From 15c4e8fe44e34eee4a13135eeb121b3b26e4cd1b Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 20 Mar 2021 10:57:19 -0600 Subject: [PATCH 1/5] tcg: Do not set guard pages on the rx portion of code_gen_buffer The rw portion of the buffer is the only one in which overruns can be generated. Allow the rx portion to be more completely covered by huge pages. Signed-off-by: Richard Henderson Tested-by: Roman Bolshakov Reviewed-by: Roman Bolshakov Message-Id: <20210320165720.1813545-2-richard.henderson@linaro.org> --- tcg/tcg.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/tcg/tcg.c b/tcg/tcg.c index de91bb6e9e..88c9e6f8a4 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -828,7 +828,6 @@ void tcg_region_init(void) size_t region_size; size_t n_regions; size_t i; - uintptr_t splitwx_diff; n_regions = tcg_n_regions(); @@ -858,8 +857,11 @@ void tcg_region_init(void) /* account for that last guard page */ region.end -= page_size; - /* set guard pages */ - splitwx_diff = tcg_splitwx_diff; + /* + * Set guard pages in the rw buffer, as that's the one into which + * buffer overruns could occur. Do not set guard pages in the rx + * buffer -- let that one use hugepages throughout. + */ for (i = 0; i < region.n; i++) { void *start, *end; int rc; @@ -867,10 +869,6 @@ void tcg_region_init(void) tcg_region_bounds(i, &start, &end); rc = qemu_mprotect_none(end, page_size); g_assert(!rc); - if (splitwx_diff) { - rc = qemu_mprotect_none(end + splitwx_diff, page_size); - g_assert(!rc); - } } tcg_region_trees_init(); From c118881ee607dcac661b89893de07cbcbaeb304c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sat, 20 Mar 2021 10:57:20 -0600 Subject: [PATCH 2/5] tcg: Workaround macOS 11.2 mprotect bug There's a change in mprotect() behaviour [1] in the latest macOS on M1 and it's not yet clear if it's going to be fixed by Apple. As a short-term fix, ignore failures setting up the guard pages. [1] https://gist.github.com/hikalium/75ae822466ee4da13cbbe486498a191f Signed-off-by: Richard Henderson Tested-by: Roman Bolshakov Reviewed-by: Roman Bolshakov Buglink: https://bugs.launchpad.net/qemu/+bug/1914849 Message-Id: <20210320165720.1813545-3-richard.henderson@linaro.org> --- tcg/tcg.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tcg/tcg.c b/tcg/tcg.c index 88c9e6f8a4..1fbe0b686d 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -864,11 +864,15 @@ void tcg_region_init(void) */ for (i = 0; i < region.n; i++) { void *start, *end; - int rc; tcg_region_bounds(i, &start, &end); - rc = qemu_mprotect_none(end, page_size); - g_assert(!rc); + + /* + * macOS 11.2 has a bug (Apple Feedback FB8994773) in which mprotect + * rejects a permission change from RWX -> NONE. Guard pages are + * nice for bug detection but are not essential; ignore any failure. + */ + (void)qemu_mprotect_none(end, page_size); } tcg_region_trees_init(); From 6670d4d0e38249323df755a92ffdf04f2c6b7894 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 22 Mar 2021 12:24:24 +0100 Subject: [PATCH 3/5] exec: Rename exec-vary.c as page-vary.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit exec-vary.c is about variable page size handling, rename it page-vary.c. Currently this file is target specific (built once for each target), comment this. Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20210322112427.4045204-2-f4bug@amsat.org> [rth: Update MAINTAINERS] Signed-off-by: Richard Henderson --- MAINTAINERS | 1 + meson.build | 3 ++- exec-vary.c => page-vary.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) rename exec-vary.c => page-vary.c (98%) diff --git a/MAINTAINERS b/MAINTAINERS index 9147e9a429..ed68de3cec 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -117,6 +117,7 @@ R: Paolo Bonzini S: Maintained F: softmmu/cpus.c F: cpus-common.c +F: page-vary.c F: accel/tcg/ F: accel/stubs/tcg-stub.c F: util/cacheinfo.c diff --git a/meson.build b/meson.build index 5c85a15364..f0dd8aa089 100644 --- a/meson.build +++ b/meson.build @@ -1933,7 +1933,6 @@ subdir('softmmu') common_ss.add(capstone) specific_ss.add(files('cpu.c', 'disas.c', 'gdbstub.c'), capstone) -specific_ss.add(files('exec-vary.c')) specific_ss.add(when: 'CONFIG_TCG', if_true: files( 'fpu/softfloat.c', 'tcg/optimize.c', @@ -1945,6 +1944,8 @@ specific_ss.add(when: 