/aarch64/cpu_loop.c
> +++ b/linux-user/aarch64/cpu_loop.c
> @@ -176,7 +176,7 @@ void cpu_loop(CPUARMState *env)
> 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->pc -= 4;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->xregs[0] = ret;
> }
> break;
> diff --git a/linux-user/alpha/cpu_loop.c b/linux-user/alpha/cpu_loop.c
> index f93597c400..bef196b1f5 100644
> --- a/linux-user/alpha/cpu_loop.c
> +++ b/linux-user/alpha/cpu_loop.c
> @@ -82,7 +82,7 @@ void cpu_loop(CPUAlphaState *env)
> env->pc -= 4;
> break;
> }
> - if (sysret == -QEMU_ESIGRETURN) {
> + if (sysret == -QEMU_ESIGRETURN || sysret == -QEMU_ESETPC) {
> break;
> }
> /* Syscall writes 0 to V0 to bypass error check, similar
> diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
> index cd89b7d6f5..ef77b56785 100644
> --- a/linux-user/arm/cpu_loop.c
> +++ b/linux-user/arm/cpu_loop.c
> @@ -416,7 +416,7 @@ void cpu_loop(CPUARMState *env)
> 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->regs[15] -= env->thumb ? 2 : 4;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->regs[0] = ret;
> }
> }
> diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c
> index 1941f4c9c1..9adb3ec4c6 100644
> --- a/linux-user/hexagon/cpu_loop.c
> +++ b/linux-user/hexagon/cpu_loop.c
> @@ -56,7 +56,7 @@ void cpu_loop(CPUHexagonState *env)
> 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->gpr[HEX_REG_PC] -= 4;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->gpr[0] = ret;
> }
> break;
> diff --git a/linux-user/hppa/cpu_loop.c b/linux-user/hppa/cpu_loop.c
> index 356cb48acc..5c8d2577ef 100644
> --- a/linux-user/hppa/cpu_loop.c
> +++ b/linux-user/hppa/cpu_loop.c
> @@ -17,6 +17,7 @@
> * along with this program; if not, see <http://www.gnu.org/licenses/>.
> */
>
> +#include "qemu/compiler.h"
> #include "qemu/osdep.h"
> #include "qemu.h"
> #include "user-internals.h"
> @@ -135,7 +136,10 @@ void cpu_loop(CPUHPPAState *env)
> env->iaoq_b = env->iaoq_f + 4;
> break;
> case -QEMU_ERESTARTSYS:
> + QEMU_FALLTHROUGH;
> case -QEMU_ESIGRETURN:
> + QEMU_FALLTHROUGH;
> + case -QEMU_ESETPC:
> break;
> }
> break;
> diff --git a/linux-user/i386/cpu_loop.c b/linux-user/i386/cpu_loop.c
> index f3f58576af..fe922fceb5 100644
> --- a/linux-user/i386/cpu_loop.c
> +++ b/linux-user/i386/cpu_loop.c
> @@ -181,7 +181,9 @@ static void emulate_vsyscall(CPUX86State *env)
> if (ret == -TARGET_EFAULT) {
> goto sigsegv;
> }
> - env->regs[R_EAX] = ret;
> + if (ret != -QEMU_ESETPC) {
> + env->regs[R_EAX] = ret;
> + }
>
> /* Emulate a ret instruction to leave the vsyscall page. */
> env->eip = caller;
> @@ -234,7 +236,7 @@ void cpu_loop(CPUX86State *env)
> 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->eip -= 2;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->regs[R_EAX] = ret;
> }
> break;
> @@ -253,7 +255,7 @@ void cpu_loop(CPUX86State *env)
> 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->eip -= 2;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->regs[R_EAX] = ret;
> }
> break;
> diff --git a/linux-user/include/special-errno.h b/linux-user/include/special-errno.h
> index 4120455baa..1db757241a 100644
> --- a/linux-user/include/special-errno.h
> +++ b/linux-user/include/special-errno.h
> @@ -29,4 +29,12 @@
> */
> #define QEMU_ESIGRETURN 513
>
> +/*
> + * This is returned after a plugin has used the qemu_plugin_set_pc API, to
> + * indicate that the plugin deliberately changed the PC and potentially
> + * modified the register values. The main loop should not touch the guest
> + * registers for this reason.
