Hi! I have in my trace instrumentation queue a series that adds a very simple but efficient way to trigger code in QEMU from guest code using guest-agnostic code.
Blue Swirl showed some interest long ago in using it in the test suite (e.g., instruct QEMU to check the vCPU state after a series of instructions). But I don't know if there still is interest, or if anybody else finds this useful (otherwise I'll keep it in my instrumentation branch). Guest-side interface: #include <qemu-hypercall.h> int main() { // initialize communication device qemu_hypercall_init("/tmp/hypercall"); // memory region to share data between guest and QEMU // (QEMU does not trap reads/writes here, so it can be used as a // bandwidth-efficient communication channel) void *data = qemu_hypercall_data(); ((char*)data)[0] = 0x1; // trigger hypercall callback qemu_hypercall(0xcafe); // in-line data } A dynamic library is loaded when starting QEMU, which gets called as a response to 'qemu_hypercall()': // libmyhypercall.so qemu_hypercall(uint64_t cmd, char *data) { assert(cmd == 0xcafe) assert(((char*)data)[0] == 0x1); } To start QEMU: qemu-x86_64 -hypercall libmyhypercall.so -hypercall-device=/tmp/backdoor /test/program qemu-system-x86_64 -device hypercall I have a prototype for a guest user library and a guest Linux module to use this in both user and system mode. Cheers, Lluis