MAINTAINERS | 1 +
include/plugins/qemu-plugin.h | 19 +++
linux-user/aarch64/cpu_loop.c | 2 +-
linux-user/alpha/cpu_loop.c | 2 +-
linux-user/arm/cpu_loop.c | 2 +-
linux-user/hexagon/cpu_loop.c | 2 +-
linux-user/hppa/cpu_loop.c | 1 +
linux-user/i386/cpu_loop.c | 8 +-
linux-user/include/special-errno.h | 8 ++
linux-user/loongarch64/cpu_loop.c | 5 +-
linux-user/m68k/cpu_loop.c | 2 +-
linux-user/microblaze/cpu_loop.c | 2 +-
linux-user/mips/cpu_loop.c | 9 +-
linux-user/or1k/cpu_loop.c | 2 +-
linux-user/ppc/cpu_loop.c | 10 +-
linux-user/riscv/cpu_loop.c | 2 +-
linux-user/s390x/cpu_loop.c | 2 +-
linux-user/sh4/cpu_loop.c | 2 +-
linux-user/sparc/cpu_loop.c | 4 +-
linux-user/syscall.c | 16 +++
linux-user/xtensa/cpu_loop.c | 1 +
plugins/api.c | 42 ++++++-
plugins/core.c | 29 +++--
tests/tcg/arm/Makefile.target | 6 +
tests/tcg/multiarch/Makefile.target | 17 ++-
.../multiarch/{ => plugin}/check-plugin-output.sh | 0
.../{ => plugin}/test-plugin-mem-access.c | 0
tests/tcg/multiarch/plugin/test-plugin-set-pc.c | 140 +++++++++++++++++++++
tests/tcg/plugins/meson.build | 2 +
tests/tcg/plugins/registers.c | 79 ++++++++++++
tests/tcg/plugins/setpc.c | 120 ++++++++++++++++++
31 files changed, 495 insertions(+), 42 deletions(-)
Hi,
This patch series builds on top of the discussion from the thread at
https://lore.kernel.org/qemu-devel/e9bcd7c7-2d67-469e-b2f3-d1a68e456b2b@epfl.ch/
and adds a plugin API function to set the program counter of the guest,
as just writing to it via qemu_plugin_write_register() has no direct
effect.
This version v6 of the patch series addresses the requested changes from
the previous v4 submission and an incorrect commit message from v5
(details below).
Note: checkpatch.pl still reports a warning about line length violations
in patch nr. 6/7 but I did not fix this, as the line was already > 80
characters long previously, the change added only a single character,
and I think the readability of the code is better as it is now. Please
let me know if you disagree and would like me to fix this!
Best regards,
Florian
Changes:
v6:
- update commit message for patch 4/7
v5:
- make QEMU abort via asserts instead of just returning an error from
the plugin API if preconditions are violated
- extend tests for qemu_plugin_set_pc() to different contexts
- fix issues highlighted by checkpatch.pl
v4:
- switch strcmp out in favor of g_strcmp0
- split the patch introducing the qemu_plugin_set_pc() API into three
patches, two for preparing the plugin infrastructure and the syscall
handling code and a third introducing the actual plugin API
v3:
- make PC registers read-only across architectures
- add tests for read-only registers
- adjust test structure for qemu_plugin_set_pc() by moving
architecture-specific tests into corresponding directories
v2:
- add setjmp() in syscall handling path to allow PC redirection from
syscall callbacks (via longjmp(), the cpu_loop()'s setjmp() for
exiting a TB would not be live anymore in syscall handlers)
- add flags to ensure the qemu_plugin_set_pc() API is only called from
contexts where the CPU is live
- add test for qemu_plugin_set_pc() API
v1:
- initial version
---
Florian Hofhammer (7):
plugins: add flag to specify whether PC is rw
linux-user: make syscall emulation interruptible
plugins: add PC diversion API function
tests/tcg: add tests for qemu_plugin_set_pc API
plugins: add read-only property for registers
plugins: prohibit writing to read-only registers
tests/tcg/plugins: test register accesses
MAINTAINERS | 1 +
include/plugins/qemu-plugin.h | 19 +++
linux-user/aarch64/cpu_loop.c | 2 +-
linux-user/alpha/cpu_loop.c | 2 +-
linux-user/arm/cpu_loop.c | 2 +-
linux-user/hexagon/cpu_loop.c | 2 +-
linux-user/hppa/cpu_loop.c | 1 +
linux-user/i386/cpu_loop.c | 8 +-
linux-user/include/special-errno.h | 8 ++
linux-user/loongarch64/cpu_loop.c | 5 +-
linux-user/m68k/cpu_loop.c | 2 +-
linux-user/microblaze/cpu_loop.c | 2 +-
linux-user/mips/cpu_loop.c | 9 +-
linux-user/or1k/cpu_loop.c | 2 +-
linux-user/ppc/cpu_loop.c | 10 +-
linux-user/riscv/cpu_loop.c | 2 +-
linux-user/s390x/cpu_loop.c | 2 +-
linux-user/sh4/cpu_loop.c | 2 +-
linux-user/sparc/cpu_loop.c | 4 +-
linux-user/syscall.c | 16 +++
linux-user/xtensa/cpu_loop.c | 1 +
plugins/api.c | 42 ++++++-
plugins/core.c | 29 +++--
tests/tcg/arm/Makefile.target | 6 +
tests/tcg/multiarch/Makefile.target | 17 ++-
