aboutsummaryrefslogtreecommitdiff
path: root/semihosting
AgeCommit message (Collapse)AuthorFilesLines
2022-09-13semihosting: Allow optional use of semihosting from userspacePeter Maydell1-2/+8
Currently our semihosting implementations generally prohibit use of semihosting calls in system emulation from the guest userspace. This is a very long standing behaviour justified originally "to provide some semblance of security" (since code with access to the semihosting ABI can do things like read and write arbitrary files on the host system). However, it is sometimes useful to be able to run trusted guest code which performs semihosting calls from guest userspace, notably for test code. Add a command line suboption to the existing semihosting-config option group so that you can explicitly opt in to semihosting from guest userspace with -semihosting-config userspace=on (There is no equivalent option for the user-mode emulator, because there by definition all code runs in userspace and has access to semihosting already.) This commit adds the infrastructure for the command line option and adds a bool 'is_user' parameter to the function semihosting_userspace_enabled() that target code can use to check whether it should be permitting the semihosting call for userspace. It mechanically makes all the callsites pass 'false', so they continue checking "is semihosting enabled in general". Subsequent commits will make each target that implements semihosting honour the userspace=on option by passing the correct value and removing whatever "don't do this for userspace" checking they were doing by hand. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220822141230.3658237-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-29semihosting: Fix handling of buffer in TARGET_SYS_TMPNAMPeter Maydell1-2/+11
The TARGET_SYS_TMPNAM implementation has two bugs spotted by Coverity: * confusion about whether 'len' has the length of the string including or excluding the terminating NUL means we lock_user() len bytes of memory but memcpy() len + 1 bytes * In the error-exit cases we forget to free() the buffer that asprintf() returned to us Resolves: Coverity CID 1490285, 1490289 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-5-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-10-alex.bennee@linaro.org>
2022-07-29semihosting: Check for errors on SET_ARG()Peter Maydell1-3/+13
The SET_ARG() macro returns an error indication; we check this in the TARGET_SYS_GET_CMDLINE case but not when we use it in implementing TARGET_SYS_ELAPSED. Check for and handle the errors via the do_fault codepath, and update the comment documenting the SET_ARG() and GET_ARG() macros to note how they handle memory access errors. Resolves: Coverity CID 1490287 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-4-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-9-alex.bennee@linaro.org>
2022-07-29semihosting: Don't copy buffer after console_write()Peter Maydell1-1/+1
The console_write() semihosting function outputs guest data from a buffer; it doesn't update that buffer. It therefore doesn't need to pass a length value to unlock_user(), but can pass 0, meaning "do not copy any data back to the guest memory". Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-3-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-8-alex.bennee@linaro.org>
2022-07-29semihosting: Don't return negative values on ↵Peter Maydell1-1/+2
qemu_semihosting_console_write() failure The documentation comment for qemu_semihosting_console_write() says * Returns: number of bytes written -- this should only ever be short * on some sort of i/o error. and the callsites rely on this. However, the implementation code path which sends console output to a chardev doesn't honour this, and will return negative values on error. Bring it into line with the other implementation codepaths and the documentation, so that it returns 0 on error. Spotted by Coverity, because console_write() passes the return value to unlock_user(), which doesn't accept a negative length. Resolves: Coverity CID 1490288 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-2-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220725140520.515340-7-alex.bennee@linaro.org>
2022-07-12semihosting: Remove qemu_semihosting_log_outRichard Henderson1-9/+0
The function is no longer used. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220628111701.677216-7-richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-06-28semihosting: Create semihost_sys_poll_oneRichard Henderson2-2/+87
This will be used for implementing the xtensa select_one system call. Choose "poll" over "select" so that we can reuse Glib's g_poll constants and to avoid struct timeval. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Remove qemu_semihosting_console_outsRichard Henderson1-49/+0
This function has been replaced by *_write. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use console_out_gf for SYS_WRITE0Richard Henderson1-2/+9
Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Remove qemu_semihosting_console_outcRichard Henderson1-18/+0
