From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D4EBC433DB for ; Tue, 9 Mar 2021 19:30:55 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CD5E26522D for ; Tue, 9 Mar 2021 19:30:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CD5E26522D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bugs.launchpad.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:48368 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lJi44-0006rZ-J8 for qemu-devel@archiver.kernel.org; Tue, 09 Mar 2021 14:30:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37516) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lJgBy-0002Rg-63 for qemu-devel@nongnu.org; Tue, 09 Mar 2021 12:30:46 -0500 Received: from indium.canonical.com ([91.189.90.7]:46504) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lJgBt-0005Pj-HA for qemu-devel@nongnu.org; Tue, 09 Mar 2021 12:30:45 -0500 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1lJgBq-0008ER-OI for ; Tue, 09 Mar 2021 17:30:38 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id A393E2E815F for ; Tue, 9 Mar 2021 17:30:38 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Tue, 09 Mar 2021 17:21:26 -0000 From: =?utf-8?q?Alex_Benn=C3=A9e?= <1915925@bugs.launchpad.net> To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=Confirmed; importance=Undecided; assignee=alex.bennee@linaro.org; X-Launchpad-Bug-Tags: semihosting testcase X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: ajbennee inver7 keithp pmaydell X-Launchpad-Bug-Reporter: iNvEr7 (inver7) X-Launchpad-Bug-Modifier: =?utf-8?q?Alex_Benn=C3=A9e_=28ajbennee=29?= References: <161356438332.24036.4652954745285513495.malonedeb@chaenomeles.canonical.com> Message-Id: <20210309172127.20470-4-alex.bennee@linaro.org> Subject: [Bug 1915925] [PATCH v3 3/4] semihosting/arm-compat-semi: don't use SET_ARG to report SYS_HEAPINFO X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="7100fef41f9a5d5fd53de99e6c59312f81a744cf"; Instance="production" X-Launchpad-Hash: 9151fd155f0b1fe03e1718f0c90a4df2f4c9f0f6 Received-SPF: none client-ip=91.189.90.7; envelope-from=bounces@canonical.com; helo=indium.canonical.com X-Spam_score_int: -65 X-Spam_score: -6.6 X-Spam_bar: ------ X-Spam_report: (-6.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bug 1915925 <1915925@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" As per the spec: the PARAMETER REGISTER contains the address of a pointer to a four-field data block. So we need to follow arg0 and place the results of SYS_HEAPINFO there. Fixes: 3c37cfe0b1 ("semihosting: Change internal common-semi interfaces to = use CPUState *") Bug: https://bugs.launchpad.net/bugs/1915925 Cc: Bug 1915925 <1915925@bugs.launchpad.net> Cc: Keith Packard Signed-off-by: Alex Benn=C3=A9e --- v3 - just revert the old behaviour --- semihosting/arm-compat-semi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/semihosting/arm-compat-semi.c b/semihosting/arm-compat-semi.c index 0f0e129a7c..fe079ca93a 100644 --- a/semihosting/arm-compat-semi.c +++ b/semihosting/arm-compat-semi.c @@ -1214,7 +1214,11 @@ target_ulong do_common_semihosting(CPUState *cs) for (i =3D 0; i < ARRAY_SIZE(retvals); i++) { bool fail; = - fail =3D SET_ARG(i, retvals[i]); + if (is_64bit_semihosting(env)) { + fail =3D put_user_u64(retvals[i], arg0 + i * 8); + } else { + fail =3D put_user_u32(retvals[i], arg0 + i * 4); + } = if (fail) { /* Couldn't write back to argument block */ -- = 2.20.1 -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1915925 Title: ARM semihosting HEAPINFO results wrote to wrong address Status in QEMU: Confirmed Bug description: This affects latest development branch of QEMU. According to the ARM spec of the HEAPINFO semihosting call: https://developer.arm.com/documentation/100863/0300/Semihosting- operations/SYS-HEAPINFO--0x16-?lang=3Den > the PARAMETER REGISTER contains the address of a pointer to a four- field data block. However, QEMU treated the PARAMETER REGISTER as pointing to a four- field data block directly. Here is a simple program that can demonstrate this problem: https://github.com/iNvEr7/qemu-learn/tree/newlib-bug/semihosting- newlib This code links with newlib with semihosting mode, which will call the HEAPINFO SVC during crt0 routine. When running in QEMU (make run), it may crash the program either because of invalid write or memory curruption, depending on the compiled program structure. Also refer to my discussion with newlib folks: https://sourceware.org/pipermail/newlib/2021/018260.html To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1915925/+subscriptions From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F721C433E9 for ; Tue, 9 Mar 2021 19:38:51 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3A41465226 for ; Tue, 9 Mar 2021 19:38:51 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3A41465226 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:37612 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lJiBu-00062Z-A6 for qemu-devel@archiver.kernel.org; Tue, 09 Mar 2021 14:38:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35196) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lJg35-0003cs-JC for qemu-devel@nongnu.org; Tue, 09 Mar 2021 12:21:35 -0500 Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529]:35894) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lJg33-0003rz-LN for qemu-devel@nongnu.org; Tue, 09 Mar 2021 12:21:35 -0500 Received: by mail-ed1-x529.google.com with SMTP id l12so21830209edt.3 for ; Tue, 09 Mar 2021 09:21:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7aRz5A1gJNP7JkbnM/fhJCTS7Za0DL/dufGag57ukuY=; b=MQ9vsDuiDu3UK8HP36PN5NGp/3wQjLS41Zi19koosVE2KZSVBhwg0rHPoMU2qzTz3j 6+ewy5AO2aV1gH6c2CESdBD57MQEZ6MChXfRzppdHrF0vsVtNDcbRcpK7yY43SR574nn 3WvaRLxNI6BKu0jEhBG/MvKHdzPTN8UrPuBo8vEsn9wmRAG7XBhtQxiQNzZ4r6Gp2RI4 yokxxts6HUQ3qScgze+mr95/BxGtjCPTmHk6OWkVS6EZVqWqd7lwDptGhDAA7syXUEWC /V9XqTt1z4hyj4z2rvfQ2qdrzGyD3jekFKmLc/U/LtaOA0e0wf5Xu+cWPjyJOcESBPxA Vs9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7aRz5A1gJNP7JkbnM/fhJCTS7Za0DL/dufGag57ukuY=; b=K6KfAPuoeCAcmbxudAxvFQ/V+7HLy5jKPNDf8BQEuPbdSIkxwOtvAqQUw7fhznsaIg 1ApatAD46+mQhPO7mQuBIvNhuAqSq+mFuPqzvnYliy2RhwLhzizNi7rk30SameMzNn29 kHu5sHey96QP2uZrARUXWdLZ04hq98iYrvm3tslaS39YqLHPOdEgWnPetjcUJdqxsOiP RgpYA/1ZIf8bILtMGgcRShodI80T/qe4/XArUsP30b0haYC8S75vaPzOakePNeMzlgZa Pw5WIkFyoFN2glqHHw5f2gZ4dUrcjv0nLxXA8RaqiwW/yQ4CONaCm+TvVfddpd7Ac6qA RnKQ== X-Gm-Message-State: AOAM532UWiKwYuzGZIWbKWGXdtJZMOU7QH3CjPPn8XEtlNRD0Y/7tiqQ Q1xqFOcxQTz8TzFg4+pPvUMcZw== X-Google-Smtp-Source: ABdhPJzVIhqrlYeLNSxkcUZKB3Z/zsd/wKGrbOZ5kNK339fiA276f+bves04BHtujBbsY404PNJ9fw== X-Received: by 2002:a05:6402:32a:: with SMTP id q10mr5269569edw.15.1615310492277; Tue, 09 Mar 2021 09:21:32 -0800 (PST) Received: from zen.linaroharston ([51.148.130.216]) by smtp.gmail.com with ESMTPSA id lu5sm8880626ejb.97.2021.03.09.09.21.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Mar 2021 09:21:30 -0800 (PST) Received: from zen.lan (localhost [127.0.0.1]) by zen.linaroharston (Postfix) with ESMTP id 67E7E1FF8F; Tue, 9 Mar 2021 17:21:27 +0000 (GMT) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: qemu-devel@nongnu.org Subject: [PATCH v3 3/4] semihosting/arm-compat-semi: don't use SET_ARG to report SYS_HEAPINFO Date: Tue, 9 Mar 2021 17:21:26 +0000 Message-ID: <20210309172127.20470-4-alex.bennee@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210309172127.20470-1-alex.bennee@linaro.org> References: <20210309172127.20470-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::529; envelope-from=alex.bennee@linaro.org; helo=mail-ed1-x529.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bug 1915925 <1915925@bugs.launchpad.net>, keithp@keithp.com, =?UTF-8?q?Alex=20Benn=C3=A9e?= Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Message-ID: <20210309172126.sH7eO8pkax6iE4FtuBnStwxIM8VPCpAwyucgVnyzqJM@z> As per the spec: the PARAMETER REGISTER contains the address of a pointer to a four-field data block. So we need to follow arg0 and place the results of SYS_HEAPINFO there. Fixes: 3c37cfe0b1 ("semihosting: Change internal common-semi interfaces to use CPUState *") Bug: https://bugs.launchpad.net/bugs/1915925 Cc: Bug 1915925 <1915925@bugs.launchpad.net> Cc: Keith Packard Signed-off-by: Alex Bennée --- v3 - just revert the old behaviour --- semihosting/arm-compat-semi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/semihosting/arm-compat-semi.c b/semihosting/arm-compat-semi.c index 0f0e129a7c..fe079ca93a 100644 --- a/semihosting/arm-compat-semi.c +++ b/semihosting/arm-compat-semi.c @@ -1214,7 +1214,11 @@ target_ulong do_common_semihosting(CPUState *cs) for (i = 0; i < ARRAY_SIZE(retvals); i++) { bool fail; - fail = SET_ARG(i, retvals[i]); + if (is_64bit_semihosting(env)) { + fail = put_user_u64(retvals[i], arg0 + i * 8); + } else { + fail = put_user_u32(retvals[i], arg0 + i * 4); + } if (fail) { /* Couldn't write back to argument block */ -- 2.20.1