.../multiarch/{ => plugin}/check-plugin-output.sh | 0
.../{ => plugin}/test-plugin-mem-access.c | 0
tests/tcg/multiarch/plugin/test-plugin-set-pc.c | 140 +++++++++++++++++++++
tests/tcg/plugins/meson.build | 2 +
tests/tcg/plugins/registers.c | 79 ++++++++++++
tests/tcg/plugins/setpc.c | 120 ++++++++++++++++++
31 files changed, 495 insertions(+), 42 deletions(-)
---
base-commit: 3fb456e9a0e9eef6a71d9b49bfff596a0f0046e9
change-id: 20260303-setpc-v5-c1df30bad07f
On 3/3/26 5:07 AM, Florian Hofhammer wrote:
> Hi,
>
> This patch series builds on top of the discussion from the thread at
> https://lore.kernel.org/qemu-devel/e9bcd7c7-2d67-469e-b2f3-d1a68e456b2b@epfl.ch/
> and adds a plugin API function to set the program counter of the guest,
> as just writing to it via qemu_plugin_write_register() has no direct
> effect.
>
> This version v6 of the patch series addresses the requested changes from
> the previous v4 submission and an incorrect commit message from v5
> (details below).
> Note: checkpatch.pl still reports a warning about line length violations
> in patch nr. 6/7 but I did not fix this, as the line was already > 80
> characters long previously, the change added only a single character,
> and I think the readability of the code is better as it is now. Please
> let me know if you disagree and would like me to fix this!
>
> Best regards,
> Florian
>
> Changes:
> v6:
> - update commit message for patch 4/7
> v5:
> - make QEMU abort via asserts instead of just returning an error from
> the plugin API if preconditions are violated
> - extend tests for qemu_plugin_set_pc() to different contexts
> - fix issues highlighted by checkpatch.pl
> v4:
> - switch strcmp out in favor of g_strcmp0
> - split the patch introducing the qemu_plugin_set_pc() API into three
> patches, two for preparing the plugin infrastructure and the syscall
> handling code and a third introducing the actual plugin API
> v3:
> - make PC registers read-only across architectures
> - add tests for read-only registers
> - adjust test structure for qemu_plugin_set_pc() by moving
> architecture-specific tests into corresponding directories
> v2:
> - add setjmp() in syscall handling path to allow PC redirection from
> syscall callbacks (via longjmp(), the cpu_loop()'s setjmp() for
> exiting a TB would not be live anymore in syscall handlers)
> - add flags to ensure the qemu_plugin_set_pc() API is only called from
> contexts where the CPU is live
> - add test for qemu_plugin_set_pc() API
> v1:
> - initial version
>
> ---
> Florian Hofhammer (7):
> plugins: add flag to specify whether PC is rw
> linux-user: make syscall emulation interruptible
> plugins: add PC diversion API function
> tests/tcg: add tests for qemu_plugin_set_pc API
> plugins: add read-only property for registers
> plugins: prohibit writing to read-only registers
> tests/tcg/plugins: test register accesses
>
> MAINTAINERS | 1 +
> include/plugins/qemu-plugin.h | 19 +++
> linux-user/aarch64/cpu_loop.c | 2 +-
> linux-user/alpha/cpu_loop.c | 2 +-
> linux-user/arm/cpu_loop.c | 2 +-
> linux-user/hexagon/cpu_loop.c | 2 +-
> linux-user/hppa/cpu_loop.c | 1 +
> linux-user/i386/cpu_loop.c | 8 +-
> linux-user/include/special-errno.h | 8 ++
> linux-user/loongarch64/cpu_loop.c | 5 +-
> linux-user/m68k/cpu_loop.c | 2 +-
> linux-user/microblaze/cpu_loop.c | 2 +-
> linux-user/mips/cpu_loop.c | 9 +-
> linux-user/or1k/cpu_loop.c | 2 +-
> linux-user/ppc/cpu_loop.c | 10 +-
> linux-user/riscv/cpu_loop.c | 2 +-
> linux-user/s390x/cpu_loop.c | 2 +-
> linux-user/sh4/cpu_loop.c | 2 +-
> linux-user/sparc/cpu_loop.c | 4 +-
> linux-user/syscall.c | 16 +++
> linux-user/xtensa/cpu_loop.c | 1 +
> plugins/api.c | 42 ++++++-
> plugins/core.c | 29 +++--
> tests/tcg/arm/Makefile.target | 6 +
> tests/tcg/multiarch/Makefile.target | 17 ++-
> .../multiarch/{ => plugin}/check-plugin-output.sh | 0
> .../{ => plugin}/test-plugin-mem-access.c | 0
> tests/tcg/multiarch/plugin/test-plugin-set-pc.c | 140 +++++++++++++++++++++
> tests/tcg/plugins/meson.build | 2 +
> tests/tcg/plugins/registers.c | 79 ++++++++++++
> tests/tcg/plugins/setpc.c | 120 ++++++++++++++++++
> 31 files changed, 495 insertions(+), 42 deletions(-)
> ---
> base-commit: 3fb456e9a0e9eef6a71d9b49bfff596a0f0046e9
> change-id: 20260303-setpc-v5-c1df30bad07f
Hi Florian,
it seems like there is a small issue building documentation with this
series, which should be trivial to fix.
