[PATCH v3 0/7] iOS and Apple Silicon host support

[PATCH v3 0/7] iOS and Apple Silicon host support

[Joelle van Dyne]

Based-on: 20201026191540.12434-1-j@getutm.app
([PATCH RESEND 0/4] Mirror map JIT memory for TCG)

These set of changes brings QEMU TCG to iOS devices and future Apple Silicon
devices. They were originally developed last year and have been working in the
UTM app. Recently, we ported the changes to master, re-wrote a lot of the build
script changes for meson, and broke up the patches into more distinct units.

A summary of the changes:

* `CONFIG_IOS` defined when building for iOS and iOS specific changes (as well
  as unsupported code) are gated behind it.
* A new dependency, libucontext is added since iOS does not have native ucontext
  and broken support for sigaltstack. libucontext is available as a new option
  for coroutine backend.
* On stock iOS devices, there is a workaround for running JIT code without
  any special entitlement. It requires the JIT region to be mirror mapped with
  one region RW and another one RX. To support this style of JIT, TCG is changed
  to support writing to a different code_ptr. This change is submitted in a
  different patch set and this one depends on it.
* For (recent) jailbroken iOS devices as well as upcoming Apple Silicon devices,
  there are new rules for applications supporting JIT (with the proper
  entitlement). These rules are implemented as well.

Since v3:

* Moved mirror JIT support to a different patch set.
* Removed dependency on `pthread_jit_write_protect_np` because it was redundent
  and also crashes if called on a non-jailbroken iOS device.
* Removed `--enable-cross-compile` option
* Fixed checkpatch errors
* Fixed iOS build on master due to new test recently added which calls system()

Since v2:

* Changed getting mirror pointer from a macro to inline functions
* Split constification of TCG code pointers to separate patch
* Removed slirp updates (will send future patch once slirp changes are in)
* Removed shared library patch (will send future patch)

-j

Joelle van Dyne (7):
  configure: option to disable host block devices
  configure: cross-compiling with empty cross_prefix
  qemu: add support for iOS host
  coroutine: add libucontext as external library
  slirp: update build flags for iOS resolv fix
  tcg: implement JIT for iOS and Apple Silicon
  block: check availablity for preadv/pwritev on mac

 docs/devel/index.rst           |   1 +
 docs/devel/ios.rst             |  39 ++++++++++++
 configure                      |  77 ++++++++++++++++++++++--
 meson.build                    |  34 ++++++++++-
 include/exec/exec-all.h        |   2 +
 include/tcg/tcg-apple-jit.h    | 106 +++++++++++++++++++++++++++++++++
 include/tcg/tcg.h              |   3 +
 tcg/aarch64/tcg-target.h       |   7 +++
 accel/tcg/cpu-exec-common.c    |   2 +
 accel/tcg/cpu-exec.c           |   2 +
 accel/tcg/translate-all.c      |  87 ++++++++++++++++++++++++++-
 block.c                        |   2 +-
 block/file-posix.c             |  51 ++++++++++++----
 net/slirp.c                    |  16 ++---
 qga/commands-posix.c           |   6 ++
 target/arm/arm-semi.c          |   2 +
 target/m68k/m68k-semi.c        |   2 +
 target/nios2/nios2-semi.c      |   2 +
 tcg/tcg.c                      |   4 ++
 tests/qtest/libqos/virtio-9p.c |   8 +++
 util/coroutine-ucontext.c      |   9 +++
 .gitmodules                    |   3 +
 libucontext                    |   1 +
 meson_options.txt              |   2 +
 tests/qtest/meson.build        |   7 +--
 25 files changed, 440 insertions(+), 35 deletions(-)
 create mode 100644 docs/devel/ios.rst
 create mode 100644 include/tcg/tcg-apple-jit.h
 create mode 160000 libucontext

-- 
2.28.0

[PATCH v3 1/7] configure: option to disable host block devices

[Joelle van Dyne]

Some hosts (iOS) have a sandboxed filesystem and do not provide low-level
APIs for interfacing with host block devices.

Signed-off-by: Joelle van Dyne <j@getutm.app>
---
 configure          | 4 ++++
 meson.build        | 1 +
 block/file-posix.c | 8 +++++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 71bbe82ac5..4e68a5fefe 100755
--- a/configure
+++ b/configure
@@ -448,6 +448,7 @@ ninja=""
 skip_meson=no
 gettext=""
 mirror_jit="no"
+host_block_device_support="yes"
 
 bogus_os="no"
 malloc_trim="auto"
@@ -5901,6 +5902,9 @@ if test "$default_devices" = "yes" ; then
 else
   echo "CONFIG_MINIKCONF_MODE=--allnoconfig" >> $config_host_mak
 fi
+if test "$host_block_device_support" = "yes" ; then
+  echo "CONFIG_HOST_BLOCK_DEVICE=y" >> $config_host_mak
+fi
 if test "$debug_tcg" = "yes" ; then
   echo "CONFIG_DEBUG_TCG=y" >> $config_host_mak
 fi
diff --git a/meson.build b/meson.build
index 0a56fef146..e880274b7c 100644
--- a/meson.build
+++ b/meson.build
@@ -2149,6 +2149,7 @@ summary_info += {'vvfat support':     config_host.has_key('CONFIG_VVFAT')}
 summary_info += {'qed support':       config_host.has_key('CONFIG_QED')}
 summary_info += {'parallels support': config_host.has_key('CONFIG_PARALLELS')}
 summary_info += {'sheepdog support':  config_host.has_key('CONFIG_SHEEPDOG')}
+summary_info += {'host block dev support': config_host.has_key('CONFIG_HOST_BLOCK_DEVICE')}
 summary_info += {'capstone':          capstone_opt == 'disabled' ? false : capstone_opt}
 summary_info += {'libpmem support':   config_host.has_key('CONFIG_LIBPMEM')}
 summary_info += {'libdaxctl support': config_host.has_key('CONFIG_LIBDAXCTL')}
diff --git a/block/file-posix.c b/block/file-posix.c
index c63926d592..52f7c20525 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -41,7 +41,7 @@
 #include "scsi/pr-manager.h"
 #include "scsi/constants.h"
 
-#if defined(__APPLE__) && (__MACH__)
+#if defined(CONFIG_HOST_BLOCK_DEVICE) && defined(__APPLE__) && (__MACH__)
 #include <paths.h>
 #include <sys/param.h>
 #include <IOKit/IOKitLib.h>
@@ -3247,6 +3247,8 @@ BlockDriver bdrv_file = {
 /***********************************************/
 /* host device */
 
+#if defined(CONFIG_HOST_BLOCK_DEVICE)
+
 #if defined(__APPLE__) && defined(__MACH__)
 static kern_return_t GetBSDPath(io_iterator_t mediaIterator, char *bsdPath,
                                 CFIndex maxPathSize, int flags);
@@ -3872,6 +3874,8 @@ static BlockDriver bdrv_host_cdrom = {
 };
 #endif /* __FreeBSD__ */
 
+#endif /* CONFIG_HOST_BLOCK_DEVICE */
+
 static void bdrv_file_init(void)
 {
     /*
@@ -3879,6 +3883,7 @@ static void bdrv_file_init(void)
      * registered last will get probed first.
      */
     bdrv_register(&bdrv_file);
+#if defined(CONFIG_HOST_BLOCK_DEVICE)
     bdrv_register(&bdrv_host_device);
 #ifdef __linux__
     bdrv_register(&bdrv_host_cdrom);
@@ -3886,6 +3891,7 @@ static void bdrv_file_init(void)
 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
     bdrv_register(&bdrv_host_cdrom);
 #endif
+#endif /* CONFIG_HOST_BLOCK_DEVICE */
 }
 
 block_init(bdrv_file_init);
-- 
2.28.0

[PATCH v3 2/7] configure: cross-compiling with empty cross_prefix

[Joelle van Dyne]

The iOS toolchain does not use the host prefix naming convention. So we need
to enable cross-compile options while allowing the PREFIX to be blank.

Signed-off-by: Joelle van Dyne <j@getutm.app>
---
 configure | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 4e68a5fefe..e211d11971 100755
--- a/configure
+++ b/configure
@@ -234,6 +234,7 @@ cpu=""
 iasl="iasl"
 interp_prefix="/usr/gnemul/qemu-%M"
 static="no"
+cross_compile="no"
 cross_prefix=""
 audio_drv_list=""
 block_drv_rw_whitelist=""
@@ -458,6 +459,7 @@ for opt do
   optarg=$(expr "x$opt" : 'x[^=]*=\(.*\)')
   case "$opt" in
   --cross-prefix=*) cross_prefix="$optarg"
+                    cross_compile="yes"
   ;;
   --cc=*) CC="$optarg"
   ;;
@@ -1652,7 +1654,7 @@ $(echo Available targets: $default_target_list | \
   --target-list-exclude=LIST exclude a set of targets from the default target-list
 
 Advanced options (experts only):
-  --cross-prefix=PREFIX    use PREFIX for compile tools [$cross_prefix]
+  --cross-prefix=PREFIX    use PREFIX for compile tools, PREFIX can be blank [$cross_prefix]
   --cc=CC                  use C compiler CC [$cc]
   --iasl=IASL              use ACPI compiler IASL [$iasl]
   --host-cc=CC             use C compiler CC [$host_cc] for code run at
@@ -6931,7 +6933,7 @@ if has $sdl2_config; then
 fi
 echo "strip = [$(meson_quote $strip)]" >> $cross
 echo "windres = [$(meson_quote $windres)]" >> $cross
-if test -n "$cross_prefix"; then
+if test "$cross_compile" = "yes"; then
     cross_arg="--cross-file config-meson.cross"
     echo "[host_machine]" >> $cross
     if test "$mingw32" = "yes" ; then
-- 
2.28.0

