This patch adds a plugin API function that allows diverting the program counter during execution. A potential use case for this functionality is to skip over parts of the code, e.g., by hooking into a specific instruction and setting the PC to the next instruction in the callback.
Redirecting control flow via cpu_loop_exit() works fine in callbacks that are triggered during code execution due to cpu_exec_setjmp() still being part of the call stack. If we want to use the new API in syscall callbacks, cpu_exec_setjmp() already returned and the longjmp() triggered by cpu_loop_exit() is undefined behavior. For this reason, we introduce a new return constant QEMU_ESETPC and do another setjmp() before executing syscall plugin callbacks and potentially the syscall itself. Link: https://lists.nongnu.org/archive/html/qemu-devel/2025-08/msg00656.html Signed-off-by: Florian Hofhammer <[email protected]> --- include/qemu/qemu-plugin.h | 15 +++++++++++++++ linux-user/aarch64/cpu_loop.c | 2 +- linux-user/alpha/cpu_loop.c | 2 +- linux-user/arm/cpu_loop.c | 2 +- linux-user/hexagon/cpu_loop.c | 2 +- linux-user/hppa/cpu_loop.c | 4 ++++ linux-user/i386/cpu_loop.c | 8 +++++--- linux-user/include/special-errno.h | 8 ++++++++ linux-user/loongarch64/cpu_loop.c | 5 +++-- linux-user/m68k/cpu_loop.c | 2 +- linux-user/microblaze/cpu_loop.c | 2 +- linux-user/mips/cpu_loop.c | 5 +++-- linux-user/openrisc/cpu_loop.c | 2 +- linux-user/ppc/cpu_loop.c | 6 ++++-- linux-user/riscv/cpu_loop.c | 2 +- linux-user/s390x/cpu_loop.c | 2 +- linux-user/sh4/cpu_loop.c | 2 +- linux-user/sparc/cpu_loop.c | 4 +++- linux-user/syscall.c | 8 ++++++++ linux-user/xtensa/cpu_loop.c | 3 +++ plugins/api.c | 17 ++++++++++++++++- plugins/core.c | 25 ++++++++++++++----------- 22 files changed, 96 insertions(+), 32 deletions(-) diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h index c450106af1..be72ef9d70 100644 --- a/include/qemu/qemu-plugin.h +++ b/include/qemu/qemu-plugin.h @@ -261,11 +261,14 @@ typedef struct { * @QEMU_PLUGIN_CB_NO_REGS: callback does not access the CPU's regs * @QEMU_PLUGIN_CB_R_REGS: callback reads the CPU's regs * @QEMU_PLUGIN_CB_RW_REGS: callback reads and writes the CPU's regs + * @QEMU_PLUGIN_CB_RW_REGS_PC: callback reads and writes the CPU's + * regs and updates the PC */ enum qemu_plugin_cb_flags { QEMU_PLUGIN_CB_NO_REGS, QEMU_PLUGIN_CB_R_REGS, QEMU_PLUGIN_CB_RW_REGS, + QEMU_PLUGIN_CB_RW_REGS_PC, }; enum qemu_plugin_mem_rw { @@ -943,6 +946,18 @@ QEMU_PLUGIN_API int qemu_plugin_write_register(struct qemu_plugin_register *handle, GByteArray *buf); +/** + * qemu_plugin_set_pc() - set the program counter for the current vCPU + * + * @vaddr: the new virtual (guest) address for the program counter + * + * This function sets the program counter for the current vCPU to @vaddr and + * resumes execution at that address. This function only returns in case of + * errors. + */ +QEMU_PLUGIN_API +void qemu_plugin_set_pc(uint64_t vaddr); + /** * qemu_plugin_read_memory_vaddr() - read from memory using a virtual address * diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c index 50a4c99535..d220d18696 100644 --- a/linux-user/aarch64/cpu_loop.c +++ b/linux-user/aarch64/cpu_loop.c @@ -176,7 +176,7 @@ void cpu_loop(CPUARMState *env) 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->pc -= 4; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->xregs[0] = ret; } break; diff --git a/linux-user/alpha/cpu_loop.c b/linux-user/alpha/cpu_loop.c index f93597c400..bef196b1f5 100644 --- a/linux-user/alpha/cpu_loop.c +++ b/linux-user/alpha/cpu_loop.c @@ -82,7 +82,7 @@ void cpu_loop(CPUAlphaState *env) env->pc -= 4; break; } - if (sysret == -QEMU_ESIGRETURN) { + if (sysret == -QEMU_ESIGRETURN || sysret == -QEMU_ESETPC) { break; } /* Syscall writes 0 to V0 to bypass error check, similar diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c index cd89b7d6f5..ef77b56785 100644 --- a/linux-user/arm/cpu_loop.c +++ b/linux-user/arm/cpu_loop.c @@ -416,7 +416,7 @@ void cpu_loop(CPUARMState *env) 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->regs[15] -= env->thumb ? 2 : 4; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->regs[0] = ret; } } diff --git a/linux-user/hexagon/cpu_loop.c b/linux-user/hexagon/cpu_loop.c index 1941f4c9c1..9adb3ec4c6 100644 --- a/linux-user/hexagon/cpu_loop.c +++ b/linux-user/hexagon/cpu_loop.c @@ -56,7 +56,7 @@ void cpu_loop(CPUHexagonState *env) 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->gpr[HEX_REG_PC] -= 4; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->gpr[0] = ret; } break; diff --git a/linux-user/hppa/cpu_loop.c b/linux-user/hppa/cpu_loop.c index 356cb48acc..5c8d2577ef 100644 --- a/linux-user/hppa/cpu_loop.c +++ b/linux-user/hppa/cpu_loop.c @@ -17,6 +17,7 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ +#include "qemu/compiler.h" #include "qemu/osdep.h" #include "qemu.h" #include "user-internals.h" @@ -135,7 +136,10 @@ void cpu_loop(CPUHPPAState *env) env->iaoq_b = env->iaoq_f + 4; break; case -QEMU_ERESTARTSYS: + QEMU_FALLTHROUGH; case -QEMU_ESIGRETURN: + QEMU_FALLTHROUGH; + case -QEMU_ESETPC: break; } break; diff --git a/linux-user/i386/cpu_loop.c b/linux-user/i386/cpu_loop.c index f3f58576af..fe922fceb5 100644 --- a/linux-user/i386/cpu_loop.c +++ b/linux-user/i386/cpu_loop.c @@ -181,7 +181,9 @@ static void emulate_vsyscall(CPUX86State *env) if (ret == -TARGET_EFAULT) { goto sigsegv; } - env->regs[R_EAX] = ret; + if (ret != -QEMU_ESETPC) { + env->regs[R_EAX] = ret; + } /* Emulate a ret instruction to leave the vsyscall page. */ env->eip = caller; @@ -234,7 +236,7 @@ void cpu_loop(CPUX86State *env) 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->eip -= 2; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->regs[R_EAX] = ret; } break; @@ -253,7 +255,7 @@ void cpu_loop(CPUX86State *env) 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->eip -= 2; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->regs[R_EAX] = ret; } break; diff --git a/linux-user/include/special-errno.h b/linux-user/include/special-errno.h index 4120455baa..1db757241a 100644 --- a/linux-user/include/special-errno.h +++ b/linux-user/include/special-errno.h @@ -29,4 +29,12 @@ */ #define QEMU_ESIGRETURN 513 +/* + * This is returned after a plugin has used the qemu_plugin_set_pc API, to + * indicate that the plugin deliberately changed the PC and potentially + * modified the register values. The main loop should not touch the guest + * registers for this reason. + */ +#define QEMU_ESETPC 514 + #endif /* SPECIAL_ERRNO_H */ diff --git a/linux-user/loongarch64/cpu_loop.c b/linux-user/loongarch64/cpu_loop.c index 26a5ce3a93..603fcc39c7 100644 --- a/linux-user/loongarch64/cpu_loop.c +++ b/linux-user/loongarch64/cpu_loop.c @@ -44,9 +44,10 @@ void cpu_loop(CPULoongArchState *env) env->pc -= 4; break; } - if (ret == -QEMU_ESIGRETURN) { + if (ret == -QEMU_ESIGRETURN || ret == -QEMU_ESETPC) { /* - * Returning from a successful sigreturn syscall. + * Returning from a successful