[Qemu-devel] AArch64 ELF File Loading

[Qemu-devel] AArch64 ELF File Loading

[Christopher Covington]

Hi,

I think the AArch64 port has a problem with a self-modifying code sequence
that appears to run fine on other simulators, but I can't get QEMU to run the
small bare metal test case I created to try to reproduce the issue. Any help
would be appreciated.

qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
-d exec,in_asm /tmp/test-nooverwrite 2>&1 | less

qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000

qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
-d exec,in_asm -bios /tmp/test-nooverwrite 2>&1 | less

qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000

qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
-d exec,in_asm -kernel /tmp/test-nooverwrite 2>&1 | less

IN:
0x0000000040000000:  e3a00000      mov  r0, #0  ; 0x0
0x0000000040000004:  e59f1004      ldr  r1, [pc, #4]    ; 0x40000010
0x0000000040000008:  e59f2004      ldr  r2, [pc, #4]    ; 0x40000014
0x000000004000000c:  e59ff004      ldr  pc, [pc, #4]    ; 0x40000018

Trace 0x7f309f012000 [0000000040000000]

Note that the above are A32 instructions, but my ELF is A64 and this is not
the specified entry point.

aarch64-linux-gnu-readelf -h /tmp/test-nooverwrite
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           AArch64
  Version:                           0x1
  Entry point address:               0x80001140
  Start of program headers:          64 (bytes into file)
  Start of section headers:          186600 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         3
  Size of section headers:           64 (bytes)
  Number of section headers:         17
  Section header string table index: 14

To generate a test bare metal executable, you can download the
aarch64-none-elf toolchain from Linaro and:

echo '#include <stdio.h>

int main() {
  printf("Hello, world!\n");
  return 0;
}' > hello.c

aarch64-none-elf-gcc -specs=aem-ve.specs hello.c -o hello

Thanks,
Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.

Re: [Qemu-devel] AArch64 ELF File Loading

[Peter Maydell]

On 25 July 2014 15:01, Christopher Covington <cov@codeaurora.org> wrote:
> Hi,
>
> I think the AArch64 port has a problem with a self-modifying code sequence
> that appears to run fine on other simulators, but I can't get QEMU to run the
> small bare metal test case I created to try to reproduce the issue. Any help
> would be appreciated.
>
> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
> -d exec,in_asm /tmp/test-nooverwrite 2>&1 | less
>
> qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000
>
> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
> -d exec,in_asm -bios /tmp/test-nooverwrite 2>&1 | less
>
> qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000
>
> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
> -d exec,in_asm -kernel /tmp/test-nooverwrite 2>&1 | less

You haven't specified a CPU type, and virt defaults
to cortex-a15. Try "-cpu cortex-a57".

You haven't specified a memory size, and QEMU defaults
to 128MB, which (given the start address of RAM) means
there won't be any RAM at the load address you're trying to
load your test program at. Try "-m 3G", and/or make your
ELF file load at an address closer to the start of RAM.

thanks
-- PMM

Re: [Qemu-devel] AArch64 ELF File Loading

[Christopher Covington]

Hi Peter,

On 07/25/2014 10:07 AM, Peter Maydell wrote:
> On 25 July 2014 15:01, Christopher Covington <cov@codeaurora.org> wrote:
>> Hi,
>>
>> I think the AArch64 port has a problem with a self-modifying code sequence
>> that appears to run fine on other simulators, but I can't get QEMU to run the
>> small bare metal test case I created to try to reproduce the issue. Any help
>> would be appreciated.
>>
>> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
>> -d exec,in_asm /tmp/test-nooverwrite 2>&1 | less
>>
>> qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000
>>
>> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
>> -d exec,in_asm -bios /tmp/test-nooverwrite 2>&1 | less
>>
>> qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000
>>
>> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt -semihosting
>> -d exec,in_asm -kernel /tmp/test-nooverwrite 2>&1 | less
> 
> You haven't specified a CPU type, and virt defaults
> to cortex-a15. Try "-cpu cortex-a57".

That explains the A32 instructions.

> You haven't specified a memory size, and QEMU defaults
> to 128MB, which (given the start address of RAM) means
> there won't be any RAM at the load address you're trying to
> load your test program at. Try "-m 3G", and/or make your
> ELF file load at an address closer to the start of RAM.