This function has been replaced by *_write. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use console_out_gf for SYS_WRITECRichard Henderson1-4/+16
Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use console_in_gf for SYS_READCRichard Henderson1-9/+18
Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create qemu_semihosting_guestfd_initRichard Henderson2-10/+44
For arm-compat, initialize console_{in,out}_gf; otherwise, initialize stdio file descriptors. This will go some way to cleaning up arm-compat, and will allow other semihosting to use normal stdio. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Add GuestFDConsoleRichard Henderson1-0/+68
Add a GuestFDType for connecting to the semihosting console. Hook up to read, write, isatty, and fstat syscalls. Note that the arm-specific syscall flen cannot be applied to the console, because the console is not a descriptor exposed to the guest. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create qemu_semihosting_console_writeRichard Henderson1-0/+9
Will replace qemu_semihosting_console_{outs,outc}, but we need more plumbing first. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Cleanup chardev initRichard Henderson2-26/+22
Rename qemu_semihosting_connect_chardevs to qemu_semihosting_chardev_init; pass the result directly to qemu_semihosting_console_init. Store the chardev in SemihostingConsole instead of SemihostingConfig, which lets us drop semihosting_get_chardev. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Expand qemu_semihosting_console_inc to readRichard Henderson2-6/+21
Allow more than one character to be read at one time. Will be used by m68k and nios2 semihosting for stdio. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Pass CPUState to qemu_semihosting_console_incRichard Henderson2-7/+7
We don't need CPUArchState, and we do want the CPUState of the thread performing the operation -- use this instead of current_cpu. Reviewed-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28gdbstub: Adjust gdb_syscall_complete_cb declarationRichard Henderson3-12/+9
Change 'ret' to uint64_t. This resolves a FIXME in the m68k and nios2 semihosting that we've lost data. Change 'err' to int. There is nothing target-specific about the width of the errno value. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create semihost_sys_gettimeofdayRichard Henderson1-0/+42
This syscall will be used by m68k and nios2 semihosting. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Create semihost_sys_{stat,fstat}Richard Henderson1-0/+137
These syscalls will be used by m68k and nios2 semihosting. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_systemRichard Henderson2-11/+41
Split out the non-ARM specific portions of SYS_SYSTEM to a reusable function. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_renameRichard Henderson2-20/+58
Split out the non-ARM specific portions of SYS_RENAME to a reusable function. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_removeRichard Henderson2-12/+41
Split out the non-ARM specific portions of SYS_REMOVE to a reusable function. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_flenRichard Henderson2-61/+62
The ARM-specific SYS_FLEN isn't really something that can be reused by other semihosting apis, but there are parts that can reused for the implementation of semihost_sys_fstat. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_isattyRichard Henderson2-26/+50
Split out the non-ARM specific portions of SYS_ISTTY to a reusable function. This handles all GuestFD. Add a common_semi_istty_cb helper to translate the Posix error return, 0+ENOTTY, to the Arm semihosting not-a-file success result. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_lseekRichard Henderson2-38/+94
Split out the non-ARM specific portions of SYS_SEEK to a reusable function. This handles all GuestFD. Isolate the curious ARM-specific return value processing to a new callback, common_semi_seek_cb. Expand the internal type of the offset to int64_t, and provide the whence argument, which will be required by m68k and nios2 semihosting. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Bound length for semihost_sys_{read,write}Richard Henderson1-0/+16
Fixes a minor bug in which a 64-bit guest on a 32-bit host could truncate the length. This would only ever cause a problem if there were no bits set in the low 32, so that it truncates to 0. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_writeRichard Henderson2-51/+55
Split out the non-ARM specific portions of SYS_WRITE to a reusable function. This handles all GuestFD. This removes the last use of common_semi_syscall_len. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_readRichard Henderson2-65/+105
Split out the non-ARM specific portions of SYS_READ to a reusable function. This handles all GuestFD. Isolate the curious ARM-specific return value processing to a new callback, common_semi_rw_cb. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_closeRichard Henderson3-41/+54
