From patchwork Sun Jan 28 04:41:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 767221 Delivered-To: patch@linaro.org Received: by 2002:adf:ee41:0:b0:33a:e5bd:fedd with SMTP id w1csp348093wro; Sat, 27 Jan 2024 20:45:35 -0800 (PST) X-Google-Smtp-Source: AGHT+IGLTxM8/SJgRjadYnTRnZegyti14aqkxLBQzJhgQBY6w9/+SPyefrdaG4VlTdObj9SWNRcu X-Received: by 2002:a05:6214:d02:b0:686:ad15:5123 with SMTP id 2-20020a0562140d0200b00686ad155123mr3577726qvh.49.1706417135382; Sat, 27 Jan 2024 20:45:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1706417135; cv=none; d=google.com; s=arc-20160816; b=rE4txnQ3DddU5v7pi5Qfaz3xIyg6oaDWk3e1diJt4ScPhMWIVFrcz+Kkdch+vUbKja WQmIP/JwGd1ezzymE1AuAHFoIv+nK9wPfgMeM17dJ9XoV2mM80prafa3umaV4/6wQn0I mLo5z0fdu30KRCbGbZkcHIWqjqKCdySGqcHK3vkkbAMrMqnwZ/He732Le5k+H2Lk59cc TK//5fPqXIOwmUBmpzk3VfxPI9d5GV+q0A5I9WYSEDSE1h9MrXoSh5ks2NNxgwl8OL0w PYACtBE11LfPi7ue5426JUZqUwiKBYPMTrwjnGmiEsTKZACFZQDJF5gvceUBA1clUxsZ nSJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=50eKL1UP4eaaSsdfVAm5gMAL4OibGGuLebFEQUtStnM=; fh=o2XzhdKG+B45MJCghEfnYoypmHvLX2hd4SL6yXeiyXI=; b=1KAMkIGLmD1MlsI0sznEYmpYd22nL9JBS263+wt39ZrxIwgSdpkLDUcVYnuoqrbDp/ Cc2cJfuB66vd3Zddq6AmsXQYiHS/w7uvDrjTsaW1JRfKkbmCwLELjeBdYNdrBgzAWTAn Vj2UKkmfo8JF2/Yi4jFhXJ7vNdLq8hDIYxgROs3RyBFqIwPEebmmg8OG5eLuQAxr3IaV xvf3BlDEZ9QMGZlZn3vrsXFlEkPZM5VFa3xMRh8bguIDp8JpZXt9hnbq1iH44OEvogSw L4ah44KjexCpDernjqKXbjMabesYa4EPlx1mpv3ghi29pbPWgkXnuHFSlGayzyGtaQyv 1DFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hg3VOZS1; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id y6-20020a37e306000000b00783f02397fbsi1862921qki.460.2024.01.27.20.45.35 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Sat, 27 Jan 2024 20:45:35 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hg3VOZS1; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rTx0Q-0004my-Dt; Sat, 27 Jan 2024 23:42:54 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rTx0P-0004mj-0K for qemu-devel@nongnu.org; Sat, 27 Jan 2024 23:42:53 -0500 Received: from mail-qt1-x82b.google.com ([2607:f8b0:4864:20::82b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rTx0N-0004Jq-9G for qemu-devel@nongnu.org; Sat, 27 Jan 2024 23:42:52 -0500 Received: by mail-qt1-x82b.google.com with SMTP id d75a77b69052e-42993124fa1so17148271cf.3 for ; Sat, 27 Jan 2024 20:42:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1706416970; x=1707021770; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=50eKL1UP4eaaSsdfVAm5gMAL4OibGGuLebFEQUtStnM=; b=hg3VOZS1o4Ryc53UNyUCUH1VAsTJ4Z62+DZrcgT1zGGYNv2JD42GCSH1SrC1e0gFAG /g4D3IaEtfYeD4AjtUUbBIGQqv1ij1QgOYYVrb/rY4I8FP9TaKqQnoiSyc50waKu/7CF 0E8ikzFlp/COpowCOjEEVLtfoHKPtZuto64mfz7xzEHDgihPg6cIb8ZWmovv+aR5rijY r7kWGuheyUUSOkb4rkruzf9lG+xxRpg92DWJPP0ZmQqu30nIUwq1GSarjYcTifIwMQiB tIrMrLhU0ngurf4lyLWeKgeLX6CaDDE4VoOUOY9WYR5kflYskKwnBWkjKd2ebZ3znYOb WYKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706416970; x=1707021770; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=50eKL1UP4eaaSsdfVAm5gMAL4OibGGuLebFEQUtStnM=; b=q2l9mTyFlM4bL0Ae+tZiJJS3oZZ356Tr/eLU+56RWpvzY//8BR7UBl39kW3I9XUKxS F7M39m8GV9FkJRcQbxhyUdWdfE9JHDwLEiY4wCG8Hin9H6yYibC+ZinBfRndGUyzcPQo pVMxW4A7JGyCYS31WJheo+pZOd73JG1ToSH3QWbNF/A3QFXSX4mhpMtEztsp3VD+kiAv oxcW/yjifcQBQ1kJo+GQit7vfsaeJCOLrQpYnChmog+oYW/DELWsCC4+MyiQuby2EZBZ wKzM+kYITMvg9Ur4orKjBGLawB3INtsJhwchxsViS6dTdlSYTJ9hQJSsZeyHcK25SEZW dU0g== X-Gm-Message-State: AOJu0YwlgrAtDQPxuI4ux+WU0Bm3lmHhYxa5zbTA8ILKARGm6lik+iUk Tl9Cp9KdnoeMlI7PU3VNmwv7hp8qUyRX+RXE9fHKujBsRpXt9DP8hjq61t49tonumIXr3jfFnpF vrhd2Jw== X-Received: by 2002:ac8:5795:0:b0:42a:85b1:9be2 with SMTP id v21-20020ac85795000000b0042a85b19be2mr3867274qta.83.1706416970383; Sat, 27 Jan 2024 20:42:50 -0800 (PST) Received: from stoup.. (ppp121-45-131-89.bri-pow-que-bras31.tpg.internode.on.net. [121.45.131.89]) by smtp.gmail.com with ESMTPSA id w24-20020a17090aaf9800b002906e09e1d1sm5631873pjq.18.2024.01.27.20.42.