[PATCH v3 3/7] qemu: add support for iOS host

[Joelle van Dyne]

This introduces support for building for iOS hosts. When the correct Xcode
toolchain is used, iOS host will be detected automatically.

block: disable features not supported by iOS sandbox
slirp: disable SMB features for iOS
target: disable system() calls for iOS
tcg: use sys_icache_invalidate() instead of GCC builtin for iOS
tests: disable tests on iOS which uses system()
Signed-off-by: Joelle van Dyne <j@getutm.app>
---
 configure                      | 43 +++++++++++++++++++++++++++++++++-
 meson.build                    |  2 +-
 tcg/aarch64/tcg-target.h       |  7 ++++++
 block.c                        |  2 +-
 block/file-posix.c             | 31 ++++++++++++++----------
 net/slirp.c                    | 16 ++++++-------
 qga/commands-posix.c           |  6 +++++
 target/arm/arm-semi.c          |  2 ++
 target/m68k/m68k-semi.c        |  2 ++
 target/nios2/nios2-semi.c      |  2 ++
 tests/qtest/libqos/virtio-9p.c |  8 +++++++
 tests/qtest/meson.build        |  7 +++---
 12 files changed, 101 insertions(+), 27 deletions(-)

diff --git a/configure b/configure
index e211d11971..7fbaefc255 100755
--- a/configure
+++ b/configure
@@ -557,6 +557,19 @@ EOF
   compile_object
 }
 
+check_ios() {
+  cat > $TMPC <<EOF
+#ifdef __APPLE__
+#import "TargetConditionals.h"
+#if !TARGET_OS_IPHONE
+#error TARGET_OS_IPHONE not true
+#endif
+#endif
+int main(void) { return 0; }
+EOF
+  compile_object
+}
+
 check_include() {
 cat > $TMPC <<EOF
 #include <$1>
@@ -599,7 +612,11 @@ elif check_define __DragonFly__ ; then
 elif check_define __NetBSD__; then
   targetos='NetBSD'
 elif check_define __APPLE__; then
-  targetos='Darwin'
+  if check_ios ; then
+    targetos='iOS'
+  else
+    targetos='Darwin'
+  fi
 else
   # This is a fatal error, but don't report it yet, because we
   # might be going to just print the --help text, or it might
@@ -776,6 +793,22 @@ Darwin)
   # won't work when we're compiling with gcc as a C compiler.
   QEMU_CFLAGS="-DOS_OBJECT_USE_OBJC=0 $QEMU_CFLAGS"
 ;;
+iOS)
+  bsd="yes"
+  darwin="yes"
+  ios="yes"
+  if [ "$cpu" = "x86_64" ] ; then
+    QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
+    QEMU_LDFLAGS="-arch x86_64 $QEMU_LDFLAGS"
+  fi
+  host_block_device_support="no"
+  audio_drv_list=""
+  audio_possible_drivers=""
+  QEMU_LDFLAGS="-framework CoreFoundation $QEMU_LDFLAGS"
+  # Disable attempts to use ObjectiveC features in os/object.h since they
+  # won't work when we're compiling with gcc as a C compiler.
+  QEMU_CFLAGS="-DOS_OBJECT_USE_OBJC=0 $QEMU_CFLAGS"
+;;
 SunOS)
   solaris="yes"
   make="${MAKE-gmake}"
@@ -5956,6 +5989,10 @@ if test "$darwin" = "yes" ; then
   echo "CONFIG_DARWIN=y" >> $config_host_mak
 fi
 
+if test "$ios" = "yes" ; then
+  echo "CONFIG_IOS=y" >> $config_host_mak
+fi
+
 if test "$solaris" = "yes" ; then
   echo "CONFIG_SOLARIS=y" >> $config_host_mak
 fi
@@ -6924,6 +6961,7 @@ echo "cpp_link_args = [${LDFLAGS:+$(meson_quote $LDFLAGS)}]" >> $cross
 echo "[binaries]" >> $cross
 echo "c = [$(meson_quote $cc)]" >> $cross
 test -n "$cxx" && echo "cpp = [$(meson_quote $cxx)]" >> $cross
+test -n "$objcc" && echo "objc = [$(meson_quote $objcc)]" >> $cross
 echo "ar = [$(meson_quote $ar)]" >> $cross
 echo "nm = [$(meson_quote $nm)]" >> $cross
 echo "pkgconfig = [$(meson_quote $pkg_config_exe)]" >> $cross
@@ -6942,6 +6980,9 @@ if test "$cross_compile" = "yes"; then
     if test "$linux" = "yes" ; then
         echo "system = 'linux'" >> $cross
     fi
+    if test "$darwin" = "yes" ; then
+        echo "system = 'darwin'" >> $cross
+    fi
     case "$ARCH" in
         i386|x86_64)
             echo "cpu_family = 'x86'" >> $cross
diff --git a/meson.build b/meson.build
index e880274b7c..48c95150fe 100644
--- a/meson.build
+++ b/meson.build
@@ -176,7 +176,7 @@ if targetos == 'windows'
                                       include_directories: include_directories('.'))
 elif targetos == 'darwin'
   coref = dependency('appleframeworks', modules: 'CoreFoundation')
-  iokit = dependency('appleframeworks', modules: 'IOKit')
+  iokit = dependency('appleframeworks', modules: 'IOKit', required: 'CONFIG_IOS' not in config_host)
   cocoa = dependency('appleframeworks', modules: 'Cocoa', required: get_option('cocoa'))
 elif targetos == 'sunos'
   socket = [cc.find_library('socket'),
diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index f605257ed5..6b5b3216fa 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -149,12 +149,19 @@ typedef enum {
 #define TCG_TARGET_HAS_MEMORY_BSWAP     1
 
 #if defined(__APPLE__)
+void sys_icache_invalidate(void *start, size_t len);
 void sys_dcache_flush(void *start, size_t len);
 #endif
 
 static inline void flush_icache_range(uintptr_t start, uintptr_t stop)
 {
+#if defined(__APPLE__)
+    sys_icache_invalidate((char *)start, stop - start);
+#elif defined(__GNUC__)
     __builtin___clear_cache((char *)start, (char *)stop);
+#else
+#error "Missing builtin to flush instruction cache"
+#endif
 }
 
 void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
diff --git a/block.c b/block.c
index 430edf79bb..5d49869d02 100644
--- a/block.c
+++ b/block.c
@@ -53,7 +53,7 @@
 #ifdef CONFIG_BSD
 #include <sys/ioctl.h>
 #include <sys/queue.h>
-#ifndef __DragonFly__
+#if !defined(__DragonFly__) && !defined(CONFIG_IOS)
 #include <sys/disk.h>
 #endif
 #endif
diff --git a/block/file-posix.c b/block/file-posix.c
index 52f7c20525..5560fd20ac 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -181,7 +181,17 @@ typedef struct BDRVRawReopenState {
     bool check_cache_dropped;
 } BDRVRawReopenState;
 
-static int fd_open(BlockDriverState *bs);
+static int fd_open(BlockDriverState *bs)
+{
+    BDRVRawState *s = bs->opaque;
+
+    /* this is just to ensure s->fd is sane (its called by io ops) */
+    if (s->fd >= 0) {
+        return 0;
+    }
+    return -EIO;
+}
+
 static int64_t raw_getlength(BlockDriverState *bs);
 
 typedef struct RawPosixAIOData {
@@ -252,6 +262,12 @@ static int raw_normalize_devicepath(const char **filename, Error **errp)
 }
 #endif
 
+#if defined(CONFIG_IOS)
+static int probe_logical_blocksize(int fd, unsigned int *sector_size_p)
+{
+    return -ENOTSUP; /* not supported on iOS */
+}
+#else /* CONFIG_IOS */
 /*
  * Get logical block size via ioctl. On success store it in @sector_size_p.
  */
@@ -284,6 +300,7 @@ static int probe_logical_blocksize(int fd, unsigned int *sector_size_p)
 
     return success ? 0 : -errno;
 }
+#endif /* !CONFIG_IOS */
 
 /**
  * Get physical block size of @fd.
@@ -2306,7 +2323,7 @@ again:
         }
         if (size == 0)
 #endif
-#if defined(__APPLE__) && defined(__MACH__)
+#if !defined(CONFIG_IOS) && defined(__APPLE__) && defined(__MACH__)
         {
             uint64_t sectors = 0;
             uint32_t sector_size = 0;
@@ -3541,16 +3558,6 @@ hdev_co_ioctl(BlockDriverState *bs, unsigned long int req, void *buf)
 }
 #endif /* linux */
 
-static int fd_open(BlockDriverState *bs)
-{
-    BDRVRawState *s = bs->opaque;
-
-    /* this is just to ensure s->fd is sane (its called by io ops) */
-    if (s->fd >= 0)
-        return 0;
-    return -EIO;
-}
-
 static coroutine_fn int
 hdev_co_pdiscard(BlockDriverState *bs, int64_t offset, int bytes)
 {
diff --git a/net/slirp.c b/net/slirp.c
index 77042e6df7..8413042c09 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -27,7 +27,7 @@
 #include "net/slirp.h"
 
 
-#ifndef _WIN32
+#if !defined(_WIN32) && !defined(CONFIG_IOS)
 #include <pwd.h>
 #include <sys/wait.h>
 #endif
@@ -90,7 +90,7 @@ typedef struct SlirpState {
     Slirp *slirp;
     Notifier poll_notifier;
     Notifier exit_notifier;
-#ifndef _WIN32
+#if !defined(_WIN32) && !defined(CONFIG_IOS)
     gchar *smb_dir;
 #endif
     GSList *fwd;
@@ -103,7 +103,7 @@ static QTAILQ_HEAD(, SlirpState) slirp_stacks =
 static int slirp_hostfwd(SlirpState *s, const char *redir_str, Error **errp);
 static int slirp_guestfwd(SlirpState *s, const char *config_str, Error **errp);
 
