Merge tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu into staging

linux-user: Allow gdbstub to ignore page protection
cpu-exec: simplify jump cache management
include/exec: Cleanups toward building accel/tcg once

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmW4LXcdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+CgAf8CdqkvKsUK9/5bu99
# 9E4kRBkR8KqWYvBfRs4IFmjoEdEa4sCujWrHliOcW7Kh+XlVyAPI9rZG32QkxCEQ
# hi9WXieXjfPLTTmrbeiq7cwxztSj8Z55wwvbxkrtFyGDQ0AMccp49tAvfejEb6VD
# Ssx96nWQDgryLrn+My+wMQjl9aVKUWp5vB8k12aAcpRXPH2yoGE2JHAZ1C743nA6
# rShiJAT78HwERcMXDeYmmriYg0s4Z4+A6ErTiXDnFgj87YanHZc0I/55G5Sh+pW8
# REicD3jwS0GHOOHL0K781FopE1wTM442GLVxobXoxUXsHEiO+3TK5JdEIqvSstYA
# fRB8Pg==
# =xZOe
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 29 Jan 2024 22:57:59 GMT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu: (31 commits)
  target/i386: Extract x86_cpu_exec_halt() from accel/tcg/
  accel/tcg: Introduce TCGCPUOps::cpu_exec_halt() handler
  accel/tcg: Inline need_replay_interrupt
  target/i386: Extract x86_need_replay_interrupt() from accel/tcg/
  accel/tcg: Introduce TCGCPUOps::need_replay_interrupt() handler
  accel/tcg: Use CPUState.cc instead of CPU_GET_CLASS in cpu-exec.c
  target/loongarch: Constify loongarch_tcg_ops
  include/qemu: Add TCGCPUOps typedef to typedefs.h
  accel/tcg: Un-inline icount_exit_request() for clarity
  accel/tcg: Rename tcg_cpus_exec() -> tcg_cpu_exec()
  accel/tcg: Rename tcg_cpus_destroy() -> tcg_cpu_destroy()
  accel/tcg: Rename tcg_ss[] -> tcg_specific_ss[] in meson
  accel/tcg: Move perf and debuginfo support to tcg/
  accel/tcg: Remove #ifdef TARGET_I386 from perf.c
  tcg: Make tb_cflags() usable from target-agnostic code
  accel/tcg: Make use of qemu_target_page_mask() in perf.c
  target: Make qemu_target_page_mask() available for *-user
  accel/tcg/cpu-exec: Use RCU_READ_LOCK_GUARD
  tests/tcg: Add the PROT_NONE gdbstub test
  tests/tcg: Factor out gdbstub test functions
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

1 files changed, 63 insertions, 15 deletions

diff --git a/cpu-target.c b/cpu-target.c
index f6e07c3deb..958d63e882 100644
--- a/cpu-target.c
+++ b/cpu-target.c
@@ -382,6 +382,9 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
     vaddr l, page;
     void * p;
     uint8_t *buf = ptr;
+    ssize_t written;
+    int ret = -1;
+    int fd = -1;
 
     while (len > 0) {
         page = addr & TARGET_PAGE_MASK;
@@ -389,30 +392,75 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
         if (l > len)
             l = len;
         flags = page_get_flags(page);
-        if (!(flags & PAGE_VALID))
-            return -1;
+        if (!(flags & PAGE_VALID)) {
+            goto out_close;
+        }
         if (is_write) {
-            if (!(flags & PAGE_WRITE))
-                return -1;
-            /* XXX: this code should not depend on lock_user */
-            if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
-                return -1;
-            memcpy(p, buf, l);
-            unlock_user(p, addr, l);
-        } else {
-            if (!(flags & PAGE_READ))
-                return -1;
+            if (flags & PAGE_WRITE) {
+                /* XXX: this code should not depend on lock_user */
+                p = lock_user(VERIFY_WRITE, addr, l, 0);
+                if (!p) {
+                    goto out_close;
+                }
+                memcpy(p, buf, l);
+                unlock_user(p, addr, l);
+            } else {
+                /* Bypass the host page protection using ptrace. */
+                if (fd == -1) {
+                    fd = open("/proc/self/mem", O_WRONLY);
+                    if (fd == -1) {
+                        goto out;
+                    }
+                }
+                /*
+                 * If there is a TranslationBlock and we weren't bypassing the
+                 * host page protection, the memcpy() above would SEGV,
+                 * ultimately leading to page_unprotect(). So invalidate the
+                 * translations manually. Both invalidation and pwrite() must
+                 * be under mmap_lock() in order to prevent the creation of
+                 * another TranslationBlock in between.
+                 */
+                mmap_lock();
+                tb_invalidate_phys_range(addr, addr + l - 1);
+                written = pwrite(fd, buf, l,
+                                 (off_t)(uintptr_t)g2h_untagged(addr));
+                mmap_unlock();
+                if (written != l) {
+                    goto out_close;
+                }
+            }
+        } else if (flags & PAGE_READ) {
             /* XXX: this code should not depend on lock_user */
-            if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
-                return -1;
+            p = lock_user(VERIFY_READ, addr, l, 1);
+            if (!p) {
+                goto out_close;
+            }
             memcpy(buf, p, l);
             unlock_user(p, addr, 0);
+        } else {
+            /* Bypass the host page protection using ptrace. */
+            if (fd == -1) {
+                fd = open("/proc/self/mem", O_RDONLY);
+                if (fd == -1) {
+                    goto out;
+                }
+            }
+            if (pread(fd, buf, l,
+                      (off_t)(uintptr_t)g2h_untagged(addr)) != l) {
+                goto out_close;
+            }
         }
         len -= l;
         buf += l;
         addr += l;
     }
-    return 0;
+    ret = 0;
+out_close:
+    if (fd != -1) {
+        close(fd);
+    }
+out:
+    return ret;
 }
 #endif