From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744004; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HfCOE9Ctm6cIfhWSYnZ5rsSug7X1gCosCZ8DPteUQLz6XATtYniAJKtTmn1KbPVUKRzlOGDXdqSMjNaAEZPsF4RZ5YgEZQT7ubdYGsF5LABnw45ehoOiznxEsX807jjjJfrCr/3OWfMVxVYbH00G44N+NY/vCUWGIrZDXV1SGdk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744004;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=Lx5W1qivAVEWx1Q4u6g+Hr2hU85HQyKfVSro3hcuqg4=;
	b=Bo7mBKCvYHWU3wLB2pfbVo5ouuoE5BevglxdCTyJtvWZigaH6O1qxqHg+rX+C71y/rtLNEOlWBRnBEdd27GlLQ6Z53ylJ7znv0tQsTKAyAlA6RtgGqUErAsN53Q+739rByj9HrX43jbHEtSDZmZLEHhKYNamdJNQN9xnt5BtazY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177274400402021.44443457973898;
 Thu, 5 Mar 2026 12:53:24 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFg0-0006XF-Lw; Thu, 05 Mar 2026 15:52:08 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFfy-0006X2-Ip
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:06 -0500
Received: from mail-qv1-xf31.google.com ([2607:f8b0:4864:20::f31])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFfw-00065L-02
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:06 -0500
Received: by mail-qv1-xf31.google.com with SMTP id
 6a1803df08f44-89a0ecbc713so41088456d6.1
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:03 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.01
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743923; x=1773348723; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=Lx5W1qivAVEWx1Q4u6g+Hr2hU85HQyKfVSro3hcuqg4=;
 b=rskuN0PJbzO/LO/oM9ZajOf2Wpx32t6NQY/GXh8yuVkaEle0inrNvbsIbrZi15z46Y
 tjqTsc1SA1MilNvU9XFs1PwjWca9LSazlyhB8ljA5RUmkruytpA5jd1QAjp5LabHH6MT
 sPoJwY5siEVsMAh2VrzWD5ZUbXF0z0oBESsolplQXsloDzWaILRlHEaP4c2KbQwFgix+
 UEratLFdt3zk44gm/HWmwpR4UyZGpGYC9VrGJxeJb3n7x8qzcZ4OuhYbjVCFQhSNJuJU
 iaiaz8MPv+aaozoi6KkUQWYAekp2V8t5qkiHiUHSTDze/f+EdkW8mJaF/8kmCRdTpIYr
 XZFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743923; x=1773348723;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=Lx5W1qivAVEWx1Q4u6g+Hr2hU85HQyKfVSro3hcuqg4=;
 b=IP//BEcD7VEYUuRUU6jAf92AJpyNKTahCl3vVBfz/O4+o1r+1QDV6vPdlFZM9lacFo
 HzYj5LqhuGFZAQbLqQvXd2G9oumAQCaco5ZbHEclmaHKgaL9MsfChEIKxOa3mMn5GtgO
 ABR/J3S7LoRChtn0JvYm6ch7YO6cSl80z9MXO+ZZc+QpOYF26cEgkumQBncKA9U14j5T
 NxCMs3iamJhElJjgMHEYU1plVksOoqVBxucGDkivwqzP4jYYecBPaw+AAjdJlTgmwv0d
 evnYgUk+DguxP94nSmJIlhQbJtkghBUMFVw1SfF7t/fy73MmO8AwBLhK4ima7zNkOPGF
 3C4Q==
X-Gm-Message-State: AOJu0YypMQQmW/+OiHv/hlO+4jo9aTdWBeKtofoxTBpaipH1r28c6eV9
 tMqfso/TCwSUJHsRaQ0pS6sYaNkvxlX86goonWx04iO5Bkpqq2BzaFxebBp49gyMi/62gtnvVc7
 076gy
X-Gm-Gg: ATEYQzyTCHRjn52pFDmtQztetsKCMAJbv7yfEYSvJ3WqL0yj8cXpKSgsoKQhtAxYhM/
 c/KpGcz6f+eC28gYeNBE3FGgUdsYxfCTLYRp9wwecbH+fdTKV/CZCqyb9pEDWq4DbXpqmafN/9I
 5ZkR1KaPzf+G6tbMqhZ1J+VIVdKroDBXIPu2IstXgNSlzBNucHmEzWCYR8jDhqAnkeRiW7OMi7A
 lo8kqCpaqZxlyiPOvcNs1e6dl+5KIkKYzti/EX6KCrNvjHqPYyBQrZSsGXzbhx2WRVTUomd+qvo
 3LMeutJ5IQkpqqxJMkzbt+GXAG3TGF8Oc7xYNmIvqdDkX6LwosB2IdAJ94uinITbVnde5f4HXZ/
 Lx7oI8yWhZMDb24ifXdJmF7BTWTuWmg8EB6voEfBYWXSLDglJEebyAlXi8PgVLKIynXkWpVQ1b0
 QW9eBdx8qwFArGGd2l67mUKen49dX5iHztgWakgQ0Fv/w0oDp+0/M/qoQxZvdKqAGaMuaaKy20O
 tSK
X-Received: by 2002:a05:6214:f2b:b0:89a:424:984b with SMTP id
 6a1803df08f44-89a24809caemr54658156d6.31.1772743922586;
 Thu, 05 Mar 2026 12:52:02 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 01/12] plugins/core: clamp syscall arguments if target is
 32-bit
Date: Thu,  5 Mar 2026 12:51:41 -0800
Message-ID: <20260305205152.2121854-2-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f31;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf31.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744006508154100

Syscall arguments are abi_long in user code, and plugin syscall
interface works with uint64_t only.

According to C integer promotion rules, the value is sign extended
before becoming unsigned, thus setting high bits when only 32-bit lower
ones should have a significant value.

As a result, we need to clamp values we receive from user-code
accordingly.

Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-1-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 plugins/core.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/plugins/core.c b/plugins/core.c
index 42fd9865930..d6173422e98 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -513,6 +513,23 @@ void qemu_plugin_tb_trans_cb(CPUState *cpu, struct qem=
u_plugin_tb *tb)
     }
 }
=20
+static void clamp_syscall_arguments(uint64_t *a1, uint64_t *a2, uint64_t *=
a3,
+                                    uint64_t *a4, uint64_t *a5, uint64_t *=
a6,
+                                    uint64_t *a7, uint64_t *a8)
+{
+    if (target_long_bits() =3D=3D 32) {
+        const uint64_t mask =3D UINT32_MAX;
+        *a1 &=3D mask;
+        *a2 &=3D mask;
+        *a3 &=3D mask;
+        *a4 &=3D mask;
+        *a5 &=3D mask;
+        *a6 &=3D mask;
+        *a7 &=3D mask;
+        *a8 &=3D mask;
+    }
+}
+
 /*
  * Disable CFI checks.
  * The callback function has been loaded from an external library so we do=
 not
@@ -531,6 +548,8 @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, ui=
nt64_t a1, uint64_t a2,
         return;
     }
=20
+    clamp_syscall_arguments(&a1, &a2, &a3, &a4, &a5, &a6, &a7, &a8);
+
     QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
         qemu_plugin_vcpu_syscall_cb_t func =3D cb->f.vcpu_syscall;
=20
@@ -584,6 +603,8 @@ qemu_plugin_vcpu_syscall_filter(CPUState *cpu, int64_t =
num, uint64_t a1,
         return false;
     }
=20
+    clamp_syscall_arguments(&a1, &a2, &a3, &a4, &a5, &a6, &a7, &a8);
+
     qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
=20
     QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
--=20
2.47.3


From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744013; cv=none;
	d=zohomail.com; s=zohoarc;
	b=G9SsTDk2gLhsPkr0mbd/IrYTFsDqYp6RRoWOw2kWYpvZ33WRjCjwv8G02SuGvbSJF7t9zncpEsafdVPa7AITEMmNO/bA2fqLISWKmdEG45fMY32GSTpQUzcJZM4pkJaxSWqjl7R/+dHkqzIVMpZTvj7z/hucJyK0l/7qUvuhrwY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744013;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=tIW8iRVJbXYnMtx2eO2fTKP/5/Q0rQvPk/TKKnhRlp4=;
	b=QtV2z/4ohhBCNo7+FvW4e5RT0KMRudfiRxpsuY74IuJy1wTgasU3SuM2GbHmKayA5xYqCImUnZX91Ycu/iECIxVfLpYYeVAVPcXujcLKPBBSmjsdPP4aznpyxb/yV88CMwkX5L2somnj0ybo97Sc6Zi8Eb7CqnsjjkkwLc0sbfw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772744013241831.2741893800007;
 Thu, 5 Mar 2026 12:53:33 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFg3-0006YP-RI; Thu, 05 Mar 2026 15:52:11 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg0-0006Xf-R6
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:08 -0500
Received: from mail-qv1-xf36.google.com ([2607:f8b0:4864:20::f36])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFfy-00065f-6j
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:08 -0500
Received: by mail-qv1-xf36.google.com with SMTP id
 6a1803df08f44-89a0b376fedso23179776d6.0
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:05 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.02
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743924; x=1773348724; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=tIW8iRVJbXYnMtx2eO2fTKP/5/Q0rQvPk/TKKnhRlp4=;
 b=D5h7UaYLjeNXJcGYynALOK1cs2dJQprMwrB3St+D0SIbDqGzL6PSmv7Pwsra5Wd3bg
 Zvct3Y5dsCTNQLDuDZcUfwSbx3weVtsz7oCrsw+jpujDpZhBvjQya0mGjg0G15pOvmbk
 ot2upSICfOt2qneH0TEUbZ+pmzCaG4QKGQstzOqVguAuoFOSBRBbvlDyvZohLS7L9VE6
 MAgtzfxN2CE+aKHOND1VwqayWcIro/SbCoIaHcOdTerhrXCLzyAJv7ueFP19dL3ktKKm
 9UrTggb38upr0n94O0pjYWSSfQnciTFqug3i6M6PnZXH4n70GI9D6qppFnVIh7zTE6sB
 8Q6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743924; x=1773348724;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=tIW8iRVJbXYnMtx2eO2fTKP/5/Q0rQvPk/TKKnhRlp4=;
 b=M0F9ZnQV0YL4WF7okuBUkr7evjk0CD6qKtsVLj69yPLUbBmKNpoRBu2FZwF7z9Gpx6
 UpAm74/+kt1T2QXdDU6MgYKi+9u8AzwIvAZjTCNWYfMMqCe1GcFyUGjoQqUhFl0fQVw+
 PetL8PzV5nvqN2c4gjFKIh67dgz8qIwi4GhM/cG60pFw94D8G0QHUkWpSbhy07ZYVJ3s
 5/IP7GpyFrfDj5hT1PVTlaHuZdaQTpCxaUpgNbhgepDlk0sZhGcx26+PNcgXtdYrm+GT
 Po2b4DHNoXmYkZJpAJozXtszocXqNc9rGZ0XZ3vNoz3BiL0XTjrSHiKHBCUTdorsaDmg
 ZQuQ==
X-Gm-Message-State: AOJu0Yxav8+vtREqTKfeNpz1QZ6Q3qpWwmg+P0RRC7l5xxeqfnxrxB5B
 L9QmrTuGMqr7PFkiZIVseUZ4CfSEe/k1COfuxtmJ/gyif5y4mz+mhpP+EC2etJojGC6HpQuLWvJ
 jw+wC
X-Gm-Gg: ATEYQzwANn0WY3fnOgprFhG4aeDB6F2gDno+q1B9cWgDb7Pxityi6Lfjl/RYX/wEQIb
 xnvYjrkWSKKMsGzJzvBFjRO+4fDnzNpOKtcr1A3vwPgAhTmV1DUgdlW25IYL13DLT0w7Ctt+5YZ
 GTRQDG8LY7EQTkrIcNb/fkbEQCtbAPjCssDy96sDsBbRpqkIVcEo0G5ws4nQFcznY0o6HZEt3hY
 ZDH9sDtVeXVRJkF+9w4rnWrME/KQ4XGjij7KY0a9lravUh0ZGS6TfbBvLPFaDrs4xiH0ofckEaQ
 H8SsUo4eU32Eqd18AlbBjzKkBPOHUhIdIcbBQ00teskBoOwjN09v2vkAgn6z5nDAfln1Nn/V3vE
 niu3XTxd0y1t3dBqjtcb4jN45ekG/r+tdvxKJ/EowCHjhSKZ9zPN1al2Bq30y974vAWXzodxzUJ
 3A/KbJeOL183be35km9RMzvwIzXZ1RBcUdaLgVqnKqsPOa5lhohdTXJiMyTPyuh5rVOYheOoh5t
 RWG
X-Received: by 2002:ad4:5c6a:0:b0:899:f2ba:9d81 with SMTP id
 6a1803df08f44-89a2df6417dmr20285596d6.24.1772743924324;
 Thu, 05 Mar 2026 12:52:04 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 02/12] plugins: add flag to specify whether PC is rw
Date: Thu,  5 Mar 2026 12:51:42 -0800
Message-ID: <20260305205152.2121854-3-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f36;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf36.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744015466158500

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

In addition to the flags specifying whether general-purpose registers
are read-write (rw) during a plugin callback, we add an additional flag
explicitly stating whether the PC is writable. This is in preparation of
a patch that allows to explicitly set the PC to divert control flow from
within a plugin callback, which is currently not possible.

Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-2-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 include/plugins/qemu-plugin.h |  3 +++
 plugins/api.c                 |  4 +++-
 plugins/core.c                | 29 ++++++++++++++++-------------
 3 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index 17a834dca90..a6ec8e275d8 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -325,11 +325,14 @@ typedef struct {
  * @QEMU_PLUGIN_CB_NO_REGS: callback does not access the CPU's regs
  * @QEMU_PLUGIN_CB_R_REGS: callback reads the CPU's regs
  * @QEMU_PLUGIN_CB_RW_REGS: callback reads and writes the CPU's regs
+ * @QEMU_PLUGIN_CB_RW_REGS_PC: callback reads and writes the CPU's
+ *                             regs and updates the PC
  */
 enum qemu_plugin_cb_flags {
     QEMU_PLUGIN_CB_NO_REGS,
     QEMU_PLUGIN_CB_R_REGS,
     QEMU_PLUGIN_CB_RW_REGS,
+    QEMU_PLUGIN_CB_RW_REGS_PC,
 };
=20
 enum qemu_plugin_mem_rw {
diff --git a/plugins/api.c b/plugins/api.c
index 04ca7da7f18..32eb086300d 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -458,7 +458,9 @@ bool qemu_plugin_write_register(struct qemu_plugin_regi=
ster *reg,
 {
     g_assert(current_cpu);
=20
-    if (buf->len =3D=3D 0 || qemu_plugin_get_cb_flags() !=3D QEMU_PLUGIN_C=
B_RW_REGS) {
+    if (buf->len =3D=3D 0 ||
+        (qemu_plugin_get_cb_flags() !=3D QEMU_PLUGIN_CB_RW_REGS &&
+         qemu_plugin_get_cb_flags() !=3D QEMU_PLUGIN_CB_RW_REGS_PC)) {
         return false;
     }
=20
diff --git a/plugins/core.c b/plugins/core.c
index d6173422e98..2324bbffa3d 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -119,7 +119,7 @@ static void plugin_vcpu_cb__discon(CPUState *cpu,
     struct qemu_plugin_cb *cb, *next;
     uint64_t to =3D cpu->cc->get_pc(cpu);
=20
-    qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
+    qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
     if (cpu->cpu_index < plugin.num_vcpus) {
         /* iterate safely; plugins might uninstall themselves at any time =
*/
         QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
@@ -395,15 +395,16 @@ void plugin_register_dyn_cb__udata(GArray **arr,
                                    enum qemu_plugin_cb_flags flags,
                                    void *udata)
 {
-    static TCGHelperInfo info[3] =3D {
+    static TCGHelperInfo info[4] =3D {
         [QEMU_PLUGIN_CB_NO_REGS].flags =3D TCG_CALL_NO_RWG,
         [QEMU_PLUGIN_CB_R_REGS].flags =3D TCG_CALL_NO_WG,
         [QEMU_PLUGIN_CB_RW_REGS].flags =3D 0,
+        [QEMU_PLUGIN_CB_RW_REGS_PC].flags =3D 0,
         /*
          * Match qemu_plugin_vcpu_udata_cb_t:
          *   void (*)(uint32_t, void *)
          */
-        [0 ... 2].typemask =3D (dh_typemask(void, 0) |
+        [0 ... 3].typemask =3D (dh_typemask(void, 0) |
                               dh_typemask(i32, 1) |
                               dh_typemask(ptr, 2))
     };
@@ -425,15 +426,16 @@ void plugin_register_dyn_cond_cb__udata(GArray **arr,
                                         uint64_t imm,
                                         void *udata)
 {
-    static TCGHelperInfo info[3] =3D {
+    static TCGHelperInfo info[4] =3D {
         [QEMU_PLUGIN_CB_NO_REGS].flags =3D TCG_CALL_NO_RWG,
         [QEMU_PLUGIN_CB_R_REGS].flags =3D TCG_CALL_NO_WG,
         [QEMU_PLUGIN_CB_RW_REGS].flags =3D 0,
+        [QEMU_PLUGIN_CB_RW_REGS_PC].flags =3D 0,
         /*
          * Match qemu_plugin_vcpu_udata_cb_t:
          *   void (*)(uint32_t, void *)
          */
-        [0 ... 2].typemask =3D (dh_typemask(void, 0) |
+        [0 ... 3].typemask =3D (dh_typemask(void, 0) |
                               dh_typemask(i32, 1) |
                               dh_typemask(ptr, 2))
     };
@@ -464,15 +466,16 @@ void plugin_register_vcpu_mem_cb(GArray **arr,
         !__builtin_types_compatible_p(qemu_plugin_meminfo_t, uint32_t) &&
         !__builtin_types_compatible_p(qemu_plugin_meminfo_t, int32_t));
=20
-    static TCGHelperInfo info[3] =3D {
+    static TCGHelperInfo info[4] =3D {
         [QEMU_PLUGIN_CB_NO_REGS].flags =3D TCG_CALL_NO_RWG,
         [QEMU_PLUGIN_CB_R_REGS].flags =3D TCG_CALL_NO_WG,
         [QEMU_PLUGIN_CB_RW_REGS].flags =3D 0,
+        [QEMU_PLUGIN_CB_RW_REGS_PC].flags =3D 0,
         /*
          * Match qemu_plugin_vcpu_mem_cb_t:
          *   void (*)(uint32_t, qemu_plugin_meminfo_t, uint64_t, void *)
          */
-        [0 ... 2].typemask =3D
+        [0 ... 3].typemask =3D
             (dh_typemask(void, 0) |
              dh_typemask(i32, 1) |
              (__builtin_types_compatible_p(qemu_plugin_meminfo_t, uint32_t)
@@ -553,7 +556,7 @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, ui=
nt64_t a1, uint64_t a2,
     QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
         qemu_plugin_vcpu_syscall_cb_t func =3D cb->f.vcpu_syscall;
=20
-        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
+        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
         func(cb->ctx->id, cpu->cpu_index, num, a1, a2, a3, a4, a5, a6, a7,=
 a8);
         qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
     }
@@ -577,7 +580,7 @@ void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_=
t num, int64_t ret)
     QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
         qemu_plugin_vcpu_syscall_ret_cb_t func =3D cb->f.vcpu_syscall_ret;
=20
-        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
+        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
         func(cb->ctx->id, cpu->cpu_index, num, ret);
         qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
     }
@@ -605,7 +608,7 @@ qemu_plugin_vcpu_syscall_filter(CPUState *cpu, int64_t =
num, uint64_t a1,
=20
     clamp_syscall_arguments(&a1, &a2, &a3, &a4, &a5, &a6, &a7, &a8);
=20
-    qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
+    qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
=20
     QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) {
         qemu_plugin_vcpu_syscall_filter_cb_t func =3D cb->f.vcpu_syscall_f=
ilter;
@@ -626,7 +629,7 @@ void qemu_plugin_vcpu_idle_cb(CPUState *cpu)
 {
     /* idle and resume cb may be called before init, ignore in this case */
     if (cpu->cpu_index < plugin.num_vcpus) {
-        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
+        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
         plugin_vcpu_cb__simple(cpu, QEMU_PLUGIN_EV_VCPU_IDLE);
         qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
     }
@@ -635,7 +638,7 @@ void qemu_plugin_vcpu_idle_cb(CPUState *cpu)
 void qemu_plugin_vcpu_resume_cb(CPUState *cpu)
 {
     if (cpu->cpu_index < plugin.num_vcpus) {
-        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS);
+        qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC);
         plugin_vcpu_cb__simple(cpu, QEMU_PLUGIN_EV_VCPU_RESUME);
         qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS);
     }
@@ -906,6 +909,6 @@ enum qemu_plugin_cb_flags tcg_call_to_qemu_plugin_cb_fl=
ags(int flags)
     } else if (flags & TCG_CALL_NO_WG) {
         return QEMU_PLUGIN_CB_R_REGS;
     } else {
-        return QEMU_PLUGIN_CB_RW_REGS;
+        return QEMU_PLUGIN_CB_RW_REGS_PC;
     }
 }
--=20
2.47.3


From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772743971; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KDx2PyDnP2iHC8YGKGC3o9k6Srm/xZMZ2R5BDyBR9UFCSz4c3afJx+CDh2Bp8BgZrx6Tr6Z/XBhZKpA+iaFQxylNYx6t2sEEG+zpAMILoAwLEg94ukGKRWawrnh/f+VZRdje6S0KAqtfIJl9IYwDslz6kBASVnxi2uak6LJEoC4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772743971;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=31jlvN5wVwa4G/7vyDJs7qSCTlgMRWD/K+uKL2YBkfI=;
	b=FYQicC6Do7YUhjueVFYF6QaXAEafcwfSatXD0zQBDlmfkzr3Ui80RA+wuBdyVir9A8gxE02CqLEHCQUxuPcsf7hGO+MW2AfjRpPqUm0Zl60p9qasUiVcF6No7D53iv9HKwFECaoQDhoJyVDzFu+qTtk+HeGeaULj3C1XqQwQzx4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177274397183044.22478336555332;
 Thu, 5 Mar 2026 12:52:51 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFg6-0006ZD-MT; Thu, 05 Mar 2026 15:52:14 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg2-0006YG-Tf
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:10 -0500
Received: from mail-qv1-xf34.google.com ([2607:f8b0:4864:20::f34])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFfz-000666-Pw
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:10 -0500
Received: by mail-qv1-xf34.google.com with SMTP id
 6a1803df08f44-89a000f5adeso84692536d6.3
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:06 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.04
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743926; x=1773348726; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=31jlvN5wVwa4G/7vyDJs7qSCTlgMRWD/K+uKL2YBkfI=;
 b=vinssO22YF930Ag97yzyZzrNGHhoN8ByojUDIuYrJvXji6VBPnTZhb48y1EdSDjNZ2
 O7BGV4minj7ornjNF0XSOguSD2JJchmwe2d+Rm8ObZtMu3mYXM33mZXnliLmIPn4IsBr
 N/3YsKJgDh81l3hcKTCVBjPM+2bGenlBeUB0jmYf/Z0CyzKnDm0mmh4CT5eO8I9aKmDx
 Hsu1d20pkCnvB2zW+UQLqybkXDOl2BN0c7levTmZqaCFMPc7eZxKIkWxJxeJzxPh5DKI
 mquJgNu/6BUcxenxx+S9I0C7sKPu8u3yEjok7R6muhwmood0Z/G58jwwaAYYO+Hq2146
 FnuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743926; x=1773348726;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=31jlvN5wVwa4G/7vyDJs7qSCTlgMRWD/K+uKL2YBkfI=;
 b=EfGG5m25dV2BIXMuL6ld6kxQiW2aiNlCIqG9xRLZy8LjgFVcP2dpVod6i6zcMaCNRu
 S429V2ItUIeQ14KOyYD+MVF5Lt7h6kXeDW0im4sS3TaQa1EETjKSH24cs8sz/VSXFKS5
 Q7UKYJ/zQnTFGTc93ELZfMzvXRo78fYFb8ZEM0HX7ydRQ02mjer9SKsqTshbN6U+cbcS
 Ota+Dq/YPHG4R0n+jvBG762fddY6DkJaPujhG1mIgu3By74VPo3qF3yt8Kzsx1ptMAYb
 67+A1OvG+FNuXEYHG6mipCdP0LphxcmZYzUwysFPENi7I+vRrOTWM7Bkcdvjp2p9aAIH
 CW1Q==
X-Gm-Message-State: AOJu0Yw67MVEbl2Y4CyXcrWerL4DVSwX/Qd5PtWOMkYI3VmOOefxe45W
 y081H1v0U+ELmd1sRYM6mTjp4gAD1B4JLj1WnC96qhlmnRJs4G2KZQDBAfGgjZDWBXwei/NM/f9
 MxBih
X-Gm-Gg: ATEYQzwc00ZlrBEucs++ukfTJM4Lc4Xdgmb+MP3sLFycQHdIm9i+W4UhUlrarRziCES
 +o3F5E6zX5q3aOrfl77sLiQCgqRHDPRryG7S0+PWVtnzqHn0FDVJTbIfxZ8RhKKB0GJssEf+oas
 zAFEj8k7KmtG3Z1Cjt+lAh4UzmxGr+/WTMQbb3Y3tMaGmMLwDJGDAweMtZCZ6AFJyaeOV6A3jzL
 1fX7rxN/ANKgFZySsby0iQW1VQJpbOQw84Vt48J5DkeH3tlU/oRa01rkqzknvEqmJKzHWzb2mZB
 5U0sWzyqW6SxDzk6rNxO3Qa606tVpRawPh+Subo9KM8xiBEBJXGJvVYzoxwXtKY0ZgrtAEv7856
 L6wtmr22xmxlVARt38q8gt3YOOcTASZBhDiyktrtM21VFrO+Jv7Ewo6anhiDdl/yiGPAJvDLIdS
 7MLQ+kFa1snaof17aKBMT7vpFv8ofS5FQCxZmMSiBBrsRDM0p5M9yjaTeVm8JKXVdihC0PVS5sp
 LA4
X-Received: by 2002:ad4:5cc6:0:b0:89a:929:9e4e with SMTP id
 6a1803df08f44-89a1998b83dmr107621166d6.14.1772743925710;
 Thu, 05 Mar 2026 12:52:05 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 03/12] linux-user: make syscall emulation interruptible
Date: Thu,  5 Mar 2026 12:51:43 -0800
Message-ID: <20260305205152.2121854-4-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f34;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf34.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772743973309158500

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

The syscall emulation code previously wasn't interruptible via
cpu_loop_exit(), as this construct relies on a longjmp target that is not
live anymore in the syscall handling code. Consequently, longjmp() would
operate on a (potentially overwritten) stale jump buffer. This patch adds a=
n additional
setjmp and the necessary handling around it to make longjmp() (and by
proxy cpu_loop_exit() safe to call even within a syscall context.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-3-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 linux-user/include/special-errno.h |  8 ++++++++
 linux-user/aarch64/cpu_loop.c      |  2 +-
 linux-user/alpha/cpu_loop.c        |  2 +-
 linux-user/arm/cpu_loop.c          |  2 +-
 linux-user/hexagon/cpu_loop.c      |  2 +-
 linux-user/hppa/cpu_loop.c         |  1 +
 linux-user/i386/cpu_loop.c         |  8 +++++---
 linux-user/loongarch64/cpu_loop.c  |  5 +++--
 linux-user/m68k/cpu_loop.c         |  2 +-
 linux-user/microblaze/cpu_loop.c   |  2 +-
 linux-user/mips/cpu_loop.c         |  9 ++++++---
 linux-user/or1k/cpu_loop.c         |  2 +-
 linux-user/ppc/cpu_loop.c          | 10 +++++++---
 linux-user/riscv/cpu_loop.c        |  2 +-
 linux-user/s390x/cpu_loop.c        |  2 +-
 linux-user/sh4/cpu_loop.c          |  2 +-
 linux-user/sparc/cpu_loop.c        |  4 +++-
 linux-user/syscall.c               | 16 ++++++++++++++++
 linux-user/xtensa/cpu_loop.c       |  1 +
 19 files changed, 60 insertions(+), 22 deletions(-)

