From patchwork Tue Jul 9 09:20:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 168730 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp8295172ilk; Tue, 9 Jul 2019 02:23:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqydEdlCrUnAoD16J9AouXryMoMFXbPMTGf4iMpThudUHuAbJGdRiN4fLciEiz/DDNuytpHt X-Received: by 2002:a17:906:ece7:: with SMTP id qt7mr20546499ejb.155.1562664183747; Tue, 09 Jul 2019 02:23:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562664183; cv=none; d=google.com; s=arc-20160816; b=Ts1+balUTGPzWrNd9ZivG3itDSq+UI8GtMrTmhLTOvhdsB59ZmB/EvPaCTifLG3eU1 UhbBOssgr+9GwgWorPr8xzP2Kz+5WOLSOXFBCC7eCIPYeWZ+q+u1Wltw3XAGaETRbnFY L1dgFTeVIms4tQazBQvryJmrlmnoR6dMx4UQma6KNCD9txMSN6EyI8gTN0zYorrqe7gH RfFBHXIn5uL7aJleDsQ3BO7d2clRWXvhr5p2FTe6v623Zzpf9JvEXztYxGgEu12+Zd6s 6X/uAsYKv3unh4H0QSyrKmzIkubMu5Z4ktUEBT60sQantVQDjaOwosNwYfxnCycT0d+T bQWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:message-id:date:to:from :dkim-signature; bh=aslcPXfLU1TSCE/SrDWJaSKWFbXWWjgh8Wz68TylcYE=; b=LXUMQx9C9YsB6qm0Bn0PMZFy9L3sb7jDjvG+8egE52CJxUd9oGSQ5v/qUXB4OrhijS ZPrlvicRrUwGySNM/16rH0OevDtar9XbSSXR9yPEKxvW1XV8pWMPNI+zxkDDiE6BBPlL 4JGldFcChIFPHT/5WtVHrc/L0nLDzUh5wcEP9DTq6hyB189oBMpeSubtA44BLdKh3BCx Wx1DcwhTIk/luiezkzezowV7AZ8xCv0pXjg1WNVPePaIZdiea+CSOEbQSTpK1A/jGYFp TnPSRJfNROYj2V7CRTQCp5ERpUEoNAjAeANvqGJoTdVgSs8frkjm34W+Fnsl64PrkCRd mAIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=qPv0t56E; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id j5si11860610ejb.211.2019.07.09.02.23.03 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Jul 2019 02:23:03 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=qPv0t56E; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:48074 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hkmL0-0000pt-OK for patch@linaro.org; Tue, 09 Jul 2019 05:23:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43368) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hkmJ5-0006le-IX for qemu-devel@nongnu.org; Tue, 09 Jul 2019 05:21:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hkmJ4-0001kA-FC for qemu-devel@nongnu.org; Tue, 09 Jul 2019 05:21:03 -0400 Received: from mail-io1-xd2d.google.com ([2607:f8b0:4864:20::d2d]:36957) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hkmJ4-0001hs-72 for qemu-devel@nongnu.org; Tue, 09 Jul 2019 05:21:02 -0400 Received: by mail-io1-xd2d.google.com with SMTP id q22so19833539iog.4 for ; Tue, 09 Jul 2019 02:21:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=aslcPXfLU1TSCE/SrDWJaSKWFbXWWjgh8Wz68TylcYE=; b=qPv0t56EOYDG4jB984oUtmrVo8l7wVc1yrMQanP/8YxnqZ53eGyPCvGUe3G/43KHh8 z9d5Wcha5CodNy0G7Dl9UXAo/WEeuDrxM9BYco3YTUnXd3iPzWU64Gj9Lu3rtl5fY4Qw 44RCOePcOz2wE/rikQIMEH3XHWrwiQQbBRBuRVabUyts4wnIEzg2wSKeQZBXhCWC2lfs BQcDJLtch8R8OdFy7VONfFuw1j5BEetPxtFtrytlqUpcdX8PdozX5ejGpDN9F4X977ju OP60OjNyOHXE3Yn4hiLpibcpZLB7ng/99wzPVI7BPLxwAMLMt2kLEUYVLeNw7fRXoqmR Z3Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=aslcPXfLU1TSCE/SrDWJaSKWFbXWWjgh8Wz68TylcYE=; b=nIeERY09+eNWHUxD++d32QS5xBk9J/UryNDrb2c6xr1CPouOnnr2nr3cTeNHYakQDk