1 /* 2 * Semihosting support for systems modeled on the Arm "Angel" 3 * semihosting syscalls design. This includes Arm and RISC-V processors 4 * 5 * Copyright (c) 2005, 2007 CodeSourcery. 6 * Copyright (c) 2019 Linaro 7 * Written by Paul Brook. 8 * 9 * Copyright © 2020 by Keith Packard <keithp@keithp.com> 10 * Adapted for systems other than ARM, including RISC-V, by Keith Packard 11 * 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation; either version 2 of the License, or 15 * (at your option) any later version. 16 * 17 * This program is distributed in the hope that it will be useful, 18 * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * GNU General Public License for more details. 21 * 22 * You should have received a copy of the GNU General Public License 23 * along with this program; if not, see <http://www.gnu.org/licenses/>. 24 * 25 * ARM Semihosting is documented in: 26 * Semihosting for AArch32 and AArch64 Release 2.0 27 * https://static.docs.arm.com/100863/0200/semihosting.pdf 28 * 29 * RISC-V Semihosting is documented in: 30 * RISC-V Semihosting 31 * https://github.com/riscv/riscv-semihosting-spec/blob/main/riscv-semihosting-spec.adoc 32 */ 33 34 #include "qemu/osdep.h" 35 36 #include "semihosting/semihost.h" 37 #include "semihosting/console.h" 38 #include "semihosting/common-semi.h" 39 #include "qemu/timer.h" 40 #include "exec/gdbstub.h" 41 #ifdef CONFIG_USER_ONLY 42 #include "qemu.h" 43 44 #define COMMON_SEMI_HEAP_SIZE (128 * 1024 * 1024) 45 #else 46 #include "qemu/cutils.h" 47 #ifdef TARGET_ARM 48 #include "hw/arm/boot.h" 49 #endif 50 #include "hw/boards.h" 51 #endif 52 53 #define TARGET_SYS_OPEN 0x01 54 #define TARGET_SYS_CLOSE 0x02 55 #define TARGET_SYS_WRITEC 0x03 56 #define TARGET_SYS_WRITE0 0x04 57 #define TARGET_SYS_WRITE 0x05 58 #define TARGET_SYS_READ 0x06 59 #define TARGET_SYS_READC 0x07 60 #define TARGET_SYS_ISERROR 0x08 61 #define TARGET_SYS_ISTTY 0x09 62 #define TARGET_SYS_SEEK 0x0a 63 #define TARGET_SYS_FLEN 0x0c 64 #define TARGET_SYS_TMPNAM 0x0d 65 #define TARGET_SYS_REMOVE 0x0e 66 #define TARGET_SYS_RENAME 0x0f 67 #define TARGET_SYS_CLOCK 0x10 68 #define TARGET_SYS_TIME 0x11 69 #define TARGET_SYS_SYSTEM 0x12 70 #define TARGET_SYS_ERRNO 0x13 71 #define TARGET_SYS_GET_CMDLINE 0x15 72 #define TARGET_SYS_HEAPINFO 0x16 73 #define TARGET_SYS_EXIT 0x18 74 #define TARGET_SYS_SYNCCACHE 0x19 75 #define TARGET_SYS_EXIT_EXTENDED 0x20 76 #define TARGET_SYS_ELAPSED 0x30 77 #define TARGET_SYS_TICKFREQ 0x31 78 79 /* ADP_Stopped_ApplicationExit is used for exit(0), 80 * anything else is implemented as exit(1) */ 81 #define ADP_Stopped_ApplicationExit (0x20026) 82 83 #ifndef O_BINARY 84 #define O_BINARY 0 85 #endif 86 87 #define GDB_O_RDONLY 0x000 88 #define GDB_O_WRONLY 0x001 89 #define GDB_O_RDWR 0x002 90 #define GDB_O_APPEND 0x008 91 #define GDB_O_CREAT 0x200 92 #define GDB_O_TRUNC 0x400 93 #define GDB_O_BINARY 0 94 95 static int gdb_open_modeflags[12] = { 96 GDB_O_RDONLY, 97 GDB_O_RDONLY | GDB_O_BINARY, 98 GDB_O_RDWR, 99 GDB_O_RDWR | GDB_O_BINARY, 100 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_TRUNC, 101 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_TRUNC | GDB_O_BINARY, 102 GDB_O_RDWR | GDB_O_CREAT | GDB_O_TRUNC, 103 GDB_O_RDWR | GDB_O_CREAT | GDB_O_TRUNC | GDB_O_BINARY, 104 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_APPEND, 105 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_APPEND | GDB_O_BINARY, 106 GDB_O_RDWR | GDB_O_CREAT | GDB_O_APPEND, 107 GDB_O_RDWR | GDB_O_CREAT | GDB_O_APPEND | GDB_O_BINARY 108 }; 109 110 static int open_modeflags[12] = { 111 O_RDONLY, 112 O_RDONLY | O_BINARY, 113 O_RDWR, 114 O_RDWR | O_BINARY, 115 O_WRONLY | O_CREAT | O_TRUNC, 116 O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 117 O_RDWR | O_CREAT | O_TRUNC, 118 O_RDWR | O_CREAT | O_TRUNC | O_BINARY, 119 O_WRONLY | O_CREAT | O_APPEND, 120 O_WRONLY | O_CREAT | O_APPEND | O_BINARY, 121 O_RDWR | O_CREAT | O_APPEND, 122 O_RDWR | O_CREAT | O_APPEND | O_BINARY 123 }; 124 125 typedef enum GuestFDType { 126 GuestFDUnused = 0, 127 GuestFDHost = 1, 128 GuestFDGDB = 2, 129 GuestFDFeatureFile = 3, 130 } GuestFDType; 131 132 /* 133 * Guest file descriptors are integer indexes into an array of 134 * these structures (we will dynamically resize as necessary). 