We had two sets of variables: arg_start/arg_end, and
arg_strings/env_strings. In linuxload.c, we set the
first pair to the bounds of the argv strings, but in
elfload.c, we set the first pair to the bounds of the
argv pointers and the second pair to the bounds of
the argv strings.
Remove arg_start/arg_end, replacing them with the standard
argc/argv/envc/envp values. Retain arg_strings/env_strings
with the meaning we were using in elfload.c.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/714
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220427025129.160184-1-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Drop the set of estatus in init_thread; it was clearly intended
to be setting the value of CR_STATUS for the application, but we
never actually performed that copy. However, the proper value is
set in nios2_cpu_reset so we don't need to do anything here.
We only initialize SP and EA in init_thread, there's no value in
copying other uninitialized data into ENV.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220421151735.31996-21-richard.henderson@linaro.org>
Replace the global variables with inlined helper functions. getpagesize() is very
likely annotated with a "const" function attribute (at least with glibc), and thus
optimization should apply even better.
This avoids the need for a constructor initialization too.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220323155743.1585078-12-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The pgb_find_hole function goes to the trouble of taking account of
both mmap_min_addr and any offset we've applied to decide the starting
address of a potential hole. This is especially important for
emulating 32bit ARM in a 32bit build as we have applied the offset to
ensure there will be space to map the ARM_COMMPAGE bellow the main
guest map (using wrapped arithmetic).
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/690
Message-Id: <20220105135009.1584676-27-alex.bennee@linaro.org>
A recent change to fix commpage allocation issues on 32bit hosts
revealed another intermittent issue on s390x. The root cause was the
headroom we give for the brk space wasn't enough causing the guest to
attempt to map something on top of QEMUs own pages. We do not
currently do anything to protect from this (see #555).
By inspection the brk mmap moves around and top of the address range
has been measured as far as 19Mb away from the top of the binary. As
we chose a smallish number to keep 32bit on 32 bit feasible we only
increase the gap for 64 bit guests. This does mean that 64-on-32
static binaries are more likely to fail to find a hole in the address
space but that is hopefully a fairly rare situation.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220113165550.4184455-1-alex.bennee@linaro.org>
The clang in Ubuntu 18.04 (10.0.0-4ubuntu1) produces a warning
on the code added in commit f5ef0e518d where we use a
shifted expression in a boolean context:
../../linux-user/elfload.c:2423:16: error: converting the result of '<<' to a boolean always evaluates to true [-Werror,-Wtautological-constant-compare]
} else if (LO_COMMPAGE) {
^
../../linux-user/elfload.c:1102:22: note: expanded from macro 'LO_COMMPAGE'
#define LO_COMMPAGE TARGET_PAGE_SIZE
^
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/exec/cpu-all.h:231:31: note: expanded from macro 'TARGET_PAGE_SIZE'
#define TARGET_PAGE_SIZE (1 << TARGET_PAGE_BITS)
^
1 error generated.
The warning is bogus because whether LO_COMMPAGE is zero or not
depends on compile-time ifdefs; shut the compiler up by adding
an explicit comparison to zero.
Fixes: f5ef0e518d ("linux-user/nios2: Map a real kuser page")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-id: 20220111082900.3341274-1-peter.maydell@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qemu.h is included in various non-linux-user files (which
mostly want the TaskState struct and the functions for
doing usermode access to guest addresses like lock_user(),
unlock_user(), get_user*(), etc).
Split out the parts that are only used in linux-user itself
into a new user-internals.h. This leaves qemu.h with basically
three things:
* the definition of the TaskState struct
* the user-access functions and macros
* do_brk()
all of which are needed by code outside linux-user that
includes qemu.h.
The addition of all the extra #include lines was done with
sed -i '/include.*qemu\.h/a #include "user-internals.h"' $(git grep -l 'include.*qemu\.h' linux-user)
(and then undoing the change to fpa11.h).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210908154405.15417-8-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Linux-user pull request 20210621
# gpg: Signature made Mon 21 Jun 2021 12:03:53 BST
# gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier2/tags/linux-user-for-6.1-pull-request:
linux-user: Use public sigev_notify_thread_id member if available
linux-user: Fix incorrect use of feature-test-macros
linux-user: Check for ieee128 fpbits in PPC64 HWCAP2 feature list
tests/tcg/linux-test: Check that sigaction can query SIGKILL/SIGSTOP
linux-user: Let sigaction query SIGKILL/SIGSTOP
linux-user: Implement pivot_root
linux-user/trace-events: fix minor typo in format string
linux-user: Disable static assert involving __SIGRTMAX if it is missing
linux-user: Set CF_PARALLEL when mapping shared memory
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Provide the following definitions required by the common code:
* ELF_NREG: with the value of sizeof(s390_regs) / sizeof(long).
* target_elf_gregset_t: define it like all the other arches do.
* elf_core_copy_regs(): similar to kernel's s390_regs_get().
* USE_ELF_CORE_DUMP.
