arm linux-user: bkpt insn doesn't cause SIGTRAP

Bug #1873898 reported by Peter Maydell on 2020-04-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

QEMU's 32-bit arm linux-user mode doesn't correctly turn guest BKPT insns into SIGTRAP signals. Test case:

===begin bkpt.c===
/* test bkpt insn */

#include <stdlib.h>
#include <stdio.h>

int main(void)
#ifdef __aarch64__
    __asm__ volatile("brk 0x42\n");
    __asm__ volatile("bkpt 0x42\n");
    return 0;

Compile with
$ arm-linux-gnueabihf-gcc -g -Wall -o bkpt-aa32 bkpt.c
$ aarch64-linux-gnu-gcc -g -Wall -o bkpt-aa64 bkpt.c

Contrast aarch64 which delivers the SIGTRAP and arm which doesn't:

$ qemu-aarch64 bkpt-aa64
qemu: uncaught target signal 5 (Trace/breakpoint trap) - core dumped
Trace/breakpoint trap (core dumped)
$ qemu-arm bkpt-aa32

This is because in linux-user/arm/cpu-loop.c we incorrectly treat EXCP_BKPT similarly to EXCP_SWI, which means that we actually perform a syscall (which one depends on what happens to be in r7...). This code has been like this (more or less) since commit 06c949e62a098f in 2006 which added BKPT in the first place. This is probably because at the time the same code path was used to handle both Linux syscalls and semihosting calls, and (on M profile) BKPT does imply a semihosting call. But these days we've moved handling of semihosting out to an entirely different codepath, so we can fix this bug by simply removing this handling of EXCP_BKPT and instead making it deliver a SIGTRAP like EXCP_DEBUG (as we do already on aarch64).

Peter Maydell (pmaydell) on 2020-04-20
Changed in qemu:
status: New → In Progress
Peter Maydell (pmaydell) wrote :

Should be fixed in current git, will be in 5.2.

Changed in qemu:
status: In Progress → Fix Committed
Thomas Huth (th-huth) wrote :
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers