[PULL v3 00/20] tcg patch queue

Richard Henderson posted 20 patches 5 months ago
include/elf.h                     |   1 +
include/exec/cpu-common.h         |   1 +
include/exec/exec-all.h           |  89 ++++++++----------------
include/exec/translator.h         |  96 ++++++++++++++++---------
linux-user/arm/target_cpu.h       |   4 +-
linux-user/qemu.h                 |   1 +
accel/tcg/cpu-exec.c              | 143 ++++++++++++++++++++------------------
accel/tcg/cputlb.c                |  93 +++++++------------------
accel/tcg/translate-all.c         |  29 ++++----
accel/tcg/translator.c            | 135 ++++++++++++++++++++++++++---------
accel/tcg/user-exec.c             |  17 ++++-
linux-user/elfload.c              |  82 ++++++++++++++++++++--
linux-user/mmap.c                 |   6 +-
softmmu/physmem.c                 |  12 ++++
target/alpha/translate.c          |   5 +-
target/arm/translate.c            |   5 +-
target/avr/translate.c            |   5 +-
target/cris/translate.c           |   5 +-
target/hexagon/translate.c        |   6 +-
target/hppa/translate.c           |   5 +-
target/i386/tcg/translate.c       |  71 +++++++++++--------
target/loongarch/translate.c      |   6 +-
target/m68k/translate.c           |   5 +-
target/microblaze/translate.c     |   5 +-
target/mips/tcg/translate.c       |   5 +-
target/nios2/translate.c          |   5 +-
target/openrisc/translate.c       |   6 +-
target/ppc/translate.c            |   5 +-
target/riscv/translate.c          |  32 +++++++--
target/rx/translate.c             |   5 +-
target/s390x/tcg/translate.c      |  20 ++++--
target/sh4/translate.c            |   5 +-
target/sparc/translate.c          |   5 +-
target/tricore/translate.c        |   6 +-
target/xtensa/translate.c         |   6 +-
tests/tcg/i386/test-i386.c        |   2 +-
tests/tcg/riscv64/noexec.c        |  79 +++++++++++++++++++++
tests/tcg/s390x/noexec.c          | 106 ++++++++++++++++++++++++++++
tests/tcg/x86_64/noexec.c         |  75 ++++++++++++++++++++
tests/tcg/multiarch/noexec.c.inc  | 139 ++++++++++++++++++++++++++++++++++++
tests/tcg/riscv64/Makefile.target |   1 +
tests/tcg/s390x/Makefile.target   |   1 +
tests/tcg/x86_64/Makefile.target  |   3 +-
43 files changed, 966 insertions(+), 367 deletions(-)
create mode 100644 tests/tcg/riscv64/noexec.c
create mode 100644 tests/tcg/s390x/noexec.c
create mode 100644 tests/tcg/x86_64/noexec.c
create mode 100644 tests/tcg/multiarch/noexec.c.inc
[PULL v3 00/20] tcg patch queue
Posted by Richard Henderson 5 months ago
v2: Fix incorretly resolved rebase conflict in patch 16.
v3: Work around clang preprocessor bug in patch 3.


r~


The following changes since commit fd28528ece590dc709d1a893fce2ff2f68ddca70:

  Merge tag 'pull-or1k-20220904' of https://github.com/stffrdhrn/qemu into staging (2022-09-05 18:01:02 -0400)

are available in the Git repository at:

  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220906

for you to fetch changes up to 00c07344fa245b22e895b363320ba4cd0ec1088a:

  target/riscv: Make translator stop before the end of a page (2022-09-06 08:04:26 +0100)

----------------------------------------------------------------
Respect PROT_EXEC in user-only mode.
Fix s390x, i386 and riscv for translations crossing a page.

----------------------------------------------------------------
Ilya Leoshkevich (4):
      linux-user: Clear translations on mprotect()
      accel/tcg: Introduce is_same_page()
      target/s390x: Make translator stop before the end of a page
      target/i386: Make translator stop before the end of a page

