[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] qmeu-arm SIGSEGV for self-modifying code
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] qmeu-arm SIGSEGV for self-modifying code |
Date: |
Wed, 20 Sep 2017 11:38:05 +0100 |
On 20 September 2017 at 11:21, Peter Maydell <address@hidden> wrote:
> On 20 September 2017 at 00:13, John Reiser <address@hidden> wrote:
>> [Moving here from https://bugzilla.redhat.com/show_bug.cgi?id=1493304 ]
>>
>> qemu-arm from qemu-user-2.10.0-1.fc27.x86_64 (thus emulating 32-bit ARM on
>> x86_64)
>> generates SIGSEGV when code modifies a never-previously executed instruction
>> that is on a writable page and is 848 bytes ahead of pc.
>> A real armv7l processor allows this and executes as desired.
>> Why the difference? How can it be changed? Where is the documentation?
>> The memory region in question is allocated via
>
>> mmap2(0xf7000000,228092,PROT_EXEC|PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0)
>> = 0xf7000000
>> [and not changed via mprotect()] and written once to contain:
>> =====
>> 0xf703704c:
>> ldr r2,mflg_here // pc+856
>> orr r2,r2,r3 @ modify the instruction
>> => str r2,mflg_here // pc+848 the faulting instruction
>>
>> [[snip about 848 bytes containing instructions only]]
>>
>> 0xf70373ac:
>> mflg_here: // The next instruction is re-written once.
>> orr r3,r3,#0 @ flags |= MAP_{PRIVATE|ANON} [QNX vs Linux]
>
> Is your guest program correctly performing the necessary cache
> maintenance operations
...wait, I think I misread your bug report. You get the SEGV
on the store to the code, before it even gets to trying to
execute it?
thanks
-- PMM