-#ifndef _WIN32
+#if !defined(_WIN32) && !defined(CONFIG_IOS)
 static int slirp_smb(SlirpState *s, const char *exported_dir,
                      struct in_addr vserver_addr, Error **errp);
 static void slirp_smb_cleanup(SlirpState *s);
@@ -368,7 +368,7 @@ static int net_slirp_init(NetClientState *peer, const char *model,
     struct in6_addr ip6_prefix;
     struct in6_addr ip6_host;
     struct in6_addr ip6_dns;
-#ifndef _WIN32
+#if !defined(_WIN32) && !defined(CONFIG_IOS)
     struct in_addr smbsrv = { .s_addr = 0 };
 #endif
     NetClientState *nc;
@@ -478,7 +478,7 @@ static int net_slirp_init(NetClientState *peer, const char *model,
         return -1;
     }
 
-#ifndef _WIN32
+#if !defined(_WIN32) && !defined(CONFIG_IOS)
     if (vsmbserver && !inet_aton(vsmbserver, &smbsrv)) {
         error_setg(errp, "Failed to parse SMB address");
         return -1;
@@ -593,7 +593,7 @@ static int net_slirp_init(NetClientState *peer, const char *model,
             }
         }
     }
-#ifndef _WIN32
+#if !defined(_WIN32) && !defined(CONFIG_IOS)
     if (smb_export) {
         if (slirp_smb(s, smb_export, smbsrv, errp) < 0) {
             goto error;
@@ -785,7 +785,7 @@ void hmp_hostfwd_add(Monitor *mon, const QDict *qdict)
 
 }
 
-#ifndef _WIN32
+#if !defined(_WIN32) && !defined(CONFIG_IOS)
 
 /* automatic user mode samba server configuration */
 static void slirp_smb_cleanup(SlirpState *s)
@@ -900,7 +900,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
     return 0;
 }
 
-#endif /* !defined(_WIN32) */
+#endif /* !defined(_WIN32) && !defined(CONFIG_IOS) */
 
 static int guestfwd_can_read(void *opaque)
 {
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 3bffee99d4..ebb63b2188 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -34,6 +34,12 @@
 
 #ifndef CONFIG_HAS_ENVIRON
 #ifdef __APPLE__
+#include "TargetConditionals.h"
+#if !TARGET_OS_IPHONE && !TARGET_IPHONE_SIMULATOR
+#define APPLE_USE_CRT_EXTERNS
+#endif
+#endif
+#ifdef APPLE_USE_CRT_EXTERNS
 #include <crt_externs.h>
 #define environ (*_NSGetEnviron())
 #else
diff --git a/target/arm/arm-semi.c b/target/arm/arm-semi.c
index 8718fd0194..3704f19df6 100644
--- a/target/arm/arm-semi.c
+++ b/target/arm/arm-semi.c
@@ -891,6 +891,7 @@ target_ulong do_arm_semihosting(CPUARMState *env)
         return clock() / (CLOCKS_PER_SEC / 100);
     case TARGET_SYS_TIME:
         return set_swi_errno(env, time(NULL));
+#if !defined(CONFIG_IOS) /* iOS does not have system() */
     case TARGET_SYS_SYSTEM:
         GET_ARG(0);
         GET_ARG(1);
@@ -907,6 +908,7 @@ target_ulong do_arm_semihosting(CPUARMState *env)
             unlock_user(s, arg0, 0);
             return ret;
         }
+#endif /* CONFIG_IOS */
     case TARGET_SYS_ERRNO:
         return get_swi_errno(env);
     case TARGET_SYS_GET_CMDLINE:
diff --git a/target/m68k/m68k-semi.c b/target/m68k/m68k-semi.c
index 8e5fbfc8fa..6b8941839e 100644
--- a/target/m68k/m68k-semi.c
+++ b/target/m68k/m68k-semi.c
@@ -402,6 +402,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
             result = isatty(arg0);
         }
         break;
+#if !defined(CONFIG_IOS) /* iOS does not have system() */
     case HOSTED_SYSTEM:
         GET_ARG(0);
         GET_ARG(1);
@@ -420,6 +421,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
             }
         }
         break;
+#endif /* CONFIG_IOS */
     case HOSTED_INIT_SIM:
 #if defined(CONFIG_USER_ONLY)
         {
diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c
index d7a80dd303..bb029070d3 100644
--- a/target/nios2/nios2-semi.c
+++ b/target/nios2/nios2-semi.c
@@ -426,6 +426,7 @@ void do_nios2_semihosting(CPUNios2State *env)
             result = isatty(arg0);
         }
         break;
+#if !defined(CONFIG_IOS) /* iOS does not have system() */
     case HOSTED_SYSTEM:
         GET_ARG(0);
         GET_ARG(1);
@@ -444,6 +445,7 @@ void do_nios2_semihosting(CPUNios2State *env)
             }
         }
         break;
+#endif
     default:
         qemu_log_mask(LOG_GUEST_ERROR, "nios2-semihosting: unsupported "
                       "semihosting syscall %d\n", nr);
diff --git a/tests/qtest/libqos/virtio-9p.c b/tests/qtest/libqos/virtio-9p.c
index d43647b3b7..cc7fb1bbbf 100644
--- a/tests/qtest/libqos/virtio-9p.c
+++ b/tests/qtest/libqos/virtio-9p.c
@@ -54,6 +54,7 @@ static void create_local_test_dir(void)
 }
 
 /* Deletes directory previously created by create_local_test_dir(). */
+#if !defined(CONFIG_IOS) /* iOS does not have system() */
 static void remove_local_test_dir(void)
 {
     g_assert(local_test_path != NULL);
@@ -64,6 +65,13 @@ static void remove_local_test_dir(void)
     }
     g_free(cmd);
 }
+#else
+static void remove_local_test_dir(void)
+{
+    fprintf(stderr, "Test not implemented for iOS\n");
+    g_assert(0);
+}
+#endif
 
 char *virtio_9p_test_path(const char *path)
 {
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index ba8ebeead6..20bfbb69c2 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -46,12 +46,11 @@ qtests_i386 = \
   (config_all_devices.has_key('CONFIG_TPM_TIS_ISA') ? ['tpm-tis-test'] : []) +              \
   (config_all_devices.has_key('CONFIG_TPM_TIS_ISA') ? ['tpm-tis-swtpm-test'] : []) +        \
   (config_all_devices.has_key('CONFIG_RTL8139_PCI') ? ['rtl8139-test'] : []) +              \
+  (not config_host.has_key('CONFIG_IOS') ? ['bios-tables-test', 'hd-geo-test'] : []) +      \
   qtests_pci +                                                                              \
   ['fdc-test',
    'ide-test',
-   'hd-geo-test',
    'boot-order-test',
-   'bios-tables-test',
    'rtc-test',
    'i440fx-test',
    'fuzz-test',
@@ -144,9 +143,9 @@ qtests_arm = \
    'boot-serial-test',
    'hexloader-test']
 
-# TODO: once aarch64 TCG is fixed on ARM 32 bit host, make bios-tables-test unconditional
+# TODO: once aarch64 TCG is fixed on ARM 32 bit host, make bios-tables-test unconditional (except on iOS)
 qtests_aarch64 = \
-  (cpu != 'arm' ? ['bios-tables-test'] : []) +                                                  \
+  (cpu != 'arm' and not config_host.has_key('CONFIG_IOS') ? ['bios-tables-test'] : []) +        \
   (config_all_devices.has_key('CONFIG_TPM_TIS_SYSBUS') ? ['tpm-tis-device-test'] : []) +        \
   (config_all_devices.has_key('CONFIG_TPM_TIS_SYSBUS') ? ['tpm-tis-device-swtpm-test'] : []) +  \
   ['arm-cpu-features',
-- 
2.28.0

[PATCH v3 4/7] coroutine: add libucontext as external library

[Joelle van Dyne]

iOS does not support ucontext natively for aarch64 and the sigaltstack is
also unsupported (even worse, it fails silently, see:
https://openradar.appspot.com/13002712 )

As a workaround we include a library implementation of ucontext and add it
as a build option.

Signed-off-by: Joelle van Dyne <j@getutm.app>
---
 configure                 | 23 ++++++++++++++++++++---
 meson.build               | 29 ++++++++++++++++++++++++++++-
 util/coroutine-ucontext.c |  9 +++++++++
 .gitmodules               |  3 +++
 libucontext               |  1 +
 meson_options.txt         |  2 ++
 6 files changed, 63 insertions(+), 4 deletions(-)
 create mode 160000 libucontext

diff --git a/configure b/configure
index 7fbaefc255..0fef867a9c 100755
--- a/configure
+++ b/configure
@@ -1745,7 +1745,7 @@ Advanced options (experts only):
   --oss-lib                path to OSS library
   --cpu=CPU                Build for host CPU [$cpu]
   --with-coroutine=BACKEND coroutine backend. Supported options:
-                           ucontext, sigaltstack, windows
+                           ucontext, libucontext, sigaltstack, windows
   --enable-gcov            enable test coverage analysis with gcov
   --disable-blobs          disable installing provided firmware blobs
   --with-vss-sdk=SDK-path  enable Windows VSS support in QEMU Guest Agent
@@ -4869,6 +4869,8 @@ if test "$coroutine" = ""; then
     coroutine=win32
   elif test "$ucontext_works" = "yes"; then
     coroutine=ucontext
+  elif test "$ios" = "yes"; then
+    coroutine=libucontext
   else
     coroutine=sigaltstack
   fi
@@ -4892,12 +4894,27 @@ else
       error_exit "only the 'windows' coroutine backend is valid for Windows"
     fi
     ;;
+  libucontext)
+  ;;
   *)
     error_exit "unknown coroutine backend $coroutine"
     ;;
   esac
 fi
 
