Re: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on

From:	Ilya Leoshkevich
Subject:	Re: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on mprotect()
Date:	Wed, 31 Aug 2022 01:17:56 +0200
User-agent:	Evolution 3.42.4 (3.42.4-2.fc35)

On Tue, 2022-08-23 at 15:05 -0700, Richard Henderson wrote:
> From: Ilya Leoshkevich <iii@linux.ibm.com>
> 
> Currently it's possible to execute pages that do not have PAGE_EXEC
> if there is an existing translation block. Fix by clearing
> tb_jmp_cache
> and invalidating TBs, which forces recheck of permission bits.
> 
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> Message-Id: <20220817150506.592862-2-iii@linux.ibm.com>
> [rth: Invalidate is required -- e.g. riscv fallthrough cross test]
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> 
> fixup mprotect
> ---
>  linux-user/mmap.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index 048c4135af..e9dc8848be 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -115,6 +115,7 @@ int target_mprotect(abi_ulong start, abi_ulong
> len, int target_prot)
>  {
>      abi_ulong end, host_start, host_end, addr;
>      int prot1, ret, page_flags, host_prot;
> +    CPUState *cpu;
>  
>      trace_target_mprotect(start, len, target_prot);
>  
> @@ -177,7 +178,14 @@ int target_mprotect(abi_ulong start, abi_ulong
> len, int target_prot)
>              goto error;
>          }
>      }
> +
>      page_set_flags(start, start + len, page_flags);
> +    tb_invalidate_phys_range(start, start + len);
> +
> +    CPU_FOREACH(cpu) {
> +        cpu_tb_jmp_cache_clear(cpu);
> +    }
> +
>      mmap_unlock();
>      return 0;
>  error:

I think adding tb_invalidate_phys_range() obviates the need for
cpu_tb_jmp_cache_clear()? The lookup may still find an invalidated tb,
but it will have CF_INVALID set.

The following worked for me:

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index e9dc8848bed..b58e3eeb198 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -115,7 +115,6 @@ int target_mprotect(abi_ulong start, abi_ulong len,
int target_prot)
 {
     abi_ulong end, host_start, host_end, addr;
     int prot1, ret, page_flags, host_prot;
-    CPUState *cpu;
 
     trace_target_mprotect(start, len, target_prot);
 
@@ -182,10 +181,6 @@ int target_mprotect(abi_ulong start, abi_ulong
len, int target_prot)
     page_set_flags(start, start + len, page_flags);
     tb_invalidate_phys_range(start, start + len);
 
-    CPU_FOREACH(cpu) {
-        cpu_tb_jmp_cache_clear(cpu);
-    }
-
     mmap_unlock();
     return 0;
 error:

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v7 00/20] linux-user: Fix siginfo_t contents when jumping to non-readable pages, Richard Henderson, 2022/08/23
- [PATCH v7 01/20] linux-user/arm: Mark the commpage executable, Richard Henderson, 2022/08/23
- [PATCH v7 02/20] linux-user/hppa: Allocate page zero as a commpage, Richard Henderson, 2022/08/23
- [PATCH v7 03/20] linux-user/x86_64: Allocate vsyscall page as a commpage, Richard Henderson, 2022/08/23
- [PATCH v7 04/20] linux-user: Honor PT_GNU_STACK, Richard Henderson, 2022/08/23
- [PATCH v7 06/20] tests/tcg/i386: Move smc_code2 to an executable section, Richard Henderson, 2022/08/23
- [PATCH v7 07/20] accel/tcg: Introduce is_same_page(), Richard Henderson, 2022/08/23
- [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on mprotect(), Richard Henderson, 2022/08/23
  - Re: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on mprotect(), Ilya Leoshkevich <=
- [PATCH v7 09/20] accel/tcg: Unlock mmap_lock after longjmp, Richard Henderson, 2022/08/23
- [PATCH v7 10/20] accel/tcg: Make tb_htable_lookup static, Richard Henderson, 2022/08/23
- [PATCH v7 08/20] accel/tcg: Properly implement get_page_addr_code for user-only, Richard Henderson, 2022/08/23
- [PATCH v7 11/20] accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c, Richard Henderson, 2022/08/23
- [PATCH v7 13/20] accel/tcg: Document the faulting lookup in tb_lookup_cmp, Richard Henderson, 2022/08/23
  - Re: [PATCH v7 13/20] accel/tcg: Document the faulting lookup in tb_lookup_cmp, Ilya Leoshkevich, 2022/08/30
- [PATCH v7 12/20] accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp, Richard Henderson, 2022/08/23
- [PATCH v7 14/20] accel/tcg: Remove translator_ldsw, Richard Henderson, 2022/08/23
- [PATCH v7 15/20] accel/tcg: Add pc and host_pc params to gen_intermediate_code, Richard Henderson, 2022/08/23
- [PATCH v7 16/20] accel/tcg: Add fast path for translator_ld*, Richard Henderson, 2022/08/23

Prev by Date: Re: [PATCH v7 13/20] accel/tcg: Document the faulting lookup in tb_lookup_cmp
Next by Date: Re: [PATCH] target/sh4: Fix TB_FLAG_UNALIGN
Previous by thread: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on mprotect()
Next by thread: [PATCH v7 09/20] accel/tcg: Unlock mmap_lock after longjmp
Index(es):
- Date
- Thread