1 /* 2 * Semihosting support for systems modeled on the Arm "Angel" 3 * semihosting syscalls design. This includes Arm and RISC-V processors 4 * 5 * Copyright (c) 2005, 2007 CodeSourcery. 6 * Copyright (c) 2019 Linaro 7 * Written by Paul Brook. 8 * 9 * Copyright © 2020 by Keith Packard <keithp@keithp.com> 10 * Adapted for systems other than ARM, including RISC-V, by Keith Packard 11 * 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation; either version 2 of the License, or 15 * (at your option) any later version. 16 * 17 * This program is distributed in the hope that it will be useful, 18 * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * GNU General Public License for more details. 21 * 22 * You should have received a copy of the GNU General Public License 23 * along with this program; if not, see <http://www.gnu.org/licenses/>. 24 * 25 * ARM Semihosting is documented in: 26 * Semihosting for AArch32 and AArch64 Release 2.0 27 * https://github.com/ARM-software/abi-aa/blob/main/semihosting/semihosting.rst 28 * 29 * RISC-V Semihosting is documented in: 30 * RISC-V Semihosting 31 * https://github.com/riscv/riscv-semihosting-spec/blob/main/riscv-semihosting-spec.adoc 32 */ 33 34 #include "qemu/osdep.h" 35 #include "qemu/timer.h" 36 #include "exec/gdbstub.h" 37 #include "gdbstub/syscalls.h" 38 #include "semihosting/semihost.h" 39 #include "semihosting/console.h" 40 #include "semihosting/common-semi.h" 41 #include "semihosting/guestfd.h" 42 #include "semihosting/syscalls.h" 43 44 #ifdef CONFIG_USER_ONLY 45 #include "qemu.h" 46 47 #define COMMON_SEMI_HEAP_SIZE (128 * 1024 * 1024) 48 #else 49 #include "qemu/cutils.h" 50 #include "hw/loader.h" 51 #include "hw/boards.h" 52 #endif 53 54 #define TARGET_SYS_OPEN 0x01 55 #define TARGET_SYS_CLOSE 0x02 56 #define TARGET_SYS_WRITEC 0x03 57 #define TARGET_SYS_WRITE0 0x04 58 #define TARGET_SYS_WRITE 0x05 59 #define TARGET_SYS_READ 0x06 60 #define TARGET_SYS_READC 0x07 61 #define TARGET_SYS_ISERROR 0x08 62 #define TARGET_SYS_ISTTY 0x09 63 #define TARGET_SYS_SEEK 0x0a 64 #define TARGET_SYS_FLEN 0x0c 65 #define TARGET_SYS_TMPNAM 0x0d 66 #define TARGET_SYS_REMOVE 0x0e 67 #define TARGET_SYS_RENAME 0x0f 68 #define TARGET_SYS_CLOCK 0x10 69 #define TARGET_SYS_TIME 0x11 70 #define TARGET_SYS_SYSTEM 0x12 71 #define TARGET_SYS_ERRNO 0x13 72 #define TARGET_SYS_GET_CMDLINE 0x15 73 #define TARGET_SYS_HEAPINFO 0x16 74 #define TARGET_SYS_EXIT 0x18 75 #define TARGET_SYS_SYNCCACHE 0x19 76 #define TARGET_SYS_EXIT_EXTENDED 0x20 77 #define TARGET_SYS_ELAPSED 0x30 78 #define TARGET_SYS_TICKFREQ 0x31 79 80 /* ADP_Stopped_ApplicationExit is used for exit(0), 81 * anything else is implemented as exit(1) */ 82 #define ADP_Stopped_ApplicationExit (0x20026) 83 84 #ifndef O_BINARY 85 #define O_BINARY 0 86 #endif 87 88 static int gdb_open_modeflags[12] = { 89 GDB_O_RDONLY, 90 GDB_O_RDONLY, 91 GDB_O_RDWR, 92 GDB_O_RDWR, 93 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_TRUNC, 94 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_TRUNC, 95 