From patchwork Thu Aug 27 18:35:31 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 52778 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f70.google.com (mail-la0-f70.google.com [209.85.215.70]) by patches.linaro.org (Postfix) with ESMTPS id B471A22E8B for ; Thu, 27 Aug 2015 18:35:57 +0000 (UTC) Received: by labth1 with SMTP id th1sf10284093lab.2 for ; Thu, 27 Aug 2015 11:35:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:mime-version:in-reply-to:references :from:date:message-id:subject:to:cc:content-type:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=r7txByJY/20Wk9HcxqS8krZoc0dauylna2r1tN8ZESo=; b=ZnwM8Wf2DZA8rOQ6toZZXBe5oW2t8oVF/0i6xxJW0baciQzcDHwg4gITUrx/47S8mg 5jdCO/3E3h1qs0RGDRmErvIVZOZD/SE5qgstvxXRCW3gKBwQJY6FY99pGSnUKOpo0W/8 Fd42ORaam5pf+2rz5G2l6sCqyBoQ/EHkAMCFtkdjnEEanycuAqOyMAxdqCwbcI+i+BY/ h0EWlM3pm9YQpm9qlmKxOaPctQzJnojyWLK/XBoUtkJCRO8jCQBuGnKdBcrUFAZ0PmAu /NdYaapRRuNu/jZ/0cp/sNgNsnzIbYeTNJOGSFdowtvuLR4ME0u+8pFGPjewUx42lr6N c2SQ== X-Gm-Message-State: ALoCoQlrXGRrsCOl8PuvMmPwoWmGTaYu7AcqDNPRJ+Ub7PUvA+2YhLOEM5yK+H58Q3ip/HRixmyf X-Received: by 10.112.139.137 with SMTP id qy9mr1529234lbb.17.1440700554257; Thu, 27 Aug 2015 11:35:54 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.9.232 with SMTP id d8ls125562lab.13.gmail; Thu, 27 Aug 2015 11:35:53 -0700 (PDT) X-Received: by 10.152.23.234 with SMTP id p10mr2927266laf.52.1440700553097; Thu, 27 Aug 2015 11:35:53 -0700 (PDT) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com. [209.85.217.172]) by mx.google.com with ESMTPS id yp3si3147024lbb.43.2015.08.27.11.35.53 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Aug 2015 11:35:53 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.172 as permitted sender) client-ip=209.85.217.172; Received: by lbbtg9 with SMTP id tg9so16963661lbb.1 for ; Thu, 27 Aug 2015 11:35:53 -0700 (PDT) X-Received: by 10.112.16.135 with SMTP id g7mr2879025lbd.19.1440700552949; Thu, 27 Aug 2015 11:35:52 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.112.151.194 with SMTP id us2csp17117lbb; Thu, 27 Aug 2015 11:35:51 -0700 (PDT) X-Received: by 10.13.223.72 with SMTP id i69mr4803173ywe.7.1440700551313; Thu, 27 Aug 2015 11:35:51 -0700 (PDT) Received: from mail-qg0-f45.google.com (mail-qg0-f45.google.com. [209.85.192.45]) by mx.google.com with ESMTPS id 97si3515489qgl.37.2015.08.27.11.35.50 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Aug 2015 11:35:51 -0700 (PDT) Received-SPF: pass (google.com: domain of peter.maydell@linaro.org designates 209.85.192.45 as permitted sender) client-ip=209.85.192.45; Received: by qgeh99 with SMTP id h99so18020545qge.0 for ; Thu, 27 Aug 2015 11:35:50 -0700 (PDT) X-Received: by 10.52.52.133 with SMTP id t5mr5719545vdo.56.1440700550487; Thu, 27 Aug 2015 11:35:50 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.153.135 with HTTP; Thu, 27 Aug 2015 11:35:31 -0700 (PDT) In-Reply-To: <1439483745-28752-10-git-send-email-peter.maydell@linaro.org> References: <1439483745-28752-1-git-send-email-peter.maydell@linaro.org> <1439483745-28752-10-git-send-email-peter.maydell@linaro.org> From: Peter Maydell Date: Thu, 27 Aug 2015 19:35:31 +0100 Message-ID: Subject: Re: [Qemu-devel] [PATCH 9/9] target-arm: Wire up HLT 0xf000 as the A64 semihosting instruction To: QEMU Developers Cc: Christopher Covington , Patch Tracking X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.172 as permitted sender) smtp.mailfrom=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , On 13 August 2015 at 17:35, Peter Maydell wrote: > For the A64 instruction set, the semihosting call instruction > is 'HLT 0xf000'. Wire this up to call do_arm_semihosting() > if semihosting is enabled. > > Signed-off-by: Peter Maydell > --- > @@ -1553,8 +1554,17 @@ static void disas_exc(DisasContext *s, uint32_t insn) > unallocated_encoding(s); > break; > } > - /* HLT */ > - unsupported_encoding(s, insn); > + /* HLT. This has two purposes. > + * Architecturally, it is an external halting debug instruction. > + * Since QEMU doesn't implement external debug, we treat this as > + * it is required for halting debug disabled: it will UNDEF. > + * Secondly, "HLT 0xf000" is the A64 semihosting syscall instruction. > + */ > + if (semihosting_enabled() && imm16 == 0xf000) { > + gen_exception_internal_insn(s, 0, EXCP_SEMIHOST); > + } else { > + unsupported_encoding(s, insn); > + } Christopher pointed out to me at KVM Forum that this isn't consistent with how we do 32-bit ARM semihosting, which has a check to prevent its use from userspace in system emulation. (The idea is that semihosting is basically a "guest can pwn your host" API, so giving access to it to guest userspace is kind of brave.) I propose to squash the following change into this patch as I put it into target-arm.next. This brings it into line with the 32-bit code. There is a usecase for allowing unfettered access to semihosting in system emulation mode (basically, running bare metal test binaries). I think we should deal with that by having a separate command line option for "userspace semihosting access is OK", which changes the behaviour for both 32-bit and 64-bit semihosting APIs. Alternatively, we could instead allow userspace to use "safe" parts of the semihosting API, like "print to stdout", but not the less safe parts like "open and write to arbitrary host files". Or we could decide that this safety check isn't actually very useful (no other model/debug environment has it that I know of) and drop it entirely; but that makes me a little nervous. (It would actually be nice to be able to say "I'd like the guest kernel to be able to do early printk via semihosting without trusting it to open files etc", for that matter.) thanks -- PMM --- a/target-arm/translate-a64.c +++ b/target-arm/translate-a64.c @@ -1561,6 +1561,16 @@ static void disas_exc(DisasContext *s, uint32_t insn) * Secondly, "HLT 0xf000" is the A64 semihosting syscall instruction. */ if (semihosting_enabled() && imm16 == 0xf000) { +#ifndef CONFIG_USER_ONLY + /* In system mode, don't allow userspace access to semihosting, + * to provide some semblance of security (and for consistency + * with our 32-bit semihosting). + */ + if (s->current_el == 0) { + unsupported_encoding(s, insn); + break; + } +#endif gen_exception_internal_insn(s, 0, EXCP_SEMIHOST); } else { unsupported_encoding(s, insn);