Allow exiting the current execution in QEMU syscall hooks #3462
Description
QEMU syscall hooks currently have two options: run the syscall, or skip it and provide a return value. I think it would be valuable to add a third: abort the current execution (probably with a given ExitKind). My particular use-case is that I want to hook the exit and exit_group system calls.
Here's my attempt at an exit syscall handler:
#[allow(clippy::too_many_arguments)]
fn syscall_exit_hook<ET, I, S>(
qemu: Qemu,
_emulator_modules: &mut EmulatorModules<ET, I, S>,
_s: Option<&mut S>,
code: i32,
arg0: u64,
_arg1: u64,
_arg2: u64,
_arg3: u64,
_arg4: u64,
_arg5: u64,
_arg6: u64,
_arg7: u64,
) -> SyscallHookResult {
let code = i64::from(code);
if code != x86_64::SYS_exit && code != x86_64::SYS_exit_group {
return SyscallHookResult::Run;
}
let cpu = qemu.current_cpu().expect("No current CPU in syscall hook?");
let rip = cpu.read_reg(Regs::Rip).unwrap();
debug!("Exiting with: {:#x} at {:#x}", arg0, rip);
// TODO: What to put here?
// cpu.trigger_breakpoint();
// unsafe { qemu.target_signal(Signal::SigAbort) };
SyscallHookResult::Skip(arg0)
}The problem is that I don't know what to put after the TODO. If I don't put anything, my target enters a loop until it times out. If I put trigger_breakpoint, the target just hangs (I think). If I raise a signal, then the EventManager has to restart the process. Ideally, I'd just return to the harness with an OK exit from QEMU.