GDB_O_RDWR | GDB_O_CREAT | GDB_O_TRUNC, 96 GDB_O_RDWR | GDB_O_CREAT | GDB_O_TRUNC, 97 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_APPEND, 98 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_APPEND, 99 GDB_O_RDWR | GDB_O_CREAT | GDB_O_APPEND, 100 GDB_O_RDWR | GDB_O_CREAT | GDB_O_APPEND, 101 }; 102 103 #ifndef CONFIG_USER_ONLY 104 105 /** 106 * common_semi_find_bases: find information about ram and heap base 107 * 108 * This function attempts to provide meaningful numbers for RAM and 109 * HEAP base addresses. The rambase is simply the lowest addressable 110 * RAM position. For the heapbase we ask the loader to scan the 111 * address space and the largest available gap by querying the "ROM" 112 * regions. 113 * 114 * Returns: a structure with the numbers we need. 115 */ 116 117 typedef struct LayoutInfo { 118 target_ulong rambase; 119 size_t ramsize; 120 hwaddr heapbase; 121 hwaddr heaplimit; 122 } LayoutInfo; 123 124 static bool find_ram_cb(Int128 start, Int128 len, const MemoryRegion *mr, 125 hwaddr offset_in_region, void *opaque) 126 { 127 LayoutInfo *info = (LayoutInfo *) opaque; 128 uint64_t size = int128_get64(len); 129 130 if (!mr->ram || mr->readonly) { 131 return false; 132 } 133 134 if (size > info->ramsize) { 135 info->rambase = int128_get64(start); 136 info->ramsize = size; 137 } 138 139 /* search exhaustively for largest RAM */ 140 return false; 141 } 142 143 static LayoutInfo common_semi_find_bases(CPUState *cs) 144 { 145 FlatView *fv; 146 LayoutInfo info = { 0, 0, 0, 0 }; 147 148 RCU_READ_LOCK_GUARD(); 149 150 fv = address_space_to_flatview(cs->as); 151 flatview_for_each_range(fv, find_ram_cb, &info); 152 153 /* 154 * If we have found the RAM lets iterate through the ROM blobs to 155 * work out the best place for the remainder of RAM and split it 156 * equally between stack and heap. 157 */ 158 if (info.rambase || info.ramsize > 0) { 159 RomGap gap = rom_find_largest_gap_between(info.rambase, info.ramsize); 160 info.heapbase = gap.base; 161 info.heaplimit = gap.base + gap.size; 162 } 163 164 return info; 165 } 166 167 #endif 168 169 #include "common-semi-target.h" 170 171 /* 172 * Read the input value from the argument block; fail the semihosting 173 * call if the memory read fails. Eventually we could use a generic 174 * CPUState helper function here. 175 * Note that GET_ARG() handles memory access errors by jumping to 176 * do_fault, so must be used as the first thing done in handling a 177 * semihosting call, to avoid accidentally leaking allocated resources. 178 * SET_ARG(), since it unavoidably happens late, instead returns an 179 * error indication (0 on success, non-0 for error) which the caller 180 * should check. 