From eeed22916b8292b12d21e46ba9d3a383d669d9ff Mon Sep 17 00:00:00 2001 From: WANG Xuerui Date: Thu, 6 Oct 2022 16:55:00 +0800 Subject: linux-user: Fix more MIPS n32 syscall ABI issues In commit 80f0fe3a85 ("linux-user: Fix syscall parameter handling for MIPS n32") the ABI problem regarding offset64 on MIPS n32 was fixed, but still some cases remain where the n32 is incorrectly treated as any other 32-bit ABI that passes 64-bit arguments in pairs of GPRs. Fix by excluding TARGET_ABI_MIPSN32 from various TARGET_ABI_BITS == 32 checks. Closes: https://gitlab.com/qemu-project/qemu/-/issues/1238 Signed-off-by: WANG Xuerui Cc: Philippe Mathieu-Daudé Cc: Jiaxun Yang Cc: Andreas K. Hüttel Cc: Joshua Kinard Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Jiaxun Yang Tested-by: Jiaxun Yang Tested-by: Andreas K. Huettel Message-Id: <20221006085500.290341-1-xen0n@gentoo.org> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 2e954d8dbd..8b2d39fe73 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -11793,7 +11793,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, return -host_to_target_errno(ret); #endif -#if TARGET_ABI_BITS == 32 +#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32) #ifdef TARGET_NR_fadvise64_64 case TARGET_NR_fadvise64_64: @@ -11920,7 +11920,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, return get_errno(sys_gettid()); #ifdef TARGET_NR_readahead case TARGET_NR_readahead: -#if TARGET_ABI_BITS == 32 +#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32) if (regpairs_aligned(cpu_env, num)) { arg2 = arg3; arg3 = arg4; @@ -12612,7 +12612,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, #endif /* CONFIG_EVENTFD */ #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate) case TARGET_NR_fallocate: -#if TARGET_ABI_BITS == 32 +#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32) ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4), target_offset64(arg5, arg6))); #else @@ -12623,7 +12623,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, #if defined(CONFIG_SYNC_FILE_RANGE) #if defined(TARGET_NR_sync_file_range) case TARGET_NR_sync_file_range: -#if TARGET_ABI_BITS == 32 +#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32) #if defined(TARGET_MIPS) ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4), target_offset64(arg5, arg6), arg7)); @@ -12645,7 +12645,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, case TARGET_NR_arm_sync_file_range: #endif /* This is like sync_file_range but the arguments are reordered */ -#if TARGET_ABI_BITS == 32 +#if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32) ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4), target_offset64(arg5, arg6), arg2)); #else -- cgit v1.2.3-55-g7522 From 46187d707e7639b743a3b9f72da03ad4b9abc255 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Wed, 5 Oct 2022 18:38:26 +0200 Subject: linux-user: fix pidfd_send_signal() According to pidfd_send_signal(2), info argument can be a NULL pointer. Fix strace to correctly manage ending comma in parameters. Fixes: cc054c6f13 ("linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls") cc: Helge Deller Signed-off-by: Laurent Vivier Reviewed-by: Helge Deller Message-Id: <20221005163826.1455313-1-laurent@vivier.eu> Signed-off-by: Laurent Vivier --- linux-user/strace.c | 4 ++-- linux-user/syscall.c | 19 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/strace.c b/linux-user/strace.c index 37bc96df9b..86c081c83f 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -3383,10 +3383,10 @@ print_pidfd_send_signal(CPUArchState *cpu_env, const struct syscallname *name, unlock_user(p, arg2, 0); } else { - print_pointer(arg2, 1); + print_pointer(arg2, 0); } - print_raw_param("%u", arg3, 0); + print_raw_param("%u", arg3, 1); print_syscall_epilogue(name); } #endif diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 8b2d39fe73..ad06ec7bd5 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8679,16 +8679,21 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, #if defined(__NR_pidfd_send_signal) && defined(TARGET_NR_pidfd_send_signal) case TARGET_NR_pidfd_send_signal: { - siginfo_t uinfo; + siginfo_t uinfo, *puinfo; - p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1); - if (!p) { - return -TARGET_EFAULT; + if (arg3) { + p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1); + if (!p) { + return -TARGET_EFAULT; + } + target_to_host_siginfo(&uinfo, p); + unlock_user(p, arg3, 0); + puinfo = &uinfo; + } else { + puinfo = NULL; } - target_to_host_siginfo(&uinfo, p); - unlock_user(p, arg3, 0); ret = get_errno(pidfd_send_signal(arg1, target_to_host_signal(arg2), - &uinfo, arg4)); + puinfo, arg4)); } return ret; #endif -- cgit v1.2.3-55-g7522 From f07eb1c4f805c0dcc14dd69fee49b601ce0b2d2c Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Tue, 27 Sep 2022 14:43:56 +0200 Subject: linux-user: handle /proc/self/exe with execve() syscall If path is /proc/self/exe, use the executable path provided by exec_path. Don't use execfd as it is closed by loader_exec() and otherwise will survive to the exec() syscall and be usable child process. Signed-off-by: Laurent Vivier Message-Id: <20220927124357.688536-2-laurent@vivier.eu> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index ad06ec7bd5..a7a29091c9 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8860,7 +8860,11 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, * before the execve completes and makes it the other * program's problem. */ - ret = get_errno(safe_execve(p, argp, envp)); + if (is_proc_myself(p, "exe")) { + ret = get_errno(safe_execve(exec_path, argp, envp)); + } else { + ret = get_errno(safe_execve(p, argp, envp)); + } unlock_user(p, arg1, 0); goto execve_end; -- cgit v1.2.3-55-g7522 From 00ed8a3459869f46dbb4e18d4dcc81882dfe8776 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Tue, 27 Sep 2022 14:43:57 +0200 Subject: linux-user: don't use AT_EXECFD in do_openat() AT_EXECFD gives access to the binary file even if it is not readable (only executable). Moreover it can be opened with flags and mode that are not the ones provided by do_openat() caller. And it is not available because loader_exec() has closed it. To avoid that, use only safe_openat() with the exec_path. Signed-off-by: Laurent Vivier Message-Id: <20220927124357.688536-3-laurent@vivier.eu> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index a7a29091c9..665db67c05 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8251,8 +8251,7 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int }; if (is_proc_myself(pathname, "exe")) { - int execfd = qemu_getauxval(AT_EXECFD); - return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode); + return safe_openat(dirfd, exec_path, flags, mode); } for (fake_open = fakes; fake_open->filename; fake_open++) { -- cgit v1.2.3-55-g7522 From c5495f4ecb0cdaaf2e9dddeb48f1689cdb520ca0 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrangé Date: Tue, 4 Oct 2022 10:32:03 +0100 Subject: linux-user: add more compat ioctl definitions GLibc changes prevent us from including linux/fs.h anymore, and we previously adjusted to this in commit 3cd3df2a9584e6f753bb62a0028bd67124ab5532 Author: Daniel P. Berrangé Date: Tue Aug 2 12:41:34 2022 -0400 linux-user: fix compat with glibc >= 2.36 sys/mount.h That change required adding compat ioctl definitions on the QEMU side for any ioctls that we would otherwise obtain from linux/fs.h. This commit adds more that were initially missed, due to their usage being conditionalized in QEMU. Signed-off-by: Daniel P. Berrangé Reviewed-by: Laurent Vivier Message-Id: <20221004093206.652431-2-berrange@redhat.com> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 665db67c05..d499cac1d5 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -111,6 +111,31 @@ #define FS_IOC32_SETFLAGS _IOW('f', 2, int) #define FS_IOC32_GETVERSION _IOR('v', 1, int) #define FS_IOC32_SETVERSION _IOW('v', 2, int) + +#define BLKGETSIZE64 _IOR(0x12,114,size_t) +#define BLKDISCARD _IO(0x12,119) +#define BLKIOMIN _IO(0x12,120) +#define BLKIOOPT _IO(0x12,121) +#define BLKALIGNOFF _IO(0x12,122) +#define BLKPBSZGET _IO(0x12,123) +#define BLKDISCARDZEROES _IO(0x12,124) +#define BLKSECDISCARD _IO(0x12,125) +#define BLKROTATIONAL _IO(0x12,126) +#define BLKZEROOUT _IO(0x12,127) + +#define FIBMAP _IO(0x00,1) +#define FIGETBSZ _IO(0x00,2) + +struct file_clone_range { + __s64 src_fd; + __u64 src_offset; + __u64 src_length; + __u64 dest_offset; +}; + +#define FICLONE _IOW(0x94, 9, int) +#define FICLONERANGE _IOW(0x94, 13, struct file_clone_range) + #else #include #endif -- cgit v1.2.3-55-g7522 From 35a2c85f7d691db7aa2c47181902ac87478eef7a Mon Sep 17 00:00:00 2001 From: WANG Xuerui Date: Sun, 9 Oct 2022 14:08:13 +0800 Subject: linux-user: Implement faccessat2 User space has been preferring this syscall for a while, due to its closer match with C semantics, and newer platforms such as LoongArch apparently have libc implementations that don't fallback to faccessat so normal access checks are failing without the emulation in place. Tested by successfully emerging several packages within a Gentoo loong stage3 chroot, emulated on amd64 with help of static qemu-loongarch64. Reported-by: Andreas K. Hüttel Signed-off-by: WANG Xuerui Message-Id: <20221009060813.2289077-1-xen0n@gentoo.org> [lv: removing defined(__NR_faccessat2) in syscall.c, adding defined(TARGET_NR_faccessat2) on print_faccessat()] Signed-off-by: Laurent Vivier --- linux-user/strace.c | 2 +- linux-user/strace.list | 3 +++ linux-user/syscall.c | 9 +++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/strace.c b/linux-user/strace.c index 86c081c83f..9ae5a812cd 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -1969,7 +1969,7 @@ print_execv(CPUArchState *cpu_env, const struct syscallname *name, } #endif -#ifdef TARGET_NR_faccessat +#if defined(TARGET_NR_faccessat) || defined(TARGET_NR_faccessat2) static void print_faccessat(CPUArchState *cpu_env, const struct syscallname *name, abi_long arg0, abi_long arg1, abi_long arg2, diff --git a/linux-user/strace.list b/linux-user/strace.list index a87415bf3d..3df2184580 100644 --- a/linux-user/strace.list +++ b/linux-user/strace.list @@ -178,6 +178,9 @@ #ifdef TARGET_NR_faccessat { TARGET_NR_faccessat, "faccessat" , NULL, print_faccessat, NULL }, #endif +#ifdef TARGET_NR_faccessat2 +{ TARGET_NR_faccessat2, "faccessat2" , NULL, print_faccessat, NULL }, +#endif #ifdef TARGET_NR_fadvise64 { TARGET_NR_fadvise64, "fadvise64" , NULL, NULL, NULL }, #endif diff --git a/linux-user/syscall.c b/linux-user/syscall.c index d499cac1d5..e985ad167f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -9143,6 +9143,15 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1, unlock_user(p, arg2, 0); return ret; #endif +#if defined(TARGET_NR_faccessat2) + case TARGET_NR_faccessat2: + if (!(p = lock_user_string(arg2))) { + return -TARGET_EFAULT; + } + ret = get_errno(faccessat(arg1, p, arg3, arg4)); + unlock_user(p, arg2, 0); + return ret; +#endif #ifdef TARGET_NR_nice /* not on alpha */ case TARGET_NR_nice: return get_errno(nice(arg1)); -- cgit v1.2.3-55-g7522 From bd5ccd61080abf976a6a6cc2d09d31299bea0cee Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Mon, 24 Oct 2022 22:18:09 +0200 Subject: linux-user: Add guest memory layout to exception dump When the emulation stops with a hard exception it's very useful for debugging purposes to dump the current guest memory layout (for