Thanks for the suggestions.

aarch64-none-elf-gcc -specs=rdimon.specs -Ttext=0x40000000 hello.c -o hello

aarch64-none-elf-readelf -h hello

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           AArch64
  Version:                           0x1
  Entry point address:               0x40000158
  Start of program headers:          64 (bytes into file)
  Start of section headers:          157432 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         4
  Size of section headers:           64 (bytes)
  Number of section headers:         17
  Section header string table index: 14

qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt \
  -cpu cortex-a57 -m 3G -semihosting -kernel hello

qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000

Thanks,
Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.

Re: [Qemu-devel] AArch64 ELF File Loading

[Peter Maydell]

On 25 July 2014 15:35, Christopher Covington <cov@codeaurora.org> wrote:
> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt \
>   -cpu cortex-a57 -m 3G -semihosting -kernel hello
>
> qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000

This means your code took an exception (and there's
no RAM at the low address where the vector table is
by default). Try "-d in_asm,exec,int" to get a better idea
of what's being executed.

Also, where do you expect the output from that printf
to be going? Does your gcc/bare metal libc write to
the UART? How does it know what address the UART is?
If it's expecting to do semihosting for output, then you're
running into the fact that we don't implement semihosting
for AArch64 yet.

thanks
-- PMM

Re: [Qemu-devel] AArch64 ELF File Loading

[Christopher Covington]

Hi Peter,

On 07/25/2014 10:41 AM, Peter Maydell wrote:
> On 25 July 2014 15:35, Christopher Covington <cov@codeaurora.org> wrote:
>> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt \
>>   -cpu cortex-a57 -m 3G -semihosting -kernel hello
>>
>> qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000
> 
> This means your code took an exception (and there's
> no RAM at the low address where the vector table is
> by default). Try "-d in_asm,exec,int" to get a better idea
> of what's being executed.

qemu-system-aarch64 -nodefaults -nographic -monitor none \
  -M virt -cpu cortex-a57 -m 3G -semihosting -kernel hello \
  -d in_asm,exec,int

qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000

PC=0000000000000000  SP=0000000000000000
X00=0000000000000000 X01=0000000000000000 X02=0000000000000000 ...

The binary runs fine on at least one other simulator.

> Also, where do you expect the output from that printf
> to be going? Does your gcc/bare metal libc write to
> the UART? How does it know what address the UART is?
> If it's expecting to do semihosting for output, then you're
> running into the fact that we don't implement semihosting
> for AArch64 yet.

I have local patches adding semihosting for AArch64. I hope eventually be able
to share them and other changes, but the approvals will likely take a while
longer. Here is an example that doesn't use semihosting.

wget
http://releases.linaro.org/14.06/components/toolchain/binaries/gcc-linaro-aarch64-none-elf-4.9-2014.06-02_linux.tar.xz
tar xf gcc-linaro-aarch64-none-elf-4.9-2014.06-02_linux.tar.xz
echo '.global _start
_start:
  mrs x0, midr_el1
  b _start' > hello.S
gcc-linaro-aarch64-none-elf-4.9-2014.06-02_linux/bin/aarch64-none-elf-gcc \
  -nostdlib -Ttext=0x40000000 hello.S -o hello
qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt \
  -cpu cortex-a57 -m 3G -semihosting -kernel hello -d in_asm,exec,int

qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000

Thanks,
Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.

Re: [Qemu-devel] AArch64 ELF File Loading

[Peter Maydell]

On 25 July 2014 16:05, Christopher Covington <cov@codeaurora.org> wrote:
> I have local patches adding semihosting for AArch64. I hope eventually be able
> to share them and other changes, but the approvals will likely take a while
> longer.

That would be good; there is demand from other quarters for
semihosting support.

> wget
> http://releases.linaro.org/14.06/components/toolchain/binaries/gcc-linaro-aarch64-none-elf-4.9-2014.06-02_linux.tar.xz
> tar xf gcc-linaro-aarch64-none-elf-4.9-2014.06-02_linux.tar.xz
> echo '.global _start
> _start:
>   mrs x0, midr_el1
>   b _start' > hello.S
> gcc-linaro-aarch64-none-elf-4.9-2014.06-02_linux/bin/aarch64-none-elf-gcc \
>   -nostdlib -Ttext=0x40000000 hello.S -o hello
> qemu-system-aarch64 -nodefaults -nographic -monitor none -M virt \
>   -cpu cortex-a57 -m 3G -semihosting -kernel hello -d in_asm,exec,int
>
> qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000000000000

Doh. We never implemented the AArch64 support for
booting plain ELF files in hw/arm/boot.c:do_cpu_reset().
Patch coming up in a second; with that I can see via
the gdbstub that we're going round the loop in the guest code.

thanks
-- PMM