181 */ 182 183 #define GET_ARG(n) do { \ 184 if (is_64bit_semihosting(env)) { \ 185 if (get_user_u64(arg ## n, args + (n) * 8)) { \ 186 goto do_fault; \ 187 } \ 188 } else { \ 189 if (get_user_u32(arg ## n, args + (n) * 4)) { \ 190 goto do_fault; \ 191 } \ 192 } \ 193 } while (0) 194 195 #define SET_ARG(n, val) \ 196 (is_64bit_semihosting(env) ? \ 197 put_user_u64(val, args + (n) * 8) : \ 198 put_user_u32(val, args + (n) * 4)) 199 200 201 /* 202 * The semihosting API has no concept of its errno being thread-safe, 203 * as the API design predates SMP CPUs and was intended as a simple 204 * real-hardware set of debug functionality. For QEMU, we make the 205 * errno be per-thread in linux-user mode; in system-mode it is a simple 206 * global, and we assume that the guest takes care of avoiding any races. 207 */ 208 #ifndef CONFIG_USER_ONLY 209 static target_ulong syscall_err; 210 211 #include "semihosting/uaccess.h" 212 #endif 213 214 static inline uint32_t get_swi_errno(CPUState *cs) 215 { 216 #ifdef CONFIG_USER_ONLY 217 TaskState *ts = cs->opaque; 218 219 return ts->swi_errno; 220 #else 221 return syscall_err; 222 #endif 223 } 224 225 static void common_semi_cb(CPUState *cs, uint64_t ret, int err) 226 { 227 if (err) { 228 #ifdef CONFIG_USER_ONLY 229 TaskState *ts = cs->opaque; 230 ts->swi_errno = err; 231 #else 232 syscall_err = err; 233 #endif 234 } 235 common_semi_set_ret(cs, ret); 236 } 237 238 /* 239 * Use 0xdeadbeef as the return value when there isn't a defined 240 * return value for the call. 241 */ 242 static void common_semi_dead_cb(CPUState *cs, uint64_t ret, int err) 243 { 244 common_semi_set_ret(cs, 0xdeadbeef); 245 } 246 247 /* 248 * SYS_READ and SYS_WRITE always return the number of bytes not read/written. 249 * There is no error condition, other than returning the original length. 250 */ 251 static void common_semi_rw_cb(CPUState *cs, uint64_t ret, int err) 252 { 253 /* Recover the original length from the third argument. */ 254 CPUArchState *env G_GNUC_UNUSED = cpu_env(cs); 255 target_ulong args = common_semi_arg(cs, 1); 256 target_ulong arg2; 257 GET_ARG(2); 258 259 if (err) { 260 do_fault: 261 ret = 0; /* error: no bytes transmitted */ 262 } 263 common_semi_set_ret(cs, arg2 - ret); 264 } 265 266 /* 267 * Convert from Posix ret+errno to Arm SYS_ISTTY return values. 268 * With gdbstub, err is only ever set for protocol errors to EIO. 269 */ 270 static void common_semi_istty_cb(CPUState *cs, uint64_t ret, int err) 271 { 272 if (err) { 273 ret = (err == ENOTTY ? 0 : -1); 274 } 275 common_semi_cb(cs, ret, err); 276 } 277 278 /* 279 * SYS_SEEK returns 0 on success, not the resulting offset. 280 */ 281 static void common_semi_seek_cb(CPUState *cs, uint64_t ret, int err) 282 { 283 if (!err) { 284 ret = 0; 285 } 286 common_semi_cb(cs, ret, err); 287 } 288 289 /* 290 * Return an address in target memory of 64 bytes where the remote 291 * gdb should write its stat struct. (The format of this structure 292 * is defined by GDB's remote protocol and is not target-specific.) 