135 */ 136 typedef struct GuestFD { 137 GuestFDType type; 138 union { 139 int hostfd; 140 target_ulong featurefile_offset; 141 }; 142 } GuestFD; 143 144 static GArray *guestfd_array; 145 146 #ifndef CONFIG_USER_ONLY 147 #include "exec/address-spaces.h" 148 /* 149 * Find the base of a RAM region containing the specified address 150 */ 151 static inline hwaddr 152 common_semi_find_region_base(hwaddr addr) 153 { 154 MemoryRegion *subregion; 155 156 /* 157 * Find the chunk of R/W memory containing the address. This is 158 * used for the SYS_HEAPINFO semihosting call, which should 159 * probably be using information from the loaded application. 160 */ 161 QTAILQ_FOREACH(subregion, &get_system_memory()->subregions, 162 subregions_link) { 163 if (subregion->ram && !subregion->readonly) { 164 Int128 top128 = int128_add(int128_make64(subregion->addr), 165 subregion->size); 166 Int128 addr128 = int128_make64(addr); 167 if (subregion->addr <= addr && int128_lt(addr128, top128)) { 168 return subregion->addr; 169 } 170 } 171 } 172 return 0; 173 } 174 #endif 175 176 #ifdef TARGET_ARM 177 static inline target_ulong 178 common_semi_arg(CPUState *cs, int argno) 179 { 180 ARMCPU *cpu = ARM_CPU(cs); 181 CPUARMState *env = &cpu->env; 182 if (is_a64(env)) { 183 return env->xregs[argno]; 184 } else { 185 return env->regs[argno]; 186 } 187 } 188 189 static inline void 190 common_semi_set_ret(CPUState *cs, target_ulong ret) 191 { 192 ARMCPU *cpu = ARM_CPU(cs); 193 CPUARMState *env = &cpu->env; 194 if (is_a64(env)) { 195 env->xregs[0] = ret; 196 } else { 197 env->regs[0] = ret; 198 } 199 } 200 201 static inline bool 202 common_semi_sys_exit_extended(CPUState *cs, int nr) 203 { 204 return (nr == TARGET_SYS_EXIT_EXTENDED || is_a64(cs->env_ptr)); 205 } 206 207 #ifndef CONFIG_USER_ONLY 208 #include "hw/arm/boot.h" 209 static inline target_ulong 210 common_semi_rambase(CPUState *cs) 211 { 212 CPUArchState *env = cs->env_ptr; 213 const struct arm_boot_info *info = env->boot_info; 214 target_ulong sp; 215 216 if (info) { 217 return info->loader_start; 218 } 219 220 if (is_a64(env)) { 221 sp = env->xregs[31]; 222 } else { 223 sp = env->regs[13]; 224 } 225 return common_semi_find_region_base(sp); 226 } 227 #endif 228 229 #endif /* TARGET_ARM */ 230 231 #ifdef TARGET_RISCV 232 static inline target_ulong 233 common_semi_arg(CPUState *cs, int argno) 234 { 235 RISCVCPU *cpu = RISCV_CPU(cs); 236 CPURISCVState *env = &cpu->env; 237 return env->gpr[xA0 + argno]; 238 } 239 240 static inline void 241 common_semi_set_ret(CPUState *cs, target_ulong ret) 242 { 243 RISCVCPU *cpu = RISCV_CPU(cs); 244 CPURISCVState *env = &cpu->env; 245 env->gpr[xA0] = ret; 246 } 247 248 static inline bool 249 common_semi_sys_exit_extended(CPUState *cs, int nr) 250 { 251 return (nr == TARGET_SYS_EXIT_EXTENDED || sizeof(target_ulong) == 8); 252 } 253 254 #ifndef CONFIG_USER_ONLY 255 256 static inline target_ulong 257 common_semi_rambase(CPUState *cs) 258 { 259 RISCVCPU *cpu = RISCV_CPU(cs); 260 CPURISCVState *env = &cpu->env; 261 return common_semi_find_region_base(env->gpr[xSP]); 262 } 263 #endif 264 265 #endif 266 267 /* 268 * Allocate a new guest file descriptor and return it; if we 269 * couldn't allocate a new fd then return -1. 270 * This is a fairly simplistic implementation because we don't 271 * expect that most semihosting guest programs will make very 272 * heavy use of opening and closing fds. 273 */ 274 static int alloc_guestfd(void) 275 { 276 guint i; 277 278 if (!guestfd_array) { 279 /* New entries zero-initialized, i.e. type GuestFDUnused */ 280 guestfd_array = g_array_new(FALSE, TRUE, sizeof(GuestFD)); 281 } 282 283 /* SYS_OPEN should return nonzero handle on success. Start guestfd from 1 */ 284 for (i = 1; i < guestfd_array->len; i++) { 285 GuestFD *gf = &g_array_index(guestfd_array, GuestFD, i); 286 287 if (gf->type == GuestFDUnused) { 288 return i; 289 } 290 } 291 292 /* All elements already in use: expand the array */ 293 g_array_set_size(guestfd_array, i + 1); 294 return i; 295 } 296 297 /* 298 * Look up the guestfd in the data structure; return NULL 299 * for out of bounds, but don't check whether the slot is unused. 300 * This is used internally by the other guestfd functions. 