riscv
/
qemu
mirror of https://gitea.goldendeliverer.com/riscv/qemu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

linux-user: make syscall emulation interruptible 

The syscall emulation code previously wasn't interruptible via
cpu_loop_exit(), as this construct relies on a longjmp target that is not
live anymore in the syscall handling code. Consequently, longjmp() would
operate on a (potentially overwritten) stale jump buffer. This patch adds an additional
setjmp and the necessary handling around it to make longjmp() (and by
proxy cpu_loop_exit() safe to call even within a syscall context.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Florian Hofhammer <florian.hofhammer@epfl.ch>
Link: https://lore.kernel.org/qemu-devel/20260305-setpc-v5-v7-3-4c3adba52403@epfl.ch
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
master
Florian Hofhammer 4 weeks ago
committed by Pierrick Bouvier
parent
d16ffa4244
commit
9097087147
19 changed files with 60 additions and 22 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      linux-user/aarch64/cpu_loop.c
  2. 2
      linux-user/alpha/cpu_loop.c
  3. 2
      linux-user/arm/cpu_loop.c
  4. 2
      linux-user/hexagon/cpu_loop.c
  5. 1
      linux-user/hppa/cpu_loop.c
  6. 8
      linux-user/i386/cpu_loop.c
  7. 8
      linux-user/include/special-errno.h
  8. 5
      linux-user/loongarch64/cpu_loop.c
  9. 2
      linux-user/m68k/cpu_loop.c
  10. 2
      linux-user/microblaze/cpu_loop.c
  11. 9
      linux-user/mips/cpu_loop.c
  12. 2
      linux-user/or1k/cpu_loop.c
  13. 10
      linux-user/ppc/cpu_loop.c
  14. 2
      linux-user/riscv/cpu_loop.c
  15. 2
      linux-user/s390x/cpu_loop.c
  16. 2
      linux-user/sh4/cpu_loop.c
  17. 4
      linux-user/sparc/cpu_loop.c
  18. 16
      linux-user/syscall.c
  19. 1
      linux-user/xtensa/cpu_loop.c

2
linux-user/aarch64/cpu_loop.c
View File

@ -181,7 +181,7 @@ void cpu_loop(CPUARMState *env)
0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->pc -= 4;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->xregs[0] = ret;
}
break;

2
linux-user/alpha/cpu_loop.c
View File

@ -82,7 +82,7 @@ void cpu_loop(CPUAlphaState *env)
env->pc -= 4;
break;
}
if (sysret == -QEMU_ESIGRETURN) {
if (sysret == -QEMU_ESIGRETURN || sysret == -QEMU_ESETPC) {
break;
}
/* Syscall writes 0 to V0 to bypass error check, similar

2
linux-user/arm/cpu_loop.c
View File

@ -399,7 +399,7 @@ void cpu_loop(CPUARMState *env)
0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->regs[15] -= env->thumb ? 2 : 4;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->regs[0] = ret;
}
}

2
linux-user/hexagon/cpu_loop.c
View File

@ -56,7 +56,7 @@ void cpu_loop(CPUHexagonState *env)
0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->gpr[HEX_REG_PC] -= 4;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->gpr[0] = ret;
}
break;

1
linux-user/hppa/cpu_loop.c
View File

@ -124,6 +124,7 @@ void cpu_loop(CPUHPPAState *env)
break;
case -QEMU_ERESTARTSYS:
case -QEMU_ESIGRETURN:
case -QEMU_ESETPC:
break;
}
break;

8
linux-user/i386/cpu_loop.c
View File

@ -181,7 +181,9 @@ static void emulate_vsyscall(CPUX86State *env)
if (ret == -TARGET_EFAULT) {
goto sigsegv;
}
env->regs[R_EAX] = ret;
if (ret != -QEMU_ESETPC) {
env->regs[R_EAX] = ret;
}
/* Emulate a ret instruction to leave the vsyscall page. */
env->eip = caller;
@ -234,7 +236,7 @@ void cpu_loop(CPUX86State *env)
0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->eip -= 2;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->regs[R_EAX] = ret;
}
break;
@ -253,7 +255,7 @@ void cpu_loop(CPUX86State *env)
0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->eip -= 2;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->regs[R_EAX] = ret;
}
break;

8
linux-user/include/special-errno.h
View File

@ -29,4 +29,12 @@
*/
#define QEMU_ESIGRETURN 513
/*
* This is returned after a plugin has used the qemu_plugin_set_pc API, to
* indicate that the plugin deliberately changed the PC and potentially
* modified the register values. The main loop should not touch the guest
* registers for this reason.
*/
#define QEMU_ESETPC 514
#endif /* SPECIAL_ERRNO_H */

5
linux-user/loongarch64/cpu_loop.c
View File

@ -44,9 +44,10 @@ void cpu_loop(CPULoongArchState *env)
env->pc -= 4;
break;
}
if (ret == -QEMU_ESIGRETURN) {
if (ret == -QEMU_ESIGRETURN || ret == -QEMU_ESETPC) {
/*
* Returning from a successful sigreturn syscall.
* Returning from a successful sigreturn syscall or from
* control flow diversion in a plugin callback.
* Avoid clobbering register state.
*/
break;