293 * We put this on the guest's stack just below SP. 294 */ 295 static target_ulong common_semi_flen_buf(CPUState *cs) 296 { 297 target_ulong sp = common_semi_stack_bottom(cs); 298 return sp - 64; 299 } 300 301 static void 302 common_semi_flen_fstat_cb(CPUState *cs, uint64_t ret, int err) 303 { 304 if (!err) { 305 /* The size is always stored in big-endian order, extract the value. */ 306 uint64_t size; 307 if (cpu_memory_rw_debug(cs, common_semi_flen_buf(cs) + 308 offsetof(struct gdb_stat, gdb_st_size), 309 &size, 8, 0)) { 310 ret = -1, err = EFAULT; 311 } else { 312 size = be64_to_cpu(size); 313 if (ret != size) { 314 ret = -1, err = EOVERFLOW; 315 } 316 } 317 } 318 common_semi_cb(cs, ret, err); 319 } 320 321 static void 322 common_semi_readc_cb(CPUState *cs, uint64_t ret, int err) 323 { 324 if (!err) { 325 CPUArchState *env G_GNUC_UNUSED = cpu_env(cs); 326 uint8_t ch; 327 328 if (get_user_u8(ch, common_semi_stack_bottom(cs) - 1)) { 329 ret = -1, err = EFAULT; 330 } else { 331 ret = ch; 332 } 333 } 334 common_semi_cb(cs, ret, err); 335 } 336 337 #define SHFB_MAGIC_0 0x53 338 #define SHFB_MAGIC_1 0x48 339 #define SHFB_MAGIC_2 0x46 340 #define SHFB_MAGIC_3 0x42 341 342 /* Feature bits reportable in feature byte 0 */ 343 #define SH_EXT_EXIT_EXTENDED (1 << 0) 344 #define SH_EXT_STDOUT_STDERR (1 << 1) 345 346 static const uint8_t featurefile_data[] = { 347 SHFB_MAGIC_0, 348 SHFB_MAGIC_1, 349 SHFB_MAGIC_2, 350 SHFB_MAGIC_3, 351 SH_EXT_EXIT_EXTENDED | SH_EXT_STDOUT_STDERR, /* Feature byte 0 */ 352 }; 353 354 /* 355 * Do a semihosting call. 356 * 357 * The specification always says that the "return register" either 358 * returns a specific value or is corrupted, so we don't need to 359 * report to our caller whether we are returning a value or trying to 360 * leave the register unchanged. 361 */ 362 void do_common_semihosting(CPUState *cs) 363 { 364 CPUArchState *env = cpu_env(cs); 365 target_ulong args; 366 target_ulong arg0, arg1, arg2, arg3; 367 target_ulong ul_ret; 368 char * s; 369 int nr; 370 int64_t elapsed; 371 372 nr = common_semi_arg(cs, 0) & 0xffffffffU; 373 args = common_semi_arg(cs, 1); 374 375 switch (nr) { 376 case TARGET_SYS_OPEN: 377 { 378 int ret, err = 0; 379 int hostfd; 380 381 GET_ARG(0); 382 GET_ARG(1); 383 GET_ARG(2); 384 s = lock_user_string(arg0); 385 if (!s) { 386 goto do_fault; 387 } 388 if (arg1 >= 12) { 389 unlock_user(s, arg0, 0); 390 common_semi_cb(cs, -1, EINVAL); 391 break; 392 } 393 394 if (strcmp(s, ":tt") == 0) { 395 /* 396 * We implement SH_EXT_STDOUT_STDERR, so: 397 * open for read == stdin 398 * open for write == stdout 399 * open for append == stderr 400 */ 401 if (arg1 < 4) { 402 hostfd = STDIN_FILENO; 403 } else if (arg1 < 8) { 404 hostfd = STDOUT_FILENO; 405 } else { 406 hostfd = STDERR_FILENO; 407 } 408 ret = alloc_guestfd(); 409 associate_guestfd(ret, hostfd); 410 } else if (strcmp(s, ":semihosting-features") == 0) { 411 /* We must fail opens for modes other than 0 ('r') or 1 ('rb') */ 412 if (arg1 != 0 && arg1 != 1) { 413 ret = -1; 414 err = EACCES; 415 } else { 416 ret = alloc_guestfd(); 417 staticfile_guestfd(ret, featurefile_data, 418 sizeof(featurefile_data)); 419 } 420 } else { 421 unlock_user(s, arg0, 0); 422 semihost_sys_open(cs, common_semi_cb, arg0, arg2 + 1, 423 gdb_open_modeflags[arg1], 0644); 424 break; 425 } 426 unlock_user(s, arg0, 0); 427 common_semi_cb(cs, ret, err); 428 break; 429 } 430 431 case TARGET_SYS_CLOSE: 432 GET_ARG(0); 433 semihost_sys_close(cs, common_semi_cb, arg0); 434 break; 435 436 case TARGET_SYS_WRITEC: 437 /* 438 * FIXME: the byte to be written is in a target_ulong slot, 439 * which means this is wrong for a big-endian guest. 