Re: [Qemu-devel] [PATCH v2 04/15] target/arm/arm-semi: Make semihosting code hand out its own file descriptors

From: Richard Henderson <richard.henderson@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>,
	qemu-arm@nongnu.org, qemu-devel@nongnu.org
Cc: "Alex Bennée" <alex.bennee@linaro.org>
Subject: Re: [Qemu-devel] [PATCH v2 04/15] target/arm/arm-semi: Make semihosting code hand out its own file descriptors
Date: Mon, 7 Oct 2019 10:09:32 -0400	[thread overview]
Message-ID: <842d1592-1cda-2c58-93bc-ed6391d093b1@linaro.org> (raw)
In-Reply-To: <20190916141544.17540-5-peter.maydell@linaro.org>

On 9/16/19 7:15 AM, Peter Maydell wrote:
> Currently the Arm semihosting code returns the guest file descriptors
> (handles) which are simply the fd values from the host OS or the
> remote gdbstub. Part of the semihosting 2.0 specification requires
> that we implement special handling of opening a ":semihosting-features"
> filename. Guest fds which result from opening the special file
> won't correspond to host fds, so to ensure that we don't end up
> with duplicate fds we need to have QEMU code control the allocation
> of the fd values we give the guest.
> 
> Add in an abstraction layer which lets us allocate new guest FD
> values, and translate from a guest FD value back to the host one.
> This also fixes an odd hole where a semihosting guest could
> use the semihosting API to read, write or close file descriptors
> that it had never allocated but which were being used by QEMU itself.
> (This isn't a security hole, because enabling semihosting permits
> the guest to do arbitrary file access to the whole host filesystem,
> and so should only be done if the guest is completely trusted.)
> 
> Currently the only kind of guest fd is one which maps to a
> host fd, but in a following commit we will add one which maps
> to the :semihosting-features magic data.
> 
> If the guest is migrated with an open semihosting file descriptor
> then subsequent attempts to use the fd will all fail; this is
> not a change from the previous situation (where the host fd
> being used on the source end would not be re-opened on the
> destination end).
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Change since v1: we mustn't treat the return value of
> arm_gdb_syscall() as being the new fd from gdb, as in
> softmmu mode it is not. So we need a custom callback for open
> that can update the guestfd association.
> ---
>  target/arm/arm-semi.c | 232 +++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 216 insertions(+), 16 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>


r~