Re: [Qemu-devel] [PATCH] linux-user: Fix stale tbs after mmap

[Alexander Graf]

On 07.05.2012, at 12:37, Peter Maydell wrote:

> On 7 May 2012 10:30, Alexander Graf <address@hidden> wrote:
>> @@ -587,6 +587,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
>> prot,
>>     page_dump(stdout);
>>     printf("\n");
>>  #endif
>> +    tb_invalidate_phys_page_range(start, start + len, 0);
>>     mmap_unlock();
>>     return start;
> 
> The comment at the top of tb_invalidate_phys_page_range() says
> "start and end must refer to the same physical page" -- is it
> out of date or does that not apply to user-mode?
> 
> Do you need to also invalidate the range on munmap() and
> mprotect-to-not-executable in order to correctly fault on
> the case of:
>  map something
>  execute it
>  unmap it
>  try to execute it again
> 
> ? (haven't tested that case but it seems like it might be an issue)

Yeah, the issue does exist:

#include <stdio.h>
#include <sys/mman.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>

static int foo(void)
{
    return 5;
}

int main(int argc, char **argv)
{
    void *p;
    int x;
    int (*f)(void);

    p = 
mmap(NULL,0x1000,PROT_EXEC|PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,0,0);
    if (!p) {
        printf("Error: mmap returned failure\n");
        exit(1);
    }
    memcpy(p, (void*)foo, 0x10);
    f = p;
    x = f();
    printf("returned %d\n", x);
    munmap(p, 0x1000);
    x = f();
    printf("returned %d\n", x);
}

-----

baur:/> ./test
returned 5
returned 5