From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Richard Henderson <richard.henderson@linaro.org>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>
Subject: Re: [PATCH RFC 1/1] tcg: Always pass the full write size to notdirty_write()
Date: Tue, 08 Aug 2023 11:59:30 +0200 [thread overview]
Message-ID: <309ee7ed61a0185c687ae184692198b3c2989970.camel@linux.ibm.com> (raw)
In-Reply-To: <93412928-2b4b-6541-631e-2d57ccd5f05e@linaro.org>
On Mon, 2023-08-07 at 11:21 -0700, Richard Henderson wrote:
> On 8/7/23 06:56, Ilya Leoshkevich wrote:
> > One of notdirty_write()'s responsibilities is detecting self-
> > modifying
> > code. Some functions pass the full size of a write to it, some pass
> > 1.
> > When a write to a code section begins before a TB start, but then
> > overlaps the TB, the paths that pass 1 don't flush a TB and don't
> > return to the translator loop.
> >
> > This may be masked, one example being HELPER(vstl). There,
> > probe_write_access() ultimately calls notdirty_write() with a size
> > of
> > 1 and misses self-modifying code. However, cpu_stq_be_data_ra()
> > ultimately calls mmu_watch_or_dirty(), which in turn calls
> > notdirty_write() with the full size.
> >
> > It's still worth improving this, because there may still be
> > user-visible adverse effects in other helpers.
> >
> > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
>
> IIRC there are some uses of probe_access_* that set size == 0.
> Should we adjust addr+size to cover the whole page for that case?
> That seems to be the intent, anyway.
There is a comment that says we shouldn't do watchpoint/smc detection
in this case:
/* Per the interface, size == 0 merely faults the access. */
if (size == 0) {
return NULL;
}
Come to think of it, qemu-user works this way too: SMC is detected on
the actual access, not the probe:
helper_vstl()
cpu_stq_be_data_ra()
...
stq_he_p()
<signal handler called>
host_signal_handler()
handle_sigsegv_accerr_write()
page_unprotect()
tb_invalidate_phys_page_unwind()
cpu_loop_exit_noexc()
So all this is probably fine, I now think it's better to leave the code
as is, especially given that I cannot reproduce the original problem
anymore.
next prev parent reply other threads:[~2023-08-08 10:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-07 13:56 [PATCH RFC 0/1] tcg: Always pass the full write size to notdirty_write() Ilya Leoshkevich
2023-08-07 13:56 ` [PATCH RFC 1/1] " Ilya Leoshkevich
2023-08-07 18:21 ` Richard Henderson
2023-08-08 9:59 ` Ilya Leoshkevich [this message]
2023-08-08 14:23 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=309ee7ed61a0185c687ae184692198b3c2989970.camel@linux.ibm.com \
--to=iii@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).