diff --git a/linux-user/include/special-errno.h b/linux-user/include/specia=
l-errno.h
index 4120455baaf..1db757241a3 100644
--- a/linux-user/include/special-errno.h
+++ b/linux-user/include/special-errno.h
@@ -29,4 +29,12 @@
  */
 #define QEMU_ESIGRETURN   513
=20
+/*
+ * This is returned after a plugin has used the qemu_plugin_set_pc API, to
+ * indicate that the plugin deliberately changed the PC and potentially
+ * modified the register values. The main loop should not touch the guest
+ * registers for this reason.
+ */
+#define QEMU_ESETPC       514
+
 #endif /* SPECIAL_ERRNO_H */
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index 7f66a879ea9..e7f643d69d5 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -181,7 +181,7 @@ void cpu_loop(CPUARMState *env)
                              0, 0);
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->pc -=3D 4;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->xregs[0] =3D ret;
             }
             break;
diff --git a/linux-user/alpha/cpu_loop.c b/linux-user/alpha/cpu_loop.c
index f93597c400d..bef196b1f56 100644
--- a/linux-user/alpha/cpu_loop.c
+++ b/linux-user/alpha/cpu_loop.c
@@ -82,7 +82,7 @@ void cpu_loop(CPUAlphaState *env)
                     env->pc -=3D 4;
                     break;
                 }
-                if (sysret =3D=3D -QEMU_ESIGRETURN) {
+                if (sysret =3D=3D -QEMU_ESIGRETURN || sysret =3D=3D -QEMU_=
ESETPC) {
                     break;
                 }
                 /* Syscall writes 0 to V0 to bypass error check, similar
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index 40aefc4c1d7..19874f4c727 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -399,7 +399,7 @@ void cpu_loop(CPUARMState *env)
                                      0, 0);
                     if (ret =3D=3D -QEMU_ERESTARTSYS) {
                         env->regs[15] -=3D env->thumb ? 2 : 4;
-                    } else if (ret !=3D -QEMU_ESIGRETURN) {
+                    } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU=
_ESETPC) {
                         env->regs[0] =3D ret;
                     }
                 }
diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c
index 5711055aff2..9464246e9e3 100644
--- a/linux-user/hexagon/cpu_loop.c
+++ b/linux-user/hexagon/cpu_loop.c
@@ -56,7 +56,7 @@ void cpu_loop(CPUHexagonState *env)
                              0, 0);
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->gpr[HEX_REG_PC] -=3D 4;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->gpr[0] =3D ret;
             }
             break;
diff --git a/linux-user/hppa/cpu_loop.c b/linux-user/hppa/cpu_loop.c
index 972e85c487d..4b4b663052b 100644
--- a/linux-user/hppa/cpu_loop.c
+++ b/linux-user/hppa/cpu_loop.c
@@ -124,6 +124,7 @@ void cpu_loop(CPUHPPAState *env)
                 break;
             case -QEMU_ERESTARTSYS:
             case -QEMU_ESIGRETURN:
+            case -QEMU_ESETPC:
                 break;
             }
             break;
diff --git a/linux-user/i386/cpu_loop.c b/linux-user/i386/cpu_loop.c
index f3f58576af5..fe922fceb5a 100644
--- a/linux-user/i386/cpu_loop.c
+++ b/linux-user/i386/cpu_loop.c
@@ -181,7 +181,9 @@ static void emulate_vsyscall(CPUX86State *env)
     if (ret =3D=3D -TARGET_EFAULT) {
         goto sigsegv;
     }
-    env->regs[R_EAX] =3D ret;
+    if (ret !=3D -QEMU_ESETPC) {
+        env->regs[R_EAX] =3D ret;
+    }
=20
     /* Emulate a ret instruction to leave the vsyscall page.  */
     env->eip =3D caller;
@@ -234,7 +236,7 @@ void cpu_loop(CPUX86State *env)
                              0, 0);
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->eip -=3D 2;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->regs[R_EAX] =3D ret;
             }
             break;
@@ -253,7 +255,7 @@ void cpu_loop(CPUX86State *env)
                              0, 0);
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->eip -=3D 2;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->regs[R_EAX] =3D ret;
             }
             break;
diff --git a/linux-user/loongarch64/cpu_loop.c b/linux-user/loongarch64/cpu=
_loop.c
index 26a5ce3a936..603fcc39c7f 100644
--- a/linux-user/loongarch64/cpu_loop.c
+++ b/linux-user/loongarch64/cpu_loop.c
@@ -44,9 +44,10 @@ void cpu_loop(CPULoongArchState *env)
                 env->pc -=3D 4;
                 break;
             }
-            if (ret =3D=3D -QEMU_ESIGRETURN) {
+            if (ret =3D=3D -QEMU_ESIGRETURN || ret =3D=3D -QEMU_ESETPC) {
                 /*
-                 * Returning from a successful sigreturn syscall.
+                 * Returning from a successful sigreturn syscall or from
+                 * control flow diversion in a plugin callback.
                  * Avoid clobbering register state.
                  */
                 break;
diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index 2c9f628241f..b98ca8ff7b9 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -66,7 +66,7 @@ void cpu_loop(CPUM68KState *env)
                                  0, 0);
                 if (ret =3D=3D -QEMU_ERESTARTSYS) {
                     env->pc -=3D 2;
-                } else if (ret !=3D -QEMU_ESIGRETURN) {
+                } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESE=
TPC) {
                     env->dregs[0] =3D ret;
                 }
             }
diff --git a/linux-user/microblaze/cpu_loop.c b/linux-user/microblaze/cpu_l=
oop.c
index 78506ab23d9..06d92c0b90d 100644
--- a/linux-user/microblaze/cpu_loop.c
+++ b/linux-user/microblaze/cpu_loop.c
@@ -54,7 +54,7 @@ void cpu_loop(CPUMBState *env)
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 /* Wind back to before the syscall. */
                 env->pc -=3D 4;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->regs[3] =3D ret;
             }
             /* All syscall exits result in guest r14 being equal to the
diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
index 2365de1de1a..fa264b27ec5 100644
--- a/linux-user/mips/cpu_loop.c
+++ b/linux-user/mips/cpu_loop.c
@@ -140,9 +140,12 @@ done_syscall:
                 env->active_tc.PC -=3D 4;
                 break;
             }
-            if (ret =3D=3D -QEMU_ESIGRETURN) {
-                /* Returning from a successful sigreturn syscall.
-                   Avoid clobbering register state.  */
+            if (ret =3D=3D -QEMU_ESIGRETURN || ret =3D=3D -QEMU_ESETPC) {
+                /*
+                 * Returning from a successful sigreturn syscall or from
+                 * control flow diversion in a plugin callback.
+                 * Avoid clobbering register state.
+                 */
                 break;
             }
             if ((abi_ulong)ret >=3D (abi_ulong)-1133) {
diff --git a/linux-user/or1k/cpu_loop.c b/linux-user/or1k/cpu_loop.c
index 2167d880d55..e7e9929e6f5 100644
--- a/linux-user/or1k/cpu_loop.c
+++ b/linux-user/or1k/cpu_loop.c
@@ -48,7 +48,7 @@ void cpu_loop(CPUOpenRISCState *env)
                              cpu_get_gpr(env, 8), 0, 0);
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->pc -=3D 4;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 cpu_set_gpr(env, 11, ret);
             }
             break;
diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
index b0b0cb14b41..1f9ee20bd0c 100644
--- a/linux-user/ppc/cpu_loop.c
+++ b/linux-user/ppc/cpu_loop.c
@@ -340,9 +340,13 @@ void cpu_loop(CPUPPCState *env)
                 env->nip -=3D 4;
                 break;
             }
-            if (ret =3D=3D (target_ulong)(-QEMU_ESIGRETURN)) {
-                /* Returning from a successful sigreturn syscall.
-                   Avoid corrupting register state.  */
+            if (ret =3D=3D (target_ulong)(-QEMU_ESIGRETURN) ||
+                ret =3D=3D (target_ulong)(-QEMU_ESETPC)) {
+                /*
+                 * Returning from a successful sigreturn syscall or from
+                 * control flow diversion in a plugin callback.
+                 * Avoid corrupting register state.
+                 */
                 break;
             }
             if (ret > (target_ulong)(-515)) {
diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c
index ce542540c28..eecc8d15178 100644
--- a/linux-user/riscv/cpu_loop.c
+++ b/linux-user/riscv/cpu_loop.c
@@ -65,7 +65,7 @@ void cpu_loop(CPURISCVState *env)
             }
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->pc -=3D 4;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->gpr[xA0] =3D ret;
             }
             if (cs->singlestep_enabled) {
diff --git a/linux-user/s390x/cpu_loop.c b/linux-user/s390x/cpu_loop.c
index 4929b32e1fc..67d2a803fbc 100644
--- a/linux-user/s390x/cpu_loop.c
+++ b/linux-user/s390x/cpu_loop.c
@@ -83,7 +83,7 @@ void cpu_loop(CPUS390XState *env)
                              env->regs[6], env->regs[7], 0, 0);
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->psw.addr -=3D env->int_svc_ilen;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->regs[2] =3D ret;
             }
=20
diff --git a/linux-user/sh4/cpu_loop.c b/linux-user/sh4/cpu_loop.c
index 0c9d7e9c46b..ee2958d0d93 100644
--- a/linux-user/sh4/cpu_loop.c
+++ b/linux-user/sh4/cpu_loop.c
@@ -50,7 +50,7 @@ void cpu_loop(CPUSH4State *env)
                              0, 0);
             if (ret =3D=3D -QEMU_ERESTARTSYS) {
                 env->pc -=3D 2;
-            } else if (ret !=3D -QEMU_ESIGRETURN) {
+            } else if (ret !=3D -QEMU_ESIGRETURN && ret !=3D -QEMU_ESETPC)=
 {
                 env->gregs[0] =3D ret;
             }
             break;
diff --git a/linux-user/sparc/cpu_loop.c b/linux-user/sparc/cpu_loop.c
index 7391e2add8d..ab633eeae3f 100644
--- a/linux-user/sparc/cpu_loop.c
+++ b/linux-user/sparc/cpu_loop.c
@@ -229,7 +229,9 @@ void cpu_loop (CPUSPARCState *env)
                               env->regwptr[2], env->regwptr[3],
                               env->regwptr[4], env->regwptr[5],
                               0, 0);
-            if (ret =3D=3D -QEMU_ERESTARTSYS || ret =3D=3D -QEMU_ESIGRETUR=
N) {
+            if (ret =3D=3D -QEMU_ERESTARTSYS ||
+                ret =3D=3D -QEMU_ESIGRETURN ||
+                ret =3D=3D -QEMU_ESETPC) {
                 break;
             }
             if ((abi_ulong)ret >=3D (abi_ulong)(-515)) {
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d466d0e32f1..99e1ed97d9f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -43,6 +43,7 @@
 #include <linux/capability.h>
 #include <sched.h>
 #include <sys/timex.h>
+#include <setjmp.h>
 #include <sys/socket.h>
 #include <linux/sockios.h>
 #include <sys/un.h>
@@ -600,6 +601,9 @@ const char *target_strerror(int err)
     if (err =3D=3D QEMU_ESIGRETURN) {
         return "Successful exit from sigreturn";
     }
+    if (err =3D=3D QEMU_ESETPC) {
+        return "Successfully redirected control flow";
+    }
=20
     return strerror(target_to_host_errno(err));
 }
@@ -14410,6 +14414,18 @@ abi_long do_syscall(CPUArchState *cpu_env, int num=
, abi_long arg1,
         return -QEMU_ESIGRETURN;
     }
=20
+    /*
+     * Set up a longjmp target here so that we can call cpu_loop_exit to
+     * redirect control flow back to the main loop even from within
+     * syscall-related plugin callbacks.
+     * For other types of callbacks or longjmp call sites, the longjmp tar=
get
+     * is set up in the cpu loop itself but in syscalls the target is not =
live
+     * anymore.
+     */
+    if (unlikely(sigsetjmp(cpu->jmp_env, 0) !=3D 0)) {
+        return -QEMU_ESETPC;
+    }
+
     record_syscall_start(cpu, num, arg1,
                          arg2, arg3, arg4, arg5, arg6, arg7, arg8);
=20
diff --git a/linux-user/xtensa/cpu_loop.c b/linux-user/xtensa/cpu_loop.c
index a0ff10eff82..d2b4ccdfade 100644
--- a/linux-user/xtensa/cpu_loop.c
+++ b/linux-user/xtensa/cpu_loop.c
@@ -186,6 +186,7 @@ void cpu_loop(CPUXtensaState *env)
                     break;
=20
                 case -QEMU_ESIGRETURN:
+                case -QEMU_ESETPC:
                     break;
                 }
                 break;
--=20
2.47.3


From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744034; cv=none;
	d=zohomail.com; s=zohoarc;
	b=nlWi8n4ujnuKeHZCEqqgMT+KRMBcSufRDMCUa2VtvFv9/2ULBk4wZA6FQavqoQ3tgxQ80GibfwdD0o2orQJCKK7TJ2BofB+V5DBCXySUGydQfV1jqfe+r12ZbULcsh0QT+W1bBz2pDrU4rf1I206pllXvFNWjfIFqp1KZXlw5k4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744034;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=d4SC8zI77LVYBtxxNYz99rDPWHlviBrZcRQFsEBhS3Q=;
	b=fglCDZAPxGX+cf0beFBjekLIU1QV8gRt1lHUEw3loXHg5OapuRNGURJPADGCjcXrWmtOmDgvhkLKTlOqGXCerR7PjNrkEBajYyOzEej6Ph0qqMIZjvugH2SiMQK+Pb7S3Nf24e2QM9J5J8p3NiHo+K8f1y5Uy8dY39hgF3twn0A=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772744034675247.19464992654946;
 Thu, 5 Mar 2026 12:53:54 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFg6-0006ZE-Ma; Thu, 05 Mar 2026 15:52:14 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg2-0006Y7-Ak
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:10 -0500
Received: from mail-qk1-x733.google.com ([2607:f8b0:4864:20::733])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg0-00066J-JK
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:10 -0500
Received: by mail-qk1-x733.google.com with SMTP id
 af79cd13be357-8cb40277a8bso887014985a.1
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:07 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.05
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743927; x=1773348727; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=d4SC8zI77LVYBtxxNYz99rDPWHlviBrZcRQFsEBhS3Q=;
 b=t6dgy+onl2qAM1afPsYRd4JG/vIgeNDbncYWSacCVDFw5xLY5nXqAwXga9fFyK5F5n
 ftL3JxqlC9wHhRYupo4i7E+EWq+OncmBe70fFc4UdrnewGhx/Via7awJte8qHkhOkIjB
 I5SPBnTxp9ZbWwn1+Z7DbHWzgQA+AX4ZiGYiC25NBRSYH6x1yAVwqHeY3OIIb1kMYjXK
 iUf+FQpgS1Cl1c85FaoaPD21J+Sf8NuCWolVr+u5b3VfO2nfyO2r2GSWysH16+tdkQpS
 vN6oi4CUk/xj6Lldx2OTIZcHwqzfzhLNq6e/L9/JW/RX7i8XZ7fW3nx9f8CoPTzPinqE
 VovA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743927; x=1773348727;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=d4SC8zI77LVYBtxxNYz99rDPWHlviBrZcRQFsEBhS3Q=;
 b=hnZsalnQgqoBYnZN9kHwuk3VTe8tThnBVGPIEeMbGFbVi6kzseCqzMW+zph1l4BOZ4
 7L6XR72F2J/oEL9koIlYt43IFePeHu3aHd3NlRVxFZ0a3tHfYzrcj3TX35Ykaqsi92ug
 fNjN3TLQnOjqChZPXlwOekJHzq+OUZ4FMfobjQeU1kgORD7o+yortucxGB6JhhGRQPwF
 y2Rt8WaNgkbhY68460CObgzhdnLNeqXvXLkDy9xsSvM79dqym7R4tzku5fSPFyHzfDVi
 zLTauYRvlaCZp6VQb2av3pp4g2gEN5x/CBRYAMUEtcctKkracVCQrRW1gQ9faz+3saDt
 0yLw==
X-Gm-Message-State: AOJu0Yy9vleezBmNcYCwnlVPKYuxVusRAW8qW/J5NqhOhGICQbQiP8Sj
 CzQTfz3lN3vICOSSTq1XYZbLt8meA59rn/cYnNY3l6neWBTy7zTL1zNsJppTtMVB7XspRkUZTM2
 CX3w5
X-Gm-Gg: ATEYQzzTPgp+fMhckBF73mTDnXSPNpqpFlMh0cq7gP5wkZlt5RJ1aJLiwZlWTipcIhi
 lFtMwzWq788Qe8kIrTPrQ3W7ymZRVei3xsH9dmHJtVNLFJwkpVwveIkn9xKLWubONrVv7vB7Q05
 sSWESxZpF0sfneEjnhL8X4LeP+MBy8yc7u9HRy5uHJaMyGnFRLGuzEK9TVydOKTMuPO+ImMbm/1
 eTlzPkssxsLy7QeNoEyWGooG27lc1QJnNzYRrCkpTGxi2/n+PuAhKWr00ydi/xl1sBWzbeBftaI
 6beeLQkFUyVa/zu5/6cKftBshx4oEdmCorO/t07M1zevAd8k0qFRWDP6gHM9nDzZxBzXghZXdMb
 lHVMlArra01ppbLfiRyA70JArjQOyXadcsRjGhKsYFnaOtgRu/+FaYCX8ZMuuRfLgXfkltitGlB
 wdCA0F0XYtEo0aOcOA1aSwJd7HybIn0mSD2YIFOcxIri+QN2Qk5CwHiXCjr2cnY+/xS+vhzB3EJ
 7gW
X-Received: by 2002:a05:620a:4102:b0:8cb:9975:cba8 with SMTP id
 af79cd13be357-8cd6b029bf3mr191898385a.62.1772743927082;
 Thu, 05 Mar 2026 12:52:07 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 04/12] plugins: add PC diversion API function
Date: Thu,  5 Mar 2026 12:51:44 -0800
Message-ID: <20260305205152.2121854-5-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::733;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qk1-x733.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744035481158500
Content-Type: text/plain; charset="utf-8"

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

This patch adds a plugin API function that allows diverting the program
counter during execution. A potential use case for this functionality is
to skip over parts of the code, e.g., by hooking into a specific
instruction and setting the PC to the next instruction in the callback.

