1

I'm using QEMU to simulate an ARM11 CPU.

My program is too complicated to explain here, so i'll project the issue into a simpler program. So my program contains 2 c files:

  • main.c
  • some_code.c

I'm compiling some_code.c (into some_code.o) and then i convert it to an HEX array variable, which represents the code of some_code.c.

Now i'm linking both object files (main.o & some_code.o). This variable (HEX array variable) is located at the DATA segment.

Now I’m calling from the code in main.c to the HEX array variable (my intention is that at this point the code of some_code.c will start executing). When the Program Counter (PC) reach the HEX array variable, it gets an exception (i don't have more details about the exception).

If i copy this HEX array variable from DATA section to CODE section, now when the PC reach this line, it is successfully able to step it without exception.

So my questions are:

  • Does QEMU have restriction on executing a command from DATA section?
  • If so, how can i disable this restriction?

Thanks in advanced,

Omri

OmriR
  • 13
  • 3
  • 1
    I doubt that QEMU would have something like that, it should just be a hardware emulator (but I don't really know). More interesting to know would be if you're running your program directly on the "hardware", or using some kind of operating system, or even a program loader which tags memory pages as requested by the segments in the executable file? – Some programmer dude Sep 10 '15 at 11:38

2 Answers2

1

It will be a combination of the linker and the operating system. It is likely that the linker marks the data section as "data" and the loader will then create an area of memory without execute privilege on it to contain the data. This is a feature of the hardware QEMU is emulating, not QEMU itself i.e. if you were running this on a real machine, you would see the same problem.

It will be possible to change the data section to be executable, but the details will depend on which OS you are running and what compiler toolchain you are using. Any interpreter that has a JIT compiler must do something similar.

Note that, in general, it is considered to be bad practice to make the data section executable because that can lead to all sorts of security exploits.

JeremyP
  • 84,577
  • 15
  • 123
  • 161
  • First, Thanks for your fast response! So you're saying that it is not QEMU issue, but ARM issue? (as QEMU simulated ARM) If so, do you know how to disable this feature in ARM? BTW: I'm running with ThreadX over ARM (over QEMU), with RVDS toolchain. – OmriR Sep 10 '15 at 12:35
  • It's not an issue at all, it's a feature :) But it is a feature of ARM (and many other processor architectures). I'm sure it is possible to disable the feature, but I'm not familiar with your OS or toolchain – JeremyP Sep 10 '15 at 12:41
  • 1
    It is by design, why would someone normally want to execute in .data, other than to hack or do bad things (yes there are other reasons), so the os protects you from that. If you want/need to then you need to ask the os and it is a combination if the OS and the hardware (processor, etc) as to how to release that protection. Details for each os+hardware are different but the overall concept is the same here is the space you can execute in and here is the space you can do data operations in, other than that we stop you. – old_timer Sep 10 '15 at 13:21
1

If I understand your description correctly, then you aren't running into a restriction of QEMU, but into a restriction of the CPU that it's emulating. QEMU doesn't know anything about data sections and code sections, but the operating system that you run in QEMU does.

Most OSes set up the code and data sections with different permissions: code is normally readable and executable but not writable, read-only data is readable but not executable or writable, and mutable data is readable and writable but not executable.

The CPU enforces read, write and execution permissions through flags in the MMU descriptors. On ARM, the execution permission is controlled by the XN bit in the page descriptor, present since ARMv6.

If you want to have executable data (for example for a just-in-time compiler, or a dynamic code loading mechanism), you need to figure out how to instruct your operating system to make memory executable.

Gilles 'SO- stop being evil'
  • 104,111
  • 38
  • 209
  • 254