'CONFIG_TCG', if_true: files( )) specific_ss.add(when: 'CONFIG_TCG_INTERPRETER', if_true: files('tcg/tci.c')) +specific_ss.add(files('page-vary.c')) + subdir('backends') subdir('disas') subdir('migration') diff --git a/exec-vary.c b/page-vary.c similarity index 98% rename from exec-vary.c rename to page-vary.c index a603b1b433..344f9fcf76 100644 --- a/exec-vary.c +++ b/page-vary.c @@ -1,5 +1,5 @@ /* - * Variable page size handling + * Variable page size handling -- target specific part. * * Copyright (c) 2003 Fabrice Bellard * From 27eb9d65ff5121ed11979dd57d9ec2b6c2315c01 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 22 Mar 2021 12:24:25 +0100 Subject: [PATCH 4/5] exec: Extract 'page-vary.h' header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the next commit we will extract the generic code out of page-vary.c, only keeping the target specific code. Both files will use the same TargetPageBits structure, so make its declaration in a shared header. As the common header can not use target specific types, use a uint64_t to hold the page mask value, and add a cast back to target_long in the TARGET_PAGE_MASK definitions. Signed-off-by: Philippe Mathieu-Daudé Message-Id: <20210322112427.4045204-3-f4bug@amsat.org> Signed-off-by: Richard Henderson --- include/exec/cpu-all.h | 11 ++++------- include/exec/page-vary.h | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 include/exec/page-vary.h diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h index 76443eb11d..b0a422c7b6 100644 --- a/include/exec/cpu-all.h +++ b/include/exec/cpu-all.h @@ -215,11 +215,7 @@ static inline void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val /* page related stuff */ #ifdef TARGET_PAGE_BITS_VARY -typedef struct { - bool decided; - int bits; - target_long mask; -} TargetPageBits; +# include "exec/page-vary.h" #if defined(CONFIG_ATTRIBUTE_ALIAS) || !defined(IN_EXEC_VARY) extern const TargetPageBits target_page; #else @@ -227,10 +223,11 @@ extern TargetPageBits target_page; #endif #ifdef CONFIG_DEBUG_TCG #define TARGET_PAGE_BITS ({ assert(target_page.decided); target_page.bits; }) -#define TARGET_PAGE_MASK ({ assert(target_page.decided); target_page.mask; }) +#define TARGET_PAGE_MASK ({ assert(target_page.decided); \ + (target_long)target_page.mask; }) #else #define TARGET_PAGE_BITS target_page.bits -#define TARGET_PAGE_MASK target_page.mask +#define TARGET_PAGE_MASK ((target_long)target_page.mask) #endif #define TARGET_PAGE_SIZE (-(int)TARGET_PAGE_MASK) #else diff --git a/include/exec/page-vary.h b/include/exec/page-vary.h new file mode 100644 index 0000000000..799d6310d6 --- /dev/null +++ b/include/exec/page-vary.h @@ -0,0 +1,29 @@ +/* + * Definitions for cpus with variable page sizes. + * + * Copyright (c) 2003 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ + +#ifndef EXEC_PAGE_VARY_H +#define EXEC_PAGE_VARY_H + +typedef struct { + bool decided; + int bits; + uint64_t mask; +} TargetPageBits; + +#endif /* EXEC_PAGE_VARY_H */ From 44b99a6d5f24afcd8476d0d2701e1ca4ab9b35c1 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 22 Mar 2021 12:24:26 +0100 Subject: [PATCH 5/5] exec: Build page-vary-common.c with -fno-lto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In bbc17caf81f, we used an alias attribute to allow target_page to be declared const, and yet be initialized late. This fails when using LTO with several versions of gcc. The compiler looks through the alias and decides that the const variable is statically initialized to zero, then propagates that zero to many uses of the variable. This can be avoided by compiling one object file with -fno-lto. In this way, any initializer cannot be seen, and the constant propagation does not occur. Since we are certain to have this separate compilation unit, we can drop the alias attribute as well. We simply have differing declarations for target_page in different compilation units. Drop the use of init_target_page, and drop the configure detection for CONFIG_ATTRIBUTE_ALIAS. In order to change the compilation flags for a file with meson, we must use a static_library. This runs into specific_ss, where we would need to create many static_library instances. Fix this by splitting page-vary.c: the page-vary-common.c part is compiled