> + */
> +#define QEMU_ESETPC 514
> +
> #endif /* SPECIAL_ERRNO_H */
> diff --git a/linux-user/loongarch64/cpu_loop.c b/linux-user/loongarch64/cpu_loop.c
> index 26a5ce3a93..603fcc39c7 100644
> --- a/linux-user/loongarch64/cpu_loop.c
> +++ b/linux-user/loongarch64/cpu_loop.c
> @@ -44,9 +44,10 @@ void cpu_loop(CPULoongArchState *env)
> env->pc -= 4;
> break;
> }
> - if (ret == -QEMU_ESIGRETURN) {
> + if (ret == -QEMU_ESIGRETURN || ret == -QEMU_ESETPC) {
> /*
> - * Returning from a successful sigreturn syscall.
> + * Returning from a successful sigreturn syscall or from
> + * control flow diversion in a plugin callback.
> * Avoid clobbering register state.
> */
> break;
> diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
> index 2c9f628241..b98ca8ff7b 100644
> --- a/linux-user/m68k/cpu_loop.c
> +++ b/linux-user/m68k/cpu_loop.c
> @@ -66,7 +66,7 @@ void cpu_loop(CPUM68KState *env)
> 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->pc -= 2;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->dregs[0] = ret;
> }
> }
> diff --git a/linux-user/microblaze/cpu_loop.c b/linux-user/microblaze/cpu_loop.c
> index 78506ab23d..06d92c0b90 100644
> --- a/linux-user/microblaze/cpu_loop.c
> +++ b/linux-user/microblaze/cpu_loop.c
> @@ -54,7 +54,7 @@ void cpu_loop(CPUMBState *env)
> if (ret == -QEMU_ERESTARTSYS) {
> /* Wind back to before the syscall. */
> env->pc -= 4;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->regs[3] = ret;
> }
> /* All syscall exits result in guest r14 being equal to the
> diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
> index 2365de1de1..af98138eb2 100644
> --- a/linux-user/mips/cpu_loop.c
> +++ b/linux-user/mips/cpu_loop.c
> @@ -140,8 +140,9 @@ done_syscall:
> env->active_tc.PC -= 4;
> break;
> }
> - if (ret == -QEMU_ESIGRETURN) {
> - /* Returning from a successful sigreturn syscall.
> + if (ret == -QEMU_ESIGRETURN || ret == -QEMU_ESETPC) {
> + /* Returning from a successful sigreturn syscall or from
> + control flow diversion in a plugin callback.
> Avoid clobbering register state. */
> break;
> }
> diff --git a/linux-user/openrisc/cpu_loop.c b/linux-user/openrisc/cpu_loop.c
> index 2167d880d5..e7e9929e6f 100644
> --- a/linux-user/openrisc/cpu_loop.c
> +++ b/linux-user/openrisc/cpu_loop.c
> @@ -48,7 +48,7 @@ void cpu_loop(CPUOpenRISCState *env)
> cpu_get_gpr(env, 8), 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->pc -= 4;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> cpu_set_gpr(env, 11, ret);
> }
> break;
> diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
> index b0b0cb14b4..1f8aae14bb 100644
> --- a/linux-user/ppc/cpu_loop.c
> +++ b/linux-user/ppc/cpu_loop.c
> @@ -340,8 +340,10 @@ void cpu_loop(CPUPPCState *env)
> env->nip -= 4;
> break;
> }
> - if (ret == (target_ulong)(-QEMU_ESIGRETURN)) {
> - /* Returning from a successful sigreturn syscall.
> + if (ret == (target_ulong)(-QEMU_ESIGRETURN)
> + || ret == (target_ulong)(-QEMU_ESETPC)) {
> + /* Returning from a successful sigreturn syscall or from
> + control flow diversion in a plugin callback.
