1 /*
2 * Arm "Angel" semihosting syscalls
3 *
4 * Copyright (c) 2005, 2007 CodeSourcery.
5 * Copyright (c) 2019 Linaro
6 * Written by Paul Brook.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 *
21 * ARM Semihosting is documented in:
22 * Semihosting for AArch32 and AArch64 Release 2.0
23 * https://static.docs.arm.com/100863/0200/semihosting.pdf
24 */
25
26 #include "qemu/osdep.h"
27
28 #include "cpu.h"
29 #include "hw/semihosting/semihost.h"
30 #include "hw/semihosting/console.h"
31 #include "qemu/log.h"
32 #ifdef CONFIG_USER_ONLY
33 #include "qemu.h"
34
35 #define ARM_ANGEL_HEAP_SIZE (128 * 1024 * 1024)
36 #else
37 #include "exec/gdbstub.h"
38 #include "qemu/cutils.h"
39 #endif
40
41 #define TARGET_SYS_OPEN 0x01
42 #define TARGET_SYS_CLOSE 0x02
43 #define TARGET_SYS_WRITEC 0x03
44 #define TARGET_SYS_WRITE0 0x04
45 #define TARGET_SYS_WRITE 0x05
46 #define TARGET_SYS_READ 0x06
47 #define TARGET_SYS_READC 0x07
48 #define TARGET_SYS_ISTTY 0x09
49 #define TARGET_SYS_SEEK 0x0a
50 #define TARGET_SYS_FLEN 0x0c
51 #define TARGET_SYS_TMPNAM 0x0d
52 #define TARGET_SYS_REMOVE 0x0e
53 #define TARGET_SYS_RENAME 0x0f
54 #define TARGET_SYS_CLOCK 0x10
55 #define TARGET_SYS_TIME 0x11
56 #define TARGET_SYS_SYSTEM 0x12
57 #define TARGET_SYS_ERRNO 0x13
58 #define TARGET_SYS_GET_CMDLINE 0x15
59 #define TARGET_SYS_HEAPINFO 0x16
60 #define TARGET_SYS_EXIT 0x18
61 #define TARGET_SYS_SYNCCACHE 0x19
62 #define TARGET_SYS_EXIT_EXTENDED 0x20
63
64 /* ADP_Stopped_ApplicationExit is used for exit(0),
65 * anything else is implemented as exit(1) */
66 #define ADP_Stopped_ApplicationExit (0x20026)
67
68 #ifndef O_BINARY
69 #define O_BINARY 0
70 #endif
71
72 #define GDB_O_RDONLY 0x000
73 #define GDB_O_WRONLY 0x001
74 #define GDB_O_RDWR 0x002
75 #define GDB_O_APPEND 0x008
76 #define GDB_O_CREAT 0x200
77 #define GDB_O_TRUNC 0x400
78 #define GDB_O_BINARY 0
79
80 static int gdb_open_modeflags[12] = {
81 GDB_O_RDONLY,
82 GDB_O_RDONLY | GDB_O_BINARY,
83 GDB_O_RDWR,
84 GDB_O_RDWR | GDB_O_BINARY,
85 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_TRUNC,
86 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_TRUNC | GDB_O_BINARY,
87 GDB_O_RDWR | GDB_O_CREAT | GDB_O_TRUNC,
88 GDB_O_RDWR | GDB_O_CREAT | GDB_O_TRUNC | GDB_O_BINARY,
89 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_APPEND,
90 GDB_O_WRONLY | GDB_O_CREAT | GDB_O_APPEND | GDB_O_BINARY,
91 GDB_O_RDWR | GDB_O_CREAT | GDB_O_APPEND,
92 GDB_O_RDWR | GDB_O_CREAT | GDB_O_APPEND | GDB_O_BINARY
93 };
94
95 static int open_modeflags[12] = {
96 O_RDONLY,
97 O_RDONLY | O_BINARY,
98 O_RDWR,
99 O_RDWR | O_BINARY,
100 O_WRONLY | O_CREAT | O_TRUNC,
101 O_WRONLY | O_CREAT | O_TRUNC | O_BINARY,
102 O_RDWR | O_CREAT | O_TRUNC,
103 O_RDWR | O_CREAT | O_TRUNC | O_BINARY,
104 O_WRONLY | O_CREAT | O_APPEND,
105 O_WRONLY | O_CREAT | O_APPEND | O_BINARY,
106 O_RDWR | O_CREAT | O_APPEND,
107 O_RDWR | O_CREAT | O_APPEND | O_BINARY
108 };
109
110 typedef enum GuestFDType {
111 GuestFDUnused = 0,
112 GuestFDHost = 1,
113 GuestFDGDB = 2,
114 GuestFDFeatureFile = 3,
115 } GuestFDType;
116
117 /*
118 * Guest file descriptors are integer indexes into an array of
119 * these structures (we will dynamically resize as necessary).
120 */
121 typedef struct GuestFD {
122 GuestFDType type;
123 union {
124 int hostfd;
125 target_ulong featurefile_offset;
126 };
127 } GuestFD;
128
129 static GArray *guestfd_array;
130
131 /*
132 * Allocate a new guest file descriptor and return it; if we
133 * couldn't allocate a new fd then return -1.