301 */ 302 static GuestFD *do_get_guestfd(int guestfd) 303 { 304 if (!guestfd_array) { 305 return NULL; 306 } 307 308 if (guestfd <= 0 || guestfd >= guestfd_array->len) { 309 return NULL; 310 } 311 312 return &g_array_index(guestfd_array, GuestFD, guestfd); 313 } 314 315 /* 316 * Associate the specified guest fd (which must have been 317 * allocated via alloc_fd() and not previously used) with 318 * the specified host/gdb fd. 319 */ 320 static void associate_guestfd(int guestfd, int hostfd) 321 { 322 GuestFD *gf = do_get_guestfd(guestfd); 323 324 assert(gf); 325 gf->type = use_gdb_syscalls() ? GuestFDGDB : GuestFDHost; 326 gf->hostfd = hostfd; 327 } 328 329 /* 330 * Deallocate the specified guest file descriptor. This doesn't 331 * close the host fd, it merely undoes the work of alloc_fd(). 332 */ 333 static void dealloc_guestfd(int guestfd) 334 { 335 GuestFD *gf = do_get_guestfd(guestfd); 336 337 assert(gf); 338 gf->type = GuestFDUnused; 339 } 340 341 /* 342 * Given a guest file descriptor, get the associated struct. 343 * If the fd is not valid, return NULL. This is the function 344 * used by the various semihosting calls to validate a handle 345 * from the guest. 346 * Note: calling alloc_guestfd() or dealloc_guestfd() will 347 * invalidate any GuestFD* obtained by calling this function. 348 */ 349 static GuestFD *get_guestfd(int guestfd) 350 { 351 GuestFD *gf = do_get_guestfd(guestfd); 352 353 if (!gf || gf->type == GuestFDUnused) { 354 return NULL; 355 } 356 return gf; 357 } 358 359 /* 360 * The semihosting API has no concept of its errno being thread-safe, 361 * as the API design predates SMP CPUs and was intended as a simple 362 * real-hardware set of debug functionality. For QEMU, we make the 363 * errno be per-thread in linux-user mode; in softmmu it is a simple 364 * global, and we assume that the guest takes care of avoiding any races. 365 */ 366 #ifndef CONFIG_USER_ONLY 367 static target_ulong syscall_err; 368 369 #include "exec/softmmu-semi.h" 370 #endif 371 372 static inline uint32_t set_swi_errno(CPUState *cs, uint32_t code) 373 { 374 if (code == (uint32_t)-1) { 375 #ifdef CONFIG_USER_ONLY 376 TaskState *ts = cs->opaque; 377 378 ts->swi_errno = errno; 379 #else 380 syscall_err = errno; 381 #endif 382 } 383 return code; 384 } 385 386 static inline uint32_t get_swi_errno(CPUState *cs) 387 { 388 #ifdef CONFIG_USER_ONLY 389 TaskState *ts = cs->opaque; 390 391 return ts->swi_errno; 392 #else 393 return syscall_err; 394 #endif 395 } 396 397 static target_ulong common_semi_syscall_len; 398 399 static void common_semi_cb(CPUState *cs, target_ulong ret, target_ulong err) 400 { 401 target_ulong reg0 = common_semi_arg(cs, 0); 402 403 if (ret == (target_ulong)-1) { 404 errno = err; 405 set_swi_errno(cs, -1); 406 reg0 = ret; 407 } else { 408 /* Fixup syscalls that use nonstardard return conventions. */ 409 switch (reg0) { 410 case TARGET_SYS_WRITE: 411 case TARGET_SYS_READ: 412 reg0 = common_semi_syscall_len - ret; 413 break; 414 case TARGET_SYS_SEEK: 415 reg0 = 0; 416 break; 417 default: 418 reg0 = ret; 419 break; 420 } 421 } 422 common_semi_set_ret(cs, reg0); 423 } 424 425 static target_ulong common_semi_flen_buf(CPUState *cs) 426 { 427 target_ulong sp; 428 #ifdef TARGET_ARM 429 /* Return an address in target memory of 64 bytes where the remote 430 * gdb should write its stat struct. (The format of this structure 431 * is defined by GDB's remote protocol and is not target-specific.) 432 * We put this on the guest's stack just below SP. 433 */ 434 ARMCPU *cpu = ARM_CPU(cs); 435 CPUARMState *env = &cpu->env; 436 437 if (is_a64(env)) { 438 sp = env->xregs[31]; 439 } else { 440 sp = env->regs[13]; 441 } 442 #endif 443 #ifdef TARGET_RISCV 444 RISCVCPU *cpu = RISCV_CPU(cs); 445 CPURISCVState *env = &cpu->env; 446 447 sp = env->gpr[xSP]; 448 #endif 449 450 return sp - 64; 451 } 452 453 static void 454 common_semi_flen_cb(CPUState *cs, target_ulong ret, target_ulong err) 455 { 456 /* The size is always stored in big-endian order, extract 457 the value. We assume the size always fit in 32 bits. */ 458 uint32_t size; 459 cpu_memory_rw_debug(cs, common_semi_flen_buf(cs) + 32, 460 (uint8_t *)&size, 4, 0); 461 size = be32_to_cpu(size); 462 common_semi_set_ret(cs, size); 463 errno = err; 464 set_swi_errno(cs, -1); 465 } 466 467 static int common_semi_open_guestfd; 468 469 static void 470 common_semi_open_cb(CPUState *cs, target_ulong ret, target_ulong err) 471 { 472 if (ret == (target_ulong)-1) { 473 errno = err; 474 set_swi_errno(cs, -1); 475 dealloc_guestfd(common_semi_open_guestfd); 476 } else { 477 associate_guestfd(common_semi_open_guestfd, ret); 478 ret = common_semi_open_guestfd; 479 } 480 common_semi_set_ret(cs, ret); 481 } 482 483 static target_ulong 484 common_semi_gdb_syscall(CPUState *cs, gdb_syscall_complete_cb cb, 485 const char *fmt, ...) 