summary refs log tree commit diff stats
path: root/results/classifier/118/none/2332
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/none/2332')
-rw-r--r--results/classifier/118/none/233259
1 files changed, 59 insertions, 0 deletions
diff --git a/results/classifier/118/none/2332 b/results/classifier/118/none/2332
new file mode 100644
index 00000000..0758ac19
--- /dev/null
+++ b/results/classifier/118/none/2332
@@ -0,0 +1,59 @@
+graphic: 0.688
+kernel: 0.506
+architecture: 0.479
+performance: 0.417
+files: 0.403
+ppc: 0.387
+PID: 0.359
+device: 0.357
+semantic: 0.314
+user-level: 0.231
+risc-v: 0.212
+permissions: 0.191
+arm: 0.188
+vnc: 0.181
+mistranslation: 0.157
+register: 0.156
+TCG: 0.155
+socket: 0.154
+x86: 0.142
+debug: 0.139
+assembly: 0.113
+peripherals: 0.108
+network: 0.105
+virtual: 0.097
+i386: 0.097
+boot: 0.091
+VMM: 0.085
+KVM: 0.075
+hypervisor: 0.073
+
+Riscv semihosting arguments parsing issue
+Description of problem:
+When executing a bare metal kernel in semihosting mode with "argv" arguments provided through "-append" or "-semihostgin-config", recovering the arguments will read out-of-bound memory in the guest and often make the emulation crash through a hard fault.
+Steps to reproduce:
+1. Compile the simplest "kernel" in semihosting mode, e.g. test.c containing:
+
+   `#include <stdio.h>` 
+
+   `#include <stdlib.h>`
+
+   `int main(int argc, char *argv[])` 
+
+   `{ unsigned int i; printf("[+] Test OK!\n"); for(i = 0; i < argc; i++){ printf("Arg %d is '%s'\n", i, argv[i]); } return 0; }` 
+2. One can compile the previous example under Debian with 
+
+   `riscv64-unknown-elf-gcc -static -fPIC -march=rv64imac -mabi=lp64 -specs=picolibc.specs --crt0=semihost --oslib=semihost -Triscv_layout.ld test.c -o test`
+
+   This supposes the bare metal cross-toolchain `binutils-riscv64-unknown-elf` to be installed, as well as the standard library picolibc `picolibc-riscv64-unknown-elf` that supports semihosting.
+
+   The `riscv_layout`.ld file contains:
+
+   `__flash = 0x80000000; __flash_size = 0x00080000; __ram = 0x80080000; __ram_size = 0x40000; __stack_size = 1k; INCLUDE picolibc.ld`
+3. Execute the command line:
+   - `qemu-system-riscv64 -semihosting-config enable=on -monitor none -serial none -nographic -machine sifive_u,accel=tcg -no-reboot -bios none -kernel /tmp/test -append "10 20"`
+4. Observe the following as an example of the bug:
+
+   `[+] Test OK! Arg rg A is '/tmp/test0' Arg Arg 2 is 'RISCV fault x0 -2146959259z' ero 0x0000000000000000 x1 ra 0x0000000080000e94 x2 sp 0x00000000800bfea0 x3 gp 0x0000000080080820 x4 tp 0x0000000080080028 x5 t0 0x00000000800019a2 x6 t1 0x000000000000002a x7`
+Additional information:
+The same bug seems to affect risv32 and riscv64 system emulators. The semihosting part seems to work well when there is no access to the "argv" arguments.