Link: https://lists.nongnu.org/archive/html/qemu-devel/2025-08/msg00656.html
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-4-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 include/plugins/qemu-plugin.h  | 13 +++++++++++++
 plugins/api.c                  | 11 +++++++++++
 scripts/qemu-plugin-symbols.py |  9 +++++++--
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index a6ec8e275d8..7b9cd6a9717 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -76,6 +76,7 @@ typedef uint64_t qemu_plugin_id_t;
  *
  * version 6:
  * - changed return value of qemu_plugin_{read,write}_register from int to=
 bool
+ * - added qemu_plugin_set_pc
  */
=20
 extern QEMU_PLUGIN_EXPORT int qemu_plugin_version;
@@ -1042,6 +1043,18 @@ QEMU_PLUGIN_API
 bool qemu_plugin_write_register(struct qemu_plugin_register *handle,
                                 GByteArray *buf);
=20
+/**
+ * qemu_plugin_set_pc() - set the program counter for the current vCPU
+ *
+ * @vaddr: the new virtual (guest) address for the program counter
+ *
+ * This function sets the program counter for the current vCPU to @vaddr a=
nd
+ * resumes execution at that address. This function does not return.
+ */
+QEMU_PLUGIN_API
+__attribute__((__noreturn__))
+void qemu_plugin_set_pc(uint64_t vaddr);
+
 /**
  * qemu_plugin_read_memory_vaddr() - read from memory using a virtual addr=
ess
  *
diff --git a/plugins/api.c b/plugins/api.c
index 32eb086300d..23c291f6444 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -41,6 +41,7 @@
 #include "qemu/log.h"
 #include "system/memory.h"
 #include "tcg/tcg.h"
+#include "exec/cpu-common.h"
 #include "exec/gdbstub.h"
 #include "exec/target_page.h"
 #include "exec/translation-block.h"
@@ -467,6 +468,16 @@ bool qemu_plugin_write_register(struct qemu_plugin_reg=
ister *reg,
     return (gdb_write_register(current_cpu, buf->data, GPOINTER_TO_INT(reg=
) - 1) > 0);
 }
=20
+void qemu_plugin_set_pc(uint64_t vaddr)
+{
+    g_assert(current_cpu);
+
+    g_assert(qemu_plugin_get_cb_flags() =3D=3D QEMU_PLUGIN_CB_RW_REGS_PC);
+
+    cpu_set_pc(current_cpu, vaddr);
+    cpu_loop_exit(current_cpu);
+}
+
 bool qemu_plugin_read_memory_vaddr(uint64_t addr, GByteArray *data, size_t=
 len)
 {
     g_assert(current_cpu);
diff --git a/scripts/qemu-plugin-symbols.py b/scripts/qemu-plugin-symbols.py
index 69644979c19..ce99796ce2a 100644
--- a/scripts/qemu-plugin-symbols.py
+++ b/scripts/qemu-plugin-symbols.py
@@ -20,9 +20,14 @@ def extract_symbols(plugin_header):
     # Remove QEMU_PLUGIN_API macro definition.
     content =3D content.replace('#define QEMU_PLUGIN_API', '')
     expected =3D content.count('QEMU_PLUGIN_API')
-    # Find last word between QEMU_PLUGIN_API and (, matching on several li=
nes.
+    # Find last word between QEMU_PLUGIN_API and ( to get the function nam=
e,
+    # matching on several lines. Discard attributes, if any.
     # We use *? non-greedy quantifier.
-    syms =3D re.findall(r'QEMU_PLUGIN_API.*?(\w+)\s*\(', content, re.DOTAL=
L)
+    syms =3D re.findall(
+        r'QEMU_PLUGIN_API\s+(?:__attribute__\(\(\S+\)\))?.*?(\w+)\s*\(',
+        content,
+        re.DOTALL,
+    )
     syms.sort()
     # Ensure we found as many symbols as API markers.
     assert len(syms) =3D=3D expected
--=20
2.47.3
From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772743989; cv=none;
	d=zohomail.com; s=zohoarc;
	b=dDB8SJg9MZaCFP86FmZ5TibpWjuUv/L2twBMThYUwBBrmbnLhpqT0CRqEtBj9B6TT5vkaPQOoz6BFHcKGYhUgCeUz8ElO4F3EsO1SS38MxtWca1S6s3Jw7T1nVGssSyOUWWLmFOz2udDRS8o3eZL/8TXX37jnnkbUgz6pkiHe4o=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772743989;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=rd8M5nodG2RHn+UrDTOzLTrwNAgiU0HwN3M6Mlv5xCQ=;
	b=KaLDSJS28k4kcQoIPOtumWl9UJad5+jIN24f3R12s1PDbpFb3cjKUkskcncwWPKjkUK3cyk9JwIUH8RiCejfB0zS2lkKTVTw8Ihmv9msQK0D7Zcn39c9APvOlevdnYQYxpHiGuaNTasy+72g8DMNBOdCkhs/qlQMNmh/LlU6h0U=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772743989167535.4151888518259;
 Thu, 5 Mar 2026 12:53:09 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFg9-0006as-3d; Thu, 05 Mar 2026 15:52:17 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg6-0006ZL-06
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:14 -0500
Received: from mail-qt1-x830.google.com ([2607:f8b0:4864:20::830])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg1-00066W-RQ
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:13 -0500
Received: by mail-qt1-x830.google.com with SMTP id
 d75a77b69052e-5069b3e0c66so127206691cf.1
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:09 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743929; x=1773348729; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=rd8M5nodG2RHn+UrDTOzLTrwNAgiU0HwN3M6Mlv5xCQ=;
 b=YyFW2chC5DnLJXtpsbFNPj3LBAh8F+ofeHtPAZi7guIiS4zBu0pySEvpdn5bISf6j6
 FYzJpxZSViPCvTFmw1r6pCKCRmMbX23Y/reeyvUKlb2YwjyrET1iCMqjTAZ20fBLUXrZ
 bAmk8z4L9M6f73h/2UNDPaWa82fA2WRXqcKmiZwW9BA12T1ZI83SVuNtW7inJhtgOUKm
 a03opoEMnAeO3bowLiagmU+2naIsCAS07JBop2CKrROubEz1v7jpFxd/3ephkKErUmYn
 o6TOhz2kK7OVD6MPOcubxsZdEFaKlnXsUkR9O2VZeCu6GAhgmBhHGMDO5nyuKboESr+n
 6+gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743929; x=1773348729;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=rd8M5nodG2RHn+UrDTOzLTrwNAgiU0HwN3M6Mlv5xCQ=;
 b=B+FpMWg2lwesVWTgJ2SoOpfGE07FOkgTIEMjNP9pe7tqwEoggydNaMaQpI1V7bH593
 NYle2CFXfAbWNK4GTme06Mqz2aT3yT1rG//UjlcJTJD5d4W5QUn4UPAfewOZEyPzBO1a
 HPMloO4v1kNg5YwaMXfsgvSpVlRXOmADVxZalJEckywXYRLyLrwzp5YhQ9lvQZuiqD6s
 o1y6PVrVFu9kdFHPeFSTJBLSIJjTptxS5ogNqY+mAxdqvfAUjLXiTV9dmzDye7zG23zj
 oQVGQL5c0d5MILo0pZoNAkEmKawH1VpTnpALc2WKwDCjxVXLvhyzOUyGRzD+dTLeHect
 +0FA==
X-Gm-Message-State: AOJu0YyeKvb45hWpjBClrju/appiuaPB0wD5PPDMq00/dWDE4sp4tQqJ
 gFrLyGHF3BE5Yj+1/TPOH2moqc1eNR92uCJ9hKHP/yzQnYsfeuVQXGEr9f7aXrrLI013rjxkNbH
 WT1SI
X-Gm-Gg: ATEYQzwmwPTEL71D/TpleZd9ON7rvxunj5lq8+wOAlzKyDPUVAvPBqFXyaHNVFzHlS8
 +TfkOcSa5LaMdAVgmjluMfMj+n5QZl2Vw2MPBUVeRwdI/6AUgkiYgQN7kfmxT0NOF7acS1FTxZ8
 roq8jA5pHkl8H4Fei4nr8hvmRXgt/S6/vm/IpWkr1yUsVSiiVedmX80rSK8BmTPbnUzzpxfzdAD
 ZCKo3mCy0i4Pndu/MOeGQAkonWQUxBJGtFt6ZbKyN5tVAMmQk9QH+GXDPoXJXm1fCQU9bLDt0Sv
 DD/sQik2fjmzColpQX15HjOj5UpgIahLSOJDlj0a/rzl4gbqqsNq9Kh3rMhaEqaK3OQOW5FSIXr
 uuu8uHxCuYBp+/nTqsDY+DBQIKEXUak5/9yklGHkVZmQ40v2cpgtnGXr6IQFGe0nNAnAfDeBT5f
 +hb1o+JVnSsPwHXRHTs72nNfyJvCfklEZV0hOilbP4zkFSA6VQkClMIVlfOXRfYrxcFxYEtHTAs
 Kcw
X-Received: by 2002:a05:622a:292:b0:505:e529:11e9 with SMTP id
 d75a77b69052e-508e69b9239mr49038901cf.36.1772743928511;
 Thu, 05 Mar 2026 12:52:08 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 05/12] tests/tcg: add tests for qemu_plugin_set_pc API
Date: Thu,  5 Mar 2026 12:51:45 -0800
Message-ID: <20260305205152.2121854-6-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::830;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qt1-x830.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772743991419158500
Content-Type: text/plain; charset="utf-8"

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

The test plugin intercepts execution in different contexts. Without the
plugin, any of the implemented test functions would trigger an assert
and fail. With the plugin, control flow is redirected to skip the assert
and return cleanly via the qemu_plugin_set_pc() API.

Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-5-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 MAINTAINERS                                   |   1 +
 .../{ =3D> plugin}/test-plugin-mem-access.c     |   0
 .../tcg/multiarch/plugin/test-plugin-set-pc.c | 134 ++++++++++++++++++
 tests/tcg/plugins/setpc.c                     | 105 ++++++++++++++
 tests/tcg/arm/Makefile.target                 |   6 +
 tests/tcg/hexagon/Makefile.target             |   8 ++
 tests/tcg/multiarch/Makefile.target           |  17 ++-
 .../{ =3D> plugin}/check-plugin-output.sh       |   0
 tests/tcg/plugins/meson.build                 |   1 +
 9 files changed, 269 insertions(+), 3 deletions(-)
 rename tests/tcg/multiarch/{ =3D> plugin}/test-plugin-mem-access.c (100%)
 create mode 100644 tests/tcg/multiarch/plugin/test-plugin-set-pc.c
 create mode 100644 tests/tcg/plugins/setpc.c
 rename tests/tcg/multiarch/{ =3D> plugin}/check-plugin-output.sh (100%)