440 */ 441 semihost_sys_write_gf(cs, common_semi_dead_cb, 442 &console_out_gf, args, 1); 443 break; 444 445 case TARGET_SYS_WRITE0: 446 { 447 ssize_t len = target_strlen(args); 448 if (len < 0) { 449 common_semi_dead_cb(cs, -1, EFAULT); 450 } else { 451 semihost_sys_write_gf(cs, common_semi_dead_cb, 452 &console_out_gf, args, len); 453 } 454 } 455 break; 456 457 case TARGET_SYS_WRITE: 458 GET_ARG(0); 459 GET_ARG(1); 460 GET_ARG(2); 461 semihost_sys_write(cs, common_semi_rw_cb, arg0, arg1, arg2); 462 break; 463 464 case TARGET_SYS_READ: 465 GET_ARG(0); 466 GET_ARG(1); 467 GET_ARG(2); 468 semihost_sys_read(cs, common_semi_rw_cb, arg0, arg1, arg2); 469 break; 470 471 case TARGET_SYS_READC: 472 semihost_sys_read_gf(cs, common_semi_readc_cb, &console_in_gf, 473 common_semi_stack_bottom(cs) - 1, 1); 474 break; 475 476 case TARGET_SYS_ISERROR: 477 GET_ARG(0); 478 common_semi_set_ret(cs, (target_long)arg0 < 0); 479 break; 480 481 case TARGET_SYS_ISTTY: 482 GET_ARG(0); 483 semihost_sys_isatty(cs, common_semi_istty_cb, arg0); 484 break; 485 486 case TARGET_SYS_SEEK: 487 GET_ARG(0); 488 GET_ARG(1); 489 semihost_sys_lseek(cs, common_semi_seek_cb, arg0, arg1, GDB_SEEK_SET); 490 break; 491 492 case TARGET_SYS_FLEN: 493 GET_ARG(0); 494 semihost_sys_flen(cs, common_semi_flen_fstat_cb, common_semi_cb, 495 arg0, common_semi_flen_buf(cs)); 496 break; 497 498 case TARGET_SYS_TMPNAM: 499 { 500 int len; 501 char *p; 502 503 GET_ARG(0); 504 GET_ARG(1); 505 GET_ARG(2); 506 len = asprintf(&s, "%s/qemu-%x%02x", g_get_tmp_dir(), 507 getpid(), (int)arg1 & 0xff); 508 if (len < 0) { 509 common_semi_set_ret(cs, -1); 510 break; 511 } 512 513 /* Allow for trailing NUL */ 514 len++; 515 /* Make sure there's enough space in the buffer */ 516 if (len > arg2) { 517 free(s); 518 common_semi_set_ret(cs, -1); 519 break; 520 } 521 p = lock_user(VERIFY_WRITE, arg0, len, 0); 522 if (!p) { 523 free(s); 524 goto do_fault; 525 } 526 memcpy(p, s, len); 527 unlock_user(p, arg0, len); 528 free(s); 529 common_semi_set_ret(cs, 0); 530 break; 531 } 532 533 case TARGET_SYS_REMOVE: 534 GET_ARG(0); 535 GET_ARG(1); 536 semihost_sys_remove(cs, common_semi_cb, arg0, arg1 + 1); 537 break; 538 539 case TARGET_SYS_RENAME: 540 GET_ARG(0); 541 GET_ARG(1); 542 GET_ARG(2); 543 GET_ARG(3); 544 semihost_sys_rename(cs, common_semi_cb, arg0, arg1 + 1, arg2, arg3 + 1); 545 break; 546 547 case TARGET_SYS_CLOCK: 548 common_semi_set_ret(cs, clock() / (CLOCKS_PER_SEC / 100)); 549 break; 550 551 case TARGET_SYS_TIME: 552 ul_ret = time(NULL); 553 common_semi_cb(cs, ul_ret, ul_ret == -1 ? errno : 0); 554 break; 555 556 case TARGET_SYS_SYSTEM: 557 GET_ARG(0); 558 GET_ARG(1); 559 semihost_sys_system(cs, common_semi_cb, arg0, arg1 + 1); 560 break; 561 562 case TARGET_SYS_ERRNO: 563 common_semi_set_ret(cs, get_swi_errno(cs)); 564 break; 565 566 case TARGET_SYS_GET_CMDLINE: 567 { 568 /* Build a command-line from the original argv. 569 * 570 * The inputs are: 571 * * arg0, pointer to a buffer of at least the size 572 * specified in arg1. 