aboutsummaryrefslogtreecommitdiff
path: root/semihosting
AgeCommit message (Collapse)Author
2022-09-13semihosting: Allow optional use of semihosting from userspacePeter Maydell
Currently our semihosting implementations generally prohibit use of semihosting calls in system emulation from the guest userspace. This is a very long standing behaviour justified originally "to provide some semblance of security" (since code with access to the semihosting ABI can do things like read and write arbitrary files on the host system). However, it is sometimes useful to be able to run trusted guest code which performs semihosting calls from guest userspace, notably for test code. Add a command line suboption to the existing semihosting-config option group so that you can explicitly opt in to semihosting from guest userspace with -semihosting-config userspace=on (There is no equivalent option for the user-mode emulator, because there by definition all code runs in userspace and has access to semihosting already.) This commit adds the infrastructure for the command line option and adds a bool 'is_user' parameter to the function semihosting_userspace_enabled() that target code can use to check whether it should be permitting the semihosting call for userspace. It mechanically makes all the callsites pass 'false', so they continue checking "is semihosting enabled in general". Subsequent commits will make each target that implements semihosting honour the userspace=on option by passing the correct value and removing whatever "don't do this for userspace" checking they were doing by hand. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220822141230.3658237-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29semihosting: Fix handling of buffer in TARGET_SYS_TMPNAMPeter Maydell
The TARGET_SYS_TMPNAM implementation has two bugs spotted by Coverity: * confusion about whether 'len' has the length of the string including or excluding the terminating NUL means we lock_user() len bytes of memory but memcpy() len + 1 bytes * In the error-exit cases we forget to free() the buffer that asprintf() returned to us Resolves: Coverity CID 1490285, 1490289 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-5-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-10-alex.bennee@linaro.org>
2022-07-29semihosting: Check for errors on SET_ARG()Peter Maydell
The SET_ARG() macro returns an error indication; we check this in the TARGET_SYS_GET_CMDLINE case but not when we use it in implementing TARGET_SYS_ELAPSED. Check for and handle the errors via the do_fault codepath, and update the comment documenting the SET_ARG() and GET_ARG() macros to note how they handle memory access errors. Resolves: Coverity CID 1490287 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-4-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-9-alex.bennee@linaro.org>
2022-07-29semihosting: Don't copy buffer after console_write()Peter Maydell
The console_write() semihosting function outputs guest data from a buffer; it doesn't update that buffer. It therefore doesn't need to pass a length value to unlock_user(), but can pass 0, meaning "do not copy any data back to the guest memory". Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-3-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-8-alex.bennee@linaro.org>
2022-07-29semihosting: Don't return negative values on ↵Peter Maydell
qemu_semihosting_console_write() failure The documentation comment for qemu_semihosting_console_write() says * Returns: number of bytes written -- this should only ever be short * on some sort of i/o error. and the callsites rely on this. However, the implementation code path which sends console output to a chardev doesn't honour this, and will return negative values on error. Bring it into line with the other implementation codepaths and the documentation, so that it returns 0 on error. Spotted by Coverity, because console_write() passes the return value to unlock_user(), which doesn't accept a negative length. Resolves: Coverity CID 1490288 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-2-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220725140520.515340-7-alex.bennee@linaro.org>
2022-07-12semihosting: Remove qemu_semihosting_log_outRichard Henderson
The function is no longer used. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220628111701.677216-7-richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-06-28semihosting: Create semihost_sys_poll_oneRichard Henderson
This will be used for implementing the xtensa select_one system call. Choose "poll" over "select" so that we can reuse Glib's g_poll constants and to avoid struct timeval. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Remove qemu_semihosting_console_outsRichard Henderson
This function has been replaced by *_write. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use console_out_gf for SYS_WRITE0Richard Henderson
Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Remove qemu_semihosting_console_outcRichard Henderson
This function has been replaced by *_write. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use console_out_gf for SYS_WRITECRichard Henderson
Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use console_in_gf for SYS_READCRichard Henderson
Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create qemu_semihosting_guestfd_initRichard Henderson
For arm-compat, initialize console_{in,out}_gf; otherwise, initialize stdio file descriptors. This will go some way to cleaning up arm-compat, and will allow other semihosting to use normal stdio. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Add GuestFDConsoleRichard Henderson
Add a GuestFDType for connecting to the semihosting console. Hook up to read, write, isatty, and fstat syscalls. Note that the arm-specific syscall flen cannot be applied to the console, because the console is not a descriptor exposed to the guest. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create qemu_semihosting_console_writeRichard Henderson
Will replace qemu_semihosting_console_{outs,outc}, but we need more plumbing first. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Cleanup chardev initRichard Henderson
Rename qemu_semihosting_connect_chardevs to qemu_semihosting_chardev_init; pass the result directly to qemu_semihosting_console_init. Store the chardev in SemihostingConsole instead of SemihostingConfig, which lets us drop semihosting_get_chardev. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Expand qemu_semihosting_console_inc to readRichard Henderson
Allow more than one character to be read at one time. Will be used by m68k and nios2 semihosting for stdio. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Pass CPUState to qemu_semihosting_console_incRichard Henderson
We don't need CPUArchState, and we do want the CPUState of the thread performing the operation -- use this instead of current_cpu. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28gdbstub: Adjust gdb_syscall_complete_cb declarationRichard Henderson
Change 'ret' to uint64_t. This resolves a FIXME in the m68k and nios2 semihosting that we've lost data. Change 'err' to int. There is nothing target-specific about the width of the errno value. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create semihost_sys_gettimeofdayRichard Henderson