> Avoid corrupting register state. */
> break;
> }
> diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c
> index ce542540c2..eecc8d1517 100644
> --- a/linux-user/riscv/cpu_loop.c
> +++ b/linux-user/riscv/cpu_loop.c
> @@ -65,7 +65,7 @@ void cpu_loop(CPURISCVState *env)
> }
> if (ret == -QEMU_ERESTARTSYS) {
> env->pc -= 4;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->gpr[xA0] = ret;
> }
> if (cs->singlestep_enabled) {
> diff --git a/linux-user/s390x/cpu_loop.c b/linux-user/s390x/cpu_loop.c
> index 4929b32e1f..67d2a803fb 100644
> --- a/linux-user/s390x/cpu_loop.c
> +++ b/linux-user/s390x/cpu_loop.c
> @@ -83,7 +83,7 @@ void cpu_loop(CPUS390XState *env)
> env->regs[6], env->regs[7], 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->psw.addr -= env->int_svc_ilen;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->regs[2] = ret;
> }
>
> diff --git a/linux-user/sh4/cpu_loop.c b/linux-user/sh4/cpu_loop.c
> index 0c9d7e9c46..ee2958d0d9 100644
> --- a/linux-user/sh4/cpu_loop.c
> +++ b/linux-user/sh4/cpu_loop.c
> @@ -50,7 +50,7 @@ void cpu_loop(CPUSH4State *env)
> 0, 0);
> if (ret == -QEMU_ERESTARTSYS) {
> env->pc -= 2;
> - } else if (ret != -QEMU_ESIGRETURN) {
> + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
> env->gregs[0] = ret;
> }
> break;
> diff --git a/linux-user/sparc/cpu_loop.c b/linux-user/sparc/cpu_loop.c
> index 7391e2add8..f054316dce 100644
> --- a/linux-user/sparc/cpu_loop.c
> +++ b/linux-user/sparc/cpu_loop.c
> @@ -229,7 +229,9 @@ void cpu_loop (CPUSPARCState *env)
> env->regwptr[2], env->regwptr[3],
> env->regwptr[4], env->regwptr[5],
> 0, 0);
> - if (ret == -QEMU_ERESTARTSYS || ret == -QEMU_ESIGRETURN) {
> + if (ret == -QEMU_ERESTARTSYS
> + || ret == -QEMU_ESIGRETURN
> + || ret == -QEMU_ESETPC) {
> break;
> }
> if ((abi_ulong)ret >= (abi_ulong)(-515)) {
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index d78b2029fa..f74b8ac596 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -43,6 +43,7 @@
> #include <linux/capability.h>
> #include <sched.h>
> #include <sys/timex.h>
> +#include <setjmp.h>
> #include <sys/socket.h>
> #include <linux/sockios.h>
> #include <sys/un.h>
> @@ -584,6 +585,9 @@ const char *target_strerror(int err)
> if (err == QEMU_ESIGRETURN) {
> return "Successful exit from sigreturn";
> }
> + if (err == QEMU_ESETPC) {
> + return "Successfully redirected control flow via qemu_plugin_set_pc";
> + }
>
> return strerror(target_to_host_errno(err));
> }
> @@ -14077,6 +14081,10 @@ abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1,
> return -QEMU_ESIGRETURN;
> }
>
> + if (unlikely(sigsetjmp(cpu->jmp_env, 0) != 0)) {
> + return -QEMU_ESETPC;
> + }
> +
> record_syscall_start(cpu, num, arg1,
> arg2, arg3, arg4, arg5, arg6, arg7, arg8);
>
> diff --git a/linux-user/xtensa/cpu_loop.c b/linux-user/xtensa/cpu_loop.c
> index a0ff10eff8..7680e243bb 100644
> --- a/linux-user/xtensa/cpu_loop.c
> +++ b/linux-user/xtensa/cpu_loop.c
> @@ -17,6 +17,7 @@
> * along with this program; if not, see <http://www.gnu.org/licenses/>.
