From patchwork Mon Jan 29 23:01:01 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 767429
Delivered-To: patch@linaro.org
Received: by 2002:adf:ee41:0:b0:33a:e5bd:fedd with SMTP id w1csp1116584wro;
 Mon, 29 Jan 2024 15:03:11 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFdjAVexxD6uDoslL1V+5B6PLsTLsYQIWOhVn0rxwY/MhSX9IbH+5NGba1rap5z90UMKHrk
X-Received: by 2002:a05:6808:1151:b0:3be:1b04:ee83 with SMTP id
 u17-20020a056808115100b003be1b04ee83mr6196812oiu.0.1706569391727;
 Mon, 29 Jan 2024 15:03:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1706569391; cv=none;
 d=google.com; s=arc-20160816;
 b=cop1gGcVcFVes7kF/MgdsrQjurPxswtRhCuhd1sACP0QRklo9p649obwpgfQzQCiUY
 tKQtuRtoNAX8OPMAhStPTe1Q7TWlYhaN45Wi+vFnsp6QlMeOBF76hYlPBpzVA1eUGDFV
 Zir96Y1NIHa54gH1nCIsv/Hxgm0IyLmYdrmq+EeXEZf6NMS6s9195hXFV4rSr/YPU3n7
 DvBWrxFgM/EMkQW4BD9zqEeYZI47maPiWkztBboKXDOxwzHhzDwkMxrrCy6o6ob+wmqT
 sXqbWmmzJtSXpPuafQNEsU4C2V4VAwD1VQQCrXlUAmYPIqeTwnMc3PUJbnunW7x+E+N3
 bldQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature;
 bh=5lOMiA1d/7RQJUfbMVKZZ3ZFzC3WxOo3rdXkjjDSQz4=;
 fh=o2XzhdKG+B45MJCghEfnYoypmHvLX2hd4SL6yXeiyXI=;
 b=HR6Z6OPX3jFjiZfsvquS9mJx/MxV+SEFRnLgW3js1Dvm7ex0p8zOph1ECRvh7vyCL3
 V+zzznBhNeWyJ3n0I6p7g2zF0312CAsJniQTFKpXg2EJbNQ1t+b6v8igQaL5SbFB7ZW8
 /X6DzKoX5ysdrmA6LFZKSkMg5ijO6HfW6YEmfBU8+aj3WDHo2vW25cNmfLKW95/ApvUE
 FOr1MWf17ge5uTfoWHCnt0fhB+FtoRzdBzOipMPQBcusiZDcgYiM6DXCkn+vh4T/sMLL
 qgBCD0r5li8bizCOwrzvLvt6uZK/Z7S6oE9V21jo6lB0FVxRsnpKwxbtu6cNiy/0D/cu
 itdg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=XT0LggRz;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 n22-20020a67e456000000b0046afe769aaasi993711vsm.479.2024.01.29.15.03.11
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 29 Jan 2024 15:03:11 -0800 (PST)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=XT0LggRz;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1rUae0-0006es-AG; Mon, 29 Jan 2024 18:02:24 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <richard.henderson@linaro.org>)
 id 1rUade-00062w-Ff
 for qemu-devel@nongnu.org; Mon, 29 Jan 2024 18:02:04 -0500
Received: from mail-pf1-x430.google.com ([2607:f8b0:4864:20::430])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <richard.henderson@linaro.org>)
 id 1rUada-0008Pd-B3
 for qemu-devel@nongnu.org; Mon, 29 Jan 2024 18:02:01 -0500
Received: by mail-pf1-x430.google.com with SMTP id
 d2e1a72fcca58-6ddcfbc5a5fso2733087b3a.2
 for <qemu-devel@nongnu.org>; Mon, 29 Jan 2024 15:01:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro.org; s=google; t=1706569310; x=1707174110; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=5lOMiA1d/7RQJUfbMVKZZ3ZFzC3WxOo3rdXkjjDSQz4=;
 b=XT0LggRzRrIApt+Q7m9N/WWu60TPCq1L7O0GtBJTPAYi1w4K5MZJvzQLKVeBZ4q32C
 QnoNfYpvsb3+2fgXUFwZZY90Kb1idoZjW1K2MiygHx9Q5zap3YyzjwoVsqp9Xi3X2sIJ
 Qq+6r6+0L7SnQYqMwaLeZNSc9DvtL/DhCTigYQ/opvKzLKAoroIcw87bws5l1vMAsk8V
 yB9i1GtMmNRPOdSMsTYLoH5x50LrZJTKNZAQkPr3GilKjbFp2vQlqioxFS7i/D992IKb
 dS0OX8/2z5aIVBYO5853YLNytKoitBBqPEC0Haosa09dTu7snCm5pNH+HzDgc89rR2G1
 o8ig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1706569310; x=1707174110;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=5lOMiA1d/7RQJUfbMVKZZ3ZFzC3WxOo3rdXkjjDSQz4=;
 b=Ybhyh6WF0tm8a44AGbwdM7QXdH7iXvK+X7xzFPb4SFTb8omErxNiFMS2/I9opV0k3D
 Jjg3ydL8yevWYkhIoZWtlUcgoMC8s3xNVCS8GKOb0wbRCndd9WcezB1BjqokI/SZvRdn
 6AGMpaHJvYr+MUdO4VIjidux6xm+aZPSboFSf/ZdggwLQu/4FfjtbAzXdQKCbuXrtE2s
 wIWTgRhMdwpxm4VSbPWz1qzMgA2h2fK400VOn+YqZmySdP2HuDWcsSnslTC9k/v0ss9/
 LTs+b3CWH3WTmsVLfXLXmvH7LZ6eBT4NyAswvxS6KaIwwbnKEqMYWw7iGJ53YessrK+e
 o28g==
X-Gm-Message-State: AOJu0YyrcesB8GPkFUfAxLCYHG/koeyWJCTZebbK4B7uBgTlcDDYzZCl
 D/ZWqdi+F0vgapSIMsLJ5zNFiTJ00wNgwvDdNZm6GJUTaJ5ePCIYKph9AqWKLKUX1FXouqkXhjK
 rKAM=
X-Received: by 2002:a62:cdcd:0:b0:6db:ca49:9ce3 with SMTP id
 o196-20020a62cdcd000000b006dbca499ce3mr5257249pfg.6.1706569310012;
 Mon, 29 Jan 2024 15:01:50 -0800 (PST)
Received: from stoup.. ([103.210.27.218]) by smtp.gmail.com with ESMTPSA id
 r10-20020aa78b8a000000b006ddcf56fb78sm6419368pfd.62.2024.01.29.15.01.48
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 29 Jan 2024 15:01:49 -0800 (PST)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Subject: [PULL 11/31] linux-user: Allow gdbstub to ignore page protection
Date: Tue, 30 Jan 2024 09:01:01 +1000
Message-Id: <20240129230121.8091-12-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240129230121.8091-1-richard.henderson@linaro.org>
References: <20240129230121.8091-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2607:f8b0:4864:20::430;
 envelope-from=richard.henderson@linaro.org; helo=mail-pf1-x430.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Ilya Leoshkevich <iii@linux.ibm.com>