573 * * arg1, size of the buffer pointed to by arg0 in 574 * bytes. 575 * 576 * The outputs are: 577 * * arg0, pointer to null-terminated string of the 578 * command line. 579 * * arg1, length of the string pointed to by arg0. 580 */ 581 582 char *output_buffer; 583 size_t input_size; 584 size_t output_size; 585 int status = 0; 586 #if !defined(CONFIG_USER_ONLY) 587 const char *cmdline; 588 #else 589 TaskState *ts = cs->opaque; 590 #endif 591 GET_ARG(0); 592 GET_ARG(1); 593 input_size = arg1; 594 /* Compute the size of the output string. */ 595 #if !defined(CONFIG_USER_ONLY) 596 cmdline = semihosting_get_cmdline(); 597 if (cmdline == NULL) { 598 cmdline = ""; /* Default to an empty line. */ 599 } 600 output_size = strlen(cmdline) + 1; /* Count terminating 0. */ 601 #else 602 unsigned int i; 603 604 output_size = ts->info->env_strings - ts->info->arg_strings; 605 if (!output_size) { 606 /* 607 * We special-case the "empty command line" case (argc==0). 608 * Just provide the terminating 0. 609 */ 610 output_size = 1; 611 } 612 #endif 613 614 if (output_size > input_size) { 615 /* Not enough space to store command-line arguments. */ 616 common_semi_cb(cs, -1, E2BIG); 617 break; 618 } 619 620 /* Adjust the command-line length. */ 621 if (SET_ARG(1, output_size - 1)) { 622 /* Couldn't write back to argument block */ 623 goto do_fault; 624 } 625 626 /* Lock the buffer on the ARM side. */ 627 output_buffer = lock_user(VERIFY_WRITE, arg0, output_size, 0); 628 if (!output_buffer) { 629 goto do_fault; 630 } 631 632 /* Copy the command-line arguments. */ 633 #if !defined(CONFIG_USER_ONLY) 634 pstrcpy(output_buffer, output_size, cmdline); 635 #else 636 if (output_size == 1) { 637 /* Empty command-line. */ 638 output_buffer[0] = '\0'; 639 goto out; 640 } 641 642 if (copy_from_user(output_buffer, ts->info->arg_strings, 643 output_size)) { 644 unlock_user(output_buffer, arg0, 0); 645 goto do_fault; 646 } 647 648 /* Separate arguments by white spaces. */ 649 for (i = 0; i < output_size - 1; i++) { 650 if (output_buffer[i] == 0) { 651 output_buffer[i] = ' '; 652 } 653 } 654 out: 655 #endif 656 /* Unlock the buffer on the ARM side. */ 657 unlock_user(output_buffer, arg0, output_size); 658 common_semi_cb(cs, status, 0); 659 } 660 break; 661 662 case TARGET_SYS_HEAPINFO: 663 { 664 target_ulong retvals[4]; 665 int i; 666 #ifdef CONFIG_USER_ONLY 667 TaskState *ts = cs->opaque; 668 target_ulong limit; 669 #else 670 LayoutInfo info = common_semi_find_bases(cs); 671 #endif 672 673 GET_ARG(0); 674 675 #ifdef CONFIG_USER_ONLY 676 /* 677 * Some C libraries assume the heap immediately follows .bss, so 678 * allocate it using sbrk. 679 */ 680 if (!ts->heap_limit) { 681 