https://github.com/p-b-o/qemu-ci/actions/runs/22632339221
For v7, you can run this by yourself before sending the series. It's
easy, quick and instructions are here:
https://github.com/p-b-o/qemu-ci?tab=readme-ov-file#qemu-ci
It simply saves time by making sure we don't need to pull, build and run
any test by ourselves. If any failure is left when making a pull request
on GitLab, it will be our personal responsibility to fix it.
Regards,
Pierrick
On 03/03/2026 20:20, Pierrick Bouvier wrote:
> On 3/3/26 5:07 AM, Florian Hofhammer wrote:
>> Hi,
>>
>> This patch series builds on top of the discussion from the thread at
>> https://lore.kernel.org/qemu-devel/e9bcd7c7-2d67-469e-b2f3-d1a68e456b2b@epfl.ch/
>> and adds a plugin API function to set the program counter of the guest,
>> as just writing to it via qemu_plugin_write_register() has no direct
>> effect.
>>
>> This version v6 of the patch series addresses the requested changes from
>> the previous v4 submission and an incorrect commit message from v5
>> (details below).
>> Note: checkpatch.pl still reports a warning about line length violations
>> in patch nr. 6/7 but I did not fix this, as the line was already > 80
>> characters long previously, the change added only a single character,
>> and I think the readability of the code is better as it is now. Please
>> let me know if you disagree and would like me to fix this!
>>
>> Best regards,
>> Florian
>>
>> Changes:
>> v6:
>> - update commit message for patch 4/7
>> v5:
>> - make QEMU abort via asserts instead of just returning an error from
>> the plugin API if preconditions are violated
>> - extend tests for qemu_plugin_set_pc() to different contexts
>> - fix issues highlighted by checkpatch.pl
>> v4:
>> - switch strcmp out in favor of g_strcmp0
>> - split the patch introducing the qemu_plugin_set_pc() API into three
>> patches, two for preparing the plugin infrastructure and the syscall
>> handling code and a third introducing the actual plugin API
>> v3:
>> - make PC registers read-only across architectures
>> - add tests for read-only registers
>> - adjust test structure for qemu_plugin_set_pc() by moving
>> architecture-specific tests into corresponding directories
>> v2:
>> - add setjmp() in syscall handling path to allow PC redirection from
>> syscall callbacks (via longjmp(), the cpu_loop()'s setjmp() for
>> exiting a TB would not be live anymore in syscall handlers)
>> - add flags to ensure the qemu_plugin_set_pc() API is only called from
>> contexts where the CPU is live
>> - add test for qemu_plugin_set_pc() API
>> v1:
>> - initial version
>>
>> ---
>> Florian Hofhammer (7):
>> plugins: add flag to specify whether PC is rw
>> linux-user: make syscall emulation interruptible
>> plugins: add PC diversion API function
>> tests/tcg: add tests for qemu_plugin_set_pc API
>> plugins: add read-only property for registers
>> plugins: prohibit writing to read-only registers
>> tests/tcg/plugins: test register accesses
>>
>> MAINTAINERS | 1 +
>> include/plugins/qemu-plugin.h | 19 +++
>> linux-user/aarch64/cpu_loop.c | 2 +-
>> linux-user/alpha/cpu_loop.c | 2 +-
>> linux-user/arm/cpu_loop.c | 2 +-
>> linux-user/hexagon/cpu_loop.c | 2 +-
>> linux-user/hppa/cpu_loop.c | 1 +
>> linux-user/i386/cpu_loop.c | 8 +-