486 { 487 va_list va; 488 489 va_start(va, fmt); 490 gdb_do_syscallv(cb, fmt, va); 491 va_end(va); 492 493 /* 494 * FIXME: in softmmu mode, the gdbstub will schedule our callback 495 * to occur, but will not actually call it to complete the syscall 496 * until after this function has returned and we are back in the 497 * CPU main loop. Therefore callers to this function must not 498 * do anything with its return value, because it is not necessarily 499 * the result of the syscall, but could just be the old value of X0. 500 * The only thing safe to do with this is that the callers of 501 * do_common_semihosting() will write it straight back into X0. 502 * (In linux-user mode, the callback will have happened before 503 * gdb_do_syscallv() returns.) 504 * 505 * We should tidy this up so neither this function nor 506 * do_common_semihosting() return a value, so the mistake of 507 * doing something with the return value is not possible to make. 508 */ 509 510 return common_semi_arg(cs, 0); 511 } 512 513 /* 514 * Types for functions implementing various semihosting calls 515 * for specific types of guest file descriptor. These must all 516 * do the work and return the required return value for the guest, 517 * setting the guest errno if appropriate. 518 */ 519 typedef uint32_t sys_closefn(CPUState *cs, GuestFD *gf); 520 typedef uint32_t sys_writefn(CPUState *cs, GuestFD *gf, 521 target_ulong buf, uint32_t len); 522 typedef uint32_t sys_readfn(CPUState *cs, GuestFD *gf, 523 target_ulong buf, uint32_t len); 524 typedef uint32_t sys_isattyfn(CPUState *cs, GuestFD *gf); 525 typedef uint32_t sys_seekfn(CPUState *cs, GuestFD *gf, 526 target_ulong offset); 527 typedef uint32_t sys_flenfn(CPUState *cs, GuestFD *gf); 528 529 static uint32_t host_closefn(CPUState *cs, GuestFD *gf) 530 { 531 /* 532 * Only close the underlying host fd if it's one we opened on behalf 533 * of the guest in SYS_OPEN. 534 */ 535 if (gf->hostfd == STDIN_FILENO || 536 gf->hostfd == STDOUT_FILENO || 537 gf->hostfd == STDERR_FILENO) { 538 return 0; 539 } 540 return set_swi_errno(cs, close(gf->hostfd)); 541 } 542 543 static uint32_t host_writefn(CPUState *cs, GuestFD *gf, 544 target_ulong buf, uint32_t len) 545 { 546 CPUArchState *env = cs->env_ptr; 547 uint32_t ret; 548 char *s = lock_user(VERIFY_READ, buf, len, 1); 549 (void) env; /* Used in arm softmmu lock_user implicitly */ 550 if (!s) { 551 /* Return bytes not written on error */ 552 return len; 553 } 554 ret = set_swi_errno(cs, write(gf->hostfd, s, len)); 555 unlock_user(s, buf, 0); 556 if (ret == (uint32_t)-1) { 557 ret = 0; 558 } 559 /* Return bytes not written */ 560 return len - ret; 561 } 562 563 static uint32_t host_readfn(CPUState *cs, GuestFD *gf, 564 target_ulong buf, uint32_t len) 565 { 566 CPUArchState *env = cs->env_ptr; 567 uint32_t ret; 568 char *s = lock_user(VERIFY_WRITE, buf, len, 0); 569 (void) env; /* Used in arm softmmu lock_user implicitly */ 570 if (!s) { 571 /* return bytes not read */ 572 return len; 573 } 574 do { 575 ret = set_swi_errno(cs, read(gf->hostfd, s, len)); 576 } while (ret == -1 && errno == EINTR); 577 unlock_user(s, buf, len); 578 if (ret == (uint32_t)-1) { 579 ret = 0; 580 } 581 /* Return bytes not read */ 582 return len - ret; 583 } 584 585 static uint32_t host_isattyfn(CPUState *cs, GuestFD *gf) 586 { 587 return isatty(gf->hostfd); 588 } 589 590 static uint32_t host_seekfn(CPUState *cs, GuestFD *gf, target_ulong offset) 591 { 592 uint32_t ret = set_swi_errno(cs, lseek(gf->hostfd, offset, SEEK_SET)); 593 if (ret == (uint32_t)-1) { 594 return -1; 595 } 596 return 0; 597 } 598 599 static uint32_t host_flenfn(CPUState *cs, GuestFD *gf) 600 { 601 struct stat buf; 602 uint32_t ret = set_swi_errno(cs, fstat(gf->hostfd, &buf)); 603 if (ret == (uint32_t)-1) { 604 return -1; 605 } 606 return buf.st_size; 607 } 608 609 static uint32_t gdb_closefn(CPUState *cs, GuestFD *gf) 610 { 611 return common_semi_gdb_syscall(cs, common_semi_cb, "close,%x", gf->hostfd); 612 } 613 614 static uint32_t gdb_writefn(CPUState *cs, GuestFD *gf, 615 target_ulong buf, uint32_t len) 616 { 