[Qemu-devel] Emulation without RWX

[Qemu-devel] Emulation without RWX

[Antonio Groza]

Hello, i am trying to emulate x86 on a platform that won't allow me to map
memory pages as RWX(Apple's iOS) and i was wondering if there was any way
of running qemu without doing that. I've had a brief look at your
documentation and it looks like you are transpiling between 2 different
instruction sets and i don't know how that would be possible without a rwx
page.

Sorry for wasting your time with stupid questions,
-Antonio

Re: [Qemu-devel] Emulation without RWX

[Peter Maydell]

On 13 June 2017 at 12:54, Antonio Groza <antoniogroza@gmail.com> wrote:
> Hello, i am trying to emulate x86 on a platform that won't allow me to map
> memory pages as RWX(Apple's iOS) and i was wondering if there was any way
> of running qemu without doing that. I've had a brief look at your
> documentation and it looks like you are transpiling between 2 different
> instruction sets and i don't know how that would be possible without a rwx
> page.

It's certainly possible in theory -- you'd just need to be more
careful than we are currently about mapping the memory RW when
writing or patching code and then R-X when executing. (Now we're
multithreaded this is probably trickier than when we only had
a single thread, though.) But we don't do it currently and it
would require (possibly complicated) code changes to do it.

thanks
-- PMM

Re: [Qemu-devel] Emulation without RWX

[Kamil Rytarowski]

[-- Attachment #1: Type: text/plain, Size: 1374 bytes --]

On 13.06.2017 14:44, Peter Maydell wrote:
> On 13 June 2017 at 12:54, Antonio Groza <antoniogroza@gmail.com> wrote:
>> Hello, i am trying to emulate x86 on a platform that won't allow me to map
>> memory pages as RWX(Apple's iOS) and i was wondering if there was any way
>> of running qemu without doing that. I've had a brief look at your
>> documentation and it looks like you are transpiling between 2 different
>> instruction sets and i don't know how that would be possible without a rwx
>> page.
> 
> It's certainly possible in theory -- you'd just need to be more
> careful than we are currently about mapping the memory RW when
> writing or patching code and then R-X when executing. (Now we're
> multithreaded this is probably trickier than when we only had
> a single thread, though.) But we don't do it currently and it
> would require (possibly complicated) code changes to do it.
> 
> thanks
> -- PMM
> 

MacOSX and NetBSD both have this RWX MPROTECT restriction and both have
option to relax it on per-page basis.

Example code inspiration is in LLVM's: Memory::AllocateRWX
(llvm/lib/Support/Unix/Memory.inc). [NetBSD code is still pending
upstream in review]

Proper PaX MPROTECT is not about toggling RW-RX memory region, as once a
memory page was allocated with W mode, it won't in regular circumstances
mapped to X anymore.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]