>> linux-user/include/special-errno.h | 8 ++
>> linux-user/loongarch64/cpu_loop.c | 5 +-
>> linux-user/m68k/cpu_loop.c | 2 +-
>> linux-user/microblaze/cpu_loop.c | 2 +-
>> linux-user/mips/cpu_loop.c | 9 +-
>> linux-user/or1k/cpu_loop.c | 2 +-
>> linux-user/ppc/cpu_loop.c | 10 +-
>> linux-user/riscv/cpu_loop.c | 2 +-
>> linux-user/s390x/cpu_loop.c | 2 +-
>> linux-user/sh4/cpu_loop.c | 2 +-
>> linux-user/sparc/cpu_loop.c | 4 +-
>> linux-user/syscall.c | 16 +++
>> linux-user/xtensa/cpu_loop.c | 1 +
>> plugins/api.c | 42 ++++++-
>> plugins/core.c | 29 +++--
>> tests/tcg/arm/Makefile.target | 6 +
>> tests/tcg/multiarch/Makefile.target | 17 ++-
>> .../multiarch/{ => plugin}/check-plugin-output.sh | 0
>> .../{ => plugin}/test-plugin-mem-access.c | 0
>> tests/tcg/multiarch/plugin/test-plugin-set-pc.c | 140 +++++++++++++++++++++
>> tests/tcg/plugins/meson.build | 2 +
>> tests/tcg/plugins/registers.c | 79 ++++++++++++
>> tests/tcg/plugins/setpc.c | 120 ++++++++++++++++++
>> 31 files changed, 495 insertions(+), 42 deletions(-)
>> ---
>> base-commit: 3fb456e9a0e9eef6a71d9b49bfff596a0f0046e9
>> change-id: 20260303-setpc-v5-c1df30bad07f
>
> Hi Florian,
>
> it seems like there is a small issue building documentation with this series, which should be trivial to fix.
> https://github.com/p-b-o/qemu-ci/actions/runs/22632339221
Sorry, I didn't catch this one before. I didn't have sphinx installed
locally and built without the docs.
It seems as if the issue is coming from the declaration of the new API
as "QEMU_PLUGIN_API G_NORETURN void ..." and sphinx is tripping over the
"G_NORETURN" macro. To fix this, I could either change the sphinx config
to accept the macro, or remove the attribute from the declaration. I'd
personally prefer the former but I'd be happy to get your opinion on
this.
Best regards,
Florian
> For v7, you can run this by yourself before sending the series. It's easy, quick and instructions are here:
> https://github.com/p-b-o/qemu-ci?tab=readme-ov-file#qemu-ci
>
> It simply saves time by making sure we don't need to pull, build and run any test by ourselves. If any failure is left when making a pull request on GitLab, it will be our personal responsibility to fix it.
>
> Regards,
> Pierrick
On 3/4/26 2:36 AM, Florian Hofhammer wrote:
> On 03/03/2026 20:20, Pierrick Bouvier wrote:
>> On 3/3/26 5:07 AM, Florian Hofhammer wrote:
>>> Hi,
>>>
>>> This patch series builds on top of the discussion from the thread at
>>> https://lore.kernel.org/qemu-devel/e9bcd7c7-2d67-469e-b2f3-d1a68e456b2b@epfl.ch/
>>> and adds a plugin API function to set the program counter of the guest,
>>> as just writing to it via qemu_plugin_write_register() has no direct
>>> effect.
>>>
>>> This version v6 of the patch series addresses the requested changes from
>>> the previous v4 submission and an incorrect commit message from v5
>>> (details below).
>>> Note: checkpatch.pl still reports a warning about line length violations
>>> in patch nr. 6/7 but I did not fix this, as the line was already > 80
>>> characters long previously, the change added only a single character,
>>> and I think the readability of the code is better as it is now. Please
>>> let me know if you disagree and would like me to fix this!