617 common_semi_syscall_len = len; 618 return common_semi_gdb_syscall(cs, common_semi_cb, "write,%x,%x,%x", 619 gf->hostfd, buf, len); 620 } 621 622 static uint32_t gdb_readfn(CPUState *cs, GuestFD *gf, 623 target_ulong buf, uint32_t len) 624 { 625 common_semi_syscall_len = len; 626 return common_semi_gdb_syscall(cs, common_semi_cb, "read,%x,%x,%x", 627 gf->hostfd, buf, len); 628 } 629 630 static uint32_t gdb_isattyfn(CPUState *cs, GuestFD *gf) 631 { 632 return common_semi_gdb_syscall(cs, common_semi_cb, "isatty,%x", gf->hostfd); 633 } 634 635 static uint32_t gdb_seekfn(CPUState *cs, GuestFD *gf, target_ulong offset) 636 { 637 return common_semi_gdb_syscall(cs, common_semi_cb, "lseek,%x,%x,0", 638 gf->hostfd, offset); 639 } 640 641 static uint32_t gdb_flenfn(CPUState *cs, GuestFD *gf) 642 { 643 return common_semi_gdb_syscall(cs, common_semi_flen_cb, "fstat,%x,%x", 644 gf->hostfd, common_semi_flen_buf(cs)); 645 } 646 647 #define SHFB_MAGIC_0 0x53 648 #define SHFB_MAGIC_1 0x48 649 #define SHFB_MAGIC_2 0x46 650 #define SHFB_MAGIC_3 0x42 651 652 /* Feature bits reportable in feature byte 0 */ 653 #define SH_EXT_EXIT_EXTENDED (1 << 0) 654 #define SH_EXT_STDOUT_STDERR (1 << 1) 655 656 static const uint8_t featurefile_data[] = { 657 SHFB_MAGIC_0, 658 SHFB_MAGIC_1, 659 SHFB_MAGIC_2, 660 SHFB_MAGIC_3, 661 SH_EXT_EXIT_EXTENDED | SH_EXT_STDOUT_STDERR, /* Feature byte 0 */ 662 }; 663 664 static void init_featurefile_guestfd(int guestfd) 665 { 666 GuestFD *gf = do_get_guestfd(guestfd); 667 668 assert(gf); 669 gf->type = GuestFDFeatureFile; 670 gf->featurefile_offset = 0; 671 } 672 673 static uint32_t featurefile_closefn(CPUState *cs, GuestFD *gf) 674 { 675 /* Nothing to do */ 676 return 0; 677 } 678 679 static uint32_t featurefile_writefn(CPUState *cs, GuestFD *gf, 680 target_ulong buf, uint32_t len) 681 { 682 /* This fd can never be open for writing */ 683 684 errno = EBADF; 685 return set_swi_errno(cs, -1); 686 } 687 688 static uint32_t featurefile_readfn(CPUState *cs, GuestFD *gf, 689 target_ulong buf, uint32_t len) 690 { 691 CPUArchState *env = cs->env_ptr; 692 uint32_t i; 693 char *s; 694 695 (void) env; /* Used in arm softmmu lock_user implicitly */ 696 s = lock_user(VERIFY_WRITE, buf, len, 0); 697 if (!s) { 698 return len; 699 } 700 701 for (i = 0; i < len; i++) { 702 if (gf->featurefile_offset >= sizeof(featurefile_data)) { 703 break; 704 } 705 s[i] = featurefile_data[gf->featurefile_offset]; 706 gf->featurefile_offset++; 707 } 708 709 unlock_user(s, buf, len); 710 711 /* Return number of bytes not read */ 712 return len - i; 713 } 714 715 static uint32_t featurefile_isattyfn(CPUState *cs, GuestFD *gf) 716 { 717 return 0; 718 } 719 720 static uint32_t featurefile_seekfn(CPUState *cs, GuestFD *gf, 721 target_ulong offset) 722 { 723 gf->featurefile_offset = offset; 724 return 0; 725 } 726 727 static uint32_t featurefile_flenfn(CPUState *cs, GuestFD *gf) 728 { 729 return sizeof(featurefile_data); 730 } 731 732 typedef struct GuestFDFunctions { 733 sys_closefn *closefn; 734 sys_writefn *writefn; 735 sys_readfn *readfn; 736 sys_isattyfn *isattyfn; 737 sys_seekfn *seekfn; 738 sys_flenfn *flenfn; 739 } GuestFDFunctions; 740 741 static const GuestFDFunctions guestfd_fns[] = { 742 [GuestFDHost] = { 743 .closefn = host_closefn, 744 .writefn = host_writefn, 745 .readfn = host_readfn, 746 .isattyfn = host_isattyfn, 747 .seekfn = host_seekfn, 748 .flenfn = host_flenfn, 749 }, 750 [GuestFDGDB] = { 751 .closefn = gdb_closefn, 752 .writefn = gdb_writefn, 753 .readfn = gdb_readfn, 754 .isattyfn = gdb_isattyfn, 755 .seekfn = gdb_seekfn, 756 .flenfn = gdb_flenfn, 757 }, 758 [GuestFDFeatureFile] = { 759 .closefn = featurefile_closefn, 760 .writefn = featurefile_writefn, 761 .readfn = featurefile_readfn, 762 .isattyfn = featurefile_isattyfn, 763 .seekfn = featurefile_seekfn, 764 .flenfn = featurefile_flenfn, 765 }, 766 }; 767 768 /* 769 * Read the input value from the argument block; fail the semihosting 770 * call if the memory read fails. Eventually we could use a generic 771 * CPUState helper function here. 772 */ 773 static inline bool is_64bit_semihosting(CPUArchState *env) 774 { 775 #if defined(TARGET_ARM) 776 return is_a64(env); 777 #elif defined(TARGET_RISCV) 778 return !riscv_cpu_is_32bit(env); 779 #else 780 #error un-handled architecture 781 #endif 782 } 783 784 785 #define GET_ARG(n) do { \ 786 if (is_64bit_semihosting(env)) { \ 787 if (get_user_u64(arg ## n, args + (n) * 8)) { \ 788 errno = EFAULT; \ 789 return set_swi_errno(cs, -1); \ 790 } \ 791 } else { \ 792 if (get_user_u32(arg ## n, args + (n) * 4)) { \ 793 errno = EFAULT; \ 794 return set_swi_errno(cs, -1); \ 795 } \ 796 } \ 797 } while (0) 798 799 #define SET_ARG(n, val) \ 800 (is_64bit_semihosting(env) ? \ 801 put_user_u64(val, args + (n) * 8) : \ 802 put_user_u32(val, args + (n) * 4)) 803 804 805 /* 806 * Do a semihosting call. 807 * 808 * The specification always says that the "return register" either 809 * returns a specific value or is corrupted, so we don't need to 810 * report to our caller whether we are returning a value or trying to 811 * leave the register unchanged. We use 0xdeadbeef as the return value 812 * when there isn't a defined return value for the call. 813 */ 814 target_ulong do_common_semihosting(CPUState *cs) 815 { 816 CPUArchState *env = cs->env_ptr; 817 target_ulong args; 818 target_ulong arg0, arg1, arg2, arg3; 819 target_ulong ul_ret; 820 char * s; 821 int nr; 822 uint32_t ret; 823 uint32_t len; 824 GuestFD *gf; 825 int64_t elapsed; 826 827 (void) env; /* Used implicitly by arm lock_user macro */ 828 nr = common_semi_arg(cs, 0) & 0xffffffffU; 829 args = common_semi_arg(cs, 1); 830 831 switch (nr) { 832 case TARGET_SYS_OPEN: 833 { 834 int guestfd; 835 836 GET_ARG(0); 837 GET_ARG(1); 838 GET_ARG(2); 839 s = lock_user_string(arg0); 840 if (!s) { 841 errno = EFAULT; 842 return set_swi_errno(cs, -1); 843 } 844 if (arg1 >= 12) { 845 unlock_user(s, arg0, 0); 846 errno = EINVAL; 847 return set_swi_errno(cs, -1); 848 } 849 850 guestfd = alloc_guestfd(); 851 if (guestfd < 0) { 852 unlock_user(s, arg0, 0); 853 errno = EMFILE; 854 return set_swi_errno(cs, -1); 855 } 856 857 if (strcmp(s, ":tt") == 0) { 858 int result_fileno; 859 860 /* 861 * We implement SH_EXT_STDOUT_STDERR, so: 862 * open for read == stdin 863 * open for write == stdout 864 * open for append == stderr 865 */ 866 if (arg1 < 4) { 867 result_fileno = STDIN_FILENO; 868 } else if (arg1 < 8) { 869 result_fileno = STDOUT_FILENO; 870 } else { 871 result_fileno = STDERR_FILENO; 872 } 873 associate_guestfd(guestfd, result_fileno); 874 unlock_user(s, arg0, 0); 875 return guestfd; 876 } 877 if (strcmp(s, ":semihosting-features") == 0) { 878 unlock_user(s, arg0, 0); 879 /* We must fail opens for modes other than 0 ('r') or 1 ('rb') */ 880 if (arg1 != 0 && arg1 != 1) { 881 dealloc_guestfd(guestfd); 882 errno = EACCES; 883 return set_swi_errno(cs, -1); 884 } 885 init_featurefile_guestfd(guestfd); 886 return guestfd; 887 } 888 889 if (use_gdb_syscalls()) { 890 common_semi_open_guestfd = guestfd; 891 ret = common_semi_gdb_syscall(cs, common_semi_open_cb, 892 "open,%s,%x,1a4", arg0, (int)arg2 + 1, 893 gdb_open_modeflags[arg1]); 894 } else { 895 ret = set_swi_errno(cs, open(s, open_modeflags[arg1], 0644)); 896 if (ret == (uint32_t)-1) { 897 dealloc_guestfd(guestfd); 898 } else { 899 associate_guestfd(guestfd, ret); 900 ret = guestfd; 901 } 902 } 903 unlock_user(s, arg0, 0); 904 return ret; 905 } 906 case TARGET_SYS_CLOSE: 907 GET_ARG(0); 908 909 gf = get_guestfd(arg0); 910 if (!gf) { 911 errno = EBADF; 912 return set_swi_errno(cs, -1); 913 } 914 915 ret = guestfd_fns[gf->type].closefn(cs, gf); 916 dealloc_guestfd(arg0); 917 return ret; 918 case TARGET_SYS_WRITEC: 919 qemu_semihosting_console_outc(cs->env_ptr, args); 920 return 0xdeadbeef; 921 case TARGET_SYS_WRITE0: 922 return qemu_semihosting_console_outs(cs->env_ptr, args); 923 case TARGET_SYS_WRITE: 924 GET_ARG(0); 925 GET_ARG(1); 926 GET_ARG(2); 927 len = arg2; 928 929 gf = get_guestfd(arg0); 930 if (!gf) { 931 errno = EBADF; 932 return set_swi_errno(cs, -1); 933 } 934 935 return guestfd_fns[gf->type].writefn(cs, gf, arg1, len); 936 case TARGET_SYS_READ: 937 GET_ARG(0); 938 GET_ARG(1); 939 GET_ARG(2); 940 len = arg2; 941 942 gf = get_guestfd(arg0); 943 if (!gf) { 944 errno = EBADF; 945 return set_swi_errno(cs, -1); 946 } 947 948 return guestfd_fns[gf->type].readfn(cs, gf, arg1, len); 949 case TARGET_SYS_READC: 950 return qemu_semihosting_console_inc(cs->env_ptr); 951 case TARGET_SYS_ISERROR: 952 GET_ARG(0); 953 return (target_long) arg0 < 0 ? 