From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42438C433DB for ; Fri, 5 Mar 2021 14:12:33 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DB62D64F6A for ; Fri, 5 Mar 2021 14:12:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DB62D64F6A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:37068 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lIBBv-0001tt-Sk for qemu-devel@archiver.kernel.org; Fri, 05 Mar 2021 09:12:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:42536) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lIBAj-0000uN-Up for qemu-devel@nongnu.org; Fri, 05 Mar 2021 09:11:18 -0500 Received: from mail-ed1-x535.google.com ([2a00:1450:4864:20::535]:34558) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lIBAh-0006cA-VP for qemu-devel@nongnu.org; Fri, 05 Mar 2021 09:11:17 -0500 Received: by mail-ed1-x535.google.com with SMTP id b13so2789946edx.1 for ; Fri, 05 Mar 2021 06:11:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=j/DKl3G/LtZDtxWR9akFOXs2U+ksZxUPIRkDwj8Ld7E=; b=EV1PPtgNet0UkE/uI52uk5Xy+1jzaH58HWIATmXQMX7igRuBlFhuyNtiLYNmzd7aTa 9ZHq48krkYkjtr4ayZRR8j5gv9bLh4N3FKwd9lDTzM/B3sCQ6t9dZzen8sawecT81mqW ln0ZoTSer7GoBL5ql0KK+x3GvexGZVhtbYZtEsPZPBVyHROmvUS2Smb2xBj4+uBBGtt3 DGuIJLzbaROfOKH4BFU+HmwyHWe8aM3rQe7dSfpnUBQfuGLnao/B9lElsHtIHQgIwYoE 3YuXslMsvjV9uLzRfiXAnz3IWxNLJZm3DGI8HMvK7/QtWMmECdVO+gSpnNG0mR2X9O/0 lTlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=j/DKl3G/LtZDtxWR9akFOXs2U+ksZxUPIRkDwj8Ld7E=; b=r2LrzwsvGtIxpPbHcZCtU66zOx8Pns11zhsfAh422odxkzh22p//5000ZNdun+rGhn oSi5U7C8DO3YzO1zw1aIrZlvRWQ0TDxnk8vH8M2QD8eFTc4VSZgxoW94Ahm8qe3394ip r65ru/VYlDzuNVYcZMfbkMw9oCvtLzDxX03yHoYnJwuKNW2RyK/vQ8gXaObFdDbv7SOJ rMvxm1NTt3eFsfsOqqzWBwZEO597Jxc+6qV/i42q09qelom0lCab8aUsan2bus82vp5P J4GwyDAoZvDKj74/+Zdhj+uRGB5Av+0Vm4HT2jzAmAX1mQsXSwxYW807adqqc9n/wAZY /sOw== X-Gm-Message-State: AOAM533aLtjWIHDgC3zsKphEDCi8s/eGsImNUG106mKgP5yc4DpffYFQ LL7tcyGH/x3qEDuVGSrM3elZOB5fGRexgWn4LLzpwg== X-Google-Smtp-Source: ABdhPJwpZCPGgY5OQ4rwrRUgfg1C2Gc7oDB8z2orBfQV367LGUrApF/CwmA8s1amcmJ3GFEJZ/zLv+4lZd0eelHJiW4= X-Received: by 2002:a05:6402:c:: with SMTP id d12mr9052839edu.100.1614953474350; Fri, 05 Mar 2021 06:11:14 -0800 (PST) MIME-Version: 1.0 References: <20210305135451.15427-1-alex.bennee@linaro.org> <20210305135451.15427-4-alex.bennee@linaro.org> In-Reply-To: <20210305135451.15427-4-alex.bennee@linaro.org> From: Peter Maydell Date: Fri, 5 Mar 2021 14:10:58 +0000 Message-ID: Subject: Re: [PATCH v1 3/3] semihosting/arg-compat: fix up handling of SYS_HEAPINFO To: =?UTF-8?B?QWxleCBCZW5uw6ll?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::535; envelope-from=peter.maydell@linaro.org; helo=mail-ed1-x535.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Keith Packard , "open list:ARM TCG CPUs" , Bug 1915925 <1915925@bugs.launchpad.net>, QEMU Developers Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Fri, 5 Mar 2021 at 13:54, Alex Benn=C3=A9e wrot= e: > > I'm not sure this every worked properly and it's certainly not > exercised by check-tcg or Peter's semihosting tests. Hoist it into > it's own helper function and attempt to validate the results in the > linux-user semihosting test at the least. > > Bug: https://bugs.launchpad.net/bugs/1915925 > Cc: Bug 1915925 <1915925@bugs.launchpad.net> > Cc: Keith Packard > Signed-off-by: Alex Benn=C3=A9e > --- > tests/tcg/arm/semicall.h | 1 + > semihosting/arm-compat-semi.c | 129 +++++++++++++++++++--------------- > tests/tcg/arm/semihosting.c | 34 ++++++++- > 3 files changed, 107 insertions(+), 57 deletions(-) > +#else > + limit =3D current_machine->ram_size; > + /* TODO: Make this use the limit of the loaded application. */ > + info.heap_base =3D rambase + limit / 2; > + info.heap_limit =3D rambase + limit; > + info.stack_base =3D rambase + limit; /* Stack base */ > + info.stack_limit =3D rambase; /* Stack limit. */ > + > + if (cpu_memory_rw_debug(cs, arg0, &info, sizeof(info), true)) { Blatting a C struct into guest memory has endianness and padding problems. Why not just do things the way the old Arm code did it ? Also, you don't seem to have the correct "is the CPU in 32-bit or 64-bit mode" test here: you cannot rely on target_ulong being the right size, you must make a runtime check. I suggested in the other email the way I think we should fix this. thanks -- PMM From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34DBCC433E0 for ; Fri, 5 Mar 2021 14:22:07 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 83F566509B for ; Fri, 5 Mar 2021 14:22:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 83F566509B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bugs.launchpad.