From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:52535)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SSseS-0006ak-9v
	for qemu-devel@nongnu.org; Fri, 11 May 2012 12:25:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SSseQ-00035l-FO
	for qemu-devel@nongnu.org; Fri, 11 May 2012 12:25:07 -0400
Received: from mail-yw0-f45.google.com ([209.85.213.45]:41524)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SSseQ-00033T-8a
	for qemu-devel@nongnu.org; Fri, 11 May 2012 12:25:06 -0400
Received: by yhoo21 with SMTP id o21so3565135yho.4
	for <qemu-devel@nongnu.org>; Fri, 11 May 2012 09:25:04 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <1336725610-8195-1-git-send-email-agraf@suse.de>
References: <1336725610-8195-1-git-send-email-agraf@suse.de>
Date: Fri, 11 May 2012 17:25:03 +0100
Message-ID: <CAFEAcA-unC_a20Fx4_yWkyRON6a=pc=4RfA6aisYVYTB_uHnHw@mail.gmail.com>
From: Peter Maydell <peter.maydell@linaro.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] linux-user: Fix stale tbs after mmap
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel Developers <qemu-devel@nongnu.org>

On 11 May 2012 09:40, Alexander Graf <agraf@suse.de> wrote:
> If we execute linux-user code that does the following:
>
> =C2=A0* A =3D mmap()
> =C2=A0* execute code in A
> =C2=A0* munmap(A)
> =C2=A0* B =3D mmap(), but mmap returns the same address as A
> =C2=A0* execute code in B
>
> we end up executing a stale cached tb that contains translated code
> from A, while we want new code from B.
>
> This patch adds a TB flush for mmap'ed regions, before we return them,
> avoiding the whole issue. It also adds a flush for munmap, so that we
> don't execute stale TBs instead of getting a segfault.
>
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Alexander Graf <agraf@suse.de>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

-- PMM