gdbserver ignores page protection by virtue of using /proc/$pid/mem.
Teach qemu gdbstub to do this too. This will not work if /proc is not
mounted; accept this limitation.

One alternative is to temporarily grant the missing PROT_* bit, but
this is inherently racy. Another alternative is self-debugging with
ptrace(POKE), which will break if QEMU itself is being debugged - a
much more severe limitation.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20240129093410.3151-2-iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 cpu-target.c | 78 ++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 63 insertions(+), 15 deletions(-)

diff --git a/cpu-target.c b/cpu-target.c
index f6e07c3deb..958d63e882 100644
--- a/cpu-target.c
+++ b/cpu-target.c
@@ -382,6 +382,9 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
     vaddr l, page;
     void * p;
     uint8_t *buf = ptr;
+    ssize_t written;
+    int ret = -1;
+    int fd = -1;
 
     while (len > 0) {
         page = addr & TARGET_PAGE_MASK;
@@ -389,30 +392,75 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
         if (l > len)
             l = len;
         flags = page_get_flags(page);
-        if (!(flags & PAGE_VALID))
-            return -1;
+        if (!(flags & PAGE_VALID)) {
+            goto out_close;
+        }
         if (is_write) {
-            if (!(flags & PAGE_WRITE))
-                return -1;
+            if (flags & PAGE_WRITE) {
+                /* XXX: this code should not depend on lock_user */
+                p = lock_user(VERIFY_WRITE, addr, l, 0);
+                if (!p) {
+                    goto out_close;
+                }
+                memcpy(p, buf, l);
+                unlock_user(p, addr, l);
+            } else {
+                /* Bypass the host page protection using ptrace. */
+                if (fd == -1) {
+                    fd = open("/proc/self/mem", O_WRONLY);
+                    if (fd == -1) {
+                        goto out;
+                    }
+                }
+                /*
+                 * If there is a TranslationBlock and we weren't bypassing the
+                 * host page protection, the memcpy() above would SEGV,
+                 * ultimately leading to page_unprotect(). So invalidate the
+                 * translations manually. Both invalidation and pwrite() must
+                 * be under mmap_lock() in order to prevent the creation of
+                 * another TranslationBlock in between.
+                 */
+                mmap_lock();
+                tb_invalidate_phys_range(addr, addr + l - 1);
+                written = pwrite(fd, buf, l,
+                                 (off_t)(uintptr_t)g2h_untagged(addr));
+                mmap_unlock();
+                if (written != l) {
+                    goto out_close;
+                }
+            }
+        } else if (flags & PAGE_READ) {
             /* XXX: this code should not depend on lock_user */
-            if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
-                return -1;
-            memcpy(p, buf, l);
-            unlock_user(p, addr, l);
-        } else {
-            if (!(flags & PAGE_READ))
-                return -1;
-            /* XXX: this code should not depend on lock_user */
-            if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
-                return -1;
+            p = lock_user(VERIFY_READ, addr, l, 1);
+            if (!p) {
+                goto out_close;
+            }
             memcpy(buf, p, l);
             unlock_user(p, addr, 0);
+        } else {
+            /* Bypass the host page protection using ptrace. */
+            if (fd == -1) {
+                fd = open("/proc/self/mem", O_RDONLY);
+                if (fd == -1) {
+                    goto out;
+                }
+            }
+            if (pread(fd, buf, l,
+                      (off_t)(uintptr_t)g2h_untagged(addr)) != l) {
+                goto out_close;
+            }
         }
         len -= l;
         buf += l;
         addr += l;
     }
-    return 0;
+    ret = 0;
+out_close:
+    if (fd != -1) {
+        close(fd);
+    }
+out:
+    return ret;
 }
 #endif