sigreturn syscall or from + * control flow diversion in a plugin callback. * Avoid clobbering register state. */ break; diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c index 2c9f628241..b98ca8ff7b 100644 --- a/linux-user/m68k/cpu_loop.c +++ b/linux-user/m68k/cpu_loop.c @@ -66,7 +66,7 @@ void cpu_loop(CPUM68KState *env) 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->pc -= 2; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->dregs[0] = ret; } } diff --git a/linux-user/microblaze/cpu_loop.c b/linux-user/microblaze/cpu_loop.c index 78506ab23d..06d92c0b90 100644 --- a/linux-user/microblaze/cpu_loop.c +++ b/linux-user/microblaze/cpu_loop.c @@ -54,7 +54,7 @@ void cpu_loop(CPUMBState *env) if (ret == -QEMU_ERESTARTSYS) { /* Wind back to before the syscall. */ env->pc -= 4; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->regs[3] = ret; } /* All syscall exits result in guest r14 being equal to the diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c index 2365de1de1..af98138eb2 100644 --- a/linux-user/mips/cpu_loop.c +++ b/linux-user/mips/cpu_loop.c @@ -140,8 +140,9 @@ done_syscall: env->active_tc.PC -= 4; break; } - if (ret == -QEMU_ESIGRETURN) { - /* Returning from a successful sigreturn syscall. + if (ret == -QEMU_ESIGRETURN || ret == -QEMU_ESETPC) { + /* Returning from a successful sigreturn syscall or from + control flow diversion in a plugin callback. Avoid clobbering register state. */ break; } diff --git a/linux-user/openrisc/cpu_loop.c b/linux-user/openrisc/cpu_loop.c index 2167d880d5..e7e9929e6f 100644 --- a/linux-user/openrisc/cpu_loop.c +++ b/linux-user/openrisc/cpu_loop.c @@ -48,7 +48,7 @@ void cpu_loop(CPUOpenRISCState *env) cpu_get_gpr(env, 8), 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->pc -= 4; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { cpu_set_gpr(env, 11, ret); } break; diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c index b0b0cb14b4..1f8aae14bb 100644 --- a/linux-user/ppc/cpu_loop.c +++ b/linux-user/ppc/cpu_loop.c @@ -340,8 +340,10 @@ void cpu_loop(CPUPPCState *env) env->nip -= 4; break; } - if (ret == (target_ulong)(-QEMU_ESIGRETURN)) { - /* Returning from a successful sigreturn syscall. + if (ret == (target_ulong)(-QEMU_ESIGRETURN) + || ret == (target_ulong)(-QEMU_ESETPC)) { + /* Returning from a successful sigreturn syscall or from + control flow diversion in a plugin callback. Avoid corrupting register state. */ break; } diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c index ce542540c2..eecc8d1517 100644 --- a/linux-user/riscv/cpu_loop.c +++ b/linux-user/riscv/cpu_loop.c @@ -65,7 +65,7 @@ void cpu_loop(CPURISCVState *env) } if (ret == -QEMU_ERESTARTSYS) { env->pc -= 4; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->gpr[xA0] = ret; } if (cs->singlestep_enabled) { diff --git a/linux-user/s390x/cpu_loop.c b/linux-user/s390x/cpu_loop.c index 4929b32e1f..67d2a803fb 100644 --- a/linux-user/s390x/cpu_loop.c +++ b/linux-user/s390x/cpu_loop.c @@ -83,7 +83,7 @@ void cpu_loop(CPUS390XState *env) env->regs[6], env->regs[7], 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->psw.addr -= env->int_svc_ilen; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->regs[2] = ret; } diff --git a/linux-user/sh4/cpu_loop.c b/linux-user/sh4/cpu_loop.c index 0c9d7e9c46..ee2958d0d9 100644 --- a/linux-user/sh4/cpu_loop.c +++ b/linux-user/sh4/cpu_loop.c @@ -50,7 +50,7 @@ void cpu_loop(CPUSH4State *env) 0, 0); if (ret == -QEMU_ERESTARTSYS) { env->pc -= 2; - } else if (ret != -QEMU_ESIGRETURN) { + } else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) { env->gregs[0] = ret; } break; diff --git a/linux-user/sparc/cpu_loop.c b/linux-user/sparc/cpu_loop.c index 7391e2add8..f054316dce 100644 --- a/linux-user/sparc/cpu_loop.c +++ b/linux-user/sparc/cpu_loop.c @@ -229,7 +229,9 @@ void cpu_loop (CPUSPARCState *env) env->regwptr[2], env->regwptr[3], env->regwptr[4], env->regwptr[5], 0, 0); - if (ret == -QEMU_ERESTARTSYS || ret == -QEMU_ESIGRETURN) { + if (ret == -QEMU_ERESTARTSYS + || ret == -QEMU_ESIGRETURN + || ret == -QEMU_ESETPC) { break; } if ((abi_ulong)ret >= (abi_ulong)(-515)) { diff --git a/linux-user/syscall.c b/linux-user/syscall.c index d78b2029fa..f74b8ac596 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -43,6 +43,7 @@ #include <linux/capability.h> #include <sched.h> #include <sys/timex.h> +#include <setjmp.h> #include <sys/socket.h> #include <linux/sockios.h> #include <sys/un.h> @@ -584,6 +585,9 @@ const char *target_strerror(int err) if (err == QEMU_ESIGRETURN) { return "Successful exit from sigreturn"; } + if (err == QEMU_ESETPC) { + return "Successfully redirected control flow via qemu_plugin_set_pc"; + } return strerror(target_to_host_errno(err)); } @@ -14077,6 +14081,10 @@ abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1, return -QEMU_ESIGRETURN; } + if (unlikely(sigsetjmp(cpu->jmp_env, 0) != 0)) { + return -QEMU_ESETPC; + } + record_syscall_start(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8); diff --git a/linux-user/xtensa/cpu_loop.c b/linux-user/xtensa/cpu_loop.c index a0ff10eff8..7680e243bb 100644 --- a/linux-user/xtensa/cpu_loop.c +++ b/linux-user/xtensa/cpu_loop.c @@ -17,6 +17,7 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ +#include "qemu/compiler.h" #include "qemu/osdep.h" #include "qemu.h" #include "user-internals.h" @@ -185,6 +186,8 @@ void cpu_loop(CPUXtensaState *env) env->pc -= 3; break; + case -QEMU_ESETPC: + QEMU_FALLTHROUGH; case -QEMU_ESIGRETURN: break; } diff --git a/plugins/api.c b/plugins/api.c index eac04cc1f6..fc19bdb40b 100644 --- a/plugins/api.c +++ b/plugins/api.c @@ -41,6 +41,7 @@ #include "qemu/log.h" #include "system/memory.h" #include "tcg/tcg.h" +#include "exec/cpu-common.h" #include "exec/gdbstub.h" #include "exec/target_page.h" #include "exec/translation-block.h" @@ -450,13 +451,27 @@ int qemu_plugin_write_register(struct qemu_plugin_register *reg, { g_assert(current_cpu); - if (buf->len == 0 || qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS) { + if (buf->len == 0 || ( + qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS + && qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS_PC)) { return -1; } return gdb_write_register(current_cpu, buf->data, GPOINTER_TO_INT(reg) - 1); } +void qemu_plugin_set_pc(uint64_t vaddr) +{ + g_assert(current_cpu); + + if (qemu_plugin_get_cb_flags() != QEMU_PLUGIN_CB_RW_REGS_PC) { + return; + } + + cpu_set_pc(current_cpu, vaddr); + cpu_loop_exit(current_cpu); +} + bool qemu_plugin_read_memory_vaddr(uint64_t addr, GByteArray *data, size_t len) { g_assert(current_cpu); diff --git a/plugins/core.c b/plugins/core.c index ead09fd2f1..b514293117 100644 --- a/plugins/core.c +++ b/plugins/core.c @@ -369,15 +369,16 @@ void plugin_register_dyn_cb__udata(GArray **arr, enum qemu_plugin_cb_flags flags, void *udata) { - static TCGHelperInfo info[3] = { + static TCGHelperInfo info[4] = { [QEMU_PLUGIN_CB_NO_REGS].flags = TCG_CALL_NO_RWG, [QEMU_PLUGIN_CB_R_REGS].flags = TCG_CALL_NO_WG, [QEMU_PLUGIN_CB_RW_REGS].flags = 0, + [QEMU_PLUGIN_CB_RW_REGS_PC].flags = 0, /* * Match qemu_plugin_vcpu_udata_cb_t: * void (*)(uint32_t, void *) */ - [0 ... 