134 * This is a fairly simplistic implementation because we don't
135 * expect that most semihosting guest programs will make very
136 * heavy use of opening and closing fds.
137 */
alloc_guestfd(void)138 static int alloc_guestfd(void)
139 {
140 guint i;
141
142 if (!guestfd_array) {
143 /* New entries zero-initialized, i.e. type GuestFDUnused */
144 guestfd_array = g_array_new(FALSE, TRUE, sizeof(GuestFD));
145 }
146
147 /* SYS_OPEN should return nonzero handle on success. Start guestfd from 1 */
148 for (i = 1; i < guestfd_array->len; i++) {
149 GuestFD *gf = &g_array_index(guestfd_array, GuestFD, i);
150
151 if (gf->type == GuestFDUnused) {
152 return i;
153 }
154 }
155
156 /* All elements already in use: expand the array */
157 g_array_set_size(guestfd_array, i + 1);
158 return i;
159 }
160
161 /*
162 * Look up the guestfd in the data structure; return NULL
163 * for out of bounds, but don't check whether the slot is unused.
164 * This is used internally by the other guestfd functions.
165 */
do_get_guestfd(int guestfd)166 static GuestFD *do_get_guestfd(int guestfd)
167 {
168 if (!guestfd_array) {
169 return NULL;
170 }
171
172 if (guestfd <= 0 || guestfd >= guestfd_array->len) {
173 return NULL;
174 }
175
176 return &g_array_index(guestfd_array, GuestFD, guestfd);
177 }
178
179 /*
180 * Associate the specified guest fd (which must have been
181 * allocated via alloc_fd() and not previously used) with
182 * the specified host/gdb fd.
183 */
associate_guestfd(int guestfd,int hostfd)184 static void associate_guestfd(int guestfd, int hostfd)
185 {
186 GuestFD *gf = do_get_guestfd(guestfd);
187
188 assert(gf);
189 gf->type = use_gdb_syscalls() ? GuestFDGDB : GuestFDHost;
190 gf->hostfd = hostfd;
191 }
192
193 /*
194 * Deallocate the specified guest file descriptor. This doesn't
195 * close the host fd, it merely undoes the work of alloc_fd().
196 */
dealloc_guestfd(int guestfd)197 static void dealloc_guestfd(int guestfd)
198 {
199 GuestFD *gf = do_get_guestfd(guestfd);
200
201 assert(gf);
202 gf->type = GuestFDUnused;
203 }
204
205 /*
206 * Given a guest file descriptor, get the associated struct.
207 * If the fd is not valid, return NULL. This is the function
208 * used by the various semihosting calls to validate a handle
209 * from the guest.
210 * Note: calling alloc_guestfd() or dealloc_guestfd() will
211 * invalidate any GuestFD* obtained by calling this function.
212 */
get_guestfd(int guestfd)213 static GuestFD *get_guestfd(int guestfd)
214 {
215 GuestFD *gf = do_get_guestfd(guestfd);
216
217 if (!gf || gf->type == GuestFDUnused) {
218 return NULL;
219 }
220 return gf;
221 }
222
223 /*
224 * The semihosting API has no concept of its errno being thread-safe,
225 * as the API design predates SMP CPUs and was intended as a simple
226 * real-hardware set of debug functionality. For QEMU, we make the
227 * errno be per-thread in linux-user mode; in softmmu it is a simple
228 * global, and we assume that the guest takes care of avoiding any races.
229 */
230 #ifndef CONFIG_USER_ONLY
231 static target_ulong syscall_err;
232
233 #include "exec/softmmu-semi.h"
234 #endif
235
set_swi_errno(CPUARMState * env,uint32_t code)236 static inline uint32_t set_swi_errno(CPUARMState *env, uint32_t code)
237 {
238 if (code == (uint32_t)-1) {
239 #ifdef CONFIG_USER_ONLY
240 CPUState *cs = env_cpu(env);
241 TaskState *ts = cs->opaque;
242
243 ts->swi_errno = errno;
244 #else
245 syscall_err = errno;
246 #endif
247 }
248 return code;
249 }
250
get_swi_errno(CPUARMState * env)251 static inline uint32_t get_swi_errno(CPUARMState *env)
252 {
253 #ifdef CONFIG_USER_ONLY
254 CPUState *cs = env_cpu(env);
255 TaskState *ts = cs->opaque;
256
257 return ts->swi_errno;
258 #else
259 return syscall_err;
260 #endif
261 }
262
263 static target_ulong arm_semi_syscall_len;
264
arm_semi_cb(CPUState * cs,target_ulong ret,target_ulong err)265 static void arm_semi_cb(CPUState *cs, target_ulong ret, target_ulong err)
266 {
267 ARMCPU *cpu = ARM_CPU(cs);
268 CPUARMState *env = &cpu->env;
269 target_ulong reg0 = is_a64(env) ? env->xregs[0] : env->regs[0];
270
271 if (ret == (target_ulong)-1) {
272 errno = err;
273 set_swi_errno(env, -1);
274 reg0 = ret;
275 } else {
276 /* Fixup syscalls that use nonstardard return conventions. */
277 switch (reg0) {
278 case TARGET_SYS_WRITE:
279 case TARGET_SYS_READ:
280 reg0 = arm_semi_syscall_len - ret;
281 break;
282 case TARGET_SYS_SEEK:
283 reg0 = 0;
284 break;
285 default:
286 reg0 = ret;
287 break;
288 }
289 }
290 if (is_a64(env)) {
291 env->xregs[0] = reg0;
292 } else {
293 env->regs[0] = reg0;
294 }
295 }
296
arm_flen_buf(ARMCPU * cpu)297 static target_ulong arm_flen_buf(ARMCPU *cpu)
298 {
299 /* Return an address in target memory of 64 bytes where the remote
300 * gdb should write its stat struct. (The format of this structure
301 * is defined by GDB's remote protocol and is not target-specific.)