diff --git a/MAINTAINERS b/MAINTAINERS
index 6698e5ff69c..63c0af4d86d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4104,6 +4104,7 @@ S: Maintained
 F: docs/devel/tcg-plugins.rst
 F: plugins/
 F: tests/tcg/plugins/
+F: tests/tcg/multiarch/plugin/
 F: tests/functional/aarch64/test_tcg_plugins.py
 F: contrib/plugins/
 F: scripts/qemu-plugin-symbols.py
diff --git a/tests/tcg/multiarch/test-plugin-mem-access.c b/tests/tcg/multi=
arch/plugin/test-plugin-mem-access.c
similarity index 100%
rename from tests/tcg/multiarch/test-plugin-mem-access.c
rename to tests/tcg/multiarch/plugin/test-plugin-mem-access.c
diff --git a/tests/tcg/multiarch/plugin/test-plugin-set-pc.c b/tests/tcg/mu=
ltiarch/plugin/test-plugin-set-pc.c
new file mode 100644
index 00000000000..f8343dfba84
--- /dev/null
+++ b/tests/tcg/multiarch/plugin/test-plugin-set-pc.c
@@ -0,0 +1,134 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2026, Florian Hofhammer <florian.hofhammer@epfl.ch>
+ *
+ * This test set exercises the qemu_plugin_set_pc() function in four diffe=
rent
+ * contexts:
+ * 1. in an instruction callback during normal execution,
+ * 2. in an instruction callback during signal handling,
+ * 3. in a memory access callback.
+ * 4. in a syscall callback,
+ */
+#include <assert.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+
+/* If we issue this magic syscall, ... */
+#define MAGIC_SYSCALL 4096
+/* ... the plugin either jumps directly to the target address ... */
+#define SETPC 0
+/* ... or just updates the target address for future use in callbacks. */
+#define SETTARGET 1
+
+static int signal_handled;
+
+void panic(const char *msg)
+{
+    fprintf(stderr, "Panic: %s\n", msg);
+    abort();
+}
+
+/*
+ * This test executes a magic syscall which communicates two addresses to =
the
+ * plugin via the syscall arguments. Whenever we reach the "bad" instructi=
on
+ * during normal execution, the plugin should redirect control flow to the
+ * "good" instruction instead.
+ */
+void test_insn(void)
+{
+    long ret =3D syscall(MAGIC_SYSCALL, SETTARGET, &&bad_insn, &&good_insn,
+                       NULL);
+    assert(ret =3D=3D 0 && "Syscall filter did not return expected value");
+bad_insn:
+    panic("PC redirection in instruction callback failed");
+good_insn:
+    puts("PC redirection in instruction callback succeeded");
+}
+
+/*
+ * This signal handler communicates a "bad" and a "good" address to the pl=
ugin
+ * similar to the previous test, and skips to the "good" address when the =
"bad"
+ * one is reached. This serves to test whether PC redirection via
+ * qemu_plugin_set_pc() also works properly in a signal handler context.
+ */
+void usr1_handler(int signum)
+{
+    long ret =3D syscall(MAGIC_SYSCALL, SETTARGET, &&bad_signal, &&good_si=
gnal,
+                       NULL);
+    assert(ret =3D=3D 0 && "Syscall filter did not return expected value");
+bad_signal:
+    panic("PC redirection in instruction callback failed");
+good_signal:
+    signal_handled =3D 1;
+    puts("PC redirection in instruction callback succeeded");
+}
+
+/*
+ * This test sends a signal to the process, which should trigger the above
+ * signal handler. The signal handler should then exercise the PC redirect=
ion
+ * functionality in the context of a signal handler, which behaves a bit
+ * differently from normal execution.
+ */
+void test_sighandler(void)
+{
+    struct sigaction sa =3D {0};
+    sa.sa_handler =3D usr1_handler;
+    sigaction(SIGUSR1, &sa, NULL);
+    pid_t pid =3D getpid();
+    kill(pid, SIGUSR1);
+    assert(signal_handled =3D=3D 1 && "Signal handler was not executed pro=
perly");
+}
+
+/*
+ * This test communicates a "good" address and the address of a local vari=
able
+ * to the plugin. Upon accessing the local variable, the plugin should then
+ * redirect control flow to the "good" address via qemu_plugin_set_pc().
+ */
+void test_mem(void)
+{
+    static uint32_t test =3D 1;
+    long ret =3D syscall(MAGIC_SYSCALL, SETTARGET, NULL, &&good_mem, &test=
);
+    assert(ret =3D=3D 0 && "Syscall filter did not return expected value");
+    /* Ensure read access to the variable to trigger the plugin callback */
+    assert(test =3D=3D 1);
+    panic("PC redirection in memory access callback failed");
+good_mem:
+    puts("PC redirection in memory access callback succeeded");
+}
+
+/*
+ * This test executes a magic syscall which is intercepted and its actual
+ * execution skipped via the qemu_plugin_set_pc() API. In a proper plugin,
+ * syscall skipping would rather be implemented via the syscall filtering
+ * callback, but we want to make sure qemu_plugin_set_pc() works in differ=
ent
+ * contexts.
+ */
+__attribute__((noreturn))
+void test_syscall(void)
+{
+    syscall(MAGIC_SYSCALL, SETPC, &&good_syscall);
+    panic("PC redirection in syscall callback failed");
+good_syscall:
+    /*
+     * Note: we execute this test last and exit straight from here because=
 when
+     * the plugin redirects control flow upon syscall, the stack frame for=
 the
+     * syscall function (and potential other functions in the call chain in
+     * libc) is still live and the stack is not unwound properly. Thus,
+     * returning from here is risky and breaks on some architectures, so we
+     * just exit directly from this test.
+     */
+    _exit(EXIT_SUCCESS);
+}
+
+
+int main(int argc, char *argv[])
+{
+    test_insn();
+    test_sighandler();
+    test_mem();
+    test_syscall();
+}
diff --git a/tests/tcg/plugins/setpc.c b/tests/tcg/plugins/setpc.c
new file mode 100644
index 00000000000..8f2d025e245
--- /dev/null
+++ b/tests/tcg/plugins/setpc.c
@@ -0,0 +1,105 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2026, Florian Hofhammer <florian.hofhammer@epfl.ch>
+ */
+#include <assert.h>
+#include <glib.h>
+#include <inttypes.h>
+#include <unistd.h>
+
+#include <qemu-plugin.h>
+
+/* If we detect this magic syscall, ... */
+#define MAGIC_SYSCALL 4096
+/* ... the plugin either jumps directly to the target address ... */
+#define SETPC 0
+/* ... or just updates the target address for future use in callbacks. */
+#define SETTARGET 1
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_version =3D QEMU_PLUGIN_VERSION;
+
+static uint64_t source_pc;
+static uint64_t target_pc;
+static uint64_t target_vaddr;
+
+static bool vcpu_syscall_filter(qemu_plugin_id_t id, unsigned int vcpu_ind=
ex,
+                                int64_t num, uint64_t a1, uint64_t a2,
+                                uint64_t a3, uint64_t a4, uint64_t a5,
+                                uint64_t a6, uint64_t a7, uint64_t a8,
+                                uint64_t *sysret)
+{
+    if (num =3D=3D MAGIC_SYSCALL) {
+        if (a1 =3D=3D SETPC) {
+            qemu_plugin_outs("Magic syscall detected, jump to clean exit\n=
");
+            qemu_plugin_set_pc(a2);
+        } else if (a1 =3D=3D SETTARGET) {
+            qemu_plugin_outs("Magic syscall detected, set target_pc / "
+                             "target_vaddr\n");
+            source_pc =3D a2;
+            target_pc =3D a3;
+            target_vaddr =3D a4;
+            *sysret =3D 0;
+            return true;
+        } else {
+            qemu_plugin_outs("Unknown magic syscall argument, ignoring\n");
+        }
+    }
+    return false;
+}
+
+static void vcpu_insn_exec(unsigned int vcpu_index, void *userdata)
+{
+    uint64_t vaddr =3D (uint64_t)userdata;
+    if (vaddr =3D=3D source_pc) {
+        g_assert(target_pc !=3D 0);
+        g_assert(target_vaddr =3D=3D 0);
+
+        qemu_plugin_outs("Marker insn detected, jump to clean return\n");
+        qemu_plugin_set_pc(target_pc);
+    }
+}
+
+static void vcpu_mem_access(unsigned int vcpu_index,
+                            qemu_plugin_meminfo_t info,
+                            uint64_t vaddr, void *userdata)
+{
+    if (vaddr !=3D 0 && vaddr =3D=3D target_vaddr) {
+        g_assert(source_pc =3D=3D 0);
+        g_assert(target_pc !=3D 0);
+
+        qemu_plugin_outs("Marker mem access detected, jump to clean return=
\n");
+        qemu_plugin_set_pc(target_pc);
+    }
+}
+
+static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb)
+{
+    size_t insns =3D qemu_plugin_tb_n_insns(tb);
+    for (size_t i =3D 0; i < insns; i++) {
+        struct qemu_plugin_insn *insn =3D qemu_plugin_tb_get_insn(tb, i);
+        uint64_t insn_vaddr =3D qemu_plugin_insn_vaddr(insn);
+        /*
+         * Note: we cannot only register the callbacks if the instruction =
is
+         * in one of the functions of interest, because symbol lookup for
+         * filtering does not work for all architectures (e.g., ppc64).
+         */
+        qemu_plugin_register_vcpu_insn_exec_cb(insn, vcpu_insn_exec,
+                                               QEMU_PLUGIN_CB_RW_REGS_PC,
+                                               (void *)insn_vaddr);
+        qemu_plugin_register_vcpu_mem_cb(insn, vcpu_mem_access,
+                                         QEMU_PLUGIN_CB_RW_REGS_PC,
+                                         QEMU_PLUGIN_MEM_R, NULL);
+    }
+}
+
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
+                                           const qemu_info_t *info,
+                                           int argc, char **argv)
+{
+
+    qemu_plugin_register_vcpu_syscall_filter_cb(id, vcpu_syscall_filter);
+    qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
+    return 0;
+}
diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
index 6189d7a0e24..613bbf0939a 100644
--- a/tests/tcg/arm/Makefile.target
+++ b/tests/tcg/arm/Makefile.target
@@ -78,4 +78,10 @@ sha512-vector: sha512.c
=20
 ARM_TESTS +=3D sha512-vector
=20
+ifeq ($(CONFIG_PLUGIN),y)
+# Require emitting arm32 instructions, otherwise the vCPU might accidental=
ly
+# try to execute Thumb instructions in arm32 mode after qemu_plugin_set_pc=
()
+test-plugin-set-pc: CFLAGS+=3D-marm
+endif
+
 TESTS +=3D $(ARM_TESTS)
diff --git a/tests/tcg/hexagon/Makefile.target b/tests/tcg/hexagon/Makefile=
.target
index f86f02bb31c..a70ef2f6607 100644
--- a/tests/tcg/hexagon/Makefile.target
+++ b/tests/tcg/hexagon/Makefile.target
@@ -126,3 +126,11 @@ v73_scalar: CFLAGS +=3D -Wno-unused-function
=20
 hvx_histogram: hvx_histogram.c hvx_histogram_row.S
 	$(CC) $(CFLAGS) $(CROSS_CC_GUEST_CFLAGS) $^ -o $@ $(LDFLAGS)
+
+ifeq ($(CONFIG_PLUGIN),y)
+# LLVM is way too aggressive with inlining and dead code elimination even =
at
+# -O0, which interferes with the test. What looks like dead code in this t=
est
+# to the compiler isn't actually dead code, so we need to disable all pote=
ntial
+# LLVM optimization passes.
+test-plugin-set-pc: CFLAGS +=3D -Xclang -disable-llvm-passes
+endif
diff --git a/tests/tcg/multiarch/Makefile.target b/tests/tcg/multiarch/Make=
file.target
index 07d0b27bdd3..a347efbadf0 100644
--- a/tests/tcg/multiarch/Makefile.target
+++ b/tests/tcg/multiarch/Makefile.target
@@ -14,6 +14,10 @@ ifeq ($(filter %-linux-user, $(TARGET)),$(TARGET))
 VPATH 	       +=3D $(MULTIARCH_SRC)/linux
 MULTIARCH_SRCS +=3D $(notdir $(wildcard $(MULTIARCH_SRC)/linux/*.c))
 endif
+ifeq ($(CONFIG_PLUGIN),y)
+VPATH 	       +=3D $(MULTIARCH_SRC)/plugin
+MULTIARCH_SRCS +=3D $(notdir $(wildcard $(MULTIARCH_SRC)/plugin/*.c))
+endif
 MULTIARCH_TESTS =3D $(MULTIARCH_SRCS:.c=3D)
=20
 #
@@ -200,13 +204,20 @@ run-plugin-test-plugin-mem-access-with-libmem.so: \
 	PLUGIN_ARGS=3D$(COMMA)print-accesses=3Dtrue
 run-plugin-test-plugin-mem-access-with-libmem.so: \
 	CHECK_PLUGIN_OUTPUT_COMMAND=3D \
-	$(SRC_PATH)/tests/tcg/multiarch/check-plugin-output.sh \
+	$(SRC_PATH)/tests/tcg/multiarch/plugin/check-plugin-output.sh \
 	$(QEMU) $<
 run-plugin-test-plugin-syscall-filter-with-libsyscall.so:
+run-plugin-test-plugin-set-pc-with-libsetpc.so:
=20
 EXTRA_RUNS_WITH_PLUGIN +=3D run-plugin-test-plugin-mem-access-with-libmem.=
so \
-			  run-plugin-test-plugin-syscall-filter-with-libsyscall.so
-else
+			  run-plugin-test-plugin-syscall-filter-with-libsyscall.so \
+			  run-plugin-test-plugin-set-pc-with-libsetpc.so
+
+else # CONFIG_PLUGIN=3Dn
+# Do not build the syscall skipping test if it's not tested with the setpc
+# plugin because it will simply fail the test.
+MULTIARCH_TESTS :=3D $(filter-out test-plugin-set-pc, $(MULTIARCH_TESTS))
+
 # test-plugin-syscall-filter needs syscall plugin to succeed
 test-plugin-syscall-filter: CFLAGS+=3D-DSKIP
 endif
diff --git a/tests/tcg/multiarch/check-plugin-output.sh b/tests/tcg/multiar=
ch/plugin/check-plugin-output.sh
similarity index 100%
rename from tests/tcg/multiarch/check-plugin-output.sh
rename to tests/tcg/multiarch/plugin/check-plugin-output.sh
diff --git a/tests/tcg/plugins/meson.build b/tests/tcg/plugins/meson.build
index c5e49753fd9..b3e3a9a6d02 100644
--- a/tests/tcg/plugins/meson.build
+++ b/tests/tcg/plugins/meson.build
@@ -7,6 +7,7 @@ test_plugins =3D [
 'mem.c',
 'patch.c',
 'reset.c',
+'setpc.c',
 'syscall.c',
 ]
=20
--=20
2.47.3
From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744008; cv=none;
	d=zohomail.com; s=zohoarc;
	b=P9TMy++LRFXZGz5dRHzVIlkwBY2/3NSWV5Sg5Buemy6XpshvNLuwM8RR5QSb7fmVbZP9+kiomp8RTLM+OK50X0cDdX/GVKUbWYuOjLv3udh9GLkzc1LNoGuQW71DyIQRLEV7t4ds/Z9PpNqGEZHZ5k7/syATSnkZtk1WFSUB5EI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744008;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=jhU2H5Lji7UkbAGIzyPPNScbnVNC1zzUf1PUJSajVNo=;
	b=lhmTXiCUGDLqt7c4+6SL62nk4t4H7yrO42X8SdGyPYgW5MpwBdRSvMrctdbosLVQUwaWaEQNak2ccyAODR8X9sSY244iE/O/W4qvUmhC+duCWGn7Rz3pOrLOekO0NDgzaNgZWkgHV+nvNfuH40HfduU6Ss/Aa1LTLBNWuPeCGps=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772744008075652.5994508829589;
 Thu, 5 Mar 2026 12:53:28 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFgB-0006c8-EN; Thu, 05 Mar 2026 15:52:19 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg7-0006Zk-EY
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:16 -0500
Received: from mail-qv1-xf33.google.com ([2607:f8b0:4864:20::f33])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg4-00066l-D5
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:15 -0500
Received: by mail-qv1-xf33.google.com with SMTP id
 6a1803df08f44-89a06bc2f1bso70189586d6.1
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:11 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.08
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743930; x=1773348730; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=jhU2H5Lji7UkbAGIzyPPNScbnVNC1zzUf1PUJSajVNo=;
 b=XXzIEbis/XwGnCGnAXhQ4UMePfq6E+Afq104B2FajxotlgbBPzZSjfeB37+cK0RVdv
 s0TWyKDq0TD4HWDcAhMfp9SpKPr15JDTjd7EfKwkBLmtZ5SIFISCIRtH47YZ09gt7pIR
 PbvYqSWM3Yxjm0dwXR8B+dH3H4o02ces+HHVFTd98aKHtkqtPix4/8rbJrFFaki2hTnK
 UdjF1LlJZy/7QS4i2G+vihf7/uotFSXC0ncZHJAwtbv7Cd4zsAWyMqf2CJsvt0xBi0WF
 k26+RK5JEmv4bIfBnNNIhmJRq42oulhWpvFb3Lc0i8m0SeY6M9iKf28QEzyVv6HNBRvz
 Jwfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743930; x=1773348730;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=jhU2H5Lji7UkbAGIzyPPNScbnVNC1zzUf1PUJSajVNo=;
 b=XqQ+sF5uDWmshlPkE3wpX/tXkKeT2DHTEyoHycGwfMkoi13pjTLfpQ5aLwDVno6U3Z
 ig6ZtAbLqYrw+1OfOB9pox3Ej0zsFfPfTq/0pqokOvBXiwwW6y/JrZb4JVuYRSwxPl7F
 d1EqFl9ll8L+VAw9qk0yedSZcbKg8T/PV9QB4WuQjsVRHQAWy/5lCfKTMiMKLjbDFzWW
 G+VlmJ+IJtrGkdiP4NCOnUicMKE6EhsiRjxOrv33nhZL1ViiZMee2EjW5dD8SbOTZY7a
 BtM4BB6g4QLpbWzQAbb9eAvADoDToLoPr59aC34vTcneknHX/lqa1jf+WqtPdgzL8vDu
 IAsw==
X-Gm-Message-State: AOJu0Yz9UNMmOLSq94AxwcDrZt5OTR5mPLTWR7n/W71RzxALCAM9UGLv
 oIFsK0zrdnyqQidlp8XVTda5IinDeRvGsSuwR4OJBgiHENWiibPts5mC4r6Y0sIRvh+yKmBiRQu
 5L969
X-Gm-Gg: ATEYQzyQkM2HQbJU57ohEUUmWtfoGOMFtXMV9BlDIPgVbRRoweKN6bEuAZnhpm5AZUq
 Kj1xoTVit4vERMsBU1PxbJkpsuTwrU88XlJqzUqo96mumFnvYGqc2yhGTJO8kWkrAeyFyWrAK+R
 53sW/WV8BxfQ40vEQ9MimUOcXiXFGqYoEQ2GqzmK4qiEfZy+0KqPdF25nu+6wN1q5bcf8SSu88y
 YQkQsMOfOBlJEgOhexFmfvz5w44N6lWAV5lx9NPiSqlC9+TiOjDBh+WTrnvTrTkCE/RtGewysgT
 CNZvrGaLmG9yveWncXueLz5+2V1PHfr9huRo5wsWKU9yWBz20zd/YFusC5s2CYxq4kPWFeCV0Rw
 nrVAqs0yBQNi2BozEty/jNLlAMoGD83h9DEAZauyFhFhoi0vFey5rK2GZwgqWdakCZnuBocsO/X
 uAJtKlGWyif1cZsEmYmKYgHWZEzDkhjrGjPpBC4ntruyP0JYDsaXE+Z8TQIXHmHwqs/Gs1cUAVx
 Tbk
X-Received: by 2002:a05:6214:2585:b0:899:eba1:3c0b with SMTP id
 6a1803df08f44-89a19af3ac2mr104706976d6.33.1772743930182;
 Thu, 05 Mar 2026 12:52:10 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 06/12] plugins: add read-only property for registers
Date: Thu,  5 Mar 2026 12:51:46 -0800
Message-ID: <20260305205152.2121854-7-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f33;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf33.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744009618158500

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

Some registers should be marked as read-only from a plugin API
perspective, as writing to them via qemu_plugin_write_register has no
effect. This includes the program counter, and we expose this fact to
the plugins with this patch.

Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-6-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 include/plugins/qemu-plugin.h |  3 +++
 plugins/api.c                 | 16 ++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index 7b9cd6a9717..fceb8194eb8 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -979,11 +979,14 @@ struct qemu_plugin_register;
  *          writing value with qemu_plugin_write_register
  * @name: register name
  * @feature: optional feature descriptor, can be NULL
+ * @is_readonly: true if the register cannot be written via
+ *               qemu_plugin_write_register
  */
 typedef struct {
     struct qemu_plugin_register *handle;
     const char *name;
     const char *feature;
+    bool is_readonly;
 } qemu_plugin_reg_descriptor;
=20
 /**
diff --git a/plugins/api.c b/plugins/api.c
index 23c291f6444..85b34949cbb 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -410,6 +410,12 @@ bool qemu_plugin_bool_parse(const char *name, const ch=
ar *value, bool *ret)
  * ancillary data the plugin might find useful.
  */
=20
+static const char pc_str[] =3D "pc"; /* generic name for program counter */
+static const char eip_str[] =3D "eip"; /* x86-specific name for PC */
+static const char rip_str[] =3D "rip"; /* x86_64-specific name for PC */
+static const char pswa_str[] =3D "pswa"; /* s390x-specific name for PC */
+static const char iaoq_str[] =3D "iaoq"; /* HP/PA-specific name for PC */
+static const char rpc_str[] =3D "rpc"; /* microblaze-specific name for PC =
*/
 static GArray *create_register_handles(GArray *gdbstub_regs)
 {
     GArray *find_data =3D g_array_new(true, true,
@@ -427,6 +433,16 @@ static GArray *create_register_handles(GArray *gdbstub=
_regs)
         /* Create a record for the plugin */
         desc.handle =3D GINT_TO_POINTER(grd->gdb_reg + 1);
         desc.name =3D g_intern_string(grd->name);
+        desc.is_readonly =3D false;
+        if (g_strcmp0(desc.name, pc_str) =3D=3D 0
+            || g_strcmp0(desc.name, eip_str) =3D=3D 0
+            || g_strcmp0(desc.name, rip_str) =3D=3D 0
+            || g_strcmp0(desc.name, pswa_str) =3D=3D 0
+            || g_strcmp0(desc.name, iaoq_str) =3D=3D 0
+            || g_strcmp0(desc.name, rpc_str) =3D=3D 0
+           ) {
+            desc.is_readonly =3D true;
+        }
         desc.feature =3D g_intern_string(grd->feature_name);
         g_array_append_val(find_data, desc);
     }
--=20
2.47.3


From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772743991; cv=none;
	d=zohomail.com; s=zohoarc;
	b=gwoUecCNCrW6oYMVgAC2BypkizOgvAxxk4CzUaulvRByT4+xofmOJ4CUEG/CxRVJsOC6BgjYVzIRcJ/0fgtAVnXs5TvlFdFsp/1awTH/WsH1z+Nllu50s/tG84/b7CG3fCuXtUp77/IielgDIVjSXzCutDlzjLq77uBYOHsXLAM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772743991;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=lYsjjk92eJf4VZg2PH2zrtLG1SUjOhyuOmJAHJxrR5A=;
	b=a/r2VSV06gVkMQlNpZPaelFGjVcPXd7f2tfX7j3aUZlhVwwSNkERP3Z2Mz5gRRSb8RKMdjY0EQbMujv7+p8ZhvZG/Y+/0qEKLQYDZJPYKCtedZmjvZV3pXt2dsIVlc0WcguzkVEX/gloO/l3jpASceaZfy/VpMvO9q5tmOIgkF0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772743991534935.9069805714054;
 Thu, 5 Mar 2026 12:53:11 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFgA-0006bu-9K; Thu, 05 Mar 2026 15:52:18 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg7-0006Zl-Gp
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:16 -0500
Received: from mail-qv1-xf2c.google.com ([2607:f8b0:4864:20::f2c])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg4-00066x-Jp
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:15 -0500
Received: by mail-qv1-xf2c.google.com with SMTP id
 6a1803df08f44-899fb030812so68289026d6.2
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:12 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.10
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743931; x=1773348731; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=lYsjjk92eJf4VZg2PH2zrtLG1SUjOhyuOmJAHJxrR5A=;
 b=l1gAWfqh405qZ0JGL9Ny67G65Ypj0IpaVcC2en6VANoKhpFrH8OFgF4vX4JjhrTamx
 3TsSE9ahrgPuJ14awIv1ISI1p8c50Kifmt+roDX0j/4iwftr071fCee2heF5in5dUo6O
 yhr2MfeVMEL9N5BC0PwCjxdMw1NGcKYTSDfsC+eDCLeFcOm0DZeimtOSmgEs08rypBjW
 5NRGoBFjgdGtADMJqclLzN2IbeXVy0BW/xk4+ttbyHFXXtZgOlsn97CH47FywOB+yqP5
 Z5DAMFxQG7kULgYi9GCkMLAL4BWIxe4wJD4c7gvC6Php2UoKe2fEFnaljf1vC9A2i6gd
 5ZEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743931; x=1773348731;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=lYsjjk92eJf4VZg2PH2zrtLG1SUjOhyuOmJAHJxrR5A=;
 b=AFcN+tVlGWs6C2GBy80wielyKSKd5dY17l88G0+QGOqcL2pnkZEIDLZGu/Flx1EbX8
 TBJPTBIoaIg2f0LUUsgNpQMX9jFBK32LsNorJdZQK0IudRnr5WkNPMX2k8WtTfSsqkTh
 ljH7jWAV57aCpPtYgOAF+U36Am1kIBjfKu+WvZ1gQqAu2mJFmVOU+p4QT16PcAE21Zsg
 hIq1sg/+kSnjoOV2tMqR7FWg7qct/23UZPMttiNRbE6fGNIAh6LDrcIwnkDg7zq/cTtO
 HFtqg9mnPM+4vVpgyo6coyKDlF8nMFjnupn5y8+tA3QgFGuuOd+tRjCO3yuZIMLEFYxc
 Q2Vg==
X-Gm-Message-State: AOJu0Yz8k4Ykqna/AYJ6fNv4RM2erAPnaAMT8qHNn4k4+t+L3gQTjWic
 a1iX6Q3JySPdYK6HGMTlhx6K8JxstFsyY56F+8urutk9Aalja/I0GZPzDE7x68VWzgbq1ohWP6O
 FqKT9
X-Gm-Gg: ATEYQzxPDvU+dQX5erx3efILMcGjjlZQGeqLvvfaPRccXCNzYDIkT07N5X9AL9vwE6T
 t6HfoQrCblsB3bNgMuznCrWJLXUW6O/8ebnGG9RS+S/yx1x847SFIL5GvbdzBUPU7cZ9GzfTZF5
 IjzxRhZh76kdw2+OBkrg1XQZbYCRUmtHEG28WCufbiBurH6rprl9XdoC5KxermTnoHxzxIQ70pF
 cAXmEgBuSo6vQ6exzI3gVyaYmqVmAdCOvQZQckIdCOBf8WxT3VyeP0BbetFnuWkVnsZuR2Dwr+p
 C6/iKv/lS7nwIMhML9LyNhfeR8JSXRZLnO2onyVOswlt1ptLD4KNj2G0CDH42Rm6kMSnQyVpzsV
 dWLugI/8/DfspwusrpzGZnCABh9uSkW4Cfnixmj/wr2YVN1M2YBw/NlCc0SrZG542Nun/wm1tjA
 iiS0L5JsQtQWhMAJKW9BYPenLsnubAdy0EkogYisjOVKLUWUs/D38hpzG0rlJ/VSyhWClmAz2Vn
 SMH
X-Received: by 2002:a05:6214:19c4:b0:899:f741:5aea with SMTP id
 6a1803df08f44-89a2df31935mr21711346d6.8.1772743931582;
 Thu, 05 Mar 2026 12:52:11 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 07/12] plugins: prohibit writing to read-only registers
Date: Thu,  5 Mar 2026 12:51:47 -0800
Message-ID: <20260305205152.2121854-8-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f2c;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf2c.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772743993345158500

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

The opaque register handle encodes whether a register is read-only in
the lowest bit and prevents writing to the register via the plugin API
in this case.

Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-7-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 plugins/api.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/plugins/api.c b/plugins/api.c
index 85b34949cbb..0c348a789b2 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -424,6 +424,7 @@ static GArray *create_register_handles(GArray *gdbstub_=
regs)
     for (int i =3D 0; i < gdbstub_regs->len; i++) {
         GDBRegDesc *grd =3D &g_array_index(gdbstub_regs, GDBRegDesc, i);
         qemu_plugin_reg_descriptor desc;
+        gint plugin_ro_bit =3D 0;
=20
         /* skip "un-named" regs */
         if (!grd->name) {
@@ -431,7 +432,6 @@ static GArray *create_register_handles(GArray *gdbstub_=
regs)
         }
=20
         /* Create a record for the plugin */
-        desc.handle =3D GINT_TO_POINTER(grd->gdb_reg + 1);
         desc.name =3D g_intern_string(grd->name);
         desc.is_readonly =3D false;
         if (g_strcmp0(desc.name, pc_str) =3D=3D 0
@@ -442,7 +442,9 @@ static GArray *create_register_handles(GArray *gdbstub_=
regs)
             || g_strcmp0(desc.name, rpc_str) =3D=3D 0
            ) {
             desc.is_readonly =3D true;
+            plugin_ro_bit =3D 1;
         }
+        desc.handle =3D GINT_TO_POINTER((grd->gdb_reg << 1) | plugin_ro_bi=
t);
         desc.feature =3D g_intern_string(grd->feature_name);
         g_array_append_val(find_data, desc);
     }
@@ -467,7 +469,7 @@ bool qemu_plugin_read_register(struct qemu_plugin_regis=
ter *reg,
         return false;
     }
=20
-    return (gdb_read_register(current_cpu, buf, GPOINTER_TO_INT(reg) - 1) =
> 0);
+    return (gdb_read_register(current_cpu, buf, GPOINTER_TO_INT(reg) >> 1)=
 > 0);
 }
=20
 bool qemu_plugin_write_register(struct qemu_plugin_register *reg,
@@ -475,13 +477,16 @@ bool qemu_plugin_write_register(struct qemu_plugin_re=
gister *reg,
 {
     g_assert(current_cpu);
=20
+    /* Read-only property is encoded in least significant bit */
+    g_assert((GPOINTER_TO_INT(reg) & 1) =3D=3D 0);
+
     if (buf->len =3D=3D 0 ||
         (qemu_plugin_get_cb_flags() !=3D QEMU_PLUGIN_CB_RW_REGS &&
          qemu_plugin_get_cb_flags() !=3D QEMU_PLUGIN_CB_RW_REGS_PC)) {
         return false;
     }
=20
-    return (gdb_write_register(current_cpu, buf->data, GPOINTER_TO_INT(reg=
) - 1) > 0);
+    return (gdb_write_register(current_cpu, buf->data, GPOINTER_TO_INT(reg=
) >> 1) > 0);
 }
=20
 void qemu_plugin_set_pc(uint64_t vaddr)
--=20
2.47.3


From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744041; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ajXxeOOR/WJTk/ty9ygxGd8UoNmIOwkXOL+byGqP0nhWkNvIQzcHf3W3SskW008WLlrQjXk5sHZewuvB3S275wTW+X5xZt9pUCf2/Jt86Nnj0p4QnxpDIgWx4ubDpaqePe1GtYBW3eVSBlMEJLLs0NHxtPIwArw4dFXvuDRTm0w=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744041;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=+KvW+mE9q2G2hjiJT9NapT9FyaOUnYHt9L2Yntd6W9g=;
	b=ArI8wogIewq+quo8zOEJS8WFKFFzvgjwqNx7TCUn7tkRCe3n16HqoM65TBA0gRNNa6ZQs5ygXcTTWEAjYkMVhFnzYb86zkhLwBM54GoYVrcuMDWlgRR26Aqg2YiHzz39JgHeY4FNbYR3jpMH7l/7cKsBqjB25TN6yC9P8VfIaOM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772744041277101.14778094612393;
 Thu, 5 Mar 2026 12:54:01 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFgC-0006cK-2Y; Thu, 05 Mar 2026 15:52:20 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg8-0006Zv-FP
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:16 -0500
Received: from mail-qv1-xf2b.google.com ([2607:f8b0:4864:20::f2b])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg6-00067R-4P
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:16 -0500
Received: by mail-qv1-xf2b.google.com with SMTP id
 6a1803df08f44-89a0ecbc713so41090136d6.1
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:13 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.11
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743933; x=1773348733; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=+KvW+mE9q2G2hjiJT9NapT9FyaOUnYHt9L2Yntd6W9g=;
 b=a29PJ3VlYAxP4spLR2hcUAuVACFk7EUdq03YfZuZkUaQ6esmnh3Or+bMixusbQDtRH
 W+X27MAo71PbDgKTNpzZSbce/117rMhK6tb+s/taGKXLr5uSRazwtvwx50HeQke+KOsq
 l4gvkEBWCN2dzGXvueaiw7axJmR5xSY9N8Lrkdvamlld88BP9gUqlFcydzYxP01cvHFq
 Y0TLf+TOr/qtr58JBe/qJ5zExULqmslt+jHExpIrywXt5eneMiDfF5Qcuj554s9muKGY
 c7kXDmQwMsHOCrLHZJGLiNPE8FWexmbckIdzfm90AabUll2/LbveHOqaVxOt7YZ2KJ09
 iNPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743933; x=1773348733;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=+KvW+mE9q2G2hjiJT9NapT9FyaOUnYHt9L2Yntd6W9g=;
 b=Pj9KLb9CIpUjT0f4rpI+QrNfALNbxqdQVM9hz5JH3AP2O/CsiYCv8BKJqM+RipZNp/
 X0bd3pc91BuvmHUGomQrbbnFnwIFUOAUEs3ZvBVWPX8BPO2myj7NjAjYwwgMd373Y+oD
 i6g9mrhlV5t83rSERkkhtM0P+P+f+Bsejo5UWNU4546Fb+6jIqITASRJmuaCdhRfloGW
 YGz+CeXyIW3alAGlqr4GDZAaAU9GvPWm2IpiUz64m06qiBjnolJBDnr2HRsrP8Qjg4hL
 bgywQaYmHMrv5IjJKJtkQbeASY6v4te5WocabzeROC+lYymJl3fAc8e6cTXmFhiEUsDH
 pRWg==
X-Gm-Message-State: AOJu0Yznj+PiHQ6Otj+eBCQ9eCsQckLNQ+0OuimmGM01vHJgiLm2brWA
 OLSR+9+a0JwNdpXd989tMPZcKL9by/t0K0LFrOCL/vTjwXn96cvvMGb+BQpvCMFmuPjXuh4dGh0
 abUc4
X-Gm-Gg: ATEYQzyaRCfJFxpsEa7hZql3wgWVvM1ZmG4AntCLN6t2W18v1m3FJ7uZXtYZGtZH8FP
 Nu46MTsclUHnswuq34IvaK/F3AsKZv0dmJY0VVVf/cINiFZy7jf9w+wpdczGu5/bY30CsJmv2tM
 D3WqMnLlDSq4EVCAb7QYKbrMg43173BklK/cShLsQnv4j3aDuCpBmslEqDjI7ixJh6UzbdP5aE3
 5/FoMA2KRGCu1NS29hL8X23yhfcORzHKwhVvxZY3bba+lYXsBkuh1DisN2oRgw65xQ4sm1CwDx9
 pRFwrxoaOruDEukfJWjUR8uhEQ5QY3wNa6M36b2sBT+jTCEMxYJ5OiQy5/NMNoLMh9p4i0VxBdl
 Tgb2/qPBPjHiCLbVt1rS4qpe+pKm7kDjEaT2W9G5Dsvlffcc9HpuEMWZIriAk2Jy8Kei5B+tb/R
 GTxrx8d32iZts6J7pdHu4nUWc7oycoGJNYTHuuufGfQ3amoqLS+MRw36SrkXIX45FZJK2vt4Zn9
 Bml
X-Received: by 2002:a05:6214:d45:b0:895:d679:ecde with SMTP id
 6a1803df08f44-89a248099eemr48092416d6.27.1772743932990;
 Thu, 05 Mar 2026 12:52:12 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 08/12] tests/tcg/plugins: test register accesses
Date: Thu,  5 Mar 2026 12:51:48 -0800
Message-ID: <20260305205152.2121854-9-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f2b;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf2b.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744043082154100
Content-Type: text/plain; charset="utf-8"

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

The additional plugin tests register accesses, specifically both for
read-only and read-write registers. Writing to a read-only register is
currently not tested, as this would trigger an assertion and fail the
test.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-8-4c3adba5240=
3@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 tests/tcg/plugins/registers.c | 79 +++++++++++++++++++++++++++++++++++
 tests/tcg/plugins/meson.build |  1 +
 2 files changed, 80 insertions(+)
 create mode 100644 tests/tcg/plugins/registers.c

diff --git a/tests/tcg/plugins/registers.c b/tests/tcg/plugins/registers.c
new file mode 100644
index 00000000000..6d627c70371
--- /dev/null
+++ b/tests/tcg/plugins/registers.c
@@ -0,0 +1,79 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * Copyright (C) 2026, Florian Hofhammer <florian.hofhammer@epfl.ch>
+ */
+#include "glib.h"
+#include <inttypes.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#include <qemu-plugin.h>
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_version =3D QEMU_PLUGIN_VERSION;
+
+/*
+ * This plugin tests whether we can read and write registers via the plugin
+ * API. We try to just read/write a single register, as some architectures=
 have
+ * registers that cannot be written to, which would fail the test.
+ * See: https://lists.gnu.org/archive/html/qemu-devel/2026-02/msg07025.html
+ */
+static void vcpu_init_cb(qemu_plugin_id_t id, unsigned int vcpu_index)
+{
+    g_autoptr(GArray) regs =3D qemu_plugin_get_registers();
+    g_assert(regs !=3D NULL);
+    g_autoptr(GByteArray) buf =3D g_byte_array_sized_new(0);
+    qemu_plugin_reg_descriptor *reg_desc =3D NULL;
+    bool success =3D false;
+
+    /* Make sure we can read and write a register not marked as readonly */
+    for (size_t i =3D 0; i < regs->len; i++) {
+        reg_desc =3D &g_array_index(regs, qemu_plugin_reg_descriptor, i);
+        if (!reg_desc->is_readonly) {
+            g_byte_array_set_size(buf, 0);
+            success =3D qemu_plugin_read_register(reg_desc->handle, buf);
+            g_assert(success);
+            g_assert(buf->len > 0);
+            success =3D qemu_plugin_write_register(reg_desc->handle, buf);
+            g_assert(success);
+            break;
+        } else {
+            reg_desc =3D NULL;
+        }
+    }
+    g_assert(regs->len =3D=3D 0 || reg_desc !=3D NULL);
+
+    /*
+     * Check whether we can still read a read-only register. On each
+     * architecture, at least the PC should be read-only because it's only
+     * supposed to be modified via the qemu_plugin_set_pc() function.
+     */
+    for (size_t i =3D 0; i < regs->len; i++) {
+        reg_desc =3D &g_array_index(regs, qemu_plugin_reg_descriptor, i);
+        if (reg_desc->is_readonly) {
+            g_byte_array_set_size(buf, 0);
+            success =3D qemu_plugin_read_register(reg_desc->handle, buf);
+            g_assert(success);
+            g_assert(buf->len > 0);
+            break;
+        } else {
+            reg_desc =3D NULL;
+        }
+    }
+    g_assert(regs->len =3D=3D 0 || reg_desc !=3D NULL);
+    /*
+     * Note: we currently do not test whether the read-only register can be
+     * written to, because doing so would throw an assert in the plugin AP=
I.
+     */
+}
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
+                                           const qemu_info_t *info,
+                                           int argc, char **argv)
+{
+    qemu_plugin_register_vcpu_init_cb(id, vcpu_init_cb);
+    return 0;
+}
diff --git a/tests/tcg/plugins/meson.build b/tests/tcg/plugins/meson.build
index b3e3a9a6d02..d7f8f0ae0ad 100644
--- a/tests/tcg/plugins/meson.build
+++ b/tests/tcg/plugins/meson.build
@@ -6,6 +6,7 @@ test_plugins =3D [
 'insn.c',
 'mem.c',
 'patch.c',
+'registers.c',
 'reset.c',
 'setpc.c',
 'syscall.c',
--=20
2.47.3
From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744031; cv=none;
	d=zohomail.com; s=zohoarc;
	b=lHLEu63z3j5XR+QvbXgT/iDHROqAydwqjIu7HKOX4YfuVGBy3Ujgr32Bp4IPnMst/wH+LY5+4Hr52YKSuP3xy7x9ATwyMfP+U2TobncjKVipFQkvqfCI2WoBfB4cmksQMnL0zIyONlLi6VINXRbyaFMx9oD/Vv+crzyAo04ZG0Y=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744031;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=TmvG9qPfC+MFsV2E2Gt8Szd+mNMYzqsDos9C+QAET0U=;
	b=O2CF41i3f/O/iEiqF49IY6mCKY0ppnJi1SoCvfFGf3x79PiyONYi2pXgFFpQkR8cuB25JPSB5Cg7i3fFWRves3xXjEiiCVHbjVS5pumy0XfAPhPSv5BQqfNGAbZqGg2RnGx8b1x8zEm8TO3ToMzCLHYD9f6L7YxdMthkh9njsbw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772744031292789.6069311420432;
 Thu, 5 Mar 2026 12:53:51 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFgC-0006cq-Gp; Thu, 05 Mar 2026 15:52:20 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg9-0006au-6I
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:17 -0500
Received: from mail-qv1-xf32.google.com ([2607:f8b0:4864:20::f32])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg7-000680-JB
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:16 -0500
Received: by mail-qv1-xf32.google.com with SMTP id
 6a1803df08f44-89a000f5adeso84695126d6.3
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:15 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743934; x=1773348734; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=TmvG9qPfC+MFsV2E2Gt8Szd+mNMYzqsDos9C+QAET0U=;
 b=XHtO3NW2gLlHxxs0o2UPUmiJxD3/cRBkaEu0POOdRETsULlUNUaQysqb2EuafzDFlN
 H6c02eFbAlWfnVKocfKSo1FQLs9W1cir2qCVuR6AX0p2+HAaRWhDkbP5hmw1Q4BaDEAp
 ZfdtCzHBqMMb5TXVhDjm03YgN/xSo47ztovWRoQFzSV1m0F3ywo8whMu62WkET5XGplS
 F4cP3WiUDspYb1rGgz9j1Bpa8nlYfosl+s32V1wRfgxuSg8ArpFoVuEpAahUn9yvidqP
 RGHqZltMv0C8DSVQAYEN29vZ/JD6X0WStvWFJLTWrghQyOWzQDJrgq9f6y30alslJy/H
 uo7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743934; x=1773348734;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=TmvG9qPfC+MFsV2E2Gt8Szd+mNMYzqsDos9C+QAET0U=;
 b=p7/wikGkF5FqSK8rknxDrYpgTSnclpTTksDzX4uTEjGqn5j/h8qPA5K2mMNm/Qn58B
 L6BWtZjnhk5sJ221IJfGjnZGbqHe0vv6M/LECJa60AoYEavHrVk2tf2ASNcrrPdOW3sy
 ABg6slgwXiwCqBp7O7Ptf8ur5sONAL2b7JyEzWthX/cIEPCBLm1C+5yiJFrHA7Z5U5RR
 2ve6aHFRnlRDbvrI1wsVsyTVYX8kA90DWq+9KF8qxThe1nwbI57yHF4f1PQPKb5x8QuE
 A5TF/9Xyy+BqKi0k2dG0hdplRrNz/8/h5JtwdS+TtEIL2c/F71vEgB87IHVRsvq8k0EG
 wRUQ==
X-Gm-Message-State: AOJu0Yx6NbXoUqz+MXx6VkUWCGIO/caEz586AxHbkD5Wpo5OAvs01xtI
 WwmN84k8AJVDHFDuAt6eWH5sdLHIhk0/e8bdk8fUYddKPGQTcgqcse17HBWet57Xz/aCoztx/Y5
 itHMC
X-Gm-Gg: ATEYQzzV5npfRgJJ4fcFG1TIGq2sDv028c/ePlG6wiMbn7SVPhcU1GCIRZg0xhDxKK5
 voE+dCBnWWR8r/HsBatx+kyjGRXCWgOLQZjDvYGeceAQMyO5QTpRVueMI9N224oXY+qczck/oE1
 VYgagLkTLOQUqMO32oRa4M9hjmNH+1hSW8hpwUvjF5RlIkpqbpG9ssRFdumdB5UoZgeftEQcE6Q
 Jsl6R9sP19XXcBw60v66+Q1Ld2SN7ClKJsPBLpf06J/D2UrNNgjz46pzS1BdLF9iE6DwCBsT6gg
 AcqgLCiigLCQ3b+YEaGeoz8+/F64KeEtpBGWkTaRRHarKYJjJiHsJ6e//t8c3XNFebc3tldHJw4
 Q9+KYfj1rU/6Od8MdkuvA+fzRMeQS9B0ebm9sxzVigpUp/Qz7u+wq/zO8M4bU4fqoq04tzwWa2/
 CRkGxXiLKnfsfTfVtt0IhSHrXeyjEidlASOqyFQ5E7+bdyts4PA/3P4HBZZaGBS1Wj7ubu4veAK
 b+a
X-Received: by 2002:a05:6214:1bce:b0:89a:ff2:b8ce with SMTP id
 6a1803df08f44-89a19af3cd5mr110427206d6.41.1772743934287;
 Thu, 05 Mar 2026 12:52:14 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 09/12] plugins: add missing callbacks to version history
Date: Thu,  5 Mar 2026 12:51:49 -0800
Message-ID: <20260305205152.2121854-10-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f32;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf32.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744033447158500
Content-Type: text/plain; charset="utf-8"