Richard Henderson (16):
      linux-user/arm: Mark the commpage executable
      linux-user/hppa: Allocate page zero as a commpage
      linux-user/x86_64: Allocate vsyscall page as a commpage
      linux-user: Honor PT_GNU_STACK
      tests/tcg/i386: Move smc_code2 to an executable section
      accel/tcg: Properly implement get_page_addr_code for user-only
      accel/tcg: Unlock mmap_lock after longjmp
      accel/tcg: Make tb_htable_lookup static
      accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
      accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp
      accel/tcg: Document the faulting lookup in tb_lookup_cmp
      accel/tcg: Remove translator_ldsw
      accel/tcg: Add pc and host_pc params to gen_intermediate_code
      accel/tcg: Add fast path for translator_ld*
      target/riscv: Add MAX_INSN_LEN and insn_len
      target/riscv: Make translator stop before the end of a page

 include/elf.h                     |   1 +
 include/exec/cpu-common.h         |   1 +
 include/exec/exec-all.h           |  89 ++++++++----------------
 include/exec/translator.h         |  96 ++++++++++++++++---------
 linux-user/arm/target_cpu.h       |   4 +-
 linux-user/qemu.h                 |   1 +
 accel/tcg/cpu-exec.c              | 143 ++++++++++++++++++++------------------
 accel/tcg/cputlb.c                |  93 +++++++------------------
 accel/tcg/translate-all.c         |  29 ++++----
 accel/tcg/translator.c            | 135 ++++++++++++++++++++++++++---------
 accel/tcg/user-exec.c             |  17 ++++-
 linux-user/elfload.c              |  82 ++++++++++++++++++++--
 linux-user/mmap.c                 |   6 +-
 softmmu/physmem.c                 |  12 ++++
 target/alpha/translate.c          |   5 +-
 target/arm/translate.c            |   5 +-
 target/avr/translate.c            |   5 +-
 target/cris/translate.c           |   5 +-
 target/hexagon/translate.c        |   6 +-
 target/hppa/translate.c           |   5 +-
 target/i386/tcg/translate.c       |  71 +++++++++++--------
 target/loongarch/translate.c      |   6 +-
 target/m68k/translate.c           |   5 +-
 target/microblaze/translate.c     |   5 +-
 target/mips/tcg/translate.c       |   5 +-
 target/nios2/translate.c          |   5 +-
 target/openrisc/translate.c       |   6 +-
 target/ppc/translate.c            |   5 +-
 target/riscv/translate.c          |  32 +++++++--
 target/rx/translate.c             |   5 +-
 target/s390x/tcg/translate.c      |  20 ++++--
 target/sh4/translate.c            |   5 +-
 target/sparc/translate.c          |   5 +-
 target/tricore/translate.c        |   6 +-
 target/xtensa/translate.c         |   6 +-
 tests/tcg/i386/test-i386.c        |   2 +-
 tests/tcg/riscv64/noexec.c        |  79 +++++++++++++++++++++
 tests/tcg/s390x/noexec.c          | 106 ++++++++++++++++++++++++++++
 tests/tcg/x86_64/noexec.c         |  75 ++++++++++++++++++++
 tests/tcg/multiarch/noexec.c.inc  | 139 ++++++++++++++++++++++++++++++++++++
 tests/tcg/riscv64/Makefile.target |   1 +
 tests/tcg/s390x/Makefile.target   |   1 +
 tests/tcg/x86_64/Makefile.target  |   3 +-
 43 files changed, 966 insertions(+), 367 deletions(-)
 create mode 100644 tests/tcg/riscv64/noexec.c
 create mode 100644 tests/tcg/s390x/noexec.c
 create mode 100644 tests/tcg/x86_64/noexec.c
 create mode 100644 tests/tcg/multiarch/noexec.c.inc
Re: [PULL v3 00/20] tcg patch queue
Posted by Stefan Hajnoczi 5 months ago
Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.2 for any user-visible changes.
Re: [PULL v3 00/20] tcg patch queue
Posted by Thomas Huth 4 months, 3 weeks ago
On 06/09/2022 10.37, Richard Henderson wrote:
> v2: Fix incorretly resolved rebase conflict in patch 16.
> v3: Work around clang preprocessor bug in patch 3.
> 
> 
> r~
> 
> 
> The following changes since commit fd28528ece590dc709d1a893fce2ff2f68ddca70:
> 
>    Merge tag 'pull-or1k-20220904' of https://github.com/stffrdhrn/qemu into staging (2022-09-05 18:01:02 -0400)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220906
> 
> for you to fetch changes up to 00c07344fa245b22e895b363320ba4cd0ec1088a:
> 
>    target/riscv: Make translator stop before the end of a page (2022-09-06 08:04:26 +0100)
> 
> ----------------------------------------------------------------
> Respect PROT_EXEC in user-only mode.
> Fix s390x, i386 and riscv for translations crossing a page.
> 
> ----------------------------------------------------------------
> Ilya Leoshkevich (4):
>        linux-user: Clear translations on mprotect()
>        accel/tcg: Introduce is_same_page()
>        target/s390x: Make translator stop before the end of a page
>        target/i386: Make translator stop before the end of a page
> 
> Richard Henderson (16):
>        linux-user/arm: Mark the commpage executable
>        linux-user/hppa: Allocate page zero as a commpage
>        linux-user/x86_64: Allocate vsyscall page as a commpage
>        linux-user: Honor PT_GNU_STACK
>        tests/tcg/i386: Move smc_code2 to an executable section
>        accel/tcg: Properly implement get_page_addr_code for user-only
>        accel/tcg: Unlock mmap_lock after longjmp
>        accel/tcg: Make tb_htable_lookup static
>        accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
>        accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp
>        accel/tcg: Document the faulting lookup in tb_lookup_cmp
>        accel/tcg: Remove translator_ldsw
>        accel/tcg: Add pc and host_pc params to gen_intermediate_code
>        accel/tcg: Add fast path for translator_ld*
>        target/riscv: Add MAX_INSN_LEN and insn_len
>        target/riscv: Make translator stop before the end of a page