302 * We put this on the guest's stack just below SP.
303 */
304 CPUARMState *env = &cpu->env;
305 target_ulong sp;
306
307 if (is_a64(env)) {
308 sp = env->xregs[31];
309 } else {
310 sp = env->regs[13];
311 }
312
313 return sp - 64;
314 }
315
arm_semi_flen_cb(CPUState * cs,target_ulong ret,target_ulong err)316 static void arm_semi_flen_cb(CPUState *cs, target_ulong ret, target_ulong err)
317 {
318 ARMCPU *cpu = ARM_CPU(cs);
319 CPUARMState *env = &cpu->env;
320 /* The size is always stored in big-endian order, extract
321 the value. We assume the size always fit in 32 bits. */
322 uint32_t size;
323 cpu_memory_rw_debug(cs, arm_flen_buf(cpu) + 32, (uint8_t *)&size, 4, 0);
324 size = be32_to_cpu(size);
325 if (is_a64(env)) {
326 env->xregs[0] = size;
327 } else {
328 env->regs[0] = size;
329 }
330 errno = err;
331 set_swi_errno(env, -1);
332 }
333
334 static int arm_semi_open_guestfd;
335
arm_semi_open_cb(CPUState * cs,target_ulong ret,target_ulong err)336 static void arm_semi_open_cb(CPUState *cs, target_ulong ret, target_ulong err)
337 {
338 ARMCPU *cpu = ARM_CPU(cs);
339 CPUARMState *env = &cpu->env;
340 if (ret == (target_ulong)-1) {
341 errno = err;
342 set_swi_errno(env, -1);
343 dealloc_guestfd(arm_semi_open_guestfd);
344 } else {
345 associate_guestfd(arm_semi_open_guestfd, ret);
346 ret = arm_semi_open_guestfd;
347 }
348
349 if (is_a64(env)) {
350 env->xregs[0] = ret;
351 } else {
352 env->regs[0] = ret;
353 }
354 }
355
arm_gdb_syscall(ARMCPU * cpu,gdb_syscall_complete_cb cb,const char * fmt,...)356 static target_ulong arm_gdb_syscall(ARMCPU *cpu, gdb_syscall_complete_cb cb,
357 const char *fmt, ...)
358 {
359 va_list va;
360 CPUARMState *env = &cpu->env;
361
362 va_start(va, fmt);
363 gdb_do_syscallv(cb, fmt, va);
364 va_end(va);
365
366 /*
367 * FIXME: in softmmu mode, the gdbstub will schedule our callback
368 * to occur, but will not actually call it to complete the syscall
369 * until after this function has returned and we are back in the
370 * CPU main loop. Therefore callers to this function must not
371 * do anything with its return value, because it is not necessarily
372 * the result of the syscall, but could just be the old value of X0.
373 * The only thing safe to do with this is that the callers of
374 * do_arm_semihosting() will write it straight back into X0.
375 * (In linux-user mode, the callback will have happened before
376 * gdb_do_syscallv() returns.)
377 *
378 * We should tidy this up so neither this function nor
379 * do_arm_semihosting() return a value, so the mistake of
380 * doing something with the return value is not possible to make.
381 */
382
383 return is_a64(env) ? env->xregs[0] : env->regs[0];
384 }
385
386 /*
387 * Types for functions implementing various semihosting calls
388 * for specific types of guest file descriptor. These must all
389 * do the work and return the required return value for the guest,
390 * setting the guest errno if appropriate.
391 */
392 typedef uint32_t sys_closefn(ARMCPU *cpu, GuestFD *gf);
393 typedef uint32_t sys_writefn(ARMCPU *cpu, GuestFD *gf,
394 target_ulong buf, uint32_t len);
395 typedef uint32_t sys_readfn(ARMCPU *cpu, GuestFD *gf,
396 target_ulong buf, uint32_t len);
397 typedef uint32_t sys_isattyfn(ARMCPU *cpu, GuestFD *gf);
398 typedef uint32_t sys_seekfn(ARMCPU *cpu, GuestFD *gf,
399 target_ulong offset);
400 typedef uint32_t sys_flenfn(ARMCPU *cpu, GuestFD *gf);
401
host_closefn(ARMCPU * cpu,GuestFD * gf)402 static uint32_t host_closefn(ARMCPU *cpu, GuestFD *gf)
403 {
404 CPUARMState *env = &cpu->env;
405
406 /*
407 * Only close the underlying host fd if it's one we opened on behalf
408 * of the guest in SYS_OPEN.