an example see /proc/self/maps) beside the CPU registers. The open_self_maps() function provides such a memory dump, but since it's located in the syscall.c file, various changes (add #includes, make this function externally visible, ...) are needed to be able to call it from the existing EXCP_DUMP() macro. This patch takes another approach by re-defining EXCP_DUMP() to call target_exception_dump(), which is in syscall.c, consolidates the log print functions and allows to add the call to dump the memory layout. Beside a reduced code footprint, this approach keeps the changes across the various callers minimal, and keeps EXCP_DUMP() highlighted as important macro/function. Signed-off-by: Helge Deller Reviewed-by: Richard Henderson Message-Id: [lv: remove pc declaration and setting] Signed-off-by: Laurent Vivier --- linux-user/cpu_loop-common.h | 15 +++------------ linux-user/i386/cpu_loop.c | 6 ++---- linux-user/syscall.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 16 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/cpu_loop-common.h b/linux-user/cpu_loop-common.h index 36ff5b14f2..e644d2ef90 100644 --- a/linux-user/cpu_loop-common.h +++ b/linux-user/cpu_loop-common.h @@ -23,18 +23,9 @@ #include "exec/log.h" #include "special-errno.h" -#define EXCP_DUMP(env, fmt, ...) \ -do { \ - CPUState *cs = env_cpu(env); \ - fprintf(stderr, fmt , ## __VA_ARGS__); \ - fprintf(stderr, "Failing executable: %s\n", exec_path); \ - cpu_dump_state(cs, stderr, 0); \ - if (qemu_log_separate()) { \ - qemu_log(fmt, ## __VA_ARGS__); \ - qemu_log("Failing executable: %s\n", exec_path); \ - log_cpu_state(cs, 0); \ - } \ -} while (0) +void target_exception_dump(CPUArchState *env, const char *fmt, int code); +#define EXCP_DUMP(env, fmt, code) \ + target_exception_dump(env, fmt, code) void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs); #endif diff --git a/linux-user/i386/cpu_loop.c b/linux-user/i386/cpu_loop.c index 42837399bc..865413c08f 100644 --- a/linux-user/i386/cpu_loop.c +++ b/linux-user/i386/cpu_loop.c @@ -201,7 +201,6 @@ void cpu_loop(CPUX86State *env) { CPUState *cs = env_cpu(env); int trapnr; - abi_ulong pc; abi_ulong ret; for(;;) { @@ -307,9 +306,8 @@ void cpu_loop(CPUX86State *env) cpu_exec_step_atomic(cs); break; default: - pc = env->segs[R_CS].base + env->eip; - EXCP_DUMP(env, "qemu: 0x%08lx: unhandled CPU exception 0x%x - aborting\n", - (long)pc, trapnr); + EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", + trapnr); abort(); } process_pending_signals(env); diff --git a/linux-user/syscall.c b/linux-user/syscall.c index e985ad167f..8402c1399d 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -183,6 +183,7 @@ struct file_clone_range { #include "qapi/error.h" #include "fd-trans.h" #include "tcg/tcg.h" +#include "cpu_loop-common.h" #ifndef CLONE_IO #define CLONE_IO 0x80000000 /* Clone io context */ @@ -8169,6 +8170,33 @@ static int is_proc_myself(const char *filename, const char *entry) return 0; } +static void excp_dump_file(FILE *logfile, CPUArchState *env, + const char *fmt, int code) +{ + if (logfile) { + CPUState *cs = env_cpu(env); + + fprintf(logfile, fmt, code); + fprintf(logfile, "Failing executable: %s\n", exec_path); + cpu_dump_state(cs, logfile, 0); + open_self_maps(env, fileno(logfile)); + } +} + +void target_exception_dump(CPUArchState *env, const char *fmt, int code) +{ + /* dump to console */ + excp_dump_file(stderr, env, fmt, code); + + /* dump to log file */ + if (qemu_log_separate()) { + FILE *logfile = qemu_log_trylock(); + + excp_dump_file(logfile, env, fmt, code); + qemu_log_unlock(logfile); + } +} + #if HOST_BIG_ENDIAN != TARGET_BIG_ENDIAN || \ defined(TARGET_SPARC) || defined(TARGET_M68K) || defined(TARGET_HPPA) static int is_proc(const char *filename, const char *entry) -- cgit v1.2.3-55-g7522