1 : 0; 954 case TARGET_SYS_ISTTY: 955 GET_ARG(0); 956 957 gf = get_guestfd(arg0); 958 if (!gf) { 959 errno = EBADF; 960 return set_swi_errno(cs, -1); 961 } 962 963 return guestfd_fns[gf->type].isattyfn(cs, gf); 964 case TARGET_SYS_SEEK: 965 GET_ARG(0); 966 GET_ARG(1); 967 968 gf = get_guestfd(arg0); 969 if (!gf) { 970 errno = EBADF; 971 return set_swi_errno(cs, -1); 972 } 973 974 return guestfd_fns[gf->type].seekfn(cs, gf, arg1); 975 case TARGET_SYS_FLEN: 976 GET_ARG(0); 977 978 gf = get_guestfd(arg0); 979 if (!gf) { 980 errno = EBADF; 981 return set_swi_errno(cs, -1); 982 } 983 984 return guestfd_fns[gf->type].flenfn(cs, gf); 985 case TARGET_SYS_TMPNAM: 986 GET_ARG(0); 987 GET_ARG(1); 988 GET_ARG(2); 989 if (asprintf(&s, "/tmp/qemu-%x%02x", getpid(), 990 (int) (arg1 & 0xff)) < 0) { 991 return -1; 992 } 993 ul_ret = (target_ulong) -1; 994 995 /* Make sure there's enough space in the buffer */ 996 if (strlen(s) < arg2) { 997 char *output = lock_user(VERIFY_WRITE, arg0, arg2, 0); 998 strcpy(output, s); 999 unlock_user(output, arg0, arg2); 1000 ul_ret = 0; 1001 } 1002 free(s); 1003 return ul_ret; 1004 case TARGET_SYS_REMOVE: 1005 GET_ARG(0); 1006 GET_ARG(1); 1007 if (use_gdb_syscalls()) { 1008 ret = common_semi_gdb_syscall(cs, common_semi_cb, "unlink,%s", 1009 arg0, (int)arg1 + 1); 1010 } else { 1011 s = lock_user_string(arg0); 1012 if (!s) { 1013 errno = EFAULT; 1014 return set_swi_errno(cs, -1); 1015 } 1016 ret = set_swi_errno(cs, remove(s)); 1017 unlock_user(s, arg0, 0); 1018 } 1019 return ret; 1020 case TARGET_SYS_RENAME: 1021 GET_ARG(0); 1022 GET_ARG(1); 1023 GET_ARG(2); 1024 GET_ARG(3); 1025 if (use_gdb_syscalls()) { 1026 return common_semi_gdb_syscall(cs, common_semi_cb, "rename,%s,%s", 1027 arg0, (int)arg1 + 1, arg2, 1028 (int)arg3 + 1); 1029 } else { 1030 char *s2; 1031 s = lock_user_string(arg0); 1032 s2 = lock_user_string(arg2); 1033 if (!s || !s2) { 1034 errno = EFAULT; 1035 ret = set_swi_errno(cs, -1); 1036 } else { 1037 ret = set_swi_errno(cs, rename(s, s2)); 1038 } 1039 if (s2) 1040 unlock_user(s2, arg2, 0); 1041 if (s) 1042 unlock_user(s, arg0, 0); 1043 return ret; 1044 } 1045 case TARGET_SYS_CLOCK: 1046 return clock() / (CLOCKS_PER_SEC / 100); 1047 case TARGET_SYS_TIME: 1048 return set_swi_errno(cs, time(NULL)); 1049 case TARGET_SYS_SYSTEM: 1050 GET_ARG(0); 1051 GET_ARG(1); 1052 if (use_gdb_syscalls()) { 1053 return common_semi_gdb_syscall(cs, common_semi_cb, "system,%s", 1054 arg0, (int)arg1 + 1); 1055 } else { 1056 s = lock_user_string(arg0); 1057 if (!s) { 1058 errno = EFAULT; 1059 return set_swi_errno(cs, -1); 1060 } 1061 ret = set_swi_errno(cs, system(s)); 1062 unlock_user(s, arg0, 0); 1063 return ret; 1064 } 1065 case TARGET_SYS_ERRNO: 1066 return get_swi_errno(cs); 1067 case TARGET_SYS_GET_CMDLINE: 1068 { 1069 /* Build a command-line from the original argv. 1070 * 1071 * The inputs are: 1072 * * arg0, pointer to a buffer of at least the size 1073 * specified in arg1. 1074 * * arg1, size of the buffer pointed to by arg0 in 1075 * bytes. 1076 * 1077 * The outputs are: 1078 * * arg0, pointer to null-terminated string of the 1079 * command line. 1080 * * arg1, length of the string pointed to by arg0. 1081 */ 1082 1083 char *output_buffer; 1084 size_t input_size; 1085 size_t output_size; 1086 int status = 0; 1087 #if !defined(CONFIG_USER_ONLY) 1088 const char *cmdline; 1089 #else 1090 TaskState *ts = cs->opaque; 1091 #endif 1092 GET_ARG(0); 1093 GET_ARG(1); 1094 input_size = arg1; 1095 /* Compute the size of the output string. */ 1096 #if !defined(CONFIG_USER_ONLY) 1097 cmdline = semihosting_get_cmdline(); 1098 if (cmdline == NULL) { 1099 cmdline = ""; /* Default to an empty line. */ 1100 } 1101 output_size = strlen(cmdline) + 1; /* Count terminating 0. */ 1102 #else 1103 unsigned int i; 1104 1105 output_size = ts->info->arg_end - ts->info->arg_start; 1106 if (!output_size) { 1107 /* 1108 * We special-case the "empty command line" case (argc==0). 1109 * Just provide the terminating 0. 