aboutsummaryrefslogtreecommitdiff
path: root/target
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2022-08-22 15:12:24 +0100
committerRichard Henderson <richard.henderson@linaro.org>2022-09-13 17:18:21 +0100
commit5202861b20d77b1d638da5f10af0f51ebcfc61bf (patch)
tree8b45da5525a74d97488a8d7e7a4f799adc5f23d1 /target
parent7327e60237c36e9aa089141de547ca224ec5f3be (diff)
semihosting: Allow optional use of semihosting from userspace
Currently our semihosting implementations generally prohibit use of semihosting calls in system emulation from the guest userspace. This is a very long standing behaviour justified originally "to provide some semblance of security" (since code with access to the semihosting ABI can do things like read and write arbitrary files on the host system). However, it is sometimes useful to be able to run trusted guest code which performs semihosting calls from guest userspace, notably for test code. Add a command line suboption to the existing semihosting-config option group so that you can explicitly opt in to semihosting from guest userspace with -semihosting-config userspace=on (There is no equivalent option for the user-mode emulator, because there by definition all code runs in userspace and has access to semihosting already.) This commit adds the infrastructure for the command line option and adds a bool 'is_user' parameter to the function semihosting_userspace_enabled() that target code can use to check whether it should be permitting the semihosting call for userspace. It mechanically makes all the callsites pass 'false', so they continue checking "is semihosting enabled in general". Subsequent commits will make each target that implements semihosting honour the userspace=on option by passing the correct value and removing whatever "don't do this for userspace" checking they were doing by hand. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220822141230.3658237-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'target')
-rw-r--r--target/arm/translate-a64.c2
-rw-r--r--target/arm/translate.c6
-rw-r--r--target/m68k/op_helper.c2
-rw-r--r--target/nios2/translate.c2
-rw-r--r--target/xtensa/translate.c6
5 files changed, 9 insertions, 9 deletions
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 163df8c615..3decc8da57 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -2219,7 +2219,7 @@ static void disas_exc(DisasContext *s, uint32_t insn)
* it is required for halting debug disabled: it will UNDEF.
* Secondly, "HLT 0xf000" is the A64 semihosting syscall instruction.
*/
- if (semihosting_enabled() && imm16 == 0xf000) {
+ if (semihosting_enabled(false) && imm16 == 0xf000) {
#ifndef CONFIG_USER_ONLY
/* In system mode, don't allow userspace access to semihosting,
* to provide some semblance of security (and for consistency
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 9474e4b44b..b1e013270d 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -1169,7 +1169,7 @@ static inline void gen_hlt(DisasContext *s, int imm)
* semihosting, to provide some semblance of security
* (and for consistency with our 32-bit semihosting).
*/
- if (semihosting_enabled() &&
+ if (semihosting_enabled(false) &&
#ifndef CONFIG_USER_ONLY
s->current_el != 0 &&
#endif
@@ -6556,7 +6556,7 @@ static bool trans_BKPT(DisasContext *s, arg_BKPT *a)
/* BKPT is OK with ECI set and leaves it untouched */
s->eci_handled = true;
if (arm_dc_feature(s, ARM_FEATURE_M) &&
- semihosting_enabled() &&
+ semihosting_enabled(false) &&
#ifndef CONFIG_USER_ONLY
!IS_USER(s) &&
#endif
@@ -8764,7 +8764,7 @@ static bool trans_SVC(DisasContext *s, arg_SVC *a)
{
const uint32_t semihost_imm = s->thumb ? 0xab : 0x123456;
- if (!arm_dc_feature(s, ARM_FEATURE_M) && semihosting_enabled() &&
+ if (!arm_dc_feature(s, ARM_FEATURE_M) && semihosting_enabled(false) &&
#ifndef CONFIG_USER_ONLY
!IS_USER(s) &&
#endif
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index d9937ca8dc..4b3dfec130 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -203,7 +203,7 @@ static void cf_interrupt_all(CPUM68KState *env, int is_hw)
cf_rte(env);
return;
case EXCP_HALT_INSN:
- if (semihosting_enabled()
+ if (semihosting_enabled(false)
&& (env->sr & SR_S) != 0
&& (env->pc & 3) == 0
&& cpu_lduw_code(env, env->pc - 4) == 0x4e71
diff --git a/target/nios2/translate.c b/target/nios2/translate.c
index c588e8e885..ff631a42f6 100644
--- a/target/nios2/translate.c
+++ b/target/nios2/translate.c
@@ -818,7 +818,7 @@ static void gen_break(DisasContext *dc, uint32_t code, uint32_t flags)
#ifndef CONFIG_USER_ONLY
/* The semihosting instruction is "break 1". */
R_TYPE(instr, code);
- if (semihosting_enabled() && instr.imm5 == 1) {
+ if (semihosting_enabled(false) && instr.imm5 == 1) {
t_gen_helper_raise_exception(dc, EXCP_SEMIHOST);
return;
}
diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 8b864ef925..afae8a1bea 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -2366,9 +2366,9 @@ static uint32_t test_exceptions_simcall(DisasContext *dc,
bool ill = true;
#else
/* Between RE.2 and RE.3 simcall opcode's become nop for the hardware. */
- bool ill = dc->config->hw_version <= 250002 && !semihosting_enabled();
+ bool ill = dc->config->hw_version <= 250002 && !semihosting_enabled(false);
#endif
- if (ill || !semihosting_enabled()) {
+ if (ill || !semihosting_enabled(false)) {
qemu_log_mask(LOG_GUEST_ERROR, "SIMCALL but semihosting is disabled\n");
}
return ill ? XTENSA_OP_ILL : 0;
@@ -2378,7 +2378,7 @@ static void translate_simcall(DisasContext *dc, const OpcodeArg arg[],
const uint32_t par[])
{
#ifndef CONFIG_USER_ONLY
- if (semihosting_enabled()) {
+ if (semihosting_enabled(false)) {
gen_helper_simcall(cpu_env);
}
#endif