Split out the non-ARM specific portions of SYS_CLOSE to a reusable function. This handles all GuestFD. Note that gdb_do_syscall %x reads target_ulong, not int. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out semihost_sys_openRichard Henderson4-45/+168
Split out the non-ARM specific portions of SYS_OPEN to a reusable function. This handles gdb and host file i/o. Add helpers to validate the length of the filename string. Prepare for usage by other semihosting by allowing the filename length parameter to be 0, and calling strlen. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Move GET_ARG/SET_ARG earlier in the fileRichard Henderson1-24/+24
Moving this to be useful for another function besides do_common_semihosting. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use env more often in do_common_semihostingRichard Henderson1-4/+3
We've already loaded cs->env_ptr into a local variable; use it. Since env is unconditionally used, we don't need a dummy use. Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out common-semi-target.hRichard Henderson1-93/+1
Move the ARM and RISCV specific helpers into their own header file. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Luc Michel <lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out common_semi_has_synccacheRichard Henderson1-7/+13
We already have some larger ifdef blocks for ARM and RISCV; split out a boolean test for SYS_SYNCCACHE. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split common_semi_flen_buf per targetRichard Henderson1-23/+21
We already have some larger ifdef blocks for ARM and RISCV; split out common_semi_stack_bottom per target. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split is_64bit_semihosting per targetRichard Henderson1-11/+8
We already have some larger ifdef blocks for ARM and RISCV; split the function into multiple implementations per arch. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Use struct gdb_stat in common_semi_flen_cbRichard Henderson1-8/+6
Load the entire 64-bit size value. While we're at it, use offsetof instead of an integer constant. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28include/exec: Move gdb open flags to gdbstub.hRichard Henderson1-7/+0
There were 3 copies of these flags. Place them in the file with gdb_do_syscall, with which they belong. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Remove GDB_O_BINARYRichard Henderson1-7/+6
The value is zero, and gdb always opens files in binary mode. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Move common-semi.h to include/semihosting/Richard Henderson1-39/+0
This header is not private to the top-level semihosting directory, so place it in the public include directory. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Return void from do_common_semihostingRichard Henderson2-287/+256
Perform the cleanup in the FIXME comment in common_semi_gdb_syscall. Do not modify guest registers until the syscall is complete, which in the gdbstub case is asynchronous. In the synchronous non-gdbstub case, use common_semi_set_ret to set the result. Merge set_swi_errno into common_semi_cb. Rely on the latter for combined return value / errno setting. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Clean up common_semi_open_cbRichard Henderson1-4/+2
Use common_semi_cb to return results instead of calling set_swi_errno and common_semi_set_ret directly. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Clean up common_semi_flen_cbRichard Henderson1-9/+11
Do not read from the gdb struct stat buffer if the callback is reporting an error. Use common_semi_cb to finish returning results. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Adjust error checking in common_semi_cbRichard Henderson1-1/+1
The err parameter is non-zero if and only if an error occured. Use this instead of ret == -1 for determining if we need to update the saved errno. This fixes the errno setting of SYS_ISTTY, which returns 0 on error, not -1. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Inline set_swi_errno into common_semi_cbRichard Henderson1-9/+10
Do not store 'err' into errno only to read it back immediately. Use 'ret' for the return value, not 'reg0'. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Split out guestfd.cRichard Henderson3-142/+144
In arm-compat-semi.c, we have more advanced treatment of guest file descriptors than we do in other implementations. Split out GuestFD and related functions to a new file so that they can be shared. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Simplify softmmu_lock_user_stringRichard Henderson1-12/+3
We are not currently bounding the search to the 1024 bytes that we allocated, possibly overrunning the buffer. Use softmmu_strlen_user to find the length and allocate the correct size from the beginning. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-28semihosting: Add target_strlen for softmmu-uaccess.hRichard Henderson1-0/+49
Mirror the interface of the user-only function of the same name. Use probe_access_flags for the common case of ram, and cpu_memory_rw_debug for the uncommon case of mmio. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- v3: Use probe_access_flags (pmm)