2].typemask = (dh_typemask(void, 0) | + [0 ... 3].typemask = (dh_typemask(void, 0) | dh_typemask(i32, 1) | dh_typemask(ptr, 2)) }; @@ -399,15 +400,16 @@ void plugin_register_dyn_cond_cb__udata(GArray **arr, uint64_t imm, void *udata) { - static TCGHelperInfo info[3] = { + static TCGHelperInfo info[4] = { [QEMU_PLUGIN_CB_NO_REGS].flags = TCG_CALL_NO_RWG, [QEMU_PLUGIN_CB_R_REGS].flags = TCG_CALL_NO_WG, [QEMU_PLUGIN_CB_RW_REGS].flags = 0, + [QEMU_PLUGIN_CB_RW_REGS_PC].flags = 0, /* * Match qemu_plugin_vcpu_udata_cb_t: * void (*)(uint32_t, void *) */ - [0 ... 2].typemask = (dh_typemask(void, 0) | + [0 ... 3].typemask = (dh_typemask(void, 0) | dh_typemask(i32, 1) | dh_typemask(ptr, 2)) }; @@ -438,15 +440,16 @@ void plugin_register_vcpu_mem_cb(GArray **arr, !__builtin_types_compatible_p(qemu_plugin_meminfo_t, uint32_t) && !__builtin_types_compatible_p(qemu_plugin_meminfo_t, int32_t)); - static TCGHelperInfo info[3] = { + static TCGHelperInfo info[4] = { [QEMU_PLUGIN_CB_NO_REGS].flags = TCG_CALL_NO_RWG, [QEMU_PLUGIN_CB_R_REGS].flags = TCG_CALL_NO_WG, [QEMU_PLUGIN_CB_RW_REGS].flags = 0, + [QEMU_PLUGIN_CB_RW_REGS_PC].flags = 0, /* * Match qemu_plugin_vcpu_mem_cb_t: * void (*)(uint32_t, qemu_plugin_meminfo_t, uint64_t, void *) */ - [0 ... 2].typemask = + [0 ... 3].typemask = (dh_typemask(void, 0) | dh_typemask(i32, 1) | (__builtin_types_compatible_p(qemu_plugin_meminfo_t, uint32_t) @@ -508,7 +511,7 @@ qemu_plugin_vcpu_syscall(CPUState *cpu, int64_t num, uint64_t a1, uint64_t a2, QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) { qemu_plugin_vcpu_syscall_cb_t func = cb->f.vcpu_syscall; - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS); + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC); func(cb->ctx->id, cpu->cpu_index, num, a1, a2, a3, a4, a5, a6, a7, a8); qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS); } @@ -532,7 +535,7 @@ void qemu_plugin_vcpu_syscall_ret(CPUState *cpu, int64_t num, int64_t ret) QLIST_FOREACH_SAFE_RCU(cb, &plugin.cb_lists[ev], entry, next) { qemu_plugin_vcpu_syscall_ret_cb_t func = cb->f.vcpu_syscall_ret; - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS); + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC); func(cb->ctx->id, cpu->cpu_index, num, ret); qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS); } @@ -542,7 +545,7 @@ void qemu_plugin_vcpu_idle_cb(CPUState *cpu) { /* idle and resume cb may be called before init, ignore in this case */ if (cpu->cpu_index < plugin.num_vcpus) { - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS); + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC); plugin_vcpu_cb__simple(cpu, QEMU_PLUGIN_EV_VCPU_IDLE); qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS); } @@ -551,7 +554,7 @@ void qemu_plugin_vcpu_idle_cb(CPUState *cpu) void qemu_plugin_vcpu_resume_cb(CPUState *cpu) { if (cpu->cpu_index < plugin.num_vcpus) { - qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS); + qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_RW_REGS_PC); plugin_vcpu_cb__simple(cpu, QEMU_PLUGIN_EV_VCPU_RESUME); qemu_plugin_set_cb_flags(cpu, QEMU_PLUGIN_CB_NO_REGS); } @@ -788,6 +791,6 @@ enum qemu_plugin_cb_flags tcg_call_to_qemu_plugin_cb_flags(int flags) } else if (flags & TCG_CALL_NO_WG) { return QEMU_PLUGIN_CB_R_REGS; } else { - return QEMU_PLUGIN_CB_RW_REGS; + return QEMU_PLUGIN_CB_RW_REGS_PC; } } -- 2.51.0