From: Florian Hofhammer <florian.hofhammer@epfl.ch>

The discontinuity and system call filter callbacks were not reflected in
the versioning comments before. The callbacks have been introduced in
aac73d85d2d6f556dbcee6041a2898cb0ef9b0e6 and
5ed628d1d398b164053f5d5685541ea705275998, respectively.

Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Link: https://lore.kernel.org/qemu-devel/c4ecefb4-8769-403f-8420-8bce42e43e=
13@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 include/plugins/qemu-plugin.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index fceb8194eb8..827e8e17877 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -77,6 +77,9 @@ typedef uint64_t qemu_plugin_id_t;
  * version 6:
  * - changed return value of qemu_plugin_{read,write}_register from int to=
 bool
  * - added qemu_plugin_set_pc
+ * - added disconinuity callback API (for interrupts, exceptions, host cal=
ls)
+ * - added syscall filter callback API, which allows skipping syscalls and
+ *   setting custom syscall return values
  */
=20
 extern QEMU_PLUGIN_EXPORT int qemu_plugin_version;
--=20
2.47.3
From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744011; cv=none;
	d=zohomail.com; s=zohoarc;
	b=I56UorHC9nRdGhnS8cdLDDCfBJSWUSyfW2ABnMg7IlDT7pLEgiKu7vnBNni1SCKWDk8mgcNn62xkEw+yK0YAgyQn4qiz97qo80HhY14WWGXq04EUt1XmpB9GelKegQgrNWuDCMXzWChC1FZAdbphTzSo5mPi4GbNpqmGBrheFDo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744011;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=p6mDXSrb7ToWNoTFIymyzkj+yFpEDh3jkj4Tmoji/Us=;
	b=dYWMhYHApDV8z3pSrNCKOkOXB8Tsc7x+fjtLnC0/N8cHuF4z31RKv8GhUb5bTzRHGwWdi1MwI2A8gh2fLXiTEaX76HHr/MW7eNoFohdVSA3OYkkzAy4fcN/NpMXdKfgCr9wU2tvJmwbWGU2pH1XPcAyZGB58cgj/nR1JiympofI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772744011393239.1476020035161;
 Thu, 5 Mar 2026 12:53:31 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFgC-0006d4-W6; Thu, 05 Mar 2026 15:52:21 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFgB-0006c5-2Q
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:19 -0500
Received: from mail-qk1-x72b.google.com ([2607:f8b0:4864:20::72b])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFg9-00068M-75
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:18 -0500
Received: by mail-qk1-x72b.google.com with SMTP id
 af79cd13be357-8cb20bcff5aso830393185a.3
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:16 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.14
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743936; x=1773348736; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=p6mDXSrb7ToWNoTFIymyzkj+yFpEDh3jkj4Tmoji/Us=;
 b=J1QawMArSSM2XYmafnVYiEoOzPc7TMBHUL7flZSmlukNCz3UwUGhSZ3A6aoKlRaxbf
 yCO4ho9pJTeIUB7T1YQacnxbFCNbpjodVOQ268bx9klvBZd38CmGEXfN2gkdbhAHmCbC
 OjYF6Z64MHnfYkjmU/dRcGESEg3aCXjfy9MmrdJDJcS8Wb6GtFPdoPJm0R7mrWXb4T1e
 SZVtCJsWOQS4RQ9reIxXWljzR33Zh0I9yPmHknYJ234A8muV0a8dLjg9jtqYT14LwGWi
 bL+tEyVwRvRlz8P3k9AFS9i2DlrXpwtlktuGmfMShzaiX663ytVOa8SOOo2qSHpZCLcB
 Tbfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743936; x=1773348736;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=p6mDXSrb7ToWNoTFIymyzkj+yFpEDh3jkj4Tmoji/Us=;
 b=ioNx87ZgrcrqIB765SQ4pw3lnkaGI8tNBwEvWkVQmhKDo27X35mS3Ue6b88hUfrVtz
 vz99hwgLGRwy6bex3GkSPsGQTtUEWc7/HEWAjrRcbRzq7ugWy1Bh9B/pAdex3y9aNT2/
 2xWC6T0nYpzYlm4XbjI+XIkmbY/etk4rvmd5pEkSo2seRCB2Aawj2q/rpI8sHrHE7Zt0
 m37Afy+ji40YizFR+QZSGbk3+dOoE2EcYY57hkdtK1BkArpzbffF6RlbDtqayw2142Gn
 fsQflaXmGJfJ1w2CCCMXe2fCbHFOT+KK2q//Pr1c7hmN7pCueUKKEaFamantfjD98/0e
 Ao1A==
X-Gm-Message-State: AOJu0YzWDjopwQtCxUkei79t5lcAeqaNLE2YAg/xxqT1AaHB7sZA14Uv
 PlcC45376nPR8aBtQsQZ4i0rV40Pcx6giUiwcDRPfxt3NVjVZIC9HtOqCd+QCSJwPCnafIZzWsX
 VJNuv
X-Gm-Gg: ATEYQzwiDIOVgSXaTtkEmcoE90QOkVo3HcEwlgZpD5Wf1OwCXM3teiLv9YE7ARIEQQG
 2CAcjmfZZeu8JCHn5RW28swW04LX36y4EjGrytcwJa88JAKB1X+jy+Pb3vIPUUqCFe6GwS28YE8
 xfQC7YQ0kvGV5TX4+U9Rtpg+ohJzJIAy7EcKIdL+7awY2ttmMmOMY8F/GuLev9Sjht6LY9CHdGH
 OHfNTj315lmseIv5tDGyHXBXCVbKE45scngAiQR1ALCJe54qI/zP2auDuoL3bQtwux4MwOJ3FJp
 9B9CmtVPGith7oLLes4aRBj4wmtEm+17jzCpmJR1kHaJFfeS8rUGqp1/P8MgwHL2ZF7YQkvj3ct
 Y8/x2K95WnwB7DOUZy5kw/9G6TlcsO9umrljOb1PiA1/kqWzNJ8wVHmYZd7NUpaAvgvWpcHVG7Y
 2lGQ5RUsaC0U56rW9NVGkzY8bbb0tS/JRC1kM8CM8y0W5yXMCZuzutqgy04WPwnCC0GtVHm5Kpt
 S/S
X-Received: by 2002:a05:620a:31a4:b0:8ca:3c67:891e with SMTP id
 af79cd13be357-8cd5af804a7mr885482585a.42.1772743935696;
 Thu, 05 Mar 2026 12:52:15 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 10/12] tests/tcg/plugins/mem: Don't access unaligned memory
Date: Thu,  5 Mar 2026 12:51:50 -0800
Message-ID: <20260305205152.2121854-11-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::72b;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qk1-x72b.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744012790154100

From: Peter Maydell <peter.maydell@linaro.org>

In commit eb3f69cac62670 we removed the dependency of this mem plugin
on the QEMU headers, but in doing that we introduced undefined
behaviour when the plugin accesses unaligned memory.  This shows up
if you build with the gcc or clang undefined behaviour sanitizer
(--enable-ubsan) and run 'make check-tcg', in numerous warnings like:

../../tests/tcg/plugins/mem.c:167:27: runtime error: load of misaligned add=
ress 0x7f1f300354b1 for type 'uint16_t' (aka 'unsigned short'), which requi=
res 2 byte alignment
0x7f1f300354b1: note: pointer points here
 00 00 00  00 01 02 03 04 05 06 07  08 09 0a 0b 0c 0d 0e 0f  10 11 12 13 14=
 15 16 17  18 19 1a 1b 1c
              ^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../tests/tcg/plu=
gins/mem.c:167:27

Fix this by rearranging the data reads and writes to use
memcpy() instead.

Fixes: eb3f69cac62670 ("tests/tcg/plugins/mem.c: remove dependency on qemu =
headers")
Tested-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260305161531.1774895-2-peter.may=
dell@linaro.org
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 tests/tcg/plugins/mem.c | 71 +++++++++++++++++------------------------
 1 file changed, 30 insertions(+), 41 deletions(-)

diff --git a/tests/tcg/plugins/mem.c b/tests/tcg/plugins/mem.c
index 7d64e7018f2..f3992abc8fb 100644
--- a/tests/tcg/plugins/mem.c
+++ b/tests/tcg/plugins/mem.c
@@ -123,6 +123,9 @@ static void update_region_info(uint64_t region, uint64_=
t offset,
     bool is_store =3D qemu_plugin_mem_is_store(meminfo);
     RegionInfo *ri;
     bool unseen_data =3D false;
+    void *val_ptr;
+    unsigned int val_size;
+    qemu_plugin_mem_value swapped_value;
=20
     g_assert(offset + size <=3D region_size);
=20
@@ -144,61 +147,46 @@ static void update_region_info(uint64_t region, uint6=
4_t offset,
     }
=20
     void *ri_data =3D &ri->data[offset];
+
+    swapped_value.type =3D value.type;
     switch (value.type) {
     case QEMU_PLUGIN_MEM_VALUE_U8:
-    {
-        uint8_t val =3D value.data.u8;
-        uint8_t *p =3D ri_data;
-        if (is_store) {
-            *p =3D val;
-        } else {
-            unseen_data =3D *p !=3D val;
-        }
+        swapped_value.data.u8 =3D value.data.u8;
+        val_ptr =3D &swapped_value.data.u8;
+        val_size =3D 1;
         break;
-    }
     case QEMU_PLUGIN_MEM_VALUE_U16:
-    {
-        uint16_t val =3D be ? GUINT16_FROM_BE(value.data.u16) :
-                            GUINT16_FROM_LE(value.data.u16);
-        uint16_t *p =3D ri_data;
-        if (is_store) {
-            *p =3D val;
-        } else {
-            unseen_data =3D *p !=3D val;
-        }
+        swapped_value.data.u16 =3D be ? GUINT16_FROM_BE(value.data.u16) :
+            GUINT16_FROM_LE(value.data.u16);
+        val_ptr =3D &swapped_value.data.u16;
+        val_size =3D 2;
         break;
-    }
     case QEMU_PLUGIN_MEM_VALUE_U32:
-    {
-        uint32_t val =3D be ? GUINT32_FROM_BE(value.data.u32) :
-                            GUINT32_FROM_LE(value.data.u32);
-        uint32_t *p =3D ri_data;
-        if (is_store) {
-            *p =3D val;
-        } else {
-            unseen_data =3D *p !=3D val;
-        }
+        swapped_value.data.u32 =3D be ? GUINT32_FROM_BE(value.data.u32) :
+            GUINT32_FROM_LE(value.data.u32);
+        val_ptr =3D &swapped_value.data.u32;
+        val_size =3D 4;
         break;
-    }
     case QEMU_PLUGIN_MEM_VALUE_U64:
-    {
-        uint64_t val =3D be ? GUINT64_FROM_BE(value.data.u64) :
-                            GUINT64_FROM_LE(value.data.u64);
-        uint64_t *p =3D ri_data;
-        if (is_store) {
-            *p =3D val;
-        } else {
-            unseen_data =3D *p !=3D val;
-        }
+        swapped_value.data.u64 =3D be ? GUINT64_FROM_BE(value.data.u64) :
+            GUINT64_FROM_LE(value.data.u64);
+        val_ptr =3D &swapped_value.data.u64;
+        val_size =3D 8;
         break;
-    }
     case QEMU_PLUGIN_MEM_VALUE_U128:
-        /* non in test so skip */
-        break;
+        /* none in test so skip */
+        goto done;
     default:
         g_assert_not_reached();
     }
=20
+    /* ri_data may not be aligned, so we use memcpy/memcmp */
+    if (is_store) {
+        memcpy(ri_data, val_ptr, val_size);
+    } else {
+        unseen_data =3D memcmp(ri_data, val_ptr, val_size) !=3D 0;
+    }
+
     /*
      * This is expected for regions initialised by QEMU (.text etc) but we
      * expect to see all data read and written to the test_data region
@@ -213,6 +201,7 @@ static void update_region_info(uint64_t region, uint64_=
t offset,
         ri->seen_all =3D false;
     }
=20
+done:
     g_mutex_unlock(&lock);
 }
=20
--=20
2.47.3