1110 */ 1111 output_size = 1; 1112 } 1113 #endif 1114 1115 if (output_size > input_size) { 1116 /* Not enough space to store command-line arguments. */ 1117 errno = E2BIG; 1118 return set_swi_errno(cs, -1); 1119 } 1120 1121 /* Adjust the command-line length. */ 1122 if (SET_ARG(1, output_size - 1)) { 1123 /* Couldn't write back to argument block */ 1124 errno = EFAULT; 1125 return set_swi_errno(cs, -1); 1126 } 1127 1128 /* Lock the buffer on the ARM side. */ 1129 output_buffer = lock_user(VERIFY_WRITE, arg0, output_size, 0); 1130 if (!output_buffer) { 1131 errno = EFAULT; 1132 return set_swi_errno(cs, -1); 1133 } 1134 1135 /* Copy the command-line arguments. */ 1136 #if !defined(CONFIG_USER_ONLY) 1137 pstrcpy(output_buffer, output_size, cmdline); 1138 #else 1139 if (output_size == 1) { 1140 /* Empty command-line. */ 1141 output_buffer[0] = '\0'; 1142 goto out; 1143 } 1144 1145 if (copy_from_user(output_buffer, ts->info->arg_start, 1146 output_size)) { 1147 errno = EFAULT; 1148 status = set_swi_errno(cs, -1); 1149 goto out; 1150 } 1151 1152 /* Separate arguments by white spaces. */ 1153 for (i = 0; i < output_size - 1; i++) { 1154 if (output_buffer[i] == 0) { 1155 output_buffer[i] = ' '; 1156 } 1157 } 1158 out: 1159 #endif 1160 /* Unlock the buffer on the ARM side. */ 1161 unlock_user(output_buffer, arg0, output_size); 1162 1163 return status; 1164 } 1165 case TARGET_SYS_HEAPINFO: 1166 { 1167 target_ulong retvals[4]; 1168 target_ulong limit; 1169 int i; 1170 #ifdef CONFIG_USER_ONLY 1171 TaskState *ts = cs->opaque; 1172 #else 1173 target_ulong rambase = common_semi_rambase(cs); 1174 #endif 1175 1176 GET_ARG(0); 1177 1178 #ifdef CONFIG_USER_ONLY 1179 /* 1180 * Some C libraries assume the heap immediately follows .bss, so 1181 * allocate it using sbrk. 1182 */ 1183 if (!ts->heap_limit) { 1184 abi_ulong ret; 1185 1186 ts->heap_base = do_brk(0); 1187 limit = ts->heap_base + COMMON_SEMI_HEAP_SIZE; 1188 /* Try a big heap, and reduce the size if that fails. */ 1189 for (;;) { 1190 ret = do_brk(limit); 1191 if (ret >= limit) { 1192 break; 1193 } 1194 limit = (ts->heap_base >> 1) + (limit >> 1); 1195 } 1196 ts->heap_limit = limit; 1197 } 1198 1199 retvals[0] = ts->heap_base; 1200 retvals[1] = ts->heap_limit; 1201 retvals[2] = ts->stack_base; 1202 retvals[3] = 0; /* Stack limit. */ 1203 #else 1204 limit = current_machine->ram_size; 1205 /* TODO: Make this use the limit of the loaded application. */ 1206 retvals[0] = rambase + limit / 2; 1207 retvals[1] = rambase + limit; 1208 retvals[2] = rambase + limit; /* Stack base */ 1209 retvals[3] = rambase; /* Stack limit. */ 1210 #endif 1211 1212 for (i = 0; i < ARRAY_SIZE(retvals); i++) { 1213 bool fail; 1214 1215 if (is_64bit_semihosting(env)) { 1216 fail = put_user_u64(retvals[i], arg0 + i * 8); 1217 } else { 1218 fail = put_user_u32(retvals[i], arg0 + i * 4); 1219 } 1220 1221 if (fail) { 1222 /* Couldn't write back to argument block */ 1223 errno = EFAULT; 1224 return set_swi_errno(cs, -1); 1225 } 1226 } 1227 return 0; 1228 } 1229 case TARGET_SYS_EXIT: 1230 case TARGET_SYS_EXIT_EXTENDED: 1231 if (common_semi_sys_exit_extended(cs, nr)) { 1232 /* 1233 * The A64 version of SYS_EXIT takes a parameter block, 1234 * so the application-exit type can return a subcode which 1235 * is the exit status code from the application. 1236 * SYS_EXIT_EXTENDED is an a new-in-v2.0 optional function 1237 * which allows A32/T32 guests to also provide a status code. 1238 */ 1239 GET_ARG(0); 1240 GET_ARG(1); 1241 1242 if (arg0 == ADP_Stopped_ApplicationExit) { 1243 ret = arg1; 1244 } else { 1245 ret = 1; 1246 } 1247 } else { 1248 /* 1249 * The A32/T32 version of SYS_EXIT specifies only 1250 * Stopped_ApplicationExit as normal exit, but does not 1251 * allow the guest to specify the exit status code. 1252 * Everything else is considered an error. 1253 */ 1254 ret = (args == ADP_Stopped_ApplicationExit) ? 0 : 1; 1255 } 1256 gdb_exit(ret); 1257 exit(ret); 1258 case TARGET_SYS_ELAPSED: 1259 elapsed = get_clock() - clock_start; 1260 if (sizeof(target_ulong) == 8) { 1261 SET_ARG(0, elapsed); 1262 } else { 1263 SET_ARG(0, (uint32_t) elapsed); 1264 SET_ARG(1, (uint32_t) (elapsed >> 32)); 1265 } 1266 return 0; 1267 case TARGET_SYS_TICKFREQ: 1268 /* qemu always uses nsec */ 1269 return 1000000000; 1270 case TARGET_SYS_SYNCCACHE: 1271 /* 1272 * Clean the D-cache and invalidate the I-cache for the specified 1273 * virtual address range. This is a nop for us since we don't 1274 * implement caches. This is only present on A64. 1275 */ 1276 #ifdef TARGET_ARM 1277 if (is_a64(cs->env_ptr)) { 1278 return 0; 1279 } 1280 #endif 1281 #ifdef TARGET_RISCV 1282 return 0; 1283 #endif 1284 /* fall through -- invalid for A32/T32 */ 1285 default: 1286 fprintf(stderr, "qemu: Unsupported SemiHosting SWI 0x%02x\n", nr); 1287 cpu_dump_state(cs, stderr, 0); 1288 abort(); 1289 } 1290 } 1291