+case $coroutine in
+libucontext)
+  git_submodules="${git_submodules} libucontext"
+  mkdir -p libucontext
+  coroutine_impl=ucontext
+  libucontext="enabled"
+  ;;
+*)
+  coroutine_impl=$coroutine
+  libucontext="disabled"
+  ;;
+esac
+
 if test "$coroutine_pool" = ""; then
   coroutine_pool=yes
 fi
@@ -6451,7 +6468,7 @@ if test "$rbd" = "yes" ; then
   echo "RBD_LIBS=$rbd_libs" >> $config_host_mak
 fi
 
-echo "CONFIG_COROUTINE_BACKEND=$coroutine" >> $config_host_mak
+echo "CONFIG_COROUTINE_BACKEND=$coroutine_impl" >> $config_host_mak
 if test "$coroutine_pool" = "yes" ; then
   echo "CONFIG_COROUTINE_POOL=1" >> $config_host_mak
 else
@@ -7033,7 +7050,7 @@ NINJA=$ninja $meson setup \
         -Dcocoa=$cocoa -Dmpath=$mpath -Dsdl=$sdl -Dsdl_image=$sdl_image \
         -Dvnc=$vnc -Dvnc_sasl=$vnc_sasl -Dvnc_jpeg=$vnc_jpeg -Dvnc_png=$vnc_png \
         -Dgettext=$gettext -Dxkbcommon=$xkbcommon -Du2f=$u2f \
-        -Dcapstone=$capstone -Dslirp=$slirp -Dfdt=$fdt \
+        -Dcapstone=$capstone -Dslirp=$slirp -Dfdt=$fdt -Ducontext=$libucontext \
         -Diconv=$iconv -Dcurses=$curses -Dlibudev=$libudev\
         -Ddocs=$docs -Dsphinx_build=$sphinx_build -Dinstall_blobs=$blobs \
         $cross_arg \
diff --git a/meson.build b/meson.build
index 48c95150fe..0beb199303 100644
--- a/meson.build
+++ b/meson.build
@@ -1243,9 +1243,35 @@ if not fdt.found() and fdt_required.length() > 0
   error('fdt not available but required by targets ' + ', '.join(fdt_required))
 endif
 
+ucontext = not_found
+slirp_opt = 'disabled'
+if get_option('ucontext').enabled()
+  if not fs.is_dir(meson.current_source_dir() / 'libucontext/arch' / cpu)
+    error('libucontext is wanted but not implemented for host ' + cpu)
+  endif
+  arch = host_machine.cpu()
+  ucontext_cargs = ['-DG_LOG_DOMAIN="ucontext"', '-DCUSTOM_IMPL']
+  ucontext_files = [
+    'libucontext/arch' / arch / 'getcontext.S',
+    'libucontext/arch' / arch / 'setcontext.S',
+    'libucontext/arch' / arch / 'makecontext.c',
+    'libucontext/arch' / arch / 'startcontext.S',
+    'libucontext/arch' / arch / 'swapcontext.S',
+  ]
+
+  ucontext_inc = include_directories('libucontext/include')
+  libucontext = static_library('ucontext',
+                               sources: ucontext_files,
+                               c_args: ucontext_cargs,
+                               include_directories: ucontext_inc)
+  ucontext = declare_dependency(link_with: libucontext,
+                                include_directories: ucontext_inc)
+endif
+
 config_host_data.set('CONFIG_CAPSTONE', capstone.found())
 config_host_data.set('CONFIG_FDT', fdt.found())
 config_host_data.set('CONFIG_SLIRP', slirp.found())
+config_host_data.set('CONFIG_LIBUCONTEXT', ucontext.found())
 
 #####################
 # Generated sources #
@@ -1461,7 +1487,7 @@ util_ss.add_all(trace_ss)
 util_ss = util_ss.apply(config_all, strict: false)
 libqemuutil = static_library('qemuutil',
                              sources: util_ss.sources() + stub_ss.sources() + genh,
-                             dependencies: [util_ss.dependencies(), m, glib, socket, malloc])
+                             dependencies: [util_ss.dependencies(), m, glib, socket, malloc, ucontext])
 qemuutil = declare_dependency(link_with: libqemuutil,
                               sources: genh + version_res)
 
@@ -2118,6 +2144,7 @@ if targetos == 'windows'
   summary_info += {'QGA MSI support':   config_host.has_key('CONFIG_QGA_MSI')}
 endif
 summary_info += {'seccomp support':   config_host.has_key('CONFIG_SECCOMP')}
+summary_info += {'libucontext support': ucontext.found()}
 summary_info += {'coroutine backend': config_host['CONFIG_COROUTINE_BACKEND']}
 summary_info += {'coroutine pool':    config_host['CONFIG_COROUTINE_POOL'] == '1'}
 summary_info += {'debug stack usage': config_host.has_key('CONFIG_DEBUG_STACK_USAGE')}
diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
index 904b375192..1e1dd43512 100644
--- a/util/coroutine-ucontext.c
+++ b/util/coroutine-ucontext.c
@@ -23,7 +23,16 @@
 #undef _FORTIFY_SOURCE
 #endif
 #include "qemu/osdep.h"
+#if defined(CONFIG_LIBUCONTEXT)
+#include <libucontext.h>
+#define ucontext_t libucontext_ucontext_t
+#define getcontext libucontext_getcontext
+#define setcontext libucontext_setcontext
+#define swapcontext libucontext_swapcontext
+#define makecontext libucontext_makecontext
+#else
 #include <ucontext.h>
+#endif
 #include "qemu/coroutine_int.h"
 
 #ifdef CONFIG_VALGRIND_H
diff --git a/.gitmodules b/.gitmodules
index 2bdeeacef8..065b52867f 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -64,3 +64,6 @@
 [submodule "roms/vbootrom"]
 	path = roms/vbootrom
 	url = https://git.qemu.org/git/vbootrom.git
+[submodule "libucontext"]
+	path = libucontext
+	url = https://github.com/utmapp/libucontext.git
diff --git a/libucontext b/libucontext
new file mode 160000
index 0000000000..7094e4c427
--- /dev/null
+++ b/libucontext
@@ -0,0 +1 @@
+Subproject commit 7094e4c42723b6178a4e2b60d4631d8a88f40719
diff --git a/meson_options.txt b/meson_options.txt
index 48ab4ce7d0..c62c696729 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -62,6 +62,8 @@ option('vnc_sasl', type : 'feature', value : 'auto',
        description: 'SASL authentication for VNC server')
 option('xkbcommon', type : 'feature', value : 'auto',
        description: 'xkbcommon support')
+option('ucontext', type : 'feature', value : 'disabled',
+       description: 'libucontext support')
 
 option('capstone', type: 'combo', value: 'auto',
        choices: ['disabled', 'enabled', 'auto', 'system', 'internal'],
-- 
2.28.0

[PATCH v3 5/7] slirp: update build flags for iOS resolv fix

[Joelle van Dyne]

A future libslirp update will use libresolv on Darwin systems, so we add the
flags in QEMU build now.

Signed-off-by: Joelle van Dyne <j@getutm.app>
---
 meson.build | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meson.build b/meson.build
index 0beb199303..2b45b9434d 100644
--- a/meson.build
+++ b/meson.build
@@ -1140,6 +1140,8 @@ if have_system
     slirp_deps = []
     if targetos == 'windows'
       slirp_deps = cc.find_library('iphlpapi')
+    elif targetos == 'darwin'
+      slirp_deps = cc.find_library('resolv')
     endif
     slirp_conf = configuration_data()
     slirp_conf.set('SLIRP_MAJOR_VERSION', meson.project_version().split('.')[0])
-- 
2.28.0

[PATCH v3 6/7] tcg: implement JIT for iOS and Apple Silicon

[Joelle van Dyne]

On iOS, we cannot allocate RWX pages without special entitlements. As a
workaround, we can allocate a RX region and then mirror map it to a separate
RX region. Then we can write to one region and execute from the other one.

When entitlements are available (macOS or jailbroken iOS), a hardware
feature called APRR exists on newer Apple Silicon that can cheaply mark JIT
pages as either RX or RW. Reverse engineered functions from
libsystem_pthread.dylib are implemented to handle this.

The following rules apply for JIT write protect:
  * JIT write-protect is enabled before tcg_qemu_tb_exec()
  * JIT write-protect is disabled after tcg_qemu_tb_exec() returns
  * JIT write-protect is disabled inside do_tb_phys_invalidate() but if it
    is called inside of tcg_qemu_tb_exec() then write-protect will be
    enabled again before returning.
  * JIT write-protect is disabled by cpu_loop_exit() for interrupt handling.
  * JIT write-protect is disabled everywhere else.