once as a static_library, while the page-vary.c part is left in specific_ss in order to handle the target-specific value of TARGET_PAGE_BITS_MIN. Reported-by: Gavin Shan Signed-off-by: Richard Henderson Message-Id: <20210321211534.2101231-1-richard.henderson@linaro.org> [PMD: Fix typo in subject, split original patch in 3] Signed-off-by: Philippe Mathieu-Daudé Tested-by: Gavin Shan Message-Id: <20210322112427.4045204-4-f4bug@amsat.org> [rth: Update MAINTAINERS] Signed-off-by: Richard Henderson --- MAINTAINERS | 1 + configure | 19 ---------- include/exec/cpu-all.h | 4 -- include/exec/page-vary.h | 5 +++ meson.build | 18 +++++++++ page-vary-common.c | 54 +++++++++++++++++++++++++++ page-vary.c | 79 +++------------------------------------- 7 files changed, 84 insertions(+), 96 deletions(-) create mode 100644 page-vary-common.c diff --git a/MAINTAINERS b/MAINTAINERS index ed68de3cec..10ed6d7624 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -118,6 +118,7 @@ S: Maintained F: softmmu/cpus.c F: cpus-common.c F: page-vary.c +F: page-vary-common.c F: accel/tcg/ F: accel/stubs/tcg-stub.c F: util/cacheinfo.c diff --git a/configure b/configure index 61872096a8..edf9dc8985 100755 --- a/configure +++ b/configure @@ -4889,21 +4889,6 @@ if test "$plugins" = "yes" && "for this purpose. You can't build with --static." fi -######################################## -# See if __attribute__((alias)) is supported. -# This false for Xcode 9, but has been remedied for Xcode 10. -# Unfortunately, travis uses Xcode 9 by default. - -attralias=no -cat > $TMPC << EOF -int x = 1; -extern const int y __attribute__((alias("x"))); -int main(void) { return 0; } -EOF -if compile_prog "" "" ; then - attralias=yes -fi - ######################################## # check if getauxval is available. @@ -5935,10 +5920,6 @@ if test "$atomic64" = "yes" ; then echo "CONFIG_ATOMIC64=y" >> $config_host_mak fi -if test "$attralias" = "yes" ; then - echo "CONFIG_ATTRIBUTE_ALIAS=y" >> $config_host_mak -fi - if test "$getauxval" = "yes" ; then echo "CONFIG_GETAUXVAL=y" >> $config_host_mak fi diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h index b0a422c7b6..d76b0b9e02 100644 --- a/include/exec/cpu-all.h +++ b/include/exec/cpu-all.h @@ -216,11 +216,7 @@ static inline void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val #ifdef TARGET_PAGE_BITS_VARY # include "exec/page-vary.h" -#if defined(CONFIG_ATTRIBUTE_ALIAS) || !defined(IN_EXEC_VARY) extern const TargetPageBits target_page; -#else -extern TargetPageBits target_page; -#endif #ifdef CONFIG_DEBUG_TCG #define TARGET_PAGE_BITS ({ assert(target_page.decided); target_page.bits; }) #define TARGET_PAGE_MASK ({ assert(target_page.decided); \ diff --git a/include/exec/page-vary.h b/include/exec/page-vary.h index 799d6310d6..c22a7a742e 100644 --- a/include/exec/page-vary.h +++ b/include/exec/page-vary.h @@ -26,4 +26,9 @@ typedef struct { uint64_t mask; } TargetPageBits; +#ifdef IN_PAGE_VARY +extern bool set_preferred_target_page_bits_common(int bits); +extern void finalize_target_page_bits_common(int min); +#endif + #endif /* EXEC_PAGE_VARY_H */ diff --git a/meson.build b/meson.build index f0dd8aa089..c6f4b0cf5e 100644 --- a/meson.build +++ b/meson.build @@ -1944,6 +1944,24 @@ specific_ss.add(when: 'CONFIG_TCG', if_true: files( )) specific_ss.add(when: 'CONFIG_TCG_INTERPRETER', if_true: files('tcg/tci.c')) +# Work around a gcc bug/misfeature wherein constant propagation looks +# through an alias: +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99696 +# to guess that a const variable is always zero. Without lto, this is +# impossible, as the alias is restricted to page-vary-common.c. Indeed, +# without lto, not even the alias is required -- we simply use different +# declarations in different compilation units. +pagevary = files('page-vary-common.c') +if get_option('b_lto') + pagevary_flags = ['-fno-lto'] + if get_option('cfi') + pagevary_flags += '-fno-sanitize=cfi-icall' + endif + pagevary = static_library('page-vary-common', sources: pagevary, + c_args: pagevary_flags) + pagevary = declare_dependency(link_with: pagevary) +endif +common_ss.add(pagevary) specific_ss.add(files('page-vary.c')) subdir('backends') diff --git a/page-vary-common.c b/page-vary-common.c