> */
>
> +#include "qemu/compiler.h"
> #include "qemu/osdep.h"
> #include "qemu.h"
> #include "user-internals.h"
> @@ -185,6 +186,8 @@ void cpu_loop(CPUXtensaState *env)
> env->pc -= 3;
> break;
>
> + case -QEMU_ESETPC:
> + QEMU_FALLTHROUGH;
> case -QEMU_ESIGRETURN:
> break;
> }
> diff --git a/plugins/api.c b/plugins/api.c
> index eac04cc1f6..fc19bdb40b 100644
> --- a/plugins/api.c
> +++ b/plugins/api.c
> @@ -41,6 +41,7 @@
> #include "qemu/log.h"
> #include "system/memory.h"
> #include "tcg/tcg.h"
> +#include "exec/cpu-common.h"
> #include "exec/gdbstub.h"
> #include "exec/target_page.h"
> #include "exec/translation-block.h"
> @@ -450,13 +451,27 @@ int qemu_plugin_write_register(struct qemu_plugin_register *reg,
> {
> g_assert(current_cpu);
>
> - if (buf->len == 0 || qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS) {
> + if (buf->len == 0 || (
> + qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS
> + && qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS_PC)) {
> return -1;
> }
If we are exposing a specific qemu_plugin_set_pc we should probably
forbid setting it via write_register. Can we filter out the PC from the
register list?
>
> return gdb_write_register(current_cpu, buf->data, GPOINTER_TO_INT(reg) - 1);
> }
>
> +void qemu_plugin_set_pc(uint64_t vaddr)
> +{
> + g_assert(current_cpu);
> +
> + if (qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS_PC) {
> + return;
> + }
Given we aggressively assert that some functions are called in the
current_cpu context maybe we should do the same here? If the plugin
tries to set the PC and it doesn't work what is going to happen?
> +
> + cpu_set_pc(current_cpu, vaddr);
> + cpu_loop_exit(current_cpu);
> +}
> +
> bool qemu_plugin_read_memory_vaddr(uint64_t addr, GByteArray *data, size_t len)
> {
> g_assert(current_cpu);
> diff --git a/plugins/core.c b/plugins/core.c
> index ead09fd2f1..b514293117 100644
> --- a/plugins/core.c
> +++ b/plugins/core.c
> @@ -369,15 +369,16 @@ void plugin_register_dyn_cb__udata(GArray **arr,
> enum qemu_plugin_cb_flags flags,
> void *udata)
> {
> - static TCGHelperInfo info[3] = {
> + static TCGHelperInfo info[4] = {
> [QEMU_PLUGIN_CB_NO_REGS].flags = TCG_CALL_NO_RWG,
> [QEMU_PLUGIN_CB_R_REGS].flags = TCG_CALL_NO_WG,
> [QEMU_PLUGIN_CB_RW_REGS].flags = 0,
> + [QEMU_PLUGIN_CB_RW_REGS_PC].flags = 0,
> /*
> * Match qemu_plugin_vcpu_udata_cb_t:
> * void (*)(uint32_t, void *)
> */
> - [0 ... 2].typemask = (dh_typemask(void, 0) |
> + [0 ... 3].typemask = (dh_typemask(void, 0) |
> dh_typemask(i32, 1) |
> dh_typemask(ptr, 2))
> };
> @@ -399,15 +400,16 @@ void plugin_register_dyn_cond_cb__udata(GArray **arr,
> uint64_t imm,
> void *udata)
> {
> - static TCGHelperInfo info[3] = {
> + static TCGHelperInfo info[4] = {
> [QEMU_PLUGIN_CB_NO_REGS].flags = TCG_CALL_NO_RWG,
> [QEMU_PLUGIN_CB_R_REGS].flags = TCG_CALL_NO_WG,
> [QEMU_PLUGIN_CB_RW_REGS].flags = 0,
> + [QEMU_PLUGIN_CB_RW_REGS_PC].flags = 0,
> /*
> * Match qemu_plugin_vcpu_udata_cb_t:
> * void (*)(uint32_t, void *)
> */
> - [0 ... 2].typemask = (dh_typemask(void, 0) |
> + [0 ... 3].typemask = (dh_typemask(void, 0) |
> dh_typemask(i32, 1) |
> dh_typemask(ptr, 2))
> };
> @@ -438,15 +440,16 @@ void plugin_register_vcpu_mem_cb(GArray **arr,
> !__builtin_types_compatible_p(qemu_plugin_meminfo_t, uint32_t) &&
> !__builtin_types_compatible_p(qemu_plugin_meminfo_t, int32_t));
>
> - static TCGHelperInfo info[3] = {