Reference:
https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon
Signed-off-by: Joelle van Dyne <j@getutm.app>
---
 docs/devel/index.rst        |   1 +
 docs/devel/ios.rst          |  39 +++++++++++++
 configure                   |   1 +
 include/exec/exec-all.h     |   2 +
 include/tcg/tcg-apple-jit.h | 106 ++++++++++++++++++++++++++++++++++++
 include/tcg/tcg.h           |   3 +
 accel/tcg/cpu-exec-common.c |   2 +
 accel/tcg/cpu-exec.c        |   2 +
 accel/tcg/translate-all.c   |  87 ++++++++++++++++++++++++++++-
 tcg/tcg.c                   |   4 ++
 10 files changed, 246 insertions(+), 1 deletion(-)
 create mode 100644 docs/devel/ios.rst
 create mode 100644 include/tcg/tcg-apple-jit.h

diff --git a/docs/devel/index.rst b/docs/devel/index.rst
index 77baae5c77..a46740929f 100644
--- a/docs/devel/index.rst
+++ b/docs/devel/index.rst
@@ -34,3 +34,4 @@ Contents:
    clocks
    qom
    block-coroutine-wrapper
+   ios
diff --git a/docs/devel/ios.rst b/docs/devel/ios.rst
new file mode 100644
index 0000000000..3cfa588e72
--- /dev/null
+++ b/docs/devel/ios.rst
@@ -0,0 +1,39 @@
+===========
+iOS Support
+===========
+
+To run qemu on the iOS platform, some modifications were required. Most of the
+modifications are conditioned on the ``CONFIG_IOS`` and configuration variable.
+
+Build support
+-------------
+
+For the code to compile, certain changes in the block driver and the slirp
+driver had to be made. There is no ``system()`` call, so code requiring it had
+to be disabled.
+
+``ucontext`` support is broken on iOS. The implementation from ``libucontext``
+is used instead.
+
+Because ``fork()`` is not allowed on iOS apps, the option to build qemu and the
+utilities as shared libraries is added. Note that because qemu does not perform
+resource cleanup in most cases (open files, allocated memory, etc), it is
+advisable that the user implements a proxy layer for syscalls so resources can
+be kept track by the app that uses qemu as a shared library.
+
+JIT support
+-----------
+
+On iOS, allocating RWX pages require special entitlements not usually granted to
+apps. However, it is possible to use `bulletproof JIT`_ with a development
+certificate. This means that we need to allocate one chunk of memory with RX
+permissions and then mirror map the same memory with RW permissions. We generate
+code to the mirror mapping and execute the original mapping.
+
+With ``CONFIG_MIRROR_JIT`` defined, we store inside the TCG context the
+difference between the two mappings. Then, we make sure that any writes to JIT
+memory is done to the pointer + the difference (in order to get a pointer to the
+mirror mapped space). Additionally, we make sure to flush the data cache before
+we invalidate the instruction cache so the changes are seen in both mappings.
+
+.. _bulletproof JIT: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf
diff --git a/configure b/configure
index 0fef867a9c..a250fe7e8e 100755
--- a/configure
+++ b/configure
@@ -797,6 +797,7 @@ iOS)
   bsd="yes"
   darwin="yes"
   ios="yes"
+  mirror_jit="yes"
   if [ "$cpu" = "x86_64" ] ; then
     QEMU_CFLAGS="-arch x86_64 $QEMU_CFLAGS"
     QEMU_LDFLAGS="-arch x86_64 $QEMU_LDFLAGS"
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 921767a51b..7823a75a30 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -557,6 +557,8 @@ TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
                                    target_ulong cs_base, uint32_t flags,
                                    uint32_t cf_mask);
 void tb_set_jmp_target(TranslationBlock *tb, int n, uintptr_t addr);
+void tb_exec_lock(void);
+void tb_exec_unlock(void);
 
 /* GETPC is the true target of the return instruction that we'll execute.  */
 #if defined(CONFIG_TCG_INTERPRETER)
diff --git a/include/tcg/tcg-apple-jit.h b/include/tcg/tcg-apple-jit.h
new file mode 100644
index 0000000000..703a53da4a
--- /dev/null
+++ b/include/tcg/tcg-apple-jit.h
@@ -0,0 +1,106 @@
+/*
+ * Apple Silicon functions for JIT handling
+ *
+ * Copyright (c) 2020 osy
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef TCG_APPLE_JIT_H
+#define TCG_APPLE_JIT_H
+
+/*
+ * Mirror mapping JIT region for older SoCs ("bulletproof JIT")
+ */
+
+#if defined(CONFIG_DARWIN)
+#include <mach/mach.h>
+extern kern_return_t mach_vm_remap(vm_map_t target_task,
+                                   mach_vm_address_t *target_address,
+                                   mach_vm_size_t size,
+                                   mach_vm_offset_t mask,
+                                   int flags,
+                                   vm_map_t src_task,
+                                   mach_vm_address_t src_address,
+                                   boolean_t copy,
+                                   vm_prot_t *cur_protection,
+                                   vm_prot_t *max_protection,
+                                   vm_inherit_t inheritance
+                                  );
+#endif
+
+/*
+ * APRR handling
+ * Credits to: https://siguza.github.io/APRR/
+ * Reversed from /usr/lib/system/libsystem_pthread.dylib
+ */
+
+#if defined(__aarch64__) && defined(CONFIG_DARWIN)
+
+#define _COMM_PAGE_START_ADDRESS        (0x0000000FFFFFC000ULL) /* In TTBR0 */
+#define _COMM_PAGE_APRR_SUPPORT         (_COMM_PAGE_START_ADDRESS + 0x10C)
+#define _COMM_PAGE_APPR_WRITE_ENABLE    (_COMM_PAGE_START_ADDRESS + 0x110)
+#define _COMM_PAGE_APRR_WRITE_DISABLE   (_COMM_PAGE_START_ADDRESS + 0x118)
+
+static __attribute__((__always_inline__)) bool jit_write_protect_supported(void)
+{
+    /* Access shared kernel page at fixed memory location. */
+    uint8_t aprr_support = *(volatile uint8_t *)_COMM_PAGE_APRR_SUPPORT;
+    return aprr_support > 0;
+}
+
+/* write protect enable = write disable */
+static __attribute__((__always_inline__)) void jit_write_protect(int enabled)
+{
+    /* Access shared kernel page at fixed memory location. */
+    uint8_t aprr_support = *(volatile uint8_t *)_COMM_PAGE_APRR_SUPPORT;
+    if (aprr_support == 0 || aprr_support > 3) {
+        return;
+    } else if (aprr_support == 1) {
+        __asm__ __volatile__ (
+            "mov x0, %0\n"
+            "ldr x0, [x0]\n"
+            "msr S3_4_c15_c2_7, x0\n"
+            "isb sy\n"
+            :: "r" (enabled ? _COMM_PAGE_APRR_WRITE_DISABLE
+                            : _COMM_PAGE_APPR_WRITE_ENABLE)
+            : "memory", "x0"
+        );
+    } else {
+        __asm__ __volatile__ (
+            "mov x0, %0\n"
+            "ldr x0, [x0]\n"
+            "msr S3_6_c15_c1_5, x0\n"
+            "isb sy\n"
+            :: "r" (enabled ? _COMM_PAGE_APRR_WRITE_DISABLE
+                            : _COMM_PAGE_APPR_WRITE_ENABLE)
+            : "memory", "x0"
+        );
+    }
+}
+
+#else /* defined(__aarch64__) && defined(CONFIG_DARWIN) */
+
+static __attribute__((__always_inline__)) bool jit_write_protect_supported(void)
+{
+    return false;
+}
+
+static __attribute__((__always_inline__)) void jit_write_protect(int enabled)
+{
+}
+
+#endif
+
+#endif /* define TCG_APPLE_JIT_H */
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index a76c259d1b..8a210542bc 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -631,6 +631,9 @@ struct TCGContext {
     int code_gen_buffer_fd;
     ptrdiff_t code_rw_mirror_diff;
 #endif
+#if defined(CONFIG_DARWIN) && !defined(CONFIG_TCG_INTERPRETER)
+    bool code_gen_locked; /* on Darwin each thread tracks W^X flags */
+#endif
 
     /* Threshold to flush the translated code buffer.  */
     void *code_gen_highwater;
diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
index 12c1e3e974..f1eb767b02 100644
--- a/accel/tcg/cpu-exec-common.c
+++ b/accel/tcg/cpu-exec-common.c
@@ -64,6 +64,8 @@ void cpu_reloading_memory_map(void)
 
 void cpu_loop_exit(CPUState *cpu)
 {
+    /* Unlock JIT write protect if applicable. */
+    tb_exec_unlock();
     /* Undo the setting in cpu_tb_exec.  */
     cpu->can_do_io = 1;
     siglongjmp(cpu->jmp_env, 1);
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index f7eb6fcd77..f720fbd358 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -175,7 +175,9 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu, TranslationBlock *itb)
     }
 #endif /* DEBUG_DISAS */
 
+    tb_exec_lock();
     ret = tcg_qemu_tb_exec(env, tb_ptr);
+    tb_exec_unlock();
     cpu->can_do_io = 1;
     last_tb = (TranslationBlock *)(ret & ~TB_EXIT_MASK);
     tb_exit = ret & TB_EXIT_MASK;
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 2144433024..ad41d2c817 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -27,6 +27,9 @@
 #include "disas/disas.h"
 #include "exec/exec-all.h"
 #include "tcg/tcg.h"
+#if defined(CONFIG_DARWIN)
+#include "tcg/tcg-apple-jit.h"
+#endif
 #if defined(CONFIG_USER_ONLY)
 #include "qemu.h"
 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
@@ -61,6 +64,9 @@
 #include "sysemu/tcg.h"
 #include "qemu/memfd.h"
 
