Hello, I am doing a concurrency research of OS guests in full system emulation under QEMU, namely for AArch64 target. For my activities, I would like to force yielding of el0 application. If the guest is Linux, it is a call to sched_yield syscall (#124). For some reason, I don't want to directly instrument the guest userspace code -- I need to call this syscall for an arbitrary service/application inside the guest, not only for instrumented one.
I am trying to directly change the TCG part: when I see an instruction in which I want to call guest kernel (e.g. every 100th ld*/st*), I additionally generate instructions to save registers on stack, provide needed value to x8 register, generate interrupt, and then restore registers. Sometimes this approach works, but ultimately I always ended up with an illegal memory access inside the guest el0. Now I assume that I cannot simply generate additional instructions after the generating of an interrupt; instead, I need to restore the registers from a stack on the next program counter that will be hit after return from the svc. I also have doubts that I must somehow manipulate the translation block, i.e. discard/translate again or something similar. I would like to ask if somebody have experience in that area or if somebody can give me useful suggestions. Nikolay Nerovny