>>>
>>> Best regards,
>>> Florian
>>>
>>> Changes:
>>> v6:
>>> - update commit message for patch 4/7
>>> v5:
>>> - make QEMU abort via asserts instead of just returning an error from
>>> the plugin API if preconditions are violated
>>> - extend tests for qemu_plugin_set_pc() to different contexts
>>> - fix issues highlighted by checkpatch.pl
>>> v4:
>>> - switch strcmp out in favor of g_strcmp0
>>> - split the patch introducing the qemu_plugin_set_pc() API into three
>>> patches, two for preparing the plugin infrastructure and the syscall
>>> handling code and a third introducing the actual plugin API
>>> v3:
>>> - make PC registers read-only across architectures
>>> - add tests for read-only registers
>>> - adjust test structure for qemu_plugin_set_pc() by moving
>>> architecture-specific tests into corresponding directories
>>> v2:
>>> - add setjmp() in syscall handling path to allow PC redirection from
>>> syscall callbacks (via longjmp(), the cpu_loop()'s setjmp() for
>>> exiting a TB would not be live anymore in syscall handlers)
>>> - add flags to ensure the qemu_plugin_set_pc() API is only called from
>>> contexts where the CPU is live
>>> - add test for qemu_plugin_set_pc() API
>>> v1:
>>> - initial version
>>>
>>> ---
>>> Florian Hofhammer (7):
>>> plugins: add flag to specify whether PC is rw
>>> linux-user: make syscall emulation interruptible
>>> plugins: add PC diversion API function
>>> tests/tcg: add tests for qemu_plugin_set_pc API
>>> plugins: add read-only property for registers
>>> plugins: prohibit writing to read-only registers
>>> tests/tcg/plugins: test register accesses
>>>
>>> MAINTAINERS | 1 +
>>> include/plugins/qemu-plugin.h | 19 +++
>>> linux-user/aarch64/cpu_loop.c | 2 +-
>>> linux-user/alpha/cpu_loop.c | 2 +-
>>> linux-user/arm/cpu_loop.c | 2 +-
>>> linux-user/hexagon/cpu_loop.c | 2 +-
>>> linux-user/hppa/cpu_loop.c | 1 +
>>> linux-user/i386/cpu_loop.c | 8 +-
>>> linux-user/include/special-errno.h | 8 ++
>>> linux-user/loongarch64/cpu_loop.c | 5 +-
>>> linux-user/m68k/cpu_loop.c | 2 +-
>>> linux-user/microblaze/cpu_loop.c | 2 +-
>>> linux-user/mips/cpu_loop.c | 9 +-
>>> linux-user/or1k/cpu_loop.c | 2 +-
>>> linux-user/ppc/cpu_loop.c | 10 +-
>>> linux-user/riscv/cpu_loop.c | 2 +-
>>> linux-user/s390x/cpu_loop.c | 2 +-
>>> linux-user/sh4/cpu_loop.c | 2 +-
>>> linux-user/sparc/cpu_loop.c | 4 +-
>>> linux-user/syscall.c | 16 +++
>>> linux-user/xtensa/cpu_loop.c | 1 +
>>> plugins/api.c | 42 ++++++-
>>> plugins/core.c | 29 +++--
>>> tests/tcg/arm/Makefile.target | 6 +
>>> tests/tcg/multiarch/Makefile.target | 17 ++-
>>> .../multiarch/{ => plugin}/check-plugin-output.sh | 0
>>> .../{ => plugin}/test-plugin-mem-access.c | 0
>>> tests/tcg/multiarch/plugin/test-plugin-set-pc.c | 140 +++++++++++++++++++++
>>> tests/tcg/plugins/meson.build | 2 +
>>> tests/tcg/plugins/registers.c | 79 ++++++++++++
>>> tests/tcg/plugins/setpc.c | 120 ++++++++++++++++++
>>> 31 files changed, 495 insertions(+), 42 deletions(-)
>>> ---
>>> base-commit: 3fb456e9a0e9eef6a71d9b49bfff596a0f0046e9
>>> change-id: 20260303-setpc-v5-c1df30bad07f
>>
>> Hi Florian,
>>
>> it seems like there is a small issue building documentation with this series, which should be trivial to fix.
>> https://github.com/p-b-o/qemu-ci/actions/runs/22632339221
>
> Sorry, I didn't catch this one before. I didn't have sphinx installed
> locally and built without the docs.
>
No worries, it's hard to guess all the things that you *might* miss, and
it's a common mistake even for regular contributors, including myself.
> It seems as if the issue is coming from the declaration of the new API
> as "QEMU_PLUGIN_API G_NORETURN void ..." and sphinx is tripping over the
> "G_NORETURN" macro. To fix this, I could either change the sphinx config
> to accept the macro, or remove the attribute from the declaration. I'd
> personally prefer the former but I'd be happy to get your opinion on
> this.
>
Simply move the attribute after prototype, it's the same semantic.
diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index 791d223df40..0825bc9279d 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -1055,8 +1055,7 @@ bool qemu_plugin_write_register(struct
qemu_plugin_register *handle,
* resumes execution at that address. This function does not return.
*/
QEMU_PLUGIN_API
-G_NORETURN
-void qemu_plugin_set_pc(uint64_t vaddr);
+void qemu_plugin_set_pc(uint64_t vaddr) G_NORETURN;
/**
* qemu_plugin_read_memory_vaddr() - read from memory using a virtual
address
Regards,
Pierrick
On 04/03/2026 18:39, Pierrick Bouvier wrote:
> On 3/4/26 2:36 AM, Florian Hofhammer wrote:
>> On 03/03/2026 20:20, Pierrick Bouvier wrote:
>>> On 3/3/26 5:07 AM, Florian Hofhammer wrote:
>>>> Hi,
>>>>
>>>> This patch series builds on top of the discussion from the thread at
>>>> https://lore.kernel.org/qemu-devel/e9bcd7c7-2d67-469e-b2f3-d1a68e456b2b@epfl.ch/
>>>> and adds a plugin API function to set the program counter of the guest,
>>>> as just writing to it via qemu_plugin_write_register() has no direct
>>>> effect.
>>>>
>>>> This version v6 of the patch series addresses the requested changes from
>>>> the previous v4 submission and an incorrect commit message from v5
>>>> (details below).
