From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5361BC433C1 for ; Sat, 20 Mar 2021 13:42:19 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E1ECC6196D for ; Sat, 20 Mar 2021 13:42:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E1ECC6196D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:57764 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lNbru-0008FH-1Q for qemu-devel@archiver.kernel.org; Sat, 20 Mar 2021 09:42:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59318) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lNbn6-00034M-C9 for qemu-devel@nongnu.org; Sat, 20 Mar 2021 09:37:20 -0400 Received: from mail-ej1-x62b.google.com ([2a00:1450:4864:20::62b]:46024) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lNbn4-0004Gm-Ji for qemu-devel@nongnu.org; Sat, 20 Mar 2021 09:37:20 -0400 Received: by mail-ej1-x62b.google.com with SMTP id kt15so4581703ejb.12 for ; Sat, 20 Mar 2021 06:37:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=H/e/SdGSFzWo+xbjndfr99fhe97V2yal8vW6qxaRucA=; b=pbpHF2NtDcnU+gVku79AOo669AZh4wmkmNpTzMX+L8Jk4sxlIU3a/2FIuAzU+4Emi2 P0D5isRSDzlP7X1UMxfZdnVivGloRNVegRzeH+mUOozo+f7xhkj87Mr7V6BIW/2Q6eSR qDZJ0HUEkSgO20/16YL4hYe4kfNLqSB6xRWr784e+FLlHehtAnpDYMbu9SojZH2Vpkzi 2aRmBmnVWpSqdYBVwjX48XYu2d+KegtDAr3hjw2wBRHfXe2tKLzVIi6H+UuVYtcOq/Nh blW2uo5DRohmuZaSA2eQh8jTDOvkmlfbNVbQbsL0LOXJ03FHWW3VkAyExDGZTqCrw6EH yYUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=H/e/SdGSFzWo+xbjndfr99fhe97V2yal8vW6qxaRucA=; b=ew1cXW/wXaEC3YoMiP1GbWhlM9vkP9fysZzzYEhEHsaPuJubfYMiMd43P7+cFlijNn cxdOEyDCNUXGN+BAuvCiSMfW900r1t+vt4T3muLiVroRpsJzmaUo4nL6rKiOdmfC/q1x Iz1/Oeh0BfHYeDwpT6NztoycMbuggJaEIeeJO8PK34dNrlEYNAmmz1h3TVZNUMpqISDv GDyzy7FZHG7YivvreWTdT6p510AAv5CrJJlfjeXmY5vq8wfAfxs5Ze6+Gy5RJUCWumys jZ3mPfck60xgmTBbfRTmYAxBwFhKr3RWglnWelMHsmagIioe3kwfjbEPghixi8PmtS8T M5JQ== X-Gm-Message-State: AOAM5328HeXOtKNjpgoNtlhFqVq1O0vFeFAbs+huTDwVaLfizkhhlx91 0GMxKIIyfbbSjp6wvK8xL5H7eogTXEUzk+s+ X-Google-Smtp-Source: ABdhPJw1lWpV6Exj5U/l1R0WdZlA5ZAFROJXQkCBd2WdiX4rvTiSHpmJmWru5shOtMb6iH/BJsVbRA== X-Received: by 2002:a17:906:d554:: with SMTP id cr20mr9859829ejc.61.1616247437251; Sat, 20 Mar 2021 06:37:17 -0700 (PDT) Received: from zen.linaroharston ([51.148.130.216]) by smtp.gmail.com with ESMTPSA id c17sm6773579edw.32.2021.03.20.06.37.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Mar 2021 06:37:10 -0700 (PDT) Received: from zen.lan (localhost [127.0.0.1]) by zen.linaroharston (Postfix) with ESMTP id 6A8211FF93; Sat, 20 Mar 2021 13:37:07 +0000 (GMT) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: qemu-devel@nongnu.org Subject: [PATCH v1 07/14] semihosting/arm-compat-semi: don't use SET_ARG to report SYS_HEAPINFO Date: Sat, 20 Mar 2021 13:36:59 +0000 Message-Id: <20210320133706.21475-8-alex.bennee@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210320133706.21475-1-alex.bennee@linaro.org> References: <20210320133706.21475-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::62b; envelope-from=alex.bennee@linaro.org; helo=mail-ej1-x62b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Keith Packard , =?UTF-8?q?Alex=20Benn=C3=A9e?= , Bug 1915925 <1915925@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" As per the spec: the PARAMETER REGISTER contains the address of a pointer to a four-field data block. So we need to follow arg0 and place the results of SYS_HEAPINFO there. Fixes: 3c37cfe0b1 ("semihosting: Change internal common-semi interfaces to use CPUState *") Signed-off-by: Alex Bennée Reviewed-by: Peter Maydell Cc: Bug 1915925 <1915925@bugs.launchpad.net> Cc: Keith Packard Bug: https://bugs.launchpad.net/bugs/1915925 Message-Id: <20210312102029.17017-4-alex.bennee@linaro.org> --- semihosting/arm-compat-semi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/semihosting/arm-compat-semi.c b/semihosting/arm-compat-semi.c index 0f0e129a7c..fe079ca93a 100644 --- a/semihosting/arm-compat-semi.c +++ b/semihosting/arm-compat-semi.c @@ -1214,7 +1214,11 @@ target_ulong do_common_semihosting(CPUState *cs) for (i = 0; i < ARRAY_SIZE(retvals); i++) { bool fail; - fail = SET_ARG(i, retvals[i]); + if (is_64bit_semihosting(env)) { + fail = put_user_u64(retvals[i], arg0 + i * 8); + } else { + fail = put_user_u32(retvals[i], arg0 + i * 4); + } if (fail) { /* Couldn't write back to argument block */ -- 2.20.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94C9BC433C1 for ; Sat, 20 Mar 2021 13:48:44 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1065661932 for ; Sat, 20 Mar 2021 13:48:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1065661932 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bugs.launchpad.