409 */
410 if (gf->hostfd == STDIN_FILENO ||
411 gf->hostfd == STDOUT_FILENO ||
412 gf->hostfd == STDERR_FILENO) {
413 return 0;
414 }
415 return set_swi_errno(env, close(gf->hostfd));
416 }
417
host_writefn(ARMCPU * cpu,GuestFD * gf,target_ulong buf,uint32_t len)418 static uint32_t host_writefn(ARMCPU *cpu, GuestFD *gf,
419 target_ulong buf, uint32_t len)
420 {
421 uint32_t ret;
422 CPUARMState *env = &cpu->env;
423 char *s = lock_user(VERIFY_READ, buf, len, 1);
424 if (!s) {
425 /* Return bytes not written on error */
426 return len;
427 }
428 ret = set_swi_errno(env, write(gf->hostfd, s, len));
429 unlock_user(s, buf, 0);
430 if (ret == (uint32_t)-1) {
431 ret = 0;
432 }
433 /* Return bytes not written */
434 return len - ret;
435 }
436
host_readfn(ARMCPU * cpu,GuestFD * gf,target_ulong buf,uint32_t len)437 static uint32_t host_readfn(ARMCPU *cpu, GuestFD *gf,
438 target_ulong buf, uint32_t len)
439 {
440 uint32_t ret;
441 CPUARMState *env = &cpu->env;
442 char *s = lock_user(VERIFY_WRITE, buf, len, 0);
443 if (!s) {
444 /* return bytes not read */
445 return len;
446 }
447 do {
448 ret = set_swi_errno(env, read(gf->hostfd, s, len));
449 } while (ret == -1 && errno == EINTR);
450 unlock_user(s, buf, len);
451 if (ret == (uint32_t)-1) {
452 ret = 0;
453 }
454 /* Return bytes not read */
455 return len - ret;
456 }
457
host_isattyfn(ARMCPU * cpu,GuestFD * gf)458 static uint32_t host_isattyfn(ARMCPU *cpu, GuestFD *gf)
459 {
460 return isatty(gf->hostfd);
461 }
462
host_seekfn(ARMCPU * cpu,GuestFD * gf,target_ulong offset)463 static uint32_t host_seekfn(ARMCPU *cpu, GuestFD *gf, target_ulong offset)
464 {
465 CPUARMState *env = &cpu->env;
466 uint32_t ret = set_swi_errno(env, lseek(gf->hostfd, offset, SEEK_SET));
467 if (ret == (uint32_t)-1) {
468 return -1;
469 }
470 return 0;
471 }
472
host_flenfn(ARMCPU * cpu,GuestFD * gf)473 static uint32_t host_flenfn(ARMCPU *cpu, GuestFD *gf)
474 {
475 CPUARMState *env = &cpu->env;
476 struct stat buf;
477 uint32_t ret = set_swi_errno(env, fstat(gf->hostfd, &buf));
478 if (ret == (uint32_t)-1) {
479 return -1;
480 }
481 return buf.st_size;
482 }
483
gdb_closefn(ARMCPU * cpu,GuestFD * gf)484 static uint32_t gdb_closefn(ARMCPU *cpu, GuestFD *gf)
485 {
486 return arm_gdb_syscall(cpu, arm_semi_cb, "close,%x", gf->hostfd);
487 }
488
gdb_writefn(ARMCPU * cpu,GuestFD * gf,target_ulong buf,uint32_t len)489 static uint32_t gdb_writefn(ARMCPU *cpu, GuestFD *gf,
490 target_ulong buf, uint32_t len)
491 {
492 arm_semi_syscall_len = len;
493 return arm_gdb_syscall(cpu, arm_semi_cb, "write,%x,%x,%x",
494 gf->hostfd, buf, len);
495 }
496
gdb_readfn(ARMCPU * cpu,GuestFD * gf,target_ulong buf,uint32_t len)497 static uint32_t gdb_readfn(ARMCPU *cpu, GuestFD *gf,
498 target_ulong buf, uint32_t len)
499 {
500 arm_semi_syscall_len = len;
501 return arm_gdb_syscall(cpu, arm_semi_cb, "read,%x,%x,%x",
502 gf->hostfd, buf, len);
503 }
504
gdb_isattyfn(ARMCPU * cpu,GuestFD * gf)505 static uint32_t gdb_isattyfn(ARMCPU *cpu, GuestFD *gf)
506 {
507 return arm_gdb_syscall(cpu, arm_semi_cb, "isatty,%x", gf->hostfd);
508 }
509
gdb_seekfn(ARMCPU * cpu,GuestFD * gf,target_ulong offset)510 static uint32_t gdb_seekfn(ARMCPU *cpu, GuestFD *gf, target_ulong offset)
511 {
512 return arm_gdb_syscall(cpu, arm_semi_cb, "lseek,%x,%x,0",
513 gf->hostfd, offset);
514 }
515
gdb_flenfn(ARMCPU * cpu,GuestFD * gf)516 static uint32_t gdb_flenfn(ARMCPU *cpu, GuestFD *gf)
517 {
518 return arm_gdb_syscall(cpu, arm_semi_flen_cb, "fstat,%x,%x",
519 gf->hostfd, arm_flen_buf(cpu));
520 }
521
522 #define SHFB_MAGIC_0 0x53
523 #define SHFB_MAGIC_1 0x48
524 #define SHFB_MAGIC_2 0x46
525 #define SHFB_MAGIC_3 0x42
526
527 /* Feature bits reportable in feature byte 0 */
528 #define SH_EXT_EXIT_EXTENDED (1 << 0)