>>>> Note: checkpatch.pl still reports a warning about line length violations
>>>> in patch nr. 6/7 but I did not fix this, as the line was already > 80
>>>> characters long previously, the change added only a single character,
>>>> and I think the readability of the code is better as it is now. Please
>>>> let me know if you disagree and would like me to fix this!
>>>>
>>>> Best regards,
>>>> Florian
>>>>
>>>> Changes:
>>>> v6:
>>>> - update commit message for patch 4/7
>>>> v5:
>>>> - make QEMU abort via asserts instead of just returning an error from
>>>> the plugin API if preconditions are violated
>>>> - extend tests for qemu_plugin_set_pc() to different contexts
>>>> - fix issues highlighted by checkpatch.pl
>>>> v4:
>>>> - switch strcmp out in favor of g_strcmp0
>>>> - split the patch introducing the qemu_plugin_set_pc() API into three
>>>> patches, two for preparing the plugin infrastructure and the syscall
>>>> handling code and a third introducing the actual plugin API
>>>> v3:
>>>> - make PC registers read-only across architectures
>>>> - add tests for read-only registers
>>>> - adjust test structure for qemu_plugin_set_pc() by moving
>>>> architecture-specific tests into corresponding directories
>>>> v2:
>>>> - add setjmp() in syscall handling path to allow PC redirection from
>>>> syscall callbacks (via longjmp(), the cpu_loop()'s setjmp() for
>>>> exiting a TB would not be live anymore in syscall handlers)
>>>> - add flags to ensure the qemu_plugin_set_pc() API is only called from
>>>> contexts where the CPU is live
>>>> - add test for qemu_plugin_set_pc() API
>>>> v1:
>>>> - initial version
>>>>
>>>> ---
>>>> Florian Hofhammer (7):
>>>> plugins: add flag to specify whether PC is rw
>>>> linux-user: make syscall emulation interruptible
>>>> plugins: add PC diversion API function
>>>> tests/tcg: add tests for qemu_plugin_set_pc API
>>>> plugins: add read-only property for registers
>>>> plugins: prohibit writing to read-only registers
>>>> tests/tcg/plugins: test register accesses
>>>>
>>>> MAINTAINERS | 1 +
>>>> include/plugins/qemu-plugin.h | 19 +++
>>>> linux-user/aarch64/cpu_loop.c | 2 +-
>>>> linux-user/alpha/cpu_loop.c | 2 +-
>>>> linux-user/arm/cpu_loop.c | 2 +-
>>>> linux-user/hexagon/cpu_loop.c | 2 +-
>>>> linux-user/hppa/cpu_loop.c | 1 +
>>>> linux-user/i386/cpu_loop.c | 8 +-
>>>> linux-user/include/special-errno.h | 8 ++
>>>> linux-user/loongarch64/cpu_loop.c | 5 +-
>>>> linux-user/m68k/cpu_loop.c | 2 +-
>>>> linux-user/microblaze/cpu_loop.c | 2 +-
>>>> linux-user/mips/cpu_loop.c | 9 +-
>>>> linux-user/or1k/cpu_loop.c | 2 +-
>>>> linux-user/ppc/cpu_loop.c | 10 +-
>>>> linux-user/riscv/cpu_loop.c | 2 +-
>>>> linux-user/s390x/cpu_loop.c | 2 +-
>>>> linux-user/sh4/cpu_loop.c | 2 +-
>>>> linux-user/sparc/cpu_loop.c | 4 +-
>>>> linux-user/syscall.c | 16 +++
>>>> linux-user/xtensa/cpu_loop.c | 1 +
>>>> plugins/api.c | 42 ++++++-
>>>> plugins/core.c | 29 +++--
>>>> tests/tcg/arm/Makefile.target | 6 +
>>>> tests/tcg/multiarch/Makefile.target | 17 ++-
>>>> .../multiarch/{ => plugin}/check-plugin-output.sh | 0
>>>> .../{ => plugin}/test-plugin-mem-access.c | 0
>>>> tests/tcg/multiarch/plugin/test-plugin-set-pc.c | 140 +++++++++++++++++++++
>>>> tests/tcg/plugins/meson.build | 2 +
>>>> tests/tcg/plugins/registers.c | 79 ++++++++++++
>>>> tests/tcg/plugins/setpc.c | 120 ++++++++++++++++++
>>>> 31 files changed, 495 insertions(+), 42 deletions(-)
>>>> ---
>>>> base-commit: 3fb456e9a0e9eef6a71d9b49bfff596a0f0046e9
>>>> change-id: 20260303-setpc-v5-c1df30bad07f
>>>
>>> Hi Florian,
>>>
>>> it seems like there is a small issue building documentation with this series, which should be trivial to fix.
>>> https://github.com/p-b-o/qemu-ci/actions/runs/22632339221
>>
>> Sorry, I didn't catch this one before. I didn't have sphinx installed
>> locally and built without the docs.
