1. Patchew
  2. QEMU
  3. [PATCH v6 00/21] linux-user: Fix siginfo_t contents when jumping to non-readable pages
  4. View patch

[PATCH v6 05/21] linux-user: Clear translations and tb_jmp_cache on mprotect()

Richard Henderson posted 21 patches 3 years, 5 months ago
There is a newer version of this series
[PATCH v6 05/21] linux-user: Clear translations and tb_jmp_cache on mprotect()
Posted by Richard Henderson 3 years, 5 months ago 
From: Ilya Leoshkevich <iii@linux.ibm.com>

Currently it's possible to execute pages that do not have PAGE_EXEC
if there is an existing translation block. Fix by clearing tb_jmp_cache
and invalidating TBs, which forces recheck of permission bits.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220817150506.592862-2-iii@linux.ibm.com>
[rth: Invalidate is required -- e.g. riscv fallthrough cross test]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

fixup mprotect
---
 linux-user/mmap.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 048c4135af..e9dc8848be 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -115,6 +115,7 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot)
 {
     abi_ulong end, host_start, host_end, addr;
     int prot1, ret, page_flags, host_prot;
+    CPUState *cpu;
 
     trace_target_mprotect(start, len, target_prot);
 
@@ -177,7 +178,14 @@ int target_mprotect(abi_ulong start, abi_ulong len, int target_prot)
             goto error;
         }
     }
+
     page_set_flags(start, start + len, page_flags);
+    tb_invalidate_phys_range(start, start + len);
+
+    CPU_FOREACH(cpu) {
+        cpu_tb_jmp_cache_clear(cpu);
+    }
+
     mmap_unlock();
     return 0;
 error:
-- 
2.34.1

Patchew 2.1-devel-8c64711

© 2016 - 2026 Red Hat, Inc.