529 #define SH_EXT_STDOUT_STDERR (1 << 1)
530
531 static const uint8_t featurefile_data[] = {
532 SHFB_MAGIC_0,
533 SHFB_MAGIC_1,
534 SHFB_MAGIC_2,
535 SHFB_MAGIC_3,
536 SH_EXT_EXIT_EXTENDED | SH_EXT_STDOUT_STDERR, /* Feature byte 0 */
537 };
538
init_featurefile_guestfd(int guestfd)539 static void init_featurefile_guestfd(int guestfd)
540 {
541 GuestFD *gf = do_get_guestfd(guestfd);
542
543 assert(gf);
544 gf->type = GuestFDFeatureFile;
545 gf->featurefile_offset = 0;
546 }
547
featurefile_closefn(ARMCPU * cpu,GuestFD * gf)548 static uint32_t featurefile_closefn(ARMCPU *cpu, GuestFD *gf)
549 {
550 /* Nothing to do */
551 return 0;
552 }
553
featurefile_writefn(ARMCPU * cpu,GuestFD * gf,target_ulong buf,uint32_t len)554 static uint32_t featurefile_writefn(ARMCPU *cpu, GuestFD *gf,
555 target_ulong buf, uint32_t len)
556 {
557 /* This fd can never be open for writing */
558 CPUARMState *env = &cpu->env;
559
560 errno = EBADF;
561 return set_swi_errno(env, -1);
562 }
563
featurefile_readfn(ARMCPU * cpu,GuestFD * gf,target_ulong buf,uint32_t len)564 static uint32_t featurefile_readfn(ARMCPU *cpu, GuestFD *gf,
565 target_ulong buf, uint32_t len)
566 {
567 uint32_t i;
568 #ifndef CONFIG_USER_ONLY
569 CPUARMState *env = &cpu->env;
570 #endif
571 char *s;
572
573 s = lock_user(VERIFY_WRITE, buf, len, 0);
574 if (!s) {
575 return len;
576 }
577
578 for (i = 0; i < len; i++) {
579 if (gf->featurefile_offset >= sizeof(featurefile_data)) {
580 break;
581 }
582 s[i] = featurefile_data[gf->featurefile_offset];
583 gf->featurefile_offset++;
584 }
585
586 unlock_user(s, buf, len);
587
588 /* Return number of bytes not read */
589 return len - i;
590 }
591
featurefile_isattyfn(ARMCPU * cpu,GuestFD * gf)592 static uint32_t featurefile_isattyfn(ARMCPU *cpu, GuestFD *gf)
593 {
594 return 0;
595 }
596
featurefile_seekfn(ARMCPU * cpu,GuestFD * gf,target_ulong offset)597 static uint32_t featurefile_seekfn(ARMCPU *cpu, GuestFD *gf,
598 target_ulong offset)
599 {
600 gf->featurefile_offset = offset;
601 return 0;
602 }
603
featurefile_flenfn(ARMCPU * cpu,GuestFD * gf)604 static uint32_t featurefile_flenfn(ARMCPU *cpu, GuestFD *gf)
605 {
606 return sizeof(featurefile_data);
607 }
608
609 typedef struct GuestFDFunctions {
610 sys_closefn *closefn;
611 sys_writefn *writefn;
612 sys_readfn *readfn;
613 sys_isattyfn *isattyfn;
614 sys_seekfn *seekfn;
615 sys_flenfn *flenfn;
616 } GuestFDFunctions;
617
618 static const GuestFDFunctions guestfd_fns[] = {
619 [GuestFDHost] = {
620 .closefn = host_closefn,
621 .writefn = host_writefn,
622 .readfn = host_readfn,
623 .isattyfn = host_isattyfn,
624 .seekfn = host_seekfn,
625 .flenfn = host_flenfn,
626 },
627 [GuestFDGDB] = {
628 .closefn = gdb_closefn,
629 .writefn = gdb_writefn,
630 .readfn = gdb_readfn,
631 .isattyfn = gdb_isattyfn,
632 .seekfn = gdb_seekfn,
633 .flenfn = gdb_flenfn,
634 },
635 [GuestFDFeatureFile] = {
636 .closefn = featurefile_closefn,
637 .writefn = featurefile_writefn,
638 .readfn = featurefile_readfn,
639 .isattyfn = featurefile_isattyfn,
640 .seekfn = featurefile_seekfn,
641 .flenfn = featurefile_flenfn,
642 },
643 };
644
645 /* Read the input value from the argument block; fail the semihosting
646 * call if the memory read fails.
647 */
648 #define GET_ARG(n) do { \
649 if (is_a64(env)) { \
650 if (get_user_u64(arg ## n, args + (n) * 8)) { \
651 errno = EFAULT; \
652 return set_swi_errno(env, -1); \
653 } \
654 } else { \
655 if (get_user_u32(arg ## n, args + (n) * 4)) { \
656 errno = EFAULT; \
657 return set_swi_errno(env, -1); \
658 } \
659 } \
660 } while (0)
661
662 #define SET_ARG(n, val) \
663 (is_a64(env) ? \
664 put_user_u64(val, args + (n) * 8) : \
665 put_user_u32(val, args + (n) * 4))
666
667 /*
668 * Do a semihosting call.