This syscall will be used by m68k and nios2 semihosting. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create semihost_sys_{stat,fstat}Richard Henderson
These syscalls will be used by m68k and nios2 semihosting. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_systemRichard Henderson
Split out the non-ARM specific portions of SYS_SYSTEM to a reusable function. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_renameRichard Henderson
Split out the non-ARM specific portions of SYS_RENAME to a reusable function. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_removeRichard Henderson
Split out the non-ARM specific portions of SYS_REMOVE to a reusable function. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_flenRichard Henderson
The ARM-specific SYS_FLEN isn't really something that can be reused by other semihosting apis, but there are parts that can reused for the implementation of semihost_sys_fstat. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_isattyRichard Henderson
Split out the non-ARM specific portions of SYS_ISTTY to a reusable function. This handles all GuestFD. Add a common_semi_istty_cb helper to translate the Posix error return, 0+ENOTTY, to the Arm semihosting not-a-file success result. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_lseekRichard Henderson
Split out the non-ARM specific portions of SYS_SEEK to a reusable function. This handles all GuestFD. Isolate the curious ARM-specific return value processing to a new callback, common_semi_seek_cb. Expand the internal type of the offset to int64_t, and provide the whence argument, which will be required by m68k and nios2 semihosting. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Bound length for semihost_sys_{read,write}Richard Henderson
Fixes a minor bug in which a 64-bit guest on a 32-bit host could truncate the length. This would only ever cause a problem if there were no bits set in the low 32, so that it truncates to 0. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_writeRichard Henderson
Split out the non-ARM specific portions of SYS_WRITE to a reusable function. This handles all GuestFD. This removes the last use of common_semi_syscall_len. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_readRichard Henderson
Split out the non-ARM specific portions of SYS_READ to a reusable function. This handles all GuestFD. Isolate the curious ARM-specific return value processing to a new callback, common_semi_rw_cb. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_closeRichard Henderson
Split out the non-ARM specific portions of SYS_CLOSE to a reusable function. This handles all GuestFD. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_openRichard Henderson
Split out the non-ARM specific portions of SYS_OPEN to a reusable function. This handles gdb and host file i/o. Add helpers to validate the length of the filename string. Prepare for usage by other semihosting by allowing the filename length parameter to be 0, and calling strlen. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Move GET_ARG/SET_ARG earlier in the fileRichard Henderson
Moving this to be useful for another function besides do_common_semihosting. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use env more often in do_common_semihostingRichard Henderson
We've already loaded cs->env_ptr into a local variable; use it. Since env is unconditionally used, we don't need a dummy use. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out common-semi-target.hRichard Henderson
Move the ARM and RISCV specific helpers into their own header file. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out common_semi_has_synccacheRichard Henderson
We already have some larger ifdef blocks for ARM and RISCV; split out a boolean test for SYS_SYNCCACHE. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split common_semi_flen_buf per targetRichard Henderson
We already have some larger ifdef blocks for ARM and RISCV; split out common_semi_stack_bottom per target. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split is_64bit_semihosting per targetRichard Henderson
We already have some larger ifdef blocks for ARM and RISCV; split the function into multiple implementations per arch. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use struct gdb_stat in common_semi_flen_cbRichard Henderson
Load the entire 64-bit size value. While we're at it, use offsetof instead of an integer constant. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28include/exec: Move gdb open flags to gdbstub.hRichard Henderson
There were 3 copies of these flags. Place them in the file with gdb_do_syscall, with which they belong. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Remove GDB_O_BINARYRichard Henderson
The value is zero, and gdb always opens files in binary mode. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Move common-semi.h to include/semihosting/Richard Henderson
This header is not private to the top-level semihosting directory, so place it in the public include directory. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Return void from do_common_semihostingRichard Henderson
Perform the cleanup in the FIXME comment in common_semi_gdb_syscall. Do not modify guest registers until the syscall is complete, which in the gdbstub case is asynchronous. In the synchronous non-gdbstub case, use common_semi_set_ret to set the result. Merge set_swi_errno into common_semi_cb. Rely on the latter for combined return value / errno setting. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Clean up common_semi_open_cbRichard Henderson
Use common_semi_cb to return results instead of calling set_swi_errno and common_semi_set_ret directly. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Clean up common_semi_flen_cbRichard Henderson
Do not read from the gdb struct stat buffer if the callback is reporting an error. Use common_semi_cb to finish returning results. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Adjust error checking in common_semi_cbRichard Henderson
The err parameter is non-zero if and only if an error occured. Use this instead of ret == -1 for determining if we need to update the saved errno. This fixes the errno setting of SYS_ISTTY, which returns 0 on error, not -1. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Inline set_swi_errno into common_semi_cbRichard Henderson
Do not store 'err' into errno only to read it back immediately. Use 'ret' for the return value, not 'reg0'. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out guestfd.cRichard Henderson
In arm-compat-semi.c, we have more advanced treatment of guest file descriptors than we do in other implementations. Split out GuestFD and related functions to a new file so that they can be shared. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Simplify softmmu_lock_user_stringRichard Henderson
We are not currently bounding the search to the 1024 bytes that we allocated, possibly overrunning the buffer. Use softmmu_strlen_user to find the length and allocate the correct size from the beginning. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Add target_strlen for softmmu-uaccess.hRichard Henderson
Mirror the interface of the user-only function of the same name. Use probe_access_flags for the common case of ram, and cpu_memory_rw_debug for the uncommon case of mmio. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- v3: Use probe_access_flags (pmm)