>>
>
> No worries, it's hard to guess all the things that you *might* miss, and it's a common mistake even for regular contributors, including myself.
>
>> It seems as if the issue is coming from the declaration of the new API
>> as "QEMU_PLUGIN_API G_NORETURN void ..." and sphinx is tripping over the
>> "G_NORETURN" macro. To fix this, I could either change the sphinx config
>> to accept the macro, or remove the attribute from the declaration. I'd
>> personally prefer the former but I'd be happy to get your opinion on
>> this.
>>
>
> Simply move the attribute after prototype, it's the same semantic.
>
> diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
> index 791d223df40..0825bc9279d 100644
> --- a/include/plugins/qemu-plugin.h
> +++ b/include/plugins/qemu-plugin.h
> @@ -1055,8 +1055,7 @@ bool qemu_plugin_write_register(struct qemu_plugin_register *handle,
> * resumes execution at that address. This function does not return.
> */
> QEMU_PLUGIN_API
> -G_NORETURN
> -void qemu_plugin_set_pc(uint64_t vaddr);
> +void qemu_plugin_set_pc(uint64_t vaddr) G_NORETURN;
Unfortunately, this only works if there's no C++ compiler present.
Otherwise, glib's G_NORETURN is defined as [[noreturn]] (it checks
whether the compiler supports C++11's [[noreturn]] and prioritizes this
attribute style), which cannot be placed after the function prototype.
>
> /**
> * qemu_plugin_read_memory_vaddr() - read from memory using a virtual address
>
> Regards,
> Pierrick
Best regards,
Florian
On 3/4/26 11:14 PM, Florian Hofhammer wrote:
> On 04/03/2026 18:39, Pierrick Bouvier wrote:
>> On 3/4/26 2:36 AM, Florian Hofhammer wrote:
>>> On 03/03/2026 20:20, Pierrick Bouvier wrote:
>>>> On 3/3/26 5:07 AM, Florian Hofhammer wrote:
>>>>> Hi,
>>>>>
>>>>> This patch series builds on top of the discussion from the thread at
>>>>> https://lore.kernel.org/qemu-devel/e9bcd7c7-2d67-469e-b2f3-d1a68e456b2b@epfl.ch/
>>>>> and adds a plugin API function to set the program counter of the guest,
>>>>> as just writing to it via qemu_plugin_write_register() has no direct
>>>>> effect.
>>>>>
>>>>> This version v6 of the patch series addresses the requested changes from
>>>>> the previous v4 submission and an incorrect commit message from v5
>>>>> (details below).
>>>>> Note: checkpatch.pl still reports a warning about line length violations
>>>>> in patch nr. 6/7 but I did not fix this, as the line was already > 80
>>>>> characters long previously, the change added only a single character,
>>>>> and I think the readability of the code is better as it is now. Please
>>>>> let me know if you disagree and would like me to fix this!
>>>>>
>>>>> Best regards,
>>>>> Florian
>>>>>
>>>>> Changes:
>>>>> v6:
>>>>> - update commit message for patch 4/7
>>>>> v5:
>>>>> - make QEMU abort via asserts instead of just returning an error from
>>>>> the plugin API if preconditions are violated
>>>>> - extend tests for qemu_plugin_set_pc() to different contexts
>>>>> - fix issues highlighted by checkpatch.pl
>>>>> v4:
>>>>> - switch strcmp out in favor of g_strcmp0
>>>>> - split the patch introducing the qemu_plugin_set_pc() API into three
>>>>> patches, two for preparing the plugin infrastructure and the syscall
>>>>> handling code and a third introducing the actual plugin API
>>>>> v3:
>>>>> - make PC registers read-only across architectures
>>>>> - add tests for read-only registers
>>>>> - adjust test structure for qemu_plugin_set_pc() by moving
>>>>> architecture-specific tests into corresponding directories
>>>>> v2:
>>>>> - add setjmp() in syscall handling path to allow PC redirection from
>>>>> syscall callbacks (via longjmp(), the cpu_loop()'s setjmp() for
>>>>> exiting a TB would not be live anymore in syscall handlers)
>>>>> - add flags to ensure the qemu_plugin_set_pc() API is only called from
>>>>> contexts where the CPU is live
>>>>> - add test for qemu_plugin_set_pc() API
>>>>> v1:
>>>>> - initial version
>>>>>
>>>>> ---
>>>>> Florian Hofhammer (7):
>>>>> plugins: add flag to specify whether PC is rw
>>>>> linux-user: make syscall emulation interruptible