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:50696 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lIBLB-0008BD-IA for qemu-devel@archiver.kernel.org; Fri, 05 Mar 2021 09:22:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:44724) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lIBJx-0007UH-KO for qemu-devel@nongnu.org; Fri, 05 Mar 2021 09:20:49 -0500 Received: from indium.canonical.com ([91.189.90.7]:41322) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lIBJv-0002EK-F2 for qemu-devel@nongnu.org; Fri, 05 Mar 2021 09:20:49 -0500 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1lIBJs-0003Ei-Ix for ; Fri, 05 Mar 2021 14:20:44 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 8DFF22E8168 for ; Fri, 5 Mar 2021 14:20:44 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Fri, 05 Mar 2021 14:10:58 -0000 From: Peter Maydell <1915925@bugs.launchpad.net> To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=Confirmed; importance=Undecided; assignee=alex.bennee@linaro.org; X-Launchpad-Bug-Tags: semihosting testcase X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: ajbennee inver7 pmaydell X-Launchpad-Bug-Reporter: iNvEr7 (inver7) X-Launchpad-Bug-Modifier: Peter Maydell (pmaydell) References: <161356438332.24036.4652954745285513495.malonedeb@chaenomeles.canonical.com> <20210305135451.15427-4-alex.bennee@linaro.org> Message-ID: Subject: [Bug 1915925] Re: [PATCH v1 3/3] semihosting/arg-compat: fix up handling of SYS_HEAPINFO X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="fc09074b06b3b9178bd28175bdab646b3b5abfce"; Instance="production" X-Launchpad-Hash: 3f6a32bbbf847754912192f44455e1f46e0e4075 Received-SPF: none client-ip=91.189.90.7; envelope-from=bounces@canonical.com; helo=indium.canonical.com X-Spam_score_int: -65 X-Spam_score: -6.6 X-Spam_bar: ------ X-Spam_report: (-6.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bug 1915925 <1915925@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Message-ID: <20210305141058.q0MufvlFf5pIlMUq5HUOVahfmdJLk4XW15BvZ5rAc38@z> On Fri, 5 Mar 2021 at 13:54, Alex Benn=C3=A9e wrot= e: > > I'm not sure this every worked properly and it's certainly not > exercised by check-tcg or Peter's semihosting tests. Hoist it into > it's own helper function and attempt to validate the results in the > linux-user semihosting test at the least. > > Bug: https://bugs.launchpad.net/bugs/1915925 > Cc: Bug 1915925 <1915925@bugs.launchpad.net> > Cc: Keith Packard > Signed-off-by: Alex Benn=C3=A9e > --- > tests/tcg/arm/semicall.h | 1 + > semihosting/arm-compat-semi.c | 129 +++++++++++++++++++--------------- > tests/tcg/arm/semihosting.c | 34 ++++++++- > 3 files changed, 107 insertions(+), 57 deletions(-) > +#else > + limit =3D current_machine->ram_size; > + /* TODO: Make this use the limit of the loaded application. */ > + info.heap_base =3D rambase + limit / 2; > + info.heap_limit =3D rambase + limit; > + info.stack_base =3D rambase + limit; /* Stack base */ > + info.stack_limit =3D rambase; /* Stack limit. */ > + > + if (cpu_memory_rw_debug(cs, arg0, &info, sizeof(info), true)) { Blatting a C struct into guest memory has endianness and padding problems. Why not just do things the way the old Arm code did it ? Also, you don't seem to have the correct "is the CPU in 32-bit or 64-bit mode" test here: you cannot rely on target_ulong being the right size, you must make a runtime check. I suggested in the other email the way I think we should fix this. thanks -- PMM -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1915925 Title: ARM semihosting HEAPINFO results wrote to wrong address Status in QEMU: Confirmed Bug description: This affects latest development branch of QEMU. According to the ARM spec of the HEAPINFO semihosting call: https://developer.arm.com/documentation/100863/0300/Semihosting- operations/SYS-HEAPINFO--0x16-?lang=3Den > the PARAMETER REGISTER contains the address of a pointer to a four- field data block. However, QEMU treated the PARAMETER REGISTER as pointing to a four- field data block directly. Here is a simple program that can demonstrate this problem: https://github.com/iNvEr7/qemu-learn/tree/newlib-bug/semihosting- newlib This code links with newlib with semihosting mode, which will call the HEAPINFO SVC during crt0 routine. When running in QEMU (make run), it may crash the program either because of invalid write or memory curruption, depending on the compiled program structure. Also refer to my discussion with newlib folks: https://sourceware.org/pipermail/newlib/2021/018260.html To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1915925/+subscriptions