[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on
From: |
Ilya Leoshkevich |
Subject: |
Re: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on mprotect() |
Date: |
Wed, 31 Aug 2022 01:17:56 +0200 |
User-agent: |
Evolution 3.42.4 (3.42.4-2.fc35) |
On Tue, 2022-08-23 at 15:05 -0700, Richard Henderson wrote:
> From: Ilya Leoshkevich <iii@linux.ibm.com>
>
> Currently it's possible to execute pages that do not have PAGE_EXEC
> if there is an existing translation block. Fix by clearing
> tb_jmp_cache
> and invalidating TBs, which forces recheck of permission bits.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> Message-Id: <20220817150506.592862-2-iii@linux.ibm.com>
> [rth: Invalidate is required -- e.g. riscv fallthrough cross test]
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>
> fixup mprotect
> ---
> linux-user/mmap.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index 048c4135af..e9dc8848be 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -115,6 +115,7 @@ int target_mprotect(abi_ulong start, abi_ulong
> len, int target_prot)
> {
> abi_ulong end, host_start, host_end, addr;
> int prot1, ret, page_flags, host_prot;
> + CPUState *cpu;
>
> trace_target_mprotect(start, len, target_prot);
>
> @@ -177,7 +178,14 @@ int target_mprotect(abi_ulong start, abi_ulong
> len, int target_prot)
> goto error;
> }
> }
> +
> page_set_flags(start, start + len, page_flags);
> + tb_invalidate_phys_range(start, start + len);
> +
> + CPU_FOREACH(cpu) {
> + cpu_tb_jmp_cache_clear(cpu);
> + }
> +
> mmap_unlock();
> return 0;
> error:
I think adding tb_invalidate_phys_range() obviates the need for
cpu_tb_jmp_cache_clear()? The lookup may still find an invalidated tb,
but it will have CF_INVALID set.
The following worked for me:
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index e9dc8848bed..b58e3eeb198 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -115,7 +115,6 @@ int target_mprotect(abi_ulong start, abi_ulong len,
int target_prot)
{
abi_ulong end, host_start, host_end, addr;
int prot1, ret, page_flags, host_prot;
- CPUState *cpu;
trace_target_mprotect(start, len, target_prot);
@@ -182,10 +181,6 @@ int target_mprotect(abi_ulong start, abi_ulong
len, int target_prot)
page_set_flags(start, start + len, page_flags);
tb_invalidate_phys_range(start, start + len);
- CPU_FOREACH(cpu) {
- cpu_tb_jmp_cache_clear(cpu);
- }
-
mmap_unlock();
return 0;
error:
- [PATCH v7 00/20] linux-user: Fix siginfo_t contents when jumping to non-readable pages, Richard Henderson, 2022/08/23
- [PATCH v7 01/20] linux-user/arm: Mark the commpage executable, Richard Henderson, 2022/08/23
- [PATCH v7 02/20] linux-user/hppa: Allocate page zero as a commpage, Richard Henderson, 2022/08/23
- [PATCH v7 03/20] linux-user/x86_64: Allocate vsyscall page as a commpage, Richard Henderson, 2022/08/23
- [PATCH v7 04/20] linux-user: Honor PT_GNU_STACK, Richard Henderson, 2022/08/23
- [PATCH v7 06/20] tests/tcg/i386: Move smc_code2 to an executable section, Richard Henderson, 2022/08/23
- [PATCH v7 07/20] accel/tcg: Introduce is_same_page(), Richard Henderson, 2022/08/23
- [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on mprotect(), Richard Henderson, 2022/08/23
- Re: [PATCH v7 05/20] linux-user: Clear translations and tb_jmp_cache on mprotect(),
Ilya Leoshkevich <=
- [PATCH v7 09/20] accel/tcg: Unlock mmap_lock after longjmp, Richard Henderson, 2022/08/23
- [PATCH v7 10/20] accel/tcg: Make tb_htable_lookup static, Richard Henderson, 2022/08/23
- [PATCH v7 08/20] accel/tcg: Properly implement get_page_addr_code for user-only, Richard Henderson, 2022/08/23
- [PATCH v7 11/20] accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c, Richard Henderson, 2022/08/23
- [PATCH v7 13/20] accel/tcg: Document the faulting lookup in tb_lookup_cmp, Richard Henderson, 2022/08/23
- [PATCH v7 12/20] accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp, Richard Henderson, 2022/08/23
- [PATCH v7 14/20] accel/tcg: Remove translator_ldsw, Richard Henderson, 2022/08/23
- [PATCH v7 15/20] accel/tcg: Add pc and host_pc params to gen_intermediate_code, Richard Henderson, 2022/08/23
- [PATCH v7 16/20] accel/tcg: Add fast path for translator_ld*, Richard Henderson, 2022/08/23