+static bool tb_exec_is_locked(void);
+static void tb_exec_change(bool locked);
+
 /* #define DEBUG_TB_INVALIDATE */
 /* #define DEBUG_TB_FLUSH */
 /* make various TB consistency checks */
@@ -1093,6 +1099,12 @@ static inline void *alloc_code_gen_buffer(bool mirror_jit)
         prot |= PROT_WRITE;
         flags |= MAP_ANONYMOUS | MAP_PRIVATE;
     }
+#elif defined(CONFIG_DARWIN) /* both iOS and macOS (Apple Silicon) applicable */
+    if (!mirror_jit) {
+        prot |= PROT_WRITE;
+        flags |= MAP_JIT;
+    }
+    flags |= MAP_ANONYMOUS | MAP_PRIVATE;
 #else /* defined(CONFIG_LINUX) */
 #error "Mirror JIT unimplemented for this platform."
 #endif /* defined(CONFIG_LINUX) */
@@ -1164,9 +1176,42 @@ static inline void *alloc_jit_rw_mirror(void)
 
     return buf;
 }
+#elif defined(CONFIG_DARWIN)
+static inline void *alloc_jit_rw_mirror(void)
+{
+    void *base = tcg_ctx->code_gen_buffer;
+    size_t size = tcg_ctx->code_gen_buffer_size;
+    kern_return_t ret;
+    mach_vm_address_t mirror;
+    vm_prot_t cur_prot, max_prot;
+
+    mirror = 0;
+    ret = mach_vm_remap(mach_task_self(),
+                        &mirror,
+                        size,
+                        0,
+                        VM_FLAGS_ANYWHERE | VM_FLAGS_RANDOM_ADDR,
+                        mach_task_self(),
+                        (mach_vm_address_t)base,
+                        false,
+                        &cur_prot,
+                        &max_prot,
+                        VM_INHERIT_NONE
+                       );
+    if (ret != KERN_SUCCESS) {
+        return NULL;
+    }
+
+    if (mprotect((void *)mirror, size, PROT_READ | PROT_WRITE) != 0) {
+        munmap((void *)mirror, size);
+        return NULL;
+    }
+
+    return (void *)mirror;
+}
 #else
 #error "Mirror JIT unimplemented for this platform."
-#endif /* CONFIG_IOS */
+#endif /* CONFIG_DARWIN */
 #endif /* CONFIG_MIRROR_JIT */
 
 static inline void code_gen_alloc(size_t tb_size, bool mirror_jit)
@@ -1230,6 +1275,7 @@ void tcg_exec_init(unsigned long tb_size, bool mirror_jit)
     page_init();
     tb_htable_init();
     code_gen_alloc(tb_size, mirror_jit);
+    tb_exec_unlock();
 #if defined(CONFIG_SOFTMMU)
     /* There's no guest base to take into account, so go ahead and
        initialize the prologue now.  */
@@ -1506,8 +1552,11 @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
     PageDesc *p;
     uint32_t h;
     tb_page_addr_t phys_pc;
+    bool code_gen_locked;
 
     assert_memory_lock();
+    code_gen_locked = tb_exec_is_locked();
+    tb_exec_unlock();
 
     /* make sure no further incoming jumps will be chained to this TB */
     qemu_spin_lock(&tb->jmp_lock);
@@ -1520,6 +1569,7 @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
                      tb->trace_vcpu_dstate);
     if (!(tb->cflags & CF_NOCACHE) &&
         !qht_remove(&tb_ctx.htable, tb, h)) {
+        tb_exec_change(code_gen_locked);
         return;
     }
 
@@ -1552,6 +1602,8 @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
 
     qatomic_set(&tcg_ctx->tb_phys_invalidate_count,
                tcg_ctx->tb_phys_invalidate_count + 1);
+
+    tb_exec_change(code_gen_locked);
 }
 
 static void tb_phys_invalidate__locked(TranslationBlock *tb)
@@ -2792,3 +2844,36 @@ void tcg_flush_softmmu_tlb(CPUState *cs)
     tlb_flush(cs);
 #endif
 }
+
+#if defined(CONFIG_DARWIN) && !defined(CONFIG_TCG_INTERPRETER)
+static bool tb_exec_is_locked(void)
+{
+    return tcg_ctx->code_gen_locked;
+}
+
+static void tb_exec_change(bool locked)
+{
+    if (jit_write_protect_supported()) {
+        jit_write_protect(locked);
+    }
+    tcg_ctx->code_gen_locked = locked;
+}
+#else /* not needed on non-Darwin platforms */
+static bool tb_exec_is_locked(void)
+{
+    return false;
+}
+
+static void tb_exec_change(bool locked) {}
+#endif
+
+void tb_exec_lock(void)
+{
+    /* assumes sys_icache_invalidate already called */
+    tb_exec_change(true);
+}
+
+void tb_exec_unlock(void)
+{
+    tb_exec_change(false);
+}
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 085bc73063..ef64c0d3b1 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -781,6 +781,8 @@ static void alloc_tcg_plugin_context(TCGContext *s)
 void tcg_register_thread(void)
 {
     tcg_ctx = &tcg_init_ctx;
+
+    tb_exec_unlock();
 }
 #else
 void tcg_register_thread(void)
@@ -815,6 +817,8 @@ void tcg_register_thread(void)
     err = tcg_region_initial_alloc__locked(tcg_ctx);
     g_assert(!err);
     qemu_mutex_unlock(&region.lock);
+
+    tb_exec_unlock();
 }
 #endif /* !CONFIG_USER_ONLY */
 
-- 
2.28.0

[PATCH v3 7/7] block: check availablity for preadv/pwritev on mac

[Joelle van Dyne]

macOS 11/iOS 14 added preadv/pwritev APIs. Due to weak linking, configure
will succeed with CONFIG_PREADV even when targeting a lower OS version. We
therefore need to check at run time if we can actually use these APIs.

Signed-off-by: Joelle van Dyne <j@getutm.app>
---
 block/file-posix.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/block/file-posix.c b/block/file-posix.c
index 5560fd20ac..b5a7ce483d 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1394,12 +1394,24 @@ static bool preadv_present = true;
 static ssize_t
 qemu_preadv(int fd, const struct iovec *iov, int nr_iov, off_t offset)
 {
+#ifdef CONFIG_DARWIN /* preadv introduced in macOS 11 */
+    if (!__builtin_available(macOS 11, iOS 14, watchOS 7, tvOS 14, *)) {
+        preadv_present = false;
+        return -ENOSYS;
+    } else
+#endif
     return preadv(fd, iov, nr_iov, offset);
 }
 
 static ssize_t
 qemu_pwritev(int fd, const struct iovec *iov, int nr_iov, off_t offset)
 {
+#ifdef CONFIG_DARWIN /* pwritev introduced in macOS 11 */
+    if (!__builtin_available(macOS 11, iOS 14, watchOS 7, tvOS 14, *)) {
+        preadv_present = false;
+        return -ENOSYS;
+    } else
+#endif
     return pwritev(fd, iov, nr_iov, offset);
 }
 
-- 
2.28.0

Re: [PATCH v3 1/7] configure: option to disable host block devices

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 1426 bytes --]

On Tue, Oct 27, 2020 at 08:06:55PM -0700, Joelle van Dyne wrote:
> Some hosts (iOS) have a sandboxed filesystem and do not provide low-level
> APIs for interfacing with host block devices.
> 
> Signed-off-by: Joelle van Dyne <j@getutm.app>
> ---
>  configure          | 4 ++++
>  meson.build        | 1 +
>  block/file-posix.c | 8 +++++++-
>  3 files changed, 12 insertions(+), 1 deletion(-)

A change along these lines is needed in qapi/block-core.json:

  { 'enum': 'BlockdevDriver',
    ...
    { 'name': 'host_device', 'if': 'defined(CONFIG_HOST_BLOCK_DEVICE)' }

That way the QAPI schema reflects the QEMU binary's actual features.

> 
> diff --git a/configure b/configure
> index 71bbe82ac5..4e68a5fefe 100755
> --- a/configure
> +++ b/configure
> @@ -448,6 +448,7 @@ ninja=""
>  skip_meson=no
>  gettext=""
>  mirror_jit="no"
> +host_block_device_support="yes"
>  
>  bogus_os="no"
>  malloc_trim="auto"
> @@ -5901,6 +5902,9 @@ if test "$default_devices" = "yes" ; then
>  else
>    echo "CONFIG_MINIKCONF_MODE=--allnoconfig" >> $config_host_mak
>  fi
> +if test "$host_block_device_support" = "yes" ; then
> +  echo "CONFIG_HOST_BLOCK_DEVICE=y" >> $config_host_mak
> +fi
>  if test "$debug_tcg" = "yes" ; then
>    echo "CONFIG_DEBUG_TCG=y" >> $config_host_mak
>  fi

How do you disable CONFIG_HOST_BLOCK_DEVICE? There is no ./configure
--disable-host-block-device option.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 3/7] qemu: add support for iOS host

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 2619 bytes --]

On Tue, Oct 27, 2020 at 08:06:57PM -0700, Joelle van Dyne wrote:
> This introduces support for building for iOS hosts. When the correct Xcode
> toolchain is used, iOS host will be detected automatically.
> 
> block: disable features not supported by iOS sandbox
> slirp: disable SMB features for iOS
> target: disable system() calls for iOS
> tcg: use sys_icache_invalidate() instead of GCC builtin for iOS
> tests: disable tests on iOS which uses system()
> Signed-off-by: Joelle van Dyne <j@getutm.app>
> ---
>  configure                      | 43 +++++++++++++++++++++++++++++++++-
>  meson.build                    |  2 +-
>  tcg/aarch64/tcg-target.h       |  7 ++++++
>  block.c                        |  2 +-
>  block/file-posix.c             | 31 ++++++++++++++----------
>  net/slirp.c                    | 16 ++++++-------
>  qga/commands-posix.c           |  6 +++++
>  target/arm/arm-semi.c          |  2 ++
>  target/m68k/m68k-semi.c        |  2 ++
>  target/nios2/nios2-semi.c      |  2 ++
>  tests/qtest/libqos/virtio-9p.c |  8 +++++++
>  tests/qtest/meson.build        |  7 +++---
>  12 files changed, 101 insertions(+), 27 deletions(-)

Please add a ./MAINTAINERS file entry for iOS host support.

Maintainership duties involve:
1. Respond to emails and review patches for their subsystem.
2. Send pull requests with the patches they have merged.
3. Participate in keeping their subsystem functional, e.g. ensuring CI
   coverage and testing is working.

These are not strictly defined, people do them in different ways.

It is beneficial to get continuous integration working for iOS.
Otherwise other maintainers may merge patches that break iOS compilation
and you'll find out later and be left solving the issues.

> diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c
> index d7a80dd303..bb029070d3 100644
> --- a/target/nios2/nios2-semi.c
> +++ b/target/nios2/nios2-semi.c
> @@ -426,6 +426,7 @@ void do_nios2_semihosting(CPUNios2State *env)
>              result = isatty(arg0);
>          }
>          break;
> +#if !defined(CONFIG_IOS) /* iOS does not have system() */
>      case HOSTED_SYSTEM:
>          GET_ARG(0);
>          GET_ARG(1);
> @@ -444,6 +445,7 @@ void do_nios2_semihosting(CPUNios2State *env)
>              }
>          }
>          break;
> +#endif
>      default:
>          qemu_log_mask(LOG_GUEST_ERROR, "nios2-semihosting: unsupported "
>                        "semihosting syscall %d\n", nr);

Another option is to define a system() that always returns ENOSYS. Then
the #ifdefs can be avoided.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 4/7] coroutine: add libucontext as external library

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 958 bytes --]

On Tue, Oct 27, 2020 at 08:06:58PM -0700, Joelle van Dyne wrote:

I am not a lawyer and haven't consulted any lawyers, but libucontext
seems compatible with QEMU's license to me. I think QEMU can mirror the
libucontext repo and ship it like the other submodules. No changes to
QEMU's ./LICENSE are necessary since it is similar to the other
permissive licenses already in use.

FWIW I only took a look at
https://github.com/utmapp/libucontext/blob/master/LICENSE. I did not
review the actual libucontext source code.

> diff --git a/meson.build b/meson.build
> index 48c95150fe..0beb199303 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1243,9 +1243,35 @@ if not fdt.found() and fdt_required.length() > 0
>    error('fdt not available but required by targets ' + ', '.join(fdt_required))
>  endif
>  
> +ucontext = not_found
> +slirp_opt = 'disabled'

Minor issue: the slirp_opt change should probably be part of another patch.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 5/7] slirp: update build flags for iOS resolv fix

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 347 bytes --]

On Tue, Oct 27, 2020 at 08:06:59PM -0700, Joelle van Dyne wrote:
> A future libslirp update will use libresolv on Darwin systems, so we add the
> flags in QEMU build now.
> 
> Signed-off-by: Joelle van Dyne <j@getutm.app>
> ---
>  meson.build | 2 ++
>  1 file changed, 2 insertions(+)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 6/7] tcg: implement JIT for iOS and Apple Silicon

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 986 bytes --]

On Tue, Oct 27, 2020 at 08:07:00PM -0700, Joelle van Dyne wrote:
> On iOS, we cannot allocate RWX pages without special entitlements. As a
> workaround, we can allocate a RX region and then mirror map it to a separate
> RX region. Then we can write to one region and execute from the other one.

"separate RW region"? The sentence doesn't seem to make sense if both
regions are RX.

> 
> When entitlements are available (macOS or jailbroken iOS), a hardware
> feature called APRR exists on newer Apple Silicon that can cheaply mark JIT
> pages as either RX or RW. Reverse engineered functions from
> libsystem_pthread.dylib are implemented to handle this.

What does "Reverse engineered functions" mean? We cannot accept code
into QEMU that is a potential liability if Apple could claim it has been
copied, derived, etc without permission. If libsystem_pthread.dylib is
open source, especially under a permissive license, then it's probably
okay.

Can you clarify?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 7/7] block: check availablity for preadv/pwritev on mac

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 698 bytes --]

On Tue, Oct 27, 2020 at 08:07:01PM -0700, Joelle van Dyne wrote:
> macOS 11/iOS 14 added preadv/pwritev APIs. Due to weak linking, configure
> will succeed with CONFIG_PREADV even when targeting a lower OS version. We
> therefore need to check at run time if we can actually use these APIs.
> 
> Signed-off-by: Joelle van Dyne <j@getutm.app>
> ---
>  block/file-posix.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)

What happens when preadv() is called prior to macOS 11/iOS 14?

If I understand correctly the runtime check is preferrable because
otherwise a binary compiled on recent macOS/iOS would ship with preadv()
support but fail when executed on an older macOS/iOS?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 0/7] iOS and Apple Silicon host support

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 1630 bytes --]

On Tue, Oct 27, 2020 at 08:06:54PM -0700, Joelle van Dyne wrote:
> Based-on: 20201026191540.12434-1-j@getutm.app
> ([PATCH RESEND 0/4] Mirror map JIT memory for TCG)
> 
> These set of changes brings QEMU TCG to iOS devices and future Apple Silicon
> devices. They were originally developed last year and have been working in the
> UTM app. Recently, we ported the changes to master, re-wrote a lot of the build
> script changes for meson, and broke up the patches into more distinct units.
> 
> A summary of the changes:
> 
> * `CONFIG_IOS` defined when building for iOS and iOS specific changes (as well
>   as unsupported code) are gated behind it.
> * A new dependency, libucontext is added since iOS does not have native ucontext
>   and broken support for sigaltstack. libucontext is available as a new option
>   for coroutine backend.
> * On stock iOS devices, there is a workaround for running JIT code without
>   any special entitlement. It requires the JIT region to be mirror mapped with
>   one region RW and another one RX. To support this style of JIT, TCG is changed
>   to support writing to a different code_ptr. This change is submitted in a
>   different patch set and this one depends on it.
> * For (recent) jailbroken iOS devices as well as upcoming Apple Silicon devices,
>   there are new rules for applications supporting JIT (with the proper
>   entitlement). These rules are implemented as well.

These patches are in pretty good shape. I have posted comments, the main
request is to add a ./MAINTAINERS file entry and to look into continuous
integration support.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 1/7] configure: option to disable host block devices

[Joelle van Dyne]

On Wed, Oct 28, 2020 at 4:22 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Tue, Oct 27, 2020 at 08:06:55PM -0700, Joelle van Dyne wrote:
> > Some hosts (iOS) have a sandboxed filesystem and do not provide low-level
> > APIs for interfacing with host block devices.
> >
> > Signed-off-by: Joelle van Dyne <j@getutm.app>
> > ---
> >  configure          | 4 ++++
> >  meson.build        | 1 +
> >  block/file-posix.c | 8 +++++++-
> >  3 files changed, 12 insertions(+), 1 deletion(-)
>
> A change along these lines is needed in qapi/block-core.json:
>
>   { 'enum': 'BlockdevDriver',
>     ...
>     { 'name': 'host_device', 'if': 'defined(CONFIG_HOST_BLOCK_DEVICE)' }
>
> That way the QAPI schema reflects the QEMU binary's actual features.
Will do.

>
> >
> > diff --git a/configure b/configure
> > index 71bbe82ac5..4e68a5fefe 100755
> > --- a/configure
> > +++ b/configure
> > @@ -448,6 +448,7 @@ ninja=""
> >  skip_meson=no
> >  gettext=""
> >  mirror_jit="no"
> > +host_block_device_support="yes"
> >
> >  bogus_os="no"
> >  malloc_trim="auto"
> > @@ -5901,6 +5902,9 @@ if test "$default_devices" = "yes" ; then
> >  else
> >    echo "CONFIG_MINIKCONF_MODE=--allnoconfig" >> $config_host_mak
> >  fi
> > +if test "$host_block_device_support" = "yes" ; then
> > +  echo "CONFIG_HOST_BLOCK_DEVICE=y" >> $config_host_mak
> > +fi
> >  if test "$debug_tcg" = "yes" ; then
> >    echo "CONFIG_DEBUG_TCG=y" >> $config_host_mak
> >  fi
>
> How do you disable CONFIG_HOST_BLOCK_DEVICE? There is no ./configure
> --disable-host-block-device option.
I don't see a value in disabling as an option. It's always enabled by
default and automatically disabled for iOS.

-j

Re: [PATCH v3 3/7] qemu: add support for iOS host

[Joelle van Dyne]

On Wed, Oct 28, 2020 at 4:39 AM Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> On Tue, Oct 27, 2020 at 08:06:57PM -0700, Joelle van Dyne wrote:
> > This introduces support for building for iOS hosts. When the correct Xcode
> > toolchain is used, iOS host will be detected automatically.
> >
> > block: disable features not supported by iOS sandbox
> > slirp: disable SMB features for iOS
> > target: disable system() calls for iOS
> > tcg: use sys_icache_invalidate() instead of GCC builtin for iOS
> > tests: disable tests on iOS which uses system()
> > Signed-off-by: Joelle van Dyne <j@getutm.app>
> > ---
> >  configure                      | 43 +++++++++++++++++++++++++++++++++-
> >  meson.build                    |  2 +-
> >  tcg/aarch64/tcg-target.h       |  7 ++++++
> >  block.c                        |  2 +-
> >  block/file-posix.c             | 31 ++++++++++++++----------
> >  net/slirp.c                    | 16 ++++++-------
> >  qga/commands-posix.c           |  6 +++++
> >  target/arm/arm-semi.c          |  2 ++
> >  target/m68k/m68k-semi.c        |  2 ++
> >  target/nios2/nios2-semi.c      |  2 ++
> >  tests/qtest/libqos/virtio-9p.c |  8 +++++++
> >  tests/qtest/meson.build        |  7 +++---
> >  12 files changed, 101 insertions(+), 27 deletions(-)
>
> Please add a ./MAINTAINERS file entry for iOS host support.
>
> Maintainership duties involve:
> 1. Respond to emails and review patches for their subsystem.
> 2. Send pull requests with the patches they have merged.
> 3. Participate in keeping their subsystem functional, e.g. ensuring CI
>    coverage and testing is working.
>
> These are not strictly defined, people do them in different ways.
Will do.

>
> It is beneficial to get continuous integration working for iOS.
> Otherwise other maintainers may merge patches that break iOS compilation
> and you'll find out later and be left solving the issues.
If we want to do this it may come in another patch set. Reason is that
to build QEMU for iOS, you have to build all the dependencies as well,
which means downloading and building tar.gz from various sources for
specific versions. We run a CI for UTM that uses this script to build
QEMU, as you can see it's rather involved:
https://github.com/utmapp/UTM/blob/master/scripts/build_dependencies.sh

>
> > diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c
> > index d7a80dd303..bb029070d3 100644
> > --- a/target/nios2/nios2-semi.c
> > +++ b/target/nios2/nios2-semi.c
> > @@ -426,6 +426,7 @@ void do_nios2_semihosting(CPUNios2State *env)
> >              result = isatty(arg0);
> >          }
> >          break;
> > +#if !defined(CONFIG_IOS) /* iOS does not have system() */
> >      case HOSTED_SYSTEM:
> >          GET_ARG(0);
> >          GET_ARG(1);
> > @@ -444,6 +445,7 @@ void do_nios2_semihosting(CPUNios2State *env)
> >              }
> >          }
> >          break;
> > +#endif
> >      default:
> >          qemu_log_mask(LOG_GUEST_ERROR, "nios2-semihosting: unsupported "
> >                        "semihosting syscall %d\n", nr);
>
> Another option is to define a system() that always returns ENOSYS. Then
> the #ifdefs can be avoided.
Done.

-j

Re: [PATCH v3 4/7] coroutine: add libucontext as external library

[Joelle van Dyne]

Mirroring the repo by QEMU is fine and preferred. Not sure if anything
is required from my end there.

slirp_opt slipped in from a rebase and should not be there, will fix.

-j

On Wed, Oct 28, 2020 at 4:48 AM Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> On Tue, Oct 27, 2020 at 08:06:58PM -0700, Joelle van Dyne wrote:
>
> I am not a lawyer and haven't consulted any lawyers, but libucontext
> seems compatible with QEMU's license to me. I think QEMU can mirror the
> libucontext repo and ship it like the other submodules. No changes to
> QEMU's ./LICENSE are necessary since it is similar to the other
> permissive licenses already in use.
>
> FWIW I only took a look at
> https://github.com/utmapp/libucontext/blob/master/LICENSE. I did not
> review the actual libucontext source code.
>
> > diff --git a/meson.build b/meson.build
> > index 48c95150fe..0beb199303 100644
> > --- a/meson.build
> > +++ b/meson.build
> > @@ -1243,9 +1243,35 @@ if not fdt.found() and fdt_required.length() > 0
> >    error('fdt not available but required by targets ' + ', '.join(fdt_required))
> >  endif
> >
> > +ucontext = not_found
> > +slirp_opt = 'disabled'
>
> Minor issue: the slirp_opt change should probably be part of another patch.

Re: [PATCH v3 6/7] tcg: implement JIT for iOS and Apple Silicon

[Joelle van Dyne]

Will fix the typo in the commit message.

Re: "reverse engineered functions", Apple does not provide any
documentation on their extensions to ARM architecture. APRR is one
such proprietary feature that is controlled by MRS/MSR writes to an
undocumented system register. We reverse engineered the functionality
by tracing how libsystem_pthread.dylib works and replicating the
MRS/MSR calls.

More details: https://siguza.github.io/APRR/

Legally, I don't think this is any different from reverse engineering
some hardware interface to write a Linux driver but IANAL.

-j

On Wed, Oct 28, 2020 at 4:54 AM Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> On Tue, Oct 27, 2020 at 08:07:00PM -0700, Joelle van Dyne wrote:
> > On iOS, we cannot allocate RWX pages without special entitlements. As a
> > workaround, we can allocate a RX region and then mirror map it to a separate
> > RX region. Then we can write to one region and execute from the other one.
>
> "separate RW region"? The sentence doesn't seem to make sense if both
> regions are RX.
>
> >
> > When entitlements are available (macOS or jailbroken iOS), a hardware
> > feature called APRR exists on newer Apple Silicon that can cheaply mark JIT
> > pages as either RX or RW. Reverse engineered functions from
> > libsystem_pthread.dylib are implemented to handle this.
>
> What does "Reverse engineered functions" mean? We cannot accept code
> into QEMU that is a potential liability if Apple could claim it has been
> copied, derived, etc without permission. If libsystem_pthread.dylib is
> open source, especially under a permissive license, then it's probably
> okay.
>
> Can you clarify?

Re: [PATCH v3 7/7] block: check availablity for preadv/pwritev on mac

[Joelle van Dyne]

If built with Xcode 11 (or below), a compile time error will occur due
to symbol not found. (QEMU's ./configure detects this and doesn't
enable it)
If built with Xcode 12 without the checks, a runtime error will occur.

-j

On Wed, Oct 28, 2020 at 5:23 AM Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> On Tue, Oct 27, 2020 at 08:07:01PM -0700, Joelle van Dyne wrote:
> > macOS 11/iOS 14 added preadv/pwritev APIs. Due to weak linking, configure
> > will succeed with CONFIG_PREADV even when targeting a lower OS version. We
> > therefore need to check at run time if we can actually use these APIs.
> >
> > Signed-off-by: Joelle van Dyne <j@getutm.app>
> > ---
> >  block/file-posix.c | 12 ++++++++++++
> >  1 file changed, 12 insertions(+)
>
> What happens when preadv() is called prior to macOS 11/iOS 14?
>
> If I understand correctly the runtime check is preferrable because
> otherwise a binary compiled on recent macOS/iOS would ship with preadv()
> support but fail when executed on an older macOS/iOS?

Re: [PATCH v3 4/7] coroutine: add libucontext as external library

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 238 bytes --]

On Wed, Oct 28, 2020 at 05:59:37PM -0700, Joelle van Dyne wrote:
> Mirroring the repo by QEMU is fine and preferred. Not sure if anything
> is required from my end there.

I can set up the mirror when this patch series is merged.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 3/7] qemu: add support for iOS host

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 1797 bytes --]

On Wed, Oct 28, 2020 at 05:55:07PM -0700, Joelle van Dyne wrote:
> On Wed, Oct 28, 2020 at 4:39 AM Stefan Hajnoczi <stefanha@redhat.com> wrote:
> > On Tue, Oct 27, 2020 at 08:06:57PM -0700, Joelle van Dyne wrote:
> > It is beneficial to get continuous integration working for iOS.
> > Otherwise other maintainers may merge patches that break iOS compilation
> > and you'll find out later and be left solving the issues.
> If we want to do this it may come in another patch set. Reason is that
> to build QEMU for iOS, you have to build all the dependencies as well,
> which means downloading and building tar.gz from various sources for
> specific versions. We run a CI for UTM that uses this script to build
> QEMU, as you can see it's rather involved:
> https://github.com/utmapp/UTM/blob/master/scripts/build_dependencies.sh

The main issue I see is that the build time will be long due to all the
dependencies that are built from source.

If there is a way to cache the build dependency artifacts then it could
be simplified down to:

  tar xf qemu_ios_deps.tar.bz2
  git clone https://gitlab.com/qemu-project/qemu.git
  cd qemu
  ./configure ...
  make ...

The dependencies could be rebuild periodically (e.g. monthly or
on-demand when you decide to upgrade dependencies).

If you want to discuss CI integration more please start a new email
thread.  A number of people in the QEMU community have been playing with
various CI systems recently (GitLab, GitHub Actions, Travis, Cirrus,
etc) and might be able to suggest how to do this.

AFAIK Cirrus, Travis, and GitHub Actions offer free macOS runners. Or
you can install gitlab-runner on your own Mac and connect it to QEMU's
GitLab CI.

Using GitLab CI is slightly preferred because QEMU is moving towards it
as the main CI system.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 7/7] block: check availablity for preadv/pwritev on mac

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 476 bytes --]

On Wed, Oct 28, 2020 at 06:07:16PM -0700, Joelle van Dyne wrote:
> If built with Xcode 12 without the checks, a runtime error will occur.

If that runtime error is ENOSYS then it's handled by existing code:

  if (preadv_present) {
      nbytes = handle_aiocb_rw_vector(aiocb);
      if (nbytes == aiocb->aio_nbytes ||
          (nbytes < 0 && nbytes != -ENOSYS)) {
          goto out;
      }
      preadv_present = false;
  }

Why is additional code needed for iOS?

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 6/7] tcg: implement JIT for iOS and Apple Silicon

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 775 bytes --]

On Wed, Oct 28, 2020 at 06:04:56PM -0700, Joelle van Dyne wrote:
> Will fix the typo in the commit message.
> 
> Re: "reverse engineered functions", Apple does not provide any
> documentation on their extensions to ARM architecture. APRR is one
> such proprietary feature that is controlled by MRS/MSR writes to an
> undocumented system register. We reverse engineered the functionality
> by tracing how libsystem_pthread.dylib works and replicating the
> MRS/MSR calls.
> 
> More details: https://siguza.github.io/APRR/
> 
> Legally, I don't think this is any different from reverse engineering
> some hardware interface to write a Linux driver but IANAL.

Thanks, I have taken the discussion off-list where we can get advice
regarding this case.

Stefan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3 7/7] block: check availablity for preadv/pwritev on mac

[Joelle van Dyne]

No it doesn't return ENOSYS. Dyld calls abort() when a weak link is
not resolved at the time of call.

-j

On Thu, Oct 29, 2020 at 12:54 AM Stefan Hajnoczi <stefanha@gmail.com> wrote:
>
> On Wed, Oct 28, 2020 at 06:07:16PM -0700, Joelle van Dyne wrote:
> > If built with Xcode 12 without the checks, a runtime error will occur.
>
> If that runtime error is ENOSYS then it's handled by existing code:
>
>   if (preadv_present) {
>       nbytes = handle_aiocb_rw_vector(aiocb);
>       if (nbytes == aiocb->aio_nbytes ||
>           (nbytes < 0 && nbytes != -ENOSYS)) {
>           goto out;
>       }
>       preadv_present = false;
>   }
>
> Why is additional code needed for iOS?
>
> Stefan