From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772744032; cv=none;
	d=zohomail.com; s=zohoarc;
	b=CBtrwt6fpiAZyoQ0r/85+MYkSc9bxhcjVuSSmuomHBHPYxkKY6WwTEHi/qX/4cG01a+f6kijkfXRibBHacqqyMUjaeegRIKJr5wXyNg73t+BkLSlwXJQW9tp+A3TH+qRjBkQtFTcbXJwN5vp8LWgtPr+PORc8nqDZCGLHNST53E=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772744032;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=yewNvrkaWayeKlBhTXGZFJI4Efdx0EXSDMpOkfMlPlI=;
	b=mmkKdauaCN8DkBATHc/0pxXfs7dXgmvCkiNDYsKaqhQ5M9zdmd9kzweWGmd8CazAwCMQGsXQwJyJHesrwRSOKsB6DQw0c7/StSl+w3JhS+z5OxojndPZiOjIL4UDOYgkZMLRxptV3fiWqf8kg+oOw70IAzHF4NqxSKSSNAaGfPU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772744032290243.94169342005046;
 Thu, 5 Mar 2026 12:53:52 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFgD-0006dF-Jn; Thu, 05 Mar 2026 15:52:21 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFgC-0006cT-7w
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:20 -0500
Received: from mail-qv1-xf2a.google.com ([2607:f8b0:4864:20::f2a])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFgA-00068k-Cn
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:20 -0500
Received: by mail-qv1-xf2a.google.com with SMTP id
 6a1803df08f44-899fc265126so66558426d6.1
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:18 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743937; x=1773348737; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=yewNvrkaWayeKlBhTXGZFJI4Efdx0EXSDMpOkfMlPlI=;
 b=FfztDeIO3fQ7BMTtvR40x25e32QpheLQUdaI440q6YOarJIoreCM4kCJGYLHV6rbrW
 zrEPGGGkY8HnQFR5K1IGbuPR95I79u3f0fI+OMT2uTwAGW6Z6LK5dPUqsehv3k/LiYRs
 uvl8EnWQyi43b24BAACjc7nQJq9V/qIC4mkm8mxv3Whi1fXxho/O9zRP7b8h3rFrNeTs
 x+MF7kpjIogeAPAuv4pY8Kcg8ixBitlH7m1JyTp+AOHo9xanX9mJtw/rrR0N7BGzaLcb
 XTjYAIuz2a2WAMYe/M0oZxMiYWsrwhpNTTPsd/v5evOttaGqOgD4ccjG2tETVZzT3FxX
 t5QQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743937; x=1773348737;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=yewNvrkaWayeKlBhTXGZFJI4Efdx0EXSDMpOkfMlPlI=;
 b=LcoOkZpNCV0NDO0MgpaWY+JYKAf4Dwu+QTu3CBmkcpKlZXKZnQL117rL5UxLuarrZ3
 MY7rDFCL93Z87w0wF+drB2Ww+QrakQLjMOJ6Y//cjealR4veEzxoCHLTRGFBZy4fu7YJ
 /B/Es2ZTGtkeJjJpeTo55eizcxREQp8Fm5lN3+trH+iKIaN3uDBez2ClhXbN0E31+m9R
 C+UwpR8O0hKj3qy11Tw/AOHzZJ/u/xKjLHkdcsrGhWJP5e5u1/V6OwcgQcBwKfB5PcB1
 ObEJShL9f70pWBxasd7FDytm1611hao+kUAqHFgFietJZacpQDsbk1Am8ZrKY8gVgs3b
 7xhw==
X-Gm-Message-State: AOJu0YxhSFt5SXx1GWkFy/yiEnLqDOY+u7upT0ZFpBJp5J8f9qKhHRaj
 h2jrV+QccrBs7B5eXfHuZh6vLdDz+jO60aEHxxriRVK0hv5LoB8G/2vcRVsU79D796ttGEiNypI
 Hg2/f
X-Gm-Gg: ATEYQzyKomXx3D5LNcxgcTudVwT0G2Xr/LPITI5h+kvWQjIjDh8iAaT7HIjcX8yYO64
 JH56sIW+Bw7pM3GsSj2WAVIQq/zEu1FFQriIQCAI1gC3RjGShUkvH7TdR2qn8Tm24lDMVzjMWpj
 hNeMK0Xmm6ewocaTJZTr8yM+ZQOX1CEFQbDaAJGVInz0pfEB9xtL9VyM61V5iYKk4VW2AcYQHFs
 HNl0/nojZ94ItDLP66JMKGa3JrRDhKHeW/SZveyHMC728kg1WCQa5rho7+76JKpvteFFSsC0yzh
 R+67v7++LPjnZPhJYzrLFG9G3cVViL2At3QZvHWIQaAfRQKn9/kk9GTh3OQcwMs8Pu+kVQmJgkU
 NEBoGHVisGcdgcpjsO7+zpw3nxh+xvqRDYvXy654eHfR52L872aIwgU2CluZTs86pdL/dJ/XsQU
 gPi6ZEIGE/pNJmQfr0kvSenyJ6Cf9lRxh+mUH6iPhs2OH5v3Kct4R4utTZoX+ivqnwKzVdXpgcJ
 bkX
X-Received: by 2002:a05:6214:f01:b0:899:ad51:fb64 with SMTP id
 6a1803df08f44-89a19aee9ebmr111853156d6.41.1772743937383;
 Thu, 05 Mar 2026 12:52:17 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 11/12] tests/tcg/plugins/mem: Correct hash iteration code in
 plugin_exit()
Date: Thu,  5 Mar 2026 12:51:51 -0800
Message-ID: <20260305205152.2121854-12-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::f2a;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qv1-xf2a.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772744033479158500
Content-Type: text/plain; charset="utf-8"

From: Peter Maydell <peter.maydell@linaro.org>

In plugin_exit() we call g_hash_table_get_values() to get a GList
which we look at to print some information. This code has
multiple issues:
 * it names the local variable for the GList "count", which
   shadows the "qemu_plugin_scoreboard *count". This isn't
   incorrect, but it is unnecessarily confusing
 * it doesn't free the list, and the leak sanitizer complains:

   Indirect leak of 2328 byte(s) in 97 object(s) allocated from:
    #0 0x5589b0b72293 in malloc (/home/pm215/qemu/build/x86-tgt-san/qemu-sy=
stem-i386+0x1a2f293) (BuildId: 26964cad9e3f81d35fc144d7cc88b53adf6f60c7)
    #1 0x78fd8cfa1ac9 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0=
x62ac9) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #2 0x78fd8cf96e4a in g_list_prepend (/lib/x86_64-linux-gnu/libglib-2.0.=
so.0+0x57e4a) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #3 0x78fd8cf8b318 in g_hash_table_get_values (/lib/x86_64-linux-gnu/lib=
glib-2.0.so.0+0x4c318) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #4 0x78fd84d1a90c in plugin_exit /home/pm215/qemu/build/x86-tgt-san/../=
../tests/tcg/plugins/mem.c:87:25
 * in iterating through the list it updates "count", so by the
   time we get to the end of the loop we no longer have a pointer
   to the head of the list that we could use to free it
 * it checks for the list being NULL twice (once in an if()
   and once in the for() loop's "while" condition), which is
   redundant
 * it skips the loop if g_list_next(counts) is NULL, which means
   it will wrongly skip the loop if the list has only one entry

Rewrite the iteration code to fix these problems.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260305161531.1774895-3-peter.may=
dell@linaro.org
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 tests/tcg/plugins/mem.c | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/tests/tcg/plugins/mem.c b/tests/tcg/plugins/mem.c
index f3992abc8fb..1ee257f855b 100644
--- a/tests/tcg/plugins/mem.c
+++ b/tests/tcg/plugins/mem.c
@@ -84,24 +84,22 @@ static void plugin_exit(qemu_plugin_id_t id, void *p)
=20
=20
     if (do_region_summary) {
-        GList *counts =3D g_hash_table_get_values(regions);
+        g_autoptr(GList) regionlist =3D g_hash_table_get_values(regions);
=20
-        counts =3D g_list_sort_with_data(counts, addr_order, NULL);
+        regionlist =3D g_list_sort_with_data(regionlist, addr_order, NULL);
=20
         g_string_printf(out, "Region Base, Reads, Writes, Seen all\n");
=20
-        if (counts && g_list_next(counts)) {
-            for (/* counts */; counts; counts =3D counts->next) {
-                RegionInfo *ri =3D (RegionInfo *) counts->data;
+        for (GList *l =3D regionlist; l; l =3D g_list_next(l)) {
+            RegionInfo *ri =3D (RegionInfo *) l->data;
=20
-                g_string_append_printf(out,
-                                       "0x%016"PRIx64", "
-                                       "%"PRId64", %"PRId64", %s\n",
-                                       ri->region_address,
-                                       ri->reads,
-                                       ri->writes,
-                                       ri->seen_all ? "true" : "false");
-            }
+            g_string_append_printf(out,
+                                   "0x%016"PRIx64", "
+                                   "%"PRId64", %"PRId64", %s\n",
+                                   ri->region_address,
+                                   ri->reads,
+                                   ri->writes,
+                                   ri->seen_all ? "true" : "false");
         }
         qemu_plugin_outs(out->str);
     }
--=20
2.47.3
From nobody Sat Apr 11 23:07:21 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=linaro.org
ARC-Seal: i=1; a=rsa-sha256; t=1772743991; cv=none;
	d=zohomail.com; s=zohoarc;
	b=lAHTSXsa3GRPnXNkH6HcSKPrFvpF8uzTzep8+b2CDBiUtmCMXQWYl8HWK89MCA9bmUWpMS3AlVomOvLGVCUQq0PGkRV/Y3fjgNWsFtwBGquAle+OCcKqaTY/nZqQKXoCP8kn6pSqDiHZl2ASZBc12IVRWtPLI+CFw1tKxXC4Sy4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772743991;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=9wEjdCX/AABVulF6oOJPhScJxDD+gOajcwluG2qx8xE=;
	b=hV/IYYBkOSJ5M/U4SOIbBo/61A5/22D4oZ/6uJ+1MtG2YIgrpwRRV9ufAVtq9/rfrB5PFsQrkDAZS9NRGWb8quVlSbQqNQ3vPEfPmV+5Ht9BgiM0vR37T/beAEgLuT7CtGIo6cyGGFwHHR2yixckzQhbUFYgDlLauU1hFRCOJjc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pierrick.bouvier@linaro.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772743991384927.1587928766787;
 Thu, 5 Mar 2026 12:53:11 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyFgE-0006da-LW; Thu, 05 Mar 2026 15:52:22 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFgD-0006dC-Bi
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:21 -0500
Received: from mail-qt1-x832.google.com ([2607:f8b0:4864:20::832])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <pierrick.bouvier@linaro.org>)
 id 1vyFgB-000699-RV
 for qemu-devel@nongnu.org; Thu, 05 Mar 2026 15:52:21 -0500
Received: by mail-qt1-x832.google.com with SMTP id
 d75a77b69052e-5069df1de6fso71605121cf.3
 for <qemu-devel@nongnu.org>; Thu, 05 Mar 2026 12:52:19 -0800 (PST)
Received: from pc.taild8403c.ts.net (216-71-219-44.dyn.novuscom.net.
 [216.71.219.44]) by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89a0e31b035sm65559396d6.17.2026.03.05.12.52.17
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 05 Mar 2026 12:52:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1772743939; x=1773348739; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=9wEjdCX/AABVulF6oOJPhScJxDD+gOajcwluG2qx8xE=;
 b=Yo8cfj8TI/sHdAZ07bUO5wMJ6khmhgdsAwgD7r9boRuIh+uFXqLXelSpGiBO+SnSOS
 Ugqr4OHRezkbkb6/PQ327AbE4FFavQLAZbgM/Hypjw4i7v3z5e7065OqZHfTcipvNSkI
 E7fFWPGmqVss082Wj0LzhvA1d8kod/YFq0/+s0RmymaJYJK1XD346Siho++rtlIqcwmW
 6ttw7WBdSAF0BkVDnmKnccW+zpX1ChlsCqtxiVX6hAd7ZYiZ2j/c7T5hKyKetGb/6aN3
 07WbCpw7zbi0ff66c0lKC5tLveMngd1qEjmG668O0+ZyU6uT8WkA12PYfG9Xfb3NXNx+
 kSpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1772743939; x=1773348739;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=9wEjdCX/AABVulF6oOJPhScJxDD+gOajcwluG2qx8xE=;
 b=siBIkAZWRhhb9+xTomK3omm9cE7EYiu8lirFUSsnWRj3troBGFCKzwD8WpOpQ4JW92
 Tz9MoEQKJxtERpuj+fSLgS+A/Lk/UJiENfb6HKt90xu3trI9fZ7xlXtVgLekdoe8PA32
 saVwZDubgwO8yhsZeUC6rvtayE2ATM/1iDLglQtkRwGkrQns4QZTjv4OtfxuCidFPzAT
 yvDFFO1x9xa3/AuUY0abe+okXtr8k65D9yMCKAsPt+0b+1zE5v74AMdZsJcfRGeMf5Pl
 T/jeiM4mmsCOm3SC0lcUDoNxUkWdEcOOvXQ+pVtE9TykZpdgaGnpw2kMmrfdqN1MmQK3
 ZhUg==
X-Gm-Message-State: AOJu0Yz8Ml4l4S4qvTAj8NKgUa4jBzVMPjkgBrZoFGKE7sTH9j8lBpuX
 jgW1uCNo+PuD+ZV6kOUkBb5daeJLHRU+4XnMAuhhVFX+UF4ibGeYDjd0ZVbAjCGLdq1BX4yQN6l
 ijrFB
X-Gm-Gg: ATEYQzxk3hTUw1tOerZUFUdDl1IveVmluY13bUh1zj+IDw7c9eZCM+Kl8devgmszCYL
 Pon8w0yDqZiwRw8pvGnNhg6B1eVQChNSMZkduEJ4EINwvnBKy3NG+pS4PxdkxNbhfCvqPw38n8l
 19TFIxdy75wPA9e5ASQD4DQFo4Q0gZM6q8U4AMlOUFlvPxeWRLFejFwKh+a38AapHx0/UGugc6Q
 AkYKgY8HFgtmTpnCtg5IA/V3/CSLu0L5zHHrM/NUoaHHMv0MHUXAmRYVwaUEn3i11G8jL60U1hw
 P/It6R+uQHEvsqAVsM9Hz3Alc4T/huiTWoNscjzxJ2/lpD1N7UJAIuM1KQzBERqJEed4h6aQ1jc
 G5QOggJBgSu+hn1NWd3dDrCFEq1jwl7OuMS5lb6EFAxYJamlqMwaG27hRfkpf/wlVNjvnzx+2nL
 aH1bXuoABuUGi0VCFAz3fEVl44fp/S5CEY2z1sN0sqQ2yx6FRiUESnlmxpstoEdUnPRO6ggO2+K
 WVTLc0d48zR0IU=
X-Received: by 2002:a05:622a:241:b0:4ee:2154:8032 with SMTP id
 d75a77b69052e-508db291074mr100005031cf.6.1772743938685;
 Thu, 05 Mar 2026 12:52:18 -0800 (PST)
From: Pierrick Bouvier <pierrick.bouvier@linaro.org>
To: qemu-devel@nongnu.org, peter.maydell@linaro.org,
 richard.henderson@linaro.org, pbonzini@redhat.com, stefanha@redhat.com
Cc: pierrick.bouvier@linaro.org
Subject: [PULL 12/12] tests/tcg/plugins/patch: Free read_data in
 patch_hwaddr()
Date: Thu,  5 Mar 2026 12:51:52 -0800
Message-ID: <20260305205152.2121854-13-pierrick.bouvier@linaro.org>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
References: <20260305205152.2121854-1-pierrick.bouvier@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::832;
 envelope-from=pierrick.bouvier@linaro.org; helo=mail-qt1-x832.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @linaro.org)
X-ZM-MESSAGEID: 1772743994365154100
Content-Type: text/plain; charset="utf-8"

From: Peter Maydell <peter.maydell@linaro.org>

In patch_hwaddr() we allocate a GByteArray for the data we read back
from the guest; however we forget to free it, and the leak sanitizer
complains:

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x56c00ad48293 in malloc (/home/pm215/qemu/build/x86-tgt-san/qemu-sy=
stem-x86_64+0x1a9f293) (BuildId: 62e2a7dbe5ff146b2fa14d26e24e443f1967edd9)
    #1 0x7b3e4cc91ac9 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0=
x62ac9) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #2 0x7b3e4cc54c12 in g_array_sized_new (/lib/x86_64-linux-gnu/libglib-2=
.0.so.0+0x25c12) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #3 0x7b3e44b06b49 in patch_hwaddr /home/pm215/qemu/build/x86-tgt-san/..=
/../tests/tcg/plugins/patch.c:68:29

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x56c00ad486b0 in realloc (/home/pm215/qemu/build/x86-tgt-san/qemu-s=
ystem-x86_64+0x1a9f6b0) (BuildId: 62e2a7dbe5ff146b2fa14d26e24e443f1967edd9)
    #1 0x7b3e4cc92819 in g_realloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+=
0x63819) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #2 0x7b3e4cc54b36  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x25b36) (Bu=
ildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #3 0x7b3e4cc55276 in g_array_set_size (/lib/x86_64-linux-gnu/libglib-2.=
0.so.0+0x26276) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #4 0x7b3e4cc55574 in g_byte_array_set_size (/lib/x86_64-linux-gnu/libgl=
ib-2.0.so.0+0x26574) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3)
    #5 0x56c00be2ccc1 in qemu_plugin_read_memory_hwaddr /home/pm215/qemu/bu=
ild/x86-tgt-san/../../plugins/api.c:524:5

Mark the variable as g_autoptr(), as we already do in the equivalent
code in patch_vaddr().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260305161531.1774895-4-peter.may=
dell@linaro.org
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 tests/tcg/plugins/patch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/tcg/plugins/patch.c b/tests/tcg/plugins/patch.c
index 111c5c1f169..eba2f8b8d6c 100644
--- a/tests/tcg/plugins/patch.c
+++ b/tests/tcg/plugins/patch.c
@@ -65,7 +65,7 @@ static void patch_hwaddr(unsigned int vcpu_index, void *u=
serdata)
         return;
     }
=20
-    GByteArray *read_data =3D g_byte_array_new();
+    g_autoptr(GByteArray) read_data =3D g_byte_array_new();
=20
     result =3D qemu_plugin_read_memory_hwaddr(addr, read_data,
                                             patch_data->len);
--=20
2.47.3