new file mode 100644 index 0000000000..9175556498 --- /dev/null +++ b/page-vary-common.c @@ -0,0 +1,54 @@ +/* + * Variable page size handling -- target independent part. + * + * Copyright (c) 2003 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ + +#define IN_PAGE_VARY 1 + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "exec/page-vary.h" + +/* WARNING: This file must *not* be complied with -flto. */ + +TargetPageBits target_page; + +bool set_preferred_target_page_bits_common(int bits) +{ + /* + * The target page size is the lowest common denominator for all + * the CPUs in the system, so we can only make it smaller, never + * larger. And we can't make it smaller once we've committed to + * a particular size. + */ + if (target_page.bits == 0 || target_page.bits > bits) { + if (target_page.decided) { + return false; + } + target_page.bits = bits; + } + return true; +} + +void finalize_target_page_bits_common(int min) +{ + if (target_page.bits == 0) { + target_page.bits = min; + } + target_page.mask = -1ull << target_page.bits; + target_page.decided = true; +} diff --git a/page-vary.c b/page-vary.c index 344f9fcf76..057c7f1815 100644 --- a/page-vary.c +++ b/page-vary.c @@ -17,92 +17,25 @@ * License along with this library; if not, see . */ +#define IN_PAGE_VARY 1 + #include "qemu/osdep.h" #include "qemu-common.h" - -#define IN_EXEC_VARY 1 - #include "exec/exec-all.h" -#ifdef TARGET_PAGE_BITS_VARY -# ifdef CONFIG_ATTRIBUTE_ALIAS -/* - * We want to declare the "target_page" variable as const, which tells - * the compiler that it can cache any value that it reads across calls. - * This avoids multiple assertions and multiple reads within any one user. - * - * This works because we finish initializing the data before we ever read - * from the "target_page" symbol. - * - * This also requires that we have a non-constant symbol by which we can - * perform the actual initialization, and which forces the data to be - * allocated within writable memory. Thus "init_target_page", and we use - * that symbol exclusively in the two functions that initialize this value. - * - * The "target_page" symbol is created as an alias of "init_target_page". - */ -static TargetPageBits init_target_page; - -/* - * Note that this is *not* a redundant decl, this is the definition of - * the "target_page" symbol. The syntax for this definition requires - * the use of the extern keyword. This seems to be a GCC bug in - * either the syntax for the alias attribute or in -Wredundant-decls. - * - * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91765 - */ -# pragma GCC diagnostic push -# pragma GCC diagnostic ignored "-Wredundant-decls" - -extern const TargetPageBits target_page - __attribute__((alias("init_target_page"))); - -# pragma GCC diagnostic pop -# else -/* - * When aliases are not supported then we force two different declarations, - * by way of suppressing the header declaration with IN_EXEC_VARY. - * We assume that on such an old compiler, LTO cannot be used, and so the - * compiler cannot not detect the mismatched declarations, and all is well. - */ -TargetPageBits target_page; -# define init_target_page target_page -# endif -#endif - bool set_preferred_target_page_bits(int bits) { - /* - * The target page size is the lowest common denominator for all - * the CPUs in the system, so we can only make it smaller, never - * larger. And we can't make it smaller once we've committed to - * a particular size. - */ #ifdef TARGET_PAGE_BITS_VARY assert(bits >= TARGET_PAGE_BITS_MIN); - if (init_target_page.bits == 0 || init_target_page.bits > bits) { - if (init_target_page.decided) { - return false; - } - init_target_page.bits = bits; - } -#endif + return set_preferred_target_page_bits_common(bits); +#else return true; +#endif } void finalize_target_page_bits(void) { #ifdef TARGET_PAGE_BITS_VARY - if (init_target_page.bits == 0) { - init_target_page.bits = TARGET_PAGE_BITS_MIN; - } - init_target_page.mask = (target_long)-1 << init_target_page.bits; - init_target_page.decided = true; - - /* - * For the benefit of an -flto build, prevent the compiler from - * hoisting a read from target_page before we finish initializing. - */ - barrier(); + finalize_target_page_bits_common(TARGET_PAGE_BITS_MIN); #endif }