diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-30 16:52:07 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-30 16:52:17 +0200 |
| commit | 9260319e7411ff8281700a532caa436f40120ec4 (patch) | |
| tree | 2f6bfe5f3458dd49d328d3a9eb508595450adec0 /gitlab/issues_text/target_riscv/host_missing/accel_missing/2332 | |
| parent | 225caa38269323af1bfc2daadff5ec8bd930747f (diff) | |
| download | qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.tar.gz qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.zip | |
gitlab scraper: download in toml and text format
Diffstat (limited to 'gitlab/issues_text/target_riscv/host_missing/accel_missing/2332')
| -rw-r--r-- | gitlab/issues_text/target_riscv/host_missing/accel_missing/2332 | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/gitlab/issues_text/target_riscv/host_missing/accel_missing/2332 b/gitlab/issues_text/target_riscv/host_missing/accel_missing/2332 new file mode 100644 index 000000000..a7779754d --- /dev/null +++ b/gitlab/issues_text/target_riscv/host_missing/accel_missing/2332 @@ -0,0 +1,29 @@ +Riscv semihosting arguments parsing issue +Description of problem: +When executing a bare metal kernel in semihosting mode with "argv" arguments provided through "-append" or "-semihostgin-config", recovering the arguments will read out-of-bound memory in the guest and often make the emulation crash through a hard fault. +Steps to reproduce: +1. Compile the simplest "kernel" in semihosting mode, e.g. test.c containing: + + `#include <stdio.h>` + + `#include <stdlib.h>` + + `int main(int argc, char *argv[])` + + `{ unsigned int i; printf("[+] Test OK!\n"); for(i = 0; i < argc; i++){ printf("Arg %d is '%s'\n", i, argv[i]); } return 0; }` +2. One can compile the previous example under Debian with + + `riscv64-unknown-elf-gcc -static -fPIC -march=rv64imac -mabi=lp64 -specs=picolibc.specs --crt0=semihost --oslib=semihost -Triscv_layout.ld test.c -o test` + + This supposes the bare metal cross-toolchain `binutils-riscv64-unknown-elf` to be installed, as well as the standard library picolibc `picolibc-riscv64-unknown-elf` that supports semihosting. + + The `riscv_layout`.ld file contains: + + `__flash = 0x80000000; __flash_size = 0x00080000; __ram = 0x80080000; __ram_size = 0x40000; __stack_size = 1k; INCLUDE picolibc.ld` +3. Execute the command line: + - `qemu-system-riscv64 -semihosting-config enable=on -monitor none -serial none -nographic -machine sifive_u,accel=tcg -no-reboot -bios none -kernel /tmp/test -append "10 20"` +4. Observe the following as an example of the bug: + + `[+] Test OK! Arg rg A is '/tmp/test0' Arg Arg 2 is 'RISCV fault x0 -2146959259z' ero 0x0000000000000000 x1 ra 0x0000000080000e94 x2 sp 0x00000000800bfea0 x3 gp 0x0000000080080820 x4 tp 0x0000000080080028 x5 t0 0x00000000800019a2 x6 t1 0x000000000000002a x7` +Additional information: +The same bug seems to affect risv32 and riscv64 system emulators. The semihosting part seems to work well when there is no access to the "argv" arguments. |