mirror of https://gitlab.com/qemu-project/qemu
e2faabee78
Without this, we just dirty a single byte, and so if the caller writes more than one byte to the host memory then we won't have invalidated any translation blocks that start after the first byte and overlap those writes. In particular, AArch64's DC ZVA implementation uses probe_access (via probe_write), and so we don't invalidate the entire block, only the TB overlapping the first byte (and, in the unusual case an unaligned VA is given to the instruction, we also probe that specific address in order to get the right VA reported on an exception, so will invalidate a TB overlapping that address too). Since our IC IVAU implementation is a no-op for system emulation that relies on the softmmu already having detected self-modifying code via this mechanism, this means we have observably wrong behaviour when jumping to code that has been DC ZVA'ed. In practice this is an unusual thing for software to do, as in reality the OS will DC ZVA the page and the application will go and write actual instructions to it that aren't UDF #0, but you can write a test that clearly shows the faulty behaviour. For functions other than probe_access it's not clear what size to use when 0 is passed in. Arguably a size of 0 shouldn't dirty at all, since if you want to actually write then you should pass in a real size, but I have conservatively kept the implementation as dirtying the first byte in that case so as to avoid breaking any assumptions about that behaviour. Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com> Message-Id: <20231104031232.3246614-1-jrtc27@jrtc27.com> [rth: Move the dirtysize computation next to notdirty_write.] Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> |
||
|---|---|---|
| .. | ||
| atomic_common.c.inc | ||
| atomic_template.h | ||
| cpu-exec-common.c | ||
| cpu-exec.c | ||
| cputlb.c | ||
| debuginfo.c | ||
| debuginfo.h | ||
| icount-common.c | ||
| internal-common.h | ||
| internal-target.h | ||
| ldst_atomicity.c.inc | ||
| ldst_common.c.inc | ||
| meson.build | ||
| monitor.c | ||
| perf.c | ||
| perf.h | ||
| plugin-gen.c | ||
| plugin-helpers.h | ||
| tb-context.h | ||
| tb-hash.h | ||
| tb-jmp-cache.h | ||
| tb-maint.c | ||
| tcg-accel-ops-icount.c | ||
| tcg-accel-ops-icount.h | ||
| tcg-accel-ops-mttcg.c | ||
| tcg-accel-ops-mttcg.h | ||
| tcg-accel-ops-rr.c | ||
| tcg-accel-ops-rr.h | ||
| tcg-accel-ops.c | ||
| tcg-accel-ops.h | ||
| tcg-all.c | ||
| tcg-runtime-gvec.c | ||
| tcg-runtime.c | ||
| tcg-runtime.h | ||
| trace-events | ||
| trace.h | ||
| translate-all.c | ||
| translator.c | ||
| user-exec-stub.c | ||
| user-exec.c | ||