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 27 Jan 2024 20:42:50 -0800 (PST) From: Richard Henderson To: qemu-devel@nongnu.org Cc: Ilya Leoshkevich Subject: [PATCH 13/33] linux-user: Allow gdbstub to ignore page protection Date: Sun, 28 Jan 2024 14:41:53 +1000 Message-Id: <20240128044213.316480-14-richard.henderson@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240128044213.316480-1-richard.henderson@linaro.org> References: <20240128044213.316480-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::82b; envelope-from=richard.henderson@linaro.org; helo=mail-qt1-x82b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Ilya Leoshkevich gdbserver ignores page protection by virtue of using /proc/$pid/mem. Teach qemu gdbstub to do this too. This will not work if /proc is not mounted; accept this limitation. One alternative is to temporarily grant the missing PROT_* bit, but this is inherently racy. Another alternative is self-debugging with ptrace(POKE), which will break if QEMU itself is being debugged - a much more severe limitation. Signed-off-by: Ilya Leoshkevich Reviewed-by: Richard Henderson Message-Id: <20240109230808.583012-2-iii@linux.ibm.com> Signed-off-by: Richard Henderson --- cpu-target.c | 76 +++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 61 insertions(+), 15 deletions(-) diff --git a/cpu-target.c b/cpu-target.c index f6e07c3deb..c4e2169ab1 100644 --- a/cpu-target.c +++ b/cpu-target.c @@ -382,6 +382,9 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr, vaddr l, page; void * p; uint8_t *buf = ptr; + ssize_t written; + int ret = -1; + int fd = -1; while (len > 0) { page = addr & TARGET_PAGE_MASK; @@ -389,30 +392,73 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr, if (l > len) l = len; flags = page_get_flags(page); - if (!(flags & PAGE_VALID)) - return -1; + if (!(flags & PAGE_VALID)) { + goto out_close; + } if (is_write) { - if (!(flags & PAGE_WRITE)) - return -1; + if (flags & PAGE_WRITE) { + /* XXX: this code should not depend on lock_user */ + p = lock_user(VERIFY_WRITE, addr, l, 0); + if (!p) { + goto out_close; + } + memcpy(p, buf, l); + unlock_user(p, addr, l); + } else { + /* Bypass the host page protection using ptrace. */ + if (fd == -1) { + fd = open("/proc/self/mem", O_WRONLY); + if (fd == -1) { + goto out; + } + } + /* + * If there is a TranslationBlock and we weren't bypassing the + * host page protection, the memcpy() above would SEGV, + * ultimately leading to page_unprotect(). So invalidate the + * translations manually. Both invalidation and pwrite() must + * be under mmap_lock() in order to prevent the creation of + * another TranslationBlock in between. + */ + mmap_lock(); + tb_invalidate_phys_range(addr, addr + l - 1); + written = pwrite(fd, buf, l, (off_t)g2h_untagged(addr)); + mmap_unlock(); + if (written != l) { + goto out_close; + } + } + } else if (flags & PAGE_READ) { /* XXX: this code should not depend on lock_user */ - if (!(p = lock_user(VERIFY_WRITE, addr, l, 0))) - return -1; - memcpy(p, buf, l); - unlock_user(p, addr, l); - } else { - if (!(flags & PAGE_READ)) - return -1; - /* XXX: this code should not depend on lock_user */ - if (!(p = lock_user(VERIFY_READ, addr, l, 1))) - return -1; + p = lock_user(VERIFY_READ, addr, l, 1); + if (!p) { + goto out_close; + } memcpy(buf, p, l); unlock_user(p, addr, 0); + } else { + /* Bypass the host page protection using ptrace. */ + if (fd == -1) { + fd = open("/proc/self/mem", O_RDONLY); + if (fd == -1) { + goto out; + } + } + if (pread(fd, buf, l, (off_t)g2h_untagged(addr)) != l) { + goto out_close; + } } len -= l; buf += l; addr += l; } - return 0; + ret = 0; +out_close: + if (fd != -1) { + close(fd); + } +out: + return ret; } #endif