> + static TCGHelperInfo info[4] = {
> [QEMU_PLUGIN_CB_NO_REGS].flags = TCG_CALL_NO_RWG,
> [QEMU_PLUGIN_CB_R_REGS].flags = TCG_CALL_NO_WG,
> [QEMU_PLUGIN_CB_RW_REGS].flags = 0,
> + [QEMU_PLUGIN_CB_RW_REGS_PC].flags = 0,
> /*
> * Match qemu_plugin_vcpu_mem_cb_t:
> * void (*)(uint32_t, qemu_plugin_meminfo_t, uint64_t, void *)
> */
> - [0 ... 2].typemask =
> + [0 ... 3].typemask =
> (dh_typemask(void, 0) |
> dh_typemask(i32, 1) |
> (__builtin_types_compatible_p(qemu_plugin_meminfo_t, uint32_t)
> @@ -508,7 +511,7 @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, uint64_t a1, uint64_t a2,
> QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
> qemu_plugin_vcpu_syscall_cb_t func = cb->f.vcpu_syscall;
>
> - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
> + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
> func(cb->ctx->id, cpu->cpu_index, num, a1, a2, a3, a4, a5, a6, a7, a8);
> qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
> }
> @@ -532,7 +535,7 @@ void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret)
> QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
> qemu_plugin_vcpu_syscall_ret_cb_t func = cb->f.vcpu_syscall_ret;
>
> - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
> + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
> func(cb->ctx->id, cpu->cpu_index, num, ret);
> qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
> }
> @@ -542,7 +545,7 @@ void qemu_plugin_vcpu_idle_cb(CPUState *cpu)
> {
> /* idle and resume cb may be called before init, ignore in this case */
> if (cpu->cpu_index < plugin.num_vcpus) {
> - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
> + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
> plugin_vcpu_cb__simple(cpu, QEMU_PLUGIN_EV_VCPU_IDLE);
> qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
> }
> @@ -551,7 +554,7 @@ void qemu_plugin_vcpu_idle_cb(CPUState *cpu)
> void qemu_plugin_vcpu_resume_cb(CPUState *cpu)
> {
> if (cpu->cpu_index < plugin.num_vcpus) {
> - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
> + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
> plugin_vcpu_cb__simple(cpu, QEMU_PLUGIN_EV_VCPU_RESUME);
> qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
> }
> @@ -788,6 +791,6 @@ enum qemu_plugin_cb_flags tcg_call_to_qemu_plugin_cb_flags(int flags)
> } else if (flags & TCG_CALL_NO_WG) {
> return QEMU_PLUGIN_CB_R_REGS;
> } else {
> - return QEMU_PLUGIN_CB_RW_REGS;
> + return QEMU_PLUGIN_CB_RW_REGS_PC;
> }
> }
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2025-12-12 12:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-06 13:21 [RFC PATCH v2 0/2] Enable PC diversion via the plugin API Florian Hofhammer
2025-10-06 13:22 ` [RFC PATCH v2 1/2] plugins: Add PC diversion API function Florian Hofhammer
2025-12-12 12:35 ` Alex Bennée [this message]
2025-10-06 13:23 ` [RFC PATCH v2 2/2] tests/tcg: add test for qemu_plugin_set_pc API Florian Hofhammer
2025-12-12 12:40 ` Alex Bennée
2025-10-29 15:57 ` [RFC PATCH v2 0/2] Enable PC diversion via the plugin API Florian Hofhammer
2025-12-12 12:02 ` Alex Bennée
2025-12-12 17:36 ` Pierrick Bouvier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cy4jubc9.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=berrange@redhat.com \
--cc=florian.hofhammer@epfl.ch \
--cc=imp@bsdimp.com \
--cc=laurent@vivier.eu \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).