  Hi Richard!

Since your pull request has been merged, the Travis CI now constantly shows 
a failure, see:

  https://app.travis-ci.com/gitlab/qemu-project/qemu/builds/255231855

The previous runs were all green, so I assume this has been introduced by 
one of the patches in here. Could you please have a look?

  Thanks,
   Thomas
Re: [PULL v3 00/20] tcg patch queue
Posted by Ilya Leoshkevich 4 months, 3 weeks ago
On Tue, 2022-09-20 at 12:27 +0200, Thomas Huth wrote:
> On 06/09/2022 10.37, Richard Henderson wrote:
> > v2: Fix incorretly resolved rebase conflict in patch 16.
> > v3: Work around clang preprocessor bug in patch 3.
> > 
> > 
> > r~
> > 
> > 
> > The following changes since commit
> > fd28528ece590dc709d1a893fce2ff2f68ddca70:
> > 
> >    Merge tag 'pull-or1k-20220904' of
> > https://github.com/stffrdhrn/qemu into staging (2022-09-05 18:01:02
> > -0400)
> > 
> > are available in the Git repository at:
> > 
> >    https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220906
> > 
> > for you to fetch changes up to
> > 00c07344fa245b22e895b363320ba4cd0ec1088a:
> > 
> >    target/riscv: Make translator stop before the end of a page
> > (2022-09-06 08:04:26 +0100)
> > 
> > ----------------------------------------------------------------
> > Respect PROT_EXEC in user-only mode.
> > Fix s390x, i386 and riscv for translations crossing a page.
> > 
> > ----------------------------------------------------------------
> > Ilya Leoshkevich (4):
> >        linux-user: Clear translations on mprotect()
> >        accel/tcg: Introduce is_same_page()
> >        target/s390x: Make translator stop before the end of a page
> >        target/i386: Make translator stop before the end of a page
> > 
> > Richard Henderson (16):
> >        linux-user/arm: Mark the commpage executable
> >        linux-user/hppa: Allocate page zero as a commpage
> >        linux-user/x86_64: Allocate vsyscall page as a commpage
> >        linux-user: Honor PT_GNU_STACK
> >        tests/tcg/i386: Move smc_code2 to an executable section
> >        accel/tcg: Properly implement get_page_addr_code for user-
> > only
> >        accel/tcg: Unlock mmap_lock after longjmp
> >        accel/tcg: Make tb_htable_lookup static
> >        accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
> >        accel/tcg: Use probe_access_internal for softmmu
> > get_page_addr_code_hostp
> >        accel/tcg: Document the faulting lookup in tb_lookup_cmp
> >        accel/tcg: Remove translator_ldsw
> >        accel/tcg: Add pc and host_pc params to
> > gen_intermediate_code
> >        accel/tcg: Add fast path for translator_ld*
> >        target/riscv: Add MAX_INSN_LEN and insn_len
> >        target/riscv: Make translator stop before the end of a page
> 
>   Hi Richard!
> 
> Since your pull request has been merged, the Travis CI now constantly
> shows 
> a failure, see:
> 
>   https://app.travis-ci.com/gitlab/qemu-project/qemu/builds/255231855
> 
> The previous runs were all green, so I assume this has been
> introduced by 
> one of the patches in here. Could you please have a look?
> 
>   Thanks,
>    Thomas
> 

The reason seems to be that vstl instruction (used by libc's memcpy)
is not treated as a write for purposes of self-modifying-code
detection. This causes qemu to incorrectly forward SEGV to the guest
program.

I will prepare a patch.