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:44426 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lNby7-00064E-5V for qemu-devel@archiver.kernel.org; Sat, 20 Mar 2021 09:48:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60444) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lNbv9-0003Pw-Cr for qemu-devel@nongnu.org; Sat, 20 Mar 2021 09:45:39 -0400 Received: from indium.canonical.com ([91.189.90.7]:38032) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lNbv6-0008HC-Ad for qemu-devel@nongnu.org; Sat, 20 Mar 2021 09:45:39 -0400 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1lNbv4-0000d2-Ga for ; Sat, 20 Mar 2021 13:45:34 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 7694C2E8055 for ; Sat, 20 Mar 2021 13:45:34 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Sat, 20 Mar 2021 13:36:59 -0000 From: =?utf-8?q?Alex_Benn=C3=A9e?= <1915925@bugs.launchpad.net> To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=In Progress; importance=Undecided; assignee=alex.bennee@linaro.org; X-Launchpad-Bug-Tags: semihosting testcase X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: ajbennee inver7 keithp pmaydell X-Launchpad-Bug-Reporter: iNvEr7 (inver7) X-Launchpad-Bug-Modifier: =?utf-8?q?Alex_Benn=C3=A9e_=28ajbennee=29?= References: <161356438332.24036.4652954745285513495.malonedeb@chaenomeles.canonical.com> Message-ID: <20210320133706.21475-8-alex.bennee@linaro.org> Subject: [Bug 1915925] [PATCH v1 07/14] semihosting/arm-compat-semi: don't use SET_ARG to report SYS_HEAPINFO X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="4446feb642ca86be4f6eceb855b408397dad6a50"; Instance="production" X-Launchpad-Hash: 0ec76176d7c9e549616b2e8f5302f74d52d9b866 Received-SPF: none client-ip=91.189.90.7; envelope-from=bounces@canonical.com; helo=indium.canonical.com X-Spam_score_int: -65 X-Spam_score: -6.6 X-Spam_bar: ------ X-Spam_report: (-6.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bug 1915925 <1915925@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Message-ID: <20210320133659.4bO-79_-Z66Dww0lKQf5egwsj8_7Zhlufqms2h-_8Qs@z> As per the spec: the PARAMETER REGISTER contains the address of a pointer to a four-field data block. So we need to follow arg0 and place the results of SYS_HEAPINFO there. Fixes: 3c37cfe0b1 ("semihosting: Change internal common-semi interfaces to = use CPUState *") Signed-off-by: Alex Benn=C3=A9e Reviewed-by: Peter Maydell Cc: Bug 1915925 <1915925@bugs.launchpad.net> Cc: Keith Packard Bug: https://bugs.launchpad.net/bugs/1915925 Message-Id: <20210312102029.17017-4-alex.bennee@linaro.org> --- semihosting/arm-compat-semi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/semihosting/arm-compat-semi.c b/semihosting/arm-compat-semi.c index 0f0e129a7c..fe079ca93a 100644 --- a/semihosting/arm-compat-semi.c +++ b/semihosting/arm-compat-semi.c @@ -1214,7 +1214,11 @@ target_ulong do_common_semihosting(CPUState *cs) for (i =3D 0; i < ARRAY_SIZE(retvals); i++) { bool fail; = - fail =3D SET_ARG(i, retvals[i]); + if (is_64bit_semihosting(env)) { + fail =3D put_user_u64(retvals[i], arg0 + i * 8); + } else { + fail =3D put_user_u32(retvals[i], arg0 + i * 4); + } = if (fail) { /* Couldn't write back to argument block */ -- = 2.20.1 -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1915925 Title: ARM semihosting HEAPINFO results wrote to wrong address Status in QEMU: In Progress Bug description: This affects latest development branch of QEMU. According to the ARM spec of the HEAPINFO semihosting call: https://developer.arm.com/documentation/100863/0300/Semihosting- operations/SYS-HEAPINFO--0x16-?lang=3Den > the PARAMETER REGISTER contains the address of a pointer to a four- field data block. However, QEMU treated the PARAMETER REGISTER as pointing to a four- field data block directly. Here is a simple program that can demonstrate this problem: https://github.com/iNvEr7/qemu-learn/tree/newlib-bug/semihosting- newlib This code links with newlib with semihosting mode, which will call the HEAPINFO SVC during crt0 routine. When running in QEMU (make run), it may crash the program either because of invalid write or memory curruption, depending on the compiled program structure. Also refer to my discussion with newlib folks: https://sourceware.org/pipermail/newlib/2021/018260.html To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1915925/+subscriptions