2
linux-user/m68k/cpu_loop.c
View File

@ -66,7 +66,7 @@ void cpu_loop(CPUM68KState *env)
0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->pc -= 2;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->dregs[0] = ret;
}
}

2
linux-user/microblaze/cpu_loop.c
View File

@ -54,7 +54,7 @@ void cpu_loop(CPUMBState *env)
if (ret == -QEMU_ERESTARTSYS) {
/* Wind back to before the syscall. */
env->pc -= 4;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->regs[3] = ret;
}
/* All syscall exits result in guest r14 being equal to the

9
linux-user/mips/cpu_loop.c
View File

@ -140,9 +140,12 @@ done_syscall:
env->active_tc.PC -= 4;
break;
}
if (ret == -QEMU_ESIGRETURN) {
/* Returning from a successful sigreturn syscall.
Avoid clobbering register state. */
if (ret == -QEMU_ESIGRETURN || ret == -QEMU_ESETPC) {
/*
* Returning from a successful sigreturn syscall or from
* control flow diversion in a plugin callback.
* Avoid clobbering register state.
*/
break;
}
if ((abi_ulong)ret >= (abi_ulong)-1133) {

2
linux-user/or1k/cpu_loop.c
View File

@ -48,7 +48,7 @@ void cpu_loop(CPUOpenRISCState *env)
cpu_get_gpr(env, 8), 0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->pc -= 4;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
cpu_set_gpr(env, 11, ret);
}
break;

10
linux-user/ppc/cpu_loop.c
View File

@ -340,9 +340,13 @@ void cpu_loop(CPUPPCState *env)
env->nip -= 4;
break;
}
if (ret == (target_ulong)(-QEMU_ESIGRETURN)) {
/* Returning from a successful sigreturn syscall.
Avoid corrupting register state. */
if (ret == (target_ulong)(-QEMU_ESIGRETURN) ||
ret == (target_ulong)(-QEMU_ESETPC)) {
/*
* Returning from a successful sigreturn syscall or from
* control flow diversion in a plugin callback.
* Avoid corrupting register state.
*/
break;
}
if (ret > (target_ulong)(-515)) {

2
linux-user/riscv/cpu_loop.c
View File

@ -65,7 +65,7 @@ void cpu_loop(CPURISCVState *env)
}
if (ret == -QEMU_ERESTARTSYS) {
env->pc -= 4;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->gpr[xA0] = ret;
}
if (cs->singlestep_enabled) {

2
linux-user/s390x/cpu_loop.c
View File

@ -83,7 +83,7 @@ void cpu_loop(CPUS390XState *env)
env->regs[6], env->regs[7], 0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->psw.addr -= env->int_svc_ilen;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->regs[2] = ret;
}

2
linux-user/sh4/cpu_loop.c
View File

@ -50,7 +50,7 @@ void cpu_loop(CPUSH4State *env)
0, 0);
if (ret == -QEMU_ERESTARTSYS) {
env->pc -= 2;
} else if (ret != -QEMU_ESIGRETURN) {
} else if (ret != -QEMU_ESIGRETURN && ret != -QEMU_ESETPC) {
env->gregs[0] = ret;
}
break;

4
linux-user/sparc/cpu_loop.c
View File

@ -229,7 +229,9 @@ void cpu_loop (CPUSPARCState *env)
env->regwptr[2], env->regwptr[3],
env->regwptr[4], env->regwptr[5],
0, 0);
if (ret == -QEMU_ERESTARTSYS || ret == -QEMU_ESIGRETURN) {
if (ret == -QEMU_ERESTARTSYS ||
ret == -QEMU_ESIGRETURN ||
ret == -QEMU_ESETPC) {
break;
}
if ((abi_ulong)ret >= (abi_ulong)(-515)) {

16
linux-user/syscall.c
View File

@ -43,6 +43,7 @@
#include <linux/capability.h>
#include <sched.h>
#include <sys/timex.h>
#include <setjmp.h>
#include <sys/socket.h>
#include <linux/sockios.h>
#include <sys/un.h>
@ -600,6 +601,9 @@ const char *target_strerror(int err)
if (err == QEMU_ESIGRETURN) {
return "Successful exit from sigreturn";
}
if (err == QEMU_ESETPC) {
return "Successfully redirected control flow";
}
return strerror(target_to_host_errno(err));
}
@ -14410,6 +14414,18 @@ abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1,
return -QEMU_ESIGRETURN;
}
/*
* Set up a longjmp target here so that we can call cpu_loop_exit to
* redirect control flow back to the main loop even from within
* syscall-related plugin callbacks.
* For other types of callbacks or longjmp call sites, the longjmp target
* is set up in the cpu loop itself but in syscalls the target is not live
* anymore.
*/
if (unlikely(sigsetjmp(cpu->jmp_env, 0) != 0)) {
return -QEMU_ESETPC;
}
record_syscall_start(cpu, num, arg1,
arg2, arg3, arg4, arg5, arg6, arg7, arg8);

1
linux-user/xtensa/cpu_loop.c
View File

@ -186,6 +186,7 @@ void cpu_loop(CPUXtensaState *env)
break;
case -QEMU_ESIGRETURN:
case -QEMU_ESETPC:
break;
}
break;

Write Preview
Loading…
Cancel
Save