669 *
670 * The specification always says that the "return register" either
671 * returns a specific value or is corrupted, so we don't need to
672 * report to our caller whether we are returning a value or trying to
673 * leave the register unchanged. We use 0xdeadbeef as the return value
674 * when there isn't a defined return value for the call.
675 */
do_arm_semihosting(CPUARMState * env)676 target_ulong do_arm_semihosting(CPUARMState *env)
677 {
678 ARMCPU *cpu = env_archcpu(env);
679 CPUState *cs = env_cpu(env);
680 target_ulong args;
681 target_ulong arg0, arg1, arg2, arg3;
682 char * s;
683 int nr;
684 uint32_t ret;
685 uint32_t len;
686 GuestFD *gf;
687
688 if (is_a64(env)) {
689 /* Note that the syscall number is in W0, not X0 */
690 nr = env->xregs[0] & 0xffffffffU;
691 args = env->xregs[1];
692 } else {
693 nr = env->regs[0];
694 args = env->regs[1];
695 }
696
697 switch (nr) {
698 case TARGET_SYS_OPEN:
699 {
700 int guestfd;
701
702 GET_ARG(0);
703 GET_ARG(1);
704 GET_ARG(2);
705 s = lock_user_string(arg0);
706 if (!s) {
707 errno = EFAULT;
708 return set_swi_errno(env, -1);
709 }
710 if (arg1 >= 12) {
711 unlock_user(s, arg0, 0);
712 errno = EINVAL;
713 return set_swi_errno(env, -1);
714 }
715
716 guestfd = alloc_guestfd();
717 if (guestfd < 0) {
718 unlock_user(s, arg0, 0);
719 errno = EMFILE;
720 return set_swi_errno(env, -1);
721 }
722
723 if (strcmp(s, ":tt") == 0) {
724 int result_fileno;
725
726 /*
727 * We implement SH_EXT_STDOUT_STDERR, so:
728 * open for read == stdin
729 * open for write == stdout
730 * open for append == stderr
731 */
732 if (arg1 < 4) {
733 result_fileno = STDIN_FILENO;
734 } else if (arg1 < 8) {
735 result_fileno = STDOUT_FILENO;
736 } else {
737 result_fileno = STDERR_FILENO;
738 }
739 associate_guestfd(guestfd, result_fileno);
740 unlock_user(s, arg0, 0);
741 return guestfd;
742 }
743 if (strcmp(s, ":semihosting-features") == 0) {
744 unlock_user(s, arg0, 0);
745 /* We must fail opens for modes other than 0 ('r') or 1 ('rb') */
746 if (arg1 != 0 && arg1 != 1) {
747 dealloc_guestfd(guestfd);
748 errno = EACCES;
749 return set_swi_errno(env, -1);
750 }
751 init_featurefile_guestfd(guestfd);
752 return guestfd;
753 }
754
755 if (use_gdb_syscalls()) {
756 arm_semi_open_guestfd = guestfd;
757 ret = arm_gdb_syscall(cpu, arm_semi_open_cb, "open,%s,%x,1a4", arg0,
758 (int)arg2+1, gdb_open_modeflags[arg1]);
759 } else {
760 ret = set_swi_errno(env, open(s, open_modeflags[arg1], 0644));
761 if (ret == (uint32_t)-1) {
762 dealloc_guestfd(guestfd);
763 } else {
764 associate_guestfd(guestfd, ret);
765 ret = guestfd;
766 }
767 }
768 unlock_user(s, arg0, 0);
769 return ret;
770 }
771 case TARGET_SYS_CLOSE:
772 GET_ARG(0);
773
774 gf = get_guestfd(arg0);
775 if (!gf) {
776 errno = EBADF;
777 return set_swi_errno(env, -1);
778 }
779
780 ret = guestfd_fns[gf->type].closefn(cpu, gf);
781 dealloc_guestfd(arg0);
782 return ret;
783 case TARGET_SYS_WRITEC:
784 qemu_semihosting_console_outc(env, args);
785 return 0xdeadbeef;
786 case TARGET_SYS_WRITE0:
787 return qemu_semihosting_console_outs(env, args);
788 case TARGET_SYS_WRITE:
789 GET_ARG(0);
790 GET_ARG(1);
791 GET_ARG(2);
792 len = arg2;
793
794 gf = get_guestfd(arg0);
795 if (!gf) {
796 errno = EBADF;
797 return set_swi_errno(env, -1);
798 }
799
800 return guestfd_fns[gf->type].writefn(cpu, gf, arg1, len);
801 case TARGET_SYS_READ:
802 GET_ARG(0);
803 GET_ARG(1);
804 GET_ARG(2);
805 len = arg2;
806
807 gf = get_guestfd(arg0);
808 if (!gf) {
809 errno = EBADF;
810 return set_swi_errno(env, -1);
811 }
812