>>>>> plugins: add PC diversion API function
>>>>> tests/tcg: add tests for qemu_plugin_set_pc API
>>>>> plugins: add read-only property for registers
>>>>> plugins: prohibit writing to read-only registers
>>>>> tests/tcg/plugins: test register accesses
>>>>>
>>>>> MAINTAINERS | 1 +
>>>>> include/plugins/qemu-plugin.h | 19 +++
>>>>> linux-user/aarch64/cpu_loop.c | 2 +-
>>>>> linux-user/alpha/cpu_loop.c | 2 +-
>>>>> linux-user/arm/cpu_loop.c | 2 +-
>>>>> linux-user/hexagon/cpu_loop.c | 2 +-
>>>>> linux-user/hppa/cpu_loop.c | 1 +
>>>>> linux-user/i386/cpu_loop.c | 8 +-
>>>>> linux-user/include/special-errno.h | 8 ++
>>>>> linux-user/loongarch64/cpu_loop.c | 5 +-
>>>>> linux-user/m68k/cpu_loop.c | 2 +-
>>>>> linux-user/microblaze/cpu_loop.c | 2 +-
>>>>> linux-user/mips/cpu_loop.c | 9 +-
>>>>> linux-user/or1k/cpu_loop.c | 2 +-
>>>>> linux-user/ppc/cpu_loop.c | 10 +-
>>>>> linux-user/riscv/cpu_loop.c | 2 +-
>>>>> linux-user/s390x/cpu_loop.c | 2 +-
>>>>> linux-user/sh4/cpu_loop.c | 2 +-
>>>>> linux-user/sparc/cpu_loop.c | 4 +-
>>>>> linux-user/syscall.c | 16 +++
>>>>> linux-user/xtensa/cpu_loop.c | 1 +
>>>>> plugins/api.c | 42 ++++++-
>>>>> plugins/core.c | 29 +++--
>>>>> tests/tcg/arm/Makefile.target | 6 +
>>>>> tests/tcg/multiarch/Makefile.target | 17 ++-
>>>>> .../multiarch/{ => plugin}/check-plugin-output.sh | 0
>>>>> .../{ => plugin}/test-plugin-mem-access.c | 0
>>>>> tests/tcg/multiarch/plugin/test-plugin-set-pc.c | 140 +++++++++++++++++++++
>>>>> tests/tcg/plugins/meson.build | 2 +
>>>>> tests/tcg/plugins/registers.c | 79 ++++++++++++
>>>>> tests/tcg/plugins/setpc.c | 120 ++++++++++++++++++
>>>>> 31 files changed, 495 insertions(+), 42 deletions(-)
>>>>> ---
>>>>> base-commit: 3fb456e9a0e9eef6a71d9b49bfff596a0f0046e9
>>>>> change-id: 20260303-setpc-v5-c1df30bad07f
>>>>
>>>> Hi Florian,
>>>>
>>>> it seems like there is a small issue building documentation with this series, which should be trivial to fix.
>>>> https://github.com/p-b-o/qemu-ci/actions/runs/22632339221
>>>
>>> Sorry, I didn't catch this one before. I didn't have sphinx installed
>>> locally and built without the docs.
>>>
>>
>> No worries, it's hard to guess all the things that you *might* miss, and it's a common mistake even for regular contributors, including myself.
>>
>>> It seems as if the issue is coming from the declaration of the new API
>>> as "QEMU_PLUGIN_API G_NORETURN void ..." and sphinx is tripping over the
>>> "G_NORETURN" macro. To fix this, I could either change the sphinx config
>>> to accept the macro, or remove the attribute from the declaration. I'd
>>> personally prefer the former but I'd be happy to get your opinion on
>>> this.
>>>
>>
>> Simply move the attribute after prototype, it's the same semantic.
>>
>> diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
>> index 791d223df40..0825bc9279d 100644
>> --- a/include/plugins/qemu-plugin.h
>> +++ b/include/plugins/qemu-plugin.h
>> @@ -1055,8 +1055,7 @@ bool qemu_plugin_write_register(struct qemu_plugin_register *handle,
>> * resumes execution at that address. This function does not return.
>> */
>> QEMU_PLUGIN_API
>> -G_NORETURN
>> -void qemu_plugin_set_pc(uint64_t vaddr);
>> +void qemu_plugin_set_pc(uint64_t vaddr) G_NORETURN;
>
> Unfortunately, this only works if there's no C++ compiler present.
> Otherwise, glib's G_NORETURN is defined as [[noreturn]] (it checks
> whether the compiler supports C++11's [[noreturn]] and prioritizes this
> attribute style), which cannot be placed after the function prototype.
>
Oh right, I didn't try a full build before proposing this, sorry.
In this case, let's just use the original compiler attribute which will
make everyone happy.
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -1055,7 +1055,7 @@ bool qemu_plugin_write_register(struct
qemu_plugin_register *handle,
* resumes execution at that address. This function does not return.
*/
QEMU_PLUGIN_API
-G_NORETURN
+__attribute__((__noreturn__))
void qemu_plugin_set_pc(uint64_t vaddr);
Regards,
Pierrick
© 2016 - 2026 Red Hat, Inc.