From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:46395)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SSs3G-0001ri-VA
	for qemu-devel@nongnu.org; Fri, 11 May 2012 11:46:44 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SSs3F-0001Ep-2p
	for qemu-devel@nongnu.org; Fri, 11 May 2012 11:46:42 -0400
Received: from mail-yw0-f45.google.com ([209.85.213.45]:41106)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SSs3E-0001Ee-VT
	for qemu-devel@nongnu.org; Fri, 11 May 2012 11:46:41 -0400
Received: by yhoo21 with SMTP id o21so3513708yho.4
	for <qemu-devel@nongnu.org>; Fri, 11 May 2012 08:46:38 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <BA0ED813-AF4C-4FB4-AEFB-CB1B802DF76D@suse.de>
References: <1336383010-28692-1-git-send-email-agraf@suse.de>
	<CAFEAcA-u2Ty0iXNQumn7HY4MH-uVkZ616BZJUAUoC-k02v+WEA@mail.gmail.com>
	<F4C6F921-7E35-4246-BF5F-0652660AA0AB@suse.de>
	<BA0ED813-AF4C-4FB4-AEFB-CB1B802DF76D@suse.de>
Date: Fri, 11 May 2012 16:46:37 +0100
Message-ID: <CAFEAcA-fC=iWK=0OCrCO_uuZBNsxYTBdeiZoVSUoFtL4gfK2bA@mail.gmail.com>
From: Peter Maydell <peter.maydell@linaro.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] linux-user: Fix stale tbs after mmap
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel Developers <qemu-devel@nongnu.org>

On 7 May 2012 12:38, Alexander Graf <agraf@suse.de> wrote:
>
> On 07.05.2012, at 13:32, Alexander Graf wrote:
>
>>
>> On 07.05.2012, at 12:37, Peter Maydell wrote:
>>
>>> On 7 May 2012 10:30, Alexander Graf <agraf@suse.de> wrote:
>>>> @@ -587,6 +587,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong le=
n, int prot,
>>>> =C2=A0 =C2=A0page_dump(stdout);
>>>> =C2=A0 =C2=A0printf("\n");
>>>> #endif
>>>> + =C2=A0 =C2=A0tb_invalidate_phys_page_range(start, start + len, 0);
>>>> =C2=A0 =C2=A0mmap_unlock();
>>>> =C2=A0 =C2=A0return start;
>>>
>>> The comment at the top of tb_invalidate_phys_page_range() says
>>> "start and end must refer to the same physical page" -- is it
>>> out of date or does that not apply to user-mode?
>>>
>>> Do you need to also invalidate the range on munmap() and
>>> mprotect-to-not-executable in order to correctly fault on
>>> the case of:
>>> map something
>>> execute it
>>> unmap it
>>> try to execute it again
>>>
>>> ? (haven't tested that case but it seems like it might be an issue)
>>
>> Yeah, the issue does exist:
>
> And the below patch on top of my revised patch fixes it.

I think these two patches look correct (and as you pointed out
on irc I was wrong about mprotect, which effectively already
handles flushing the tb if needed). If you can roll them together
into a single patch with a commit message and signed-off-by
you can add my Reviewed-by: tag to it.

thanks
-- PMM