* ELF_EXEC_PAGESIZE.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20210413205608.22587-1-iii@linux.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
The current code dumps the memory between arg_start and arg_end,
which contains the argv pointers. This results in the
Core was generated by `<garbage>`
message when opening the core file in GDB. This is because the code is
supposed to dump the actual arg strings. Fix by using arg_strings and
env_strings instead of arg_start and arg_end.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20210413205814.22821-1-iii@linux.ibm.com>
[lv: add missing braces]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
The GDateTime APIs provided by GLib avoid portability pitfalls, such
as some platforms where 'struct timeval.tv_sec' field is still 'long'
instead of 'time_t'. When combined with automatic cleanup, GDateTime
often results in simpler code too.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210505103702.521457-7-berrange@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Previously, guest_loaddr was not taken into account when returning an
address from pgb_find_hole when /proc/self/maps was unavailable which
caused an improper guest_base address to be calculated.
This could cause a SIGSEGV later in load_elf_image -> target_mmap for
ET_EXEC type images since the mmap MAP_FIXED flag is specified which
could clobber existing mappings at the address returnd by g2h().
mmap(0xd87000, 16846912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|0x100000, -1, 0) = 0xd87000
munmap(0xd87000, 16846912) = 0
write(2, "Locating guest address space @ 0"..., 40Locating guest address space @ 0xd87000) = 40
mmap(0x1187000, 16850944, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x1187000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2188310} ---
+++ killed by SIGSEGV +++
Now, pgd_find_hole accounts for guest_loaddr in this scenario.
Fixes: ad592e37df ("linux-user: provide fallback pgd_find_hole for bare chroots")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210131061948.15990-1-vfazio@xes-inc.com>
[lv: updated it to check if ret == -1]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Previously, pgd_find_hole_fallback assumed that if the build host's libc
had MAP_FIXED_NOREPLACE defined that the address returned by mmap would
match the requested address. This is not a safe assumption for Linux
kernels prior to 4.17
Now, we always compare mmap's resultant address with the requested
address and no longer short-circuit based on MAP_FIXED_NOREPLACE.
Fixes: 2667e069e7 ("linux-user: don't use MAP_FIXED in pgd_find_hole_fallback")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210131061930.14554-1-vfazio@xes-inc.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Previously, if the build host's libc did not define MAP_FIXED_NOREPLACE
or if the running kernel didn't support that flag, it was possible for
pgd_find_hole_fallback to munmap an incorrect address which could lead to
SIGSEGV if the range happened to overlap with the mapped address of the
QEMU binary.
mmap(0x1000, 22261224, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x7f889d331000
munmap(0x1000, 22261224) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x84b817} ---
++ killed by SIGSEGV +++
Now, always munmap the address returned by mmap.
Fixes: 2667e069e7 ("linux-user: don't use MAP_FIXED in pgd_find_hole_fallback")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210131061849.12615-1-vfazio@xes-inc.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
TILE-Gx was only implemented in linux-user mode, but support for this CPU
was removed from the upstream Linux kernel in 2018, and it has also been
dropped from glibc, so there is no new Linux development taking place with
this architecture. For running the old binaries, users can simply use older
versions of QEMU.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210224183952.80463-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Use g2h_untagged in contexts that have no cpu, e.g. the binary
loaders that operate before the primary cpu is created. As a
colollary, target_mmap and friends must use untagged addresses,
since they are used by the loaders.
Use g2h_untagged on values returned from target_mmap, as the
kernel never applies a tag itself.
Use g2h_untagged on all pc values. The only current user of
tags, aarch64, removes tags from code addresses upon branch,
so "pc" is always untagged.
Use g2h with the cpu context on hand wherever possible.
Use g2h_untagged in lock_user, which will be updated soon.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210212184902.1251044-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Some ELF binaries encode the .bss section as an extension of the data
ones by setting the segment p_memsz > p_filesz. Some other binaries take
a different route and encode it as a stand-alone PT_LOAD segment with
p_filesz = 0 and p_memsz > 0.
Both the encodings are actually correct per ELF specification but the
ELF loader had some troubles in handling the former: with the old logic
it was very likely to get Qemu to crash in zero_bss when trying to
access unmapped memory.
zero_bss isn't meant to allocate whole zero-filled segments but to
"complete" a previously mapped segment with the needed zero bits.
The fix is pretty simple, if the segment is completely zero-filled we
simply allocate one or more pages (according to p_memsz) and avoid
calling zero_bss altogether.
Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com>
Message-Id: <c9106487-dc4d-120a-bd48-665b3c617287@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Userland ELF binaries using Loongson SIMD instructions have the
HWCAP_LOONGSON_MMI bit set [1].
Binaries compiled for Loongson 3A [2] have the HWCAP_LOONGSON_EXT
bit set for the LQ / SQ instructions.
[1] commit 8e2d5831e4 ("target/mips: Legalize Loongson insn flags")
[2] commit af868995e1 ("target/mips: Add Loongson-3 CPU definition")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20201214003215.344522-7-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