813 return guestfd_fns[gf->type].readfn(cpu, gf, arg1, len);
814 case TARGET_SYS_READC:
815 return qemu_semihosting_console_inc(env);
816 case TARGET_SYS_ISTTY:
817 GET_ARG(0);
818
819 gf = get_guestfd(arg0);
820 if (!gf) {
821 errno = EBADF;
822 return set_swi_errno(env, -1);
823 }
824
825 return guestfd_fns[gf->type].isattyfn(cpu, gf);
826 case TARGET_SYS_SEEK:
827 GET_ARG(0);
828 GET_ARG(1);
829
830 gf = get_guestfd(arg0);
831 if (!gf) {
832 errno = EBADF;
833 return set_swi_errno(env, -1);
834 }
835
836 return guestfd_fns[gf->type].seekfn(cpu, gf, arg1);
837 case TARGET_SYS_FLEN:
838 GET_ARG(0);
839
840 gf = get_guestfd(arg0);
841 if (!gf) {
842 errno = EBADF;
843 return set_swi_errno(env, -1);
844 }
845
846 return guestfd_fns[gf->type].flenfn(cpu, gf);
847 case TARGET_SYS_TMPNAM:
848 qemu_log_mask(LOG_UNIMP, "%s: SYS_TMPNAM not implemented", __func__);
849 return -1;
850 case TARGET_SYS_REMOVE:
851 GET_ARG(0);
852 GET_ARG(1);
853 if (use_gdb_syscalls()) {
854 ret = arm_gdb_syscall(cpu, arm_semi_cb, "unlink,%s",
855 arg0, (int)arg1+1);
856 } else {
857 s = lock_user_string(arg0);
858 if (!s) {
859 errno = EFAULT;
860 return set_swi_errno(env, -1);
861 }
862 ret = set_swi_errno(env, remove(s));
863 unlock_user(s, arg0, 0);
864 }
865 return ret;
866 case TARGET_SYS_RENAME:
867 GET_ARG(0);
868 GET_ARG(1);
869 GET_ARG(2);
870 GET_ARG(3);
871 if (use_gdb_syscalls()) {
872 return arm_gdb_syscall(cpu, arm_semi_cb, "rename,%s,%s",
873 arg0, (int)arg1+1, arg2, (int)arg3+1);
874 } else {
875 char *s2;
876 s = lock_user_string(arg0);
877 s2 = lock_user_string(arg2);
878 if (!s || !s2) {
879 errno = EFAULT;
880 ret = set_swi_errno(env, -1);
881 } else {
882 ret = set_swi_errno(env, rename(s, s2));
883 }
884 if (s2)
885 unlock_user(s2, arg2, 0);
886 if (s)
887 unlock_user(s, arg0, 0);
888 return ret;
889 }
890 case TARGET_SYS_CLOCK:
891 return clock() / (CLOCKS_PER_SEC / 100);
892 case TARGET_SYS_TIME:
893 return set_swi_errno(env, time(NULL));
894 case TARGET_SYS_SYSTEM:
895 GET_ARG(0);
896 GET_ARG(1);
897 if (use_gdb_syscalls()) {
898 return arm_gdb_syscall(cpu, arm_semi_cb, "system,%s",
899 arg0, (int)arg1+1);
900 } else {
901 s = lock_user_string(arg0);
902 if (!s) {
903 errno = EFAULT;
904 return set_swi_errno(env, -1);
905 }
906 ret = set_swi_errno(env, system(s));
907 unlock_user(s, arg0, 0);
908 return ret;
909 }
910 case TARGET_SYS_ERRNO:
911 return get_swi_errno(env);
912 case TARGET_SYS_GET_CMDLINE:
913 {
914 /* Build a command-line from the original argv.
915 *
916 * The inputs are:
917 * * arg0, pointer to a buffer of at least the size
918 * specified in arg1.
919 * * arg1, size of the buffer pointed to by arg0 in
920 * bytes.
921 *
922 * The outputs are:
923 * * arg0, pointer to null-terminated string of the
924 * command line.
925 * * arg1, length of the string pointed to by arg0.
926 */
927
928 char *output_buffer;
929 size_t input_size;
930 size_t output_size;
931 int status = 0;
932 #if !defined(CONFIG_USER_ONLY)
933 const char *cmdline;
934 #else
935 TaskState *ts = cs->opaque;
936 #endif
937 GET_ARG(0);
938 GET_ARG(1);
939 input_size = arg1;
940 /* Compute the size of the output string. */
941 #if !defined(CONFIG_USER_ONLY)
942 cmdline = semihosting_get_cmdline();
943 if (cmdline == NULL) {
944 cmdline = ""; /* Default to an empty line. */
945 }
946 output_size = strlen(cmdline) + 1; /* Count terminating 0. */
947 #else
948 unsigned int i;
949
950 output_size = ts->info->arg_end - ts->info->arg_start;
951 if (!output_size) {
952 /*
953 * We special-case the "empty command line" case (argc==0).
954 * Just provide the terminating 0.
