On 2/25/26 3:49 AM, Florian Hofhammer wrote:
On 25/02/2026 08:59, Florian Hofhammer wrote:
On 24/02/2026 21:35, Pierrick Bouvier wrote:
On 2/24/26 7:52 AM, Florian Hofhammer wrote:
The test executes a non-existent syscall, which the syscall plugin
intercepts and redirects to a clean exit.
Due to architecture-specific quirks, the architecture-specific Makefiles
require setting specific compiler and linker flags in some cases.
Signed-off-by: Florian Hofhammer <[email protected]>
---
tests/tcg/arm/Makefile.target | 6 +++++
tests/tcg/hexagon/Makefile.target | 7 +++++
tests/tcg/mips/Makefile.target | 6 ++++-
tests/tcg/mips64/Makefile.target | 15 +++++++++++
tests/tcg/mips64el/Makefile.target | 15 +++++++++++
tests/tcg/mipsel/Makefile.target | 15 +++++++++++
tests/tcg/multiarch/Makefile.target | 22 ++++++++++++++--
.../{ => plugin}/check-plugin-output.sh | 0
.../{ => plugin}/test-plugin-mem-access.c | 0
.../plugin/test-plugin-skip-syscalls.c | 26 +++++++++++++++++++
tests/tcg/plugins/syscall.c | 6 +++++
tests/tcg/sparc64/Makefile.target | 16 ++++++++++++
12 files changed, 131 insertions(+), 3 deletions(-)
create mode 100644 tests/tcg/mips64/Makefile.target
create mode 100644 tests/tcg/mips64el/Makefile.target
create mode 100644 tests/tcg/mipsel/Makefile.target
rename tests/tcg/multiarch/{ => plugin}/check-plugin-output.sh (100%)
rename tests/tcg/multiarch/{ => plugin}/test-plugin-mem-access.c (100%)
create mode 100644 tests/tcg/multiarch/plugin/test-plugin-skip-syscalls.c
create mode 100644 tests/tcg/sparc64/Makefile.target
+++ b/tests/tcg/multiarch/plugin/test-plugin-skip-syscalls.c
@@ -0,0 +1,26 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * This test attempts to execute an invalid syscall. The syscall test plugin
+ * should intercept this.
+ */
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+void exit_success(void) __attribute__((section(".redirect"), noinline,
+ noreturn, used));
+
+void exit_success(void) {
+ _exit(EXIT_SUCCESS);
+}
+
+int main(int argc, char *argv[]) {
+ long ret = syscall(0xc0deUL);
+ if (ret != 0L) {
+ perror("");
+ }
+ /* We should never get here */
+ return EXIT_FAILURE;
+}
diff --git a/tests/tcg/plugins/syscall.c b/tests/tcg/plugins/syscall.c
index 5658f83087..b68e3cadf4 100644
--- a/tests/tcg/plugins/syscall.c
+++ b/tests/tcg/plugins/syscall.c
@@ -148,6 +148,12 @@ static void vcpu_syscall(qemu_plugin_id_t id, unsigned int
vcpu_index,
fprintf(stderr, "Error reading memory from vaddr %"PRIu64"\n",
a2);
}
}
+
+ if (num == 0xc0deUL) {
+ /* Special syscall to test the control flow redirection functionality.
*/
+ qemu_plugin_outs("Marker syscall detected, jump to clean exit\n");
+ qemu_plugin_set_pc(0x20000);
An even better alternative is to use a value label, which is a gcc extension,
and you would not even need another function. Just pass it as first parameter
of syscall, and jump to this address directly from syscall filter.
int main(int argc, char *argv[]) {
long ret = syscall(0xc0deUL, &&set_pc_dest);
/* We should never get here */
return EXIT_FAILURE;
set_pc_dest:
return EXIT_SUCCESS;
}
More details:
https://www.amulettechnologies.com/boosting-bytecode-efficiency-the-power-of-gccs-label-as-value/
https://gcc.gnu.org/onlinedocs/gcc/Labels-as-Values.html
Regards,
Pierrick
Thanks for the idea, I didn't think about this. I'll check it out!
Best regards,
Florian
Fun finding: GCC optimizes the label and the second return away and
there's no way to turn this behavior off, so the test doesn't work with
value labels. I'm nevertheless changing to just passing the function
address as a paremeter, which is cleaner than using a hardcoded address.
Oh interesting. Is the test compiled in O0?
Yes, you can pass the function address as well. I would be happy with a
hardcoded address, but the major pain is all those flags per arch.
Best regards,
Florian
