[0/5] tcg: Fix mmap_lock assertion failure, take 2

Message ID	20190709092049.13771-1-richard.henderson@linaro.org
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Richard Henderson <richard.henderson@linaro.org> To: qemu-devel@nongnu.org Date: Tue, 9 Jul 2019 11:20:44 +0200 Message-Id: <20190709092049.13771-1-richard.henderson@linaro.org> Subject: [Qemu-devel] [PATCH 0/5] tcg: Fix mmap_lock assertion failure, take 2 Precedence: list Cc: lvivier@redhat.com, peter.maydell@linaro.org, alex.bennee@linaro.org, pbonzini@redhat.com Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Series	tcg: Fix mmap_lock assertion failure, take 2 \| expand [0/5] tcg: Fix mmap_lock assertion failure, take 2 [1/5] include/qemu/atomic.h: Add signal_barrier [2/5] tcg: Introduce set/clear_helper_retaddr [3/5] tcg: Remove cpu_ld*_code_ra [4/5] tcg: Remove duplicate #if !defined(CODE_ACCESS) [5/5] tcg: Release mmap_lock on translation fault

Message ID

20190709092049.13771-1-richard.henderson@linaro.org

Headers

Received-SPF: pass (google.com: domain of
	qemu-devel-bounces+patch=linaro.org@nongnu.org designates
	209.51.188.17 as permitted sender) client-ip=209.51.188.17; 
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Date: Tue,  9 Jul 2019 11:20:44 +0200
Message-Id: <20190709092049.13771-1-richard.henderson@linaro.org>
Subject: [Qemu-devel] [PATCH 0/5] tcg: Fix mmap_lock assertion failure,
	take 2
Precedence: list
Cc: lvivier@redhat.com, peter.maydell@linaro.org, alex.bennee@linaro.org,
	pbonzini@redhat.com
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Series

tcg: Fix mmap_lock assertion failure, take 2 | expand

Message

Richard Henderson July 9, 2019, 9:20 a.m. UTC

While I could not replicate the failure Peter reported, the apparent
root cause -- the old magic fixed page -- should affect other guests
as well.  In particular, the old arm32 magic fixed page at 0xffff0f00,
and the hppa magic fixed page at 0.

In the arm32 and hppa cases that I just mentioned -- but notably not
the x86_64 case that Peter reported -- there is special-case code in
target/*/translate.c to handle those addresses without actually doing
the read from the unmapped address.

Therefore, until we fix these sort of address space representational
errors, we cannot even rely on page_check_range() to validate the
execute access.

Instead, modify the host signal handler to intercept this at SIGSEGV.
At this point we're sure that there is no guest special case that we
have overlooked, because we did attempt the read for execute.

Also, I noticed that we really ought to have some barriers around this
code to make sure that the modifications to helper_retaddr are in fact
visible to the host signal handler.

Also, some minor cleanups to the set of read functions that we expose
for use during translation.

Also, a trivial duplicated condition.


r~


Richard Henderson (5):
  include/qemu/atomic.h: Add signal_barrier
  tcg: Introduce set/clear_helper_retaddr
  tcg: Remove cpu_ld*_code_ra
  tcg: Remove duplicate #if !defined(CODE_ACCESS)
  tcg: Release mmap_lock on translation fault

 include/exec/cpu_ldst.h                   | 20 ++++++
 include/exec/cpu_ldst_useronly_template.h | 40 ++++++++----
 include/qemu/atomic.h                     | 11 ++++
 accel/tcg/user-exec.c                     | 76 ++++++++++++++++-------
 target/arm/helper-a64.c                   |  8 +--
 target/arm/sve_helper.c                   | 43 +++++++------
 6 files changed, 135 insertions(+), 63 deletions(-)

-- 
2.17.1

Comments

no-reply@patchew.org July 9, 2019, 11:04 a.m. UTC | #1

Patchew URL: https://patchew.org/QEMU/20190709092049.13771-1-richard.henderson@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190709092049.13771-1-richard.henderson@linaro.org
Subject: [Qemu-devel] [PATCH 0/5] tcg: Fix mmap_lock assertion failure, take 2
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 - [tag update]      patchew/20190709092049.13771-1-richard.henderson@linaro.org -> patchew/20190709092049.13771-1-richard.henderson@linaro.org
Switched to a new branch 'test'
8e9e968 tcg: Release mmap_lock on translation fault
985478b tcg: Remove duplicate #if !defined(CODE_ACCESS)
34999be tcg: Remove cpu_ld*_code_ra
8fb8bbc tcg: Introduce set/clear_helper_retaddr
e581a29 include/qemu/atomic.h: Add signal_barrier

=== OUTPUT BEGIN ===
1/5 Checking commit e581a29ee379 (include/qemu/atomic.h: Add signal_barrier)
2/5 Checking commit 8fb8bbc8fad6 (tcg: Introduce set/clear_helper_retaddr)
3/5 Checking commit 34999be96896 (tcg: Remove cpu_ld*_code_ra)
4/5 Checking commit 985478b1b086 (tcg: Remove duplicate #if !defined(CODE_ACCESS))
5/5 Checking commit 8e9e9683a62a (tcg: Release mmap_lock on translation fault)
ERROR: trailing whitespace
#78: FILE: accel/tcg/user-exec.c:103:
+         * $

total: 1 errors, 0 warnings, 120 lines checked

Patch 5/5 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190709092049.13771-1-richard.henderson@linaro.org/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com