955 */
956 output_size = 1;
957 }
958 #endif
959
960 if (output_size > input_size) {
961 /* Not enough space to store command-line arguments. */
962 errno = E2BIG;
963 return set_swi_errno(env, -1);
964 }
965
966 /* Adjust the command-line length. */
967 if (SET_ARG(1, output_size - 1)) {
968 /* Couldn't write back to argument block */
969 errno = EFAULT;
970 return set_swi_errno(env, -1);
971 }
972
973 /* Lock the buffer on the ARM side. */
974 output_buffer = lock_user(VERIFY_WRITE, arg0, output_size, 0);
975 if (!output_buffer) {
976 errno = EFAULT;
977 return set_swi_errno(env, -1);
978 }
979
980 /* Copy the command-line arguments. */
981 #if !defined(CONFIG_USER_ONLY)
982 pstrcpy(output_buffer, output_size, cmdline);
983 #else
984 if (output_size == 1) {
985 /* Empty command-line. */
986 output_buffer[0] = '\0';
987 goto out;
988 }
989
990 if (copy_from_user(output_buffer, ts->info->arg_start,
991 output_size)) {
992 errno = EFAULT;
993 status = set_swi_errno(env, -1);
994 goto out;
995 }
996
997 /* Separate arguments by white spaces. */
998 for (i = 0; i < output_size - 1; i++) {
999 if (output_buffer[i] == 0) {
1000 output_buffer[i] = ' ';
1001 }
1002 }
1003 out:
1004 #endif
1005 /* Unlock the buffer on the ARM side. */
1006 unlock_user(output_buffer, arg0, output_size);
1007
1008 return status;
1009 }
1010 case TARGET_SYS_HEAPINFO:
1011 {
1012 target_ulong retvals[4];
1013 target_ulong limit;
1014 int i;
1015 #ifdef CONFIG_USER_ONLY
1016 TaskState *ts = cs->opaque;
1017 #endif
1018
1019 GET_ARG(0);
1020
1021 #ifdef CONFIG_USER_ONLY
1022 /*
1023 * Some C libraries assume the heap immediately follows .bss, so
1024 * allocate it using sbrk.
1025 */
1026 if (!ts->heap_limit) {
1027 abi_ulong ret;
1028
1029 ts->heap_base = do_brk(0);
1030 limit = ts->heap_base + ARM_ANGEL_HEAP_SIZE;
1031 /* Try a big heap, and reduce the size if that fails. */
1032 for (;;) {
1033 ret = do_brk(limit);
1034 if (ret >= limit) {
1035 break;
1036 }
1037 limit = (ts->heap_base >> 1) + (limit >> 1);
1038 }
1039 ts->heap_limit = limit;
1040 }
1041
1042 retvals[0] = ts->heap_base;
1043 retvals[1] = ts->heap_limit;
1044 retvals[2] = ts->stack_base;
1045 retvals[3] = 0; /* Stack limit. */
1046 #else
1047 limit = ram_size;
1048 /* TODO: Make this use the limit of the loaded application. */
1049 retvals[0] = limit / 2;
1050 retvals[1] = limit;
1051 retvals[2] = limit; /* Stack base */
1052 retvals[3] = 0; /* Stack limit. */
1053 #endif
1054
1055 for (i = 0; i < ARRAY_SIZE(retvals); i++) {
1056 bool fail;
1057
1058 if (is_a64(env)) {
1059 fail = put_user_u64(retvals[i], arg0 + i * 8);
1060 } else {
1061 fail = put_user_u32(retvals[i], arg0 + i * 4);
1062 }
1063
1064 if (fail) {
1065 /* Couldn't write back to argument block */
1066 errno = EFAULT;
1067 return set_swi_errno(env, -1);
1068 }
1069 }
1070 return 0;
1071 }
1072 case TARGET_SYS_EXIT:
1073 case TARGET_SYS_EXIT_EXTENDED:
1074 if (nr == TARGET_SYS_EXIT_EXTENDED || is_a64(env)) {
1075 /*
1076 * The A64 version of SYS_EXIT takes a parameter block,
1077 * so the application-exit type can return a subcode which
1078 * is the exit status code from the application.
1079 * SYS_EXIT_EXTENDED is an a new-in-v2.0 optional function
1080 * which allows A32/T32 guests to also provide a status code.
1081 */
1082 GET_ARG(0);
1083 GET_ARG(1);
1084
1085 if (arg0 == ADP_Stopped_ApplicationExit) {
1086 ret = arg1;
1087 } else {
1088 ret = 1;
1089 }
1090 } else {
1091 /*
1092 * The A32/T32 version of SYS_EXIT specifies only
1093 * Stopped_ApplicationExit as normal exit, but does not
1094 * allow the guest to specify the exit status code.
1095 * Everything else is considered an error.
1096 */
1097 ret = (args == ADP_Stopped_ApplicationExit) ? 0 : 1;
1098 }
1099 gdb_exit(env, ret);
1100 exit(ret);
1101 case TARGET_SYS_SYNCCACHE:
1102 /*
1103 * Clean the D-cache and invalidate the I-cache for the specified
1104 * virtual address range. This is a nop for us since we don't
1105 * implement caches. This is only present on A64.
1106 */
1107 if (is_a64(env)) {
1108 return 0;
1109 }
1110 /* fall through -- invalid for A32/T32 */
1111 default:
1112 fprintf(stderr, "qemu: Unsupported SemiHosting SWI 0x%02x\n", nr);
1113 cpu_dump_state(cs, stderr, 0);
1114 abort();
1115 }
1116 }
1117