abi_ulong ret; 682 683 ts->heap_base = do_brk(0); 684 limit = ts->heap_base + COMMON_SEMI_HEAP_SIZE; 685 /* Try a big heap, and reduce the size if that fails. */ 686 for (;;) { 687 ret = do_brk(limit); 688 if (ret >= limit) { 689 break; 690 } 691 limit = (ts->heap_base >> 1) + (limit >> 1); 692 } 693 ts->heap_limit = limit; 694 } 695 696 retvals[0] = ts->heap_base; 697 retvals[1] = ts->heap_limit; 698 retvals[2] = ts->stack_base; 699 retvals[3] = 0; /* Stack limit. */ 700 #else 701 retvals[0] = info.heapbase; /* Heap Base */ 702 retvals[1] = info.heaplimit; /* Heap Limit */ 703 retvals[2] = info.heaplimit; /* Stack base */ 704 retvals[3] = info.heapbase; /* Stack limit. */ 705 #endif 706 707 for (i = 0; i < ARRAY_SIZE(retvals); i++) { 708 bool fail; 709 710 if (is_64bit_semihosting(env)) { 711 fail = put_user_u64(retvals[i], arg0 + i * 8); 712 } else { 713 fail = put_user_u32(retvals[i], arg0 + i * 4); 714 } 715 716 if (fail) { 717 /* Couldn't write back to argument block */ 718 goto do_fault; 719 } 720 } 721 common_semi_set_ret(cs, 0); 722 } 723 break; 724 725 case TARGET_SYS_EXIT: 726 case TARGET_SYS_EXIT_EXTENDED: 727 { 728 uint32_t ret; 729 730 if (common_semi_sys_exit_extended(cs, nr)) { 731 /* 732 * The A64 version of SYS_EXIT takes a parameter block, 733 * so the application-exit type can return a subcode which 734 * is the exit status code from the application. 735 * SYS_EXIT_EXTENDED is an a new-in-v2.0 optional function 736 * which allows A32/T32 guests to also provide a status code. 737 */ 738 GET_ARG(0); 739 GET_ARG(1); 740 741 if (arg0 == ADP_Stopped_ApplicationExit) { 742 ret = arg1; 743 } else { 744 ret = 1; 745 } 746 } else { 747 /* 748 * The A32/T32 version of SYS_EXIT specifies only 749 * Stopped_ApplicationExit as normal exit, but does not 750 * allow the guest to specify the exit status code. 751 * Everything else is considered an error. 752 */ 753 ret = (args == ADP_Stopped_ApplicationExit) ? 0 : 1; 754 } 755 gdb_exit(ret); 756 exit(ret); 757 } 758 759 case TARGET_SYS_ELAPSED: 760 elapsed = get_clock() - clock_start; 761 if (sizeof(target_ulong) == 8) { 762 if (SET_ARG(0, elapsed)) { 763 goto do_fault; 764 } 765 } else { 766 if (SET_ARG(0, (uint32_t) elapsed) || 767 SET_ARG(1, (uint32_t) (elapsed >> 32))) { 768 goto do_fault; 769 } 770 } 771 common_semi_set_ret(cs, 0); 772 break; 773 774 case TARGET_SYS_TICKFREQ: 775 /* qemu always uses nsec */ 776 common_semi_set_ret(cs, 1000000000); 777 break; 778 779 case TARGET_SYS_SYNCCACHE: 780 /* 781 * Clean the D-cache and invalidate the I-cache for the specified 782 * virtual address range. This is a nop for us since we don't 783 * implement caches. This is only present on A64. 784 */ 785 if (common_semi_has_synccache(env)) { 786 common_semi_set_ret(cs, 0); 787 break; 788 } 789 /* fall through */ 790 default: 791 fprintf(stderr, "qemu: Unsupported SemiHosting SWI 0x%02x\n", nr); 792 cpu_dump_state(cs, stderr, 0); 793 abort(); 794 795 do_fault: 796 common_semi_cb(cs, -1, EFAULT); 797 break; 798 } 799 } 800