According to the specification "Semihosting for AArch32 and Aarch64",
the SYS_OPEN operation should return:
- A nonzero handle if the call is successful
- -1 if the call is not successful
So, it should never return 0.
Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting
code hand out its own file descriptors"), the guest fd matched to the
host fd. It returned a nonzero handle on success since the fd 0 is
already used for stdin.
Now that the guest fd is the index of guestfd_array, it starts from 0.
I noticed this issue particularly because Trusted Firmware-A built with
PLAT=qemu is no longer working. Its io_semihosting driver only handles
a positive return value as a valid filehandle.
Basically, there are two ways to fix this:
- Use (guestfd - 1) as the index of guestfs_arrary. We need to insert
increment/decrement to convert the guestfd and the array index back
and forth.
- Keep using guestfd as the index of guestfs_array. The first entry
of guestfs_array is left unused.
I thought the latter is simpler. We end up with wasting a small piece
of memory for the unused first entry of guestfd_array, but this is
probably not a big deal.
Fixes: 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting code hand out its own file descriptors")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---
target/arm/arm-semi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
index 6f7b6d801bf9..4275dfc34591 100644
--- a/target/arm/arm-semi.c
+++ b/target/arm/arm-semi.c
@@ -144,7 +144,8 @@ static int alloc_guestfd(void)
guestfd_array = g_array_new(FALSE, TRUE, sizeof(GuestFD));
}
- for (i = 0; i < guestfd_array->len; i++) {
+ /* SYS_OPEN should return nonzero handle on success. Start guestfd from 1 */
+ for (i = 1; i < guestfd_array->len; i++) {
GuestFD *gf = &g_array_index(guestfd_array, GuestFD, i);
if (gf->type == GuestFDUnused) {
@@ -168,7 +169,7 @@ static GuestFD *do_get_guestfd(int guestfd)
return NULL;
}
- if (guestfd < 0 || guestfd >= guestfd_array->len) {
+ if (guestfd <= 0 || guestfd >= guestfd_array->len) {
return NULL;
}
--
2.17.1
On 1/9/20 3:12 PM, Masahiro Yamada wrote: > According to the specification "Semihosting for AArch32 and Aarch64", > the SYS_OPEN operation should return: > > - A nonzero handle if the call is successful > - -1 if the call is not successful > > So, it should never return 0. > > Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting > code hand out its own file descriptors"), the guest fd matched to the > host fd. It returned a nonzero handle on success since the fd 0 is > already used for stdin. > > Now that the guest fd is the index of guestfd_array, it starts from 0. > > I noticed this issue particularly because Trusted Firmware-A built with > PLAT=qemu is no longer working. Its io_semihosting driver only handles > a positive return value as a valid filehandle. > > Basically, there are two ways to fix this: > > - Use (guestfd - 1) as the index of guestfs_arrary. We need to insert > increment/decrement to convert the guestfd and the array index back > and forth. > > - Keep using guestfd as the index of guestfs_array. The first entry > of guestfs_array is left unused. > > I thought the latter is simpler. We end up with wasting a small piece > of memory for the unused first entry of guestfd_array, but this is > probably not a big deal. > > Fixes: 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting code hand out its own file descriptors") > Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> > --- Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
On Thu, 9 Jan 2020 at 04:13, Masahiro Yamada <masahiroy@kernel.org> wrote: > > According to the specification "Semihosting for AArch32 and Aarch64", > the SYS_OPEN operation should return: > > - A nonzero handle if the call is successful > - -1 if the call is not successful > > So, it should never return 0. > > Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting > code hand out its own file descriptors"), the guest fd matched to the > host fd. It returned a nonzero handle on success since the fd 0 is > already used for stdin. I think this bug existed even prior to that commit, because in the old implementation we would handle the ":tt" magic file by returning STDIN_FILENO or STDOUT_FILENO, and STDIN_FILENO is zero. So although I agree we should fix this bug, it would probably be wise if your code using the API treated 0 as a success, because QEMU's probably not the only implementation that decided to use "just pass through the host fd"... > Basically, there are two ways to fix this: > > - Use (guestfd - 1) as the index of guestfs_arrary. We need to insert > increment/decrement to convert the guestfd and the array index back > and forth. > > - Keep using guestfd as the index of guestfs_array. The first entry > of guestfs_array is left unused. > > I thought the latter is simpler. We end up with wasting a small piece > of memory for the unused first entry of guestfd_array, but this is > probably not a big deal. Yeah, I guess so. Applied to target-arm.next. (This also reminds me that I never got round to fixing a bug where if the guest does a SYS_OPEN on :tt and then a SYS_CLOSE then we close the host stdin/stdout, which we should not...) thanks -- PMM
© 2016 - 2024 Red Hat, Inc.