Jqti6VdNwq/UjzWrXmjjQ4f6mwGF1EbYP8bERyNf5lprrlI3J9iOCIkuFjdz5wtazpTE /N20uN0ZUp/ck11u8sab9rrBq8cdtxUUKpNrgrCVV/bLXt9RToHsaVgTqey/sxtHQxHo LMpfEW+uEfeilLqFD6TqrEFL90ANoptm9McDE7IDKjmrvwIe39o2B0yAuOZx3S/Myjrw 0x3EieP6L0EI7lHrMpsAXt05oRd3A8rgrRbnTkB0TnwHw/Yoj31bytJn7IkwF7FA/3cE fEYA== X-Gm-Message-State: APjAAAVjwDctFCm/7hsHMv0ihu+9xfP4I/y0J9+aacnp19/MkjkHKUCX tgdd+WN0i8jNYwQ6Qhk/grmgx5bnOC0= X-Received: by 2002:a6b:4101:: with SMTP id n1mr57157ioa.138.1562664060818; Tue, 09 Jul 2019 02:21:00 -0700 (PDT) Received: from localhost.localdomain ([172.56.12.212]) by smtp.gmail.com with ESMTPSA id c17sm17613817ioo.82.2019.07.09.02.20.56 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Tue, 09 Jul 2019 02:21:00 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Tue, 9 Jul 2019 11:20:44 +0200 Message-Id: <20190709092049.13771-1-richard.henderson@linaro.org> X-Mailer: git-send-email 2.17.1 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::d2d Subject: [Qemu-devel] [PATCH 0/5] tcg: Fix mmap_lock assertion failure, take 2 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lvivier@redhat.com, peter.maydell@linaro.org, alex.bennee@linaro.org, pbonzini@redhat.com Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" While I could not replicate the failure Peter reported, the apparent root cause -- the old magic fixed page -- should affect other guests as well. In particular, the old arm32 magic fixed page at 0xffff0f00, and the hppa magic fixed page at 0. In the arm32 and hppa cases that I just mentioned -- but notably not the x86_64 case that Peter reported -- there is special-case code in target/*/translate.c to handle those addresses without actually doing the read from the unmapped address. Therefore, until we fix these sort of address space representational errors, we cannot even rely on page_check_range() to validate the execute access. Instead, modify the host signal handler to intercept this at SIGSEGV. At this point we're sure that there is no guest special case that we have overlooked, because we did attempt the read for execute. Also, I noticed that we really ought to have some barriers around this code to make sure that the modifications to helper_retaddr are in fact visible to the host signal handler. Also, some minor cleanups to the set of read functions that we expose for use during translation. Also, a trivial duplicated condition. r~ Richard Henderson (5): include/qemu/atomic.h: Add signal_barrier tcg: Introduce set/clear_helper_retaddr tcg: Remove cpu_ld*_code_ra tcg: Remove duplicate #if !defined(CODE_ACCESS) tcg: Release mmap_lock on translation fault include/exec/cpu_ldst.h | 20 ++++++ include/exec/cpu_ldst_useronly_template.h | 40 ++++++++---- include/qemu/atomic.h | 11 ++++ accel/tcg/user-exec.c | 76 ++++++++++++++++------- target/arm/helper-a64.c | 8 +-- target/arm/sve_helper.c | 43 +++++++------ 6 files changed, 135 insertions(+), 63 deletions(-) -- 2.17.1