Re: [PATCH v4] tcg: Toggle page execution for Apple Silicon
On Sat, Jan 23, 2021 at 07:33:37PM +0100, BALATON Zoltan wrote:
> On Sat, 23 Jan 2021, Roman Bolshakov wrote:
> > On Sat, Jan 23, 2021 at 02:53:49PM +0300, Roman Bolshakov wrote:
> > > On Thu, Jan 21, 2021 at 08:47:52AM -1000, Richard Henderson wrote:
> > > > From: Roman Bolshakov
> > > >
> > > > Pages can't be both write and executable at the same time on Apple
> > > > Silicon. macOS provides public API to switch write protection [1] for
> > > > JIT applications, like TCG.
> > > >
> > > > 1.
> > > > https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon
> > > >
> > > > Signed-off-by: Roman Bolshakov
> > > > Message-Id: <20210113032806.18220-1-r.bolsha...@yadro.com>
> > > > [rth: Inline the qemu_thread_jit_* functions;
> > > > drop the MAP_JIT change for a follow-on patch.]
> > > > Signed-off-by: Richard Henderson
> > > > ---
> > > >
> > > > Supercedes: <20210113032806.18220-1-r.bolsha...@yadro.com>
> > > >
> > > > This is the version of Roman's patch that I'm queuing to tcg-next.
> > > > What's missing from the full "Fix execution" patch is setting MAP_JIT
> > > > for !splitwx in alloc_code_gen_buffer().
> > > >
> > >
> > > Richard, thanks for updating the patch. I have no objections against
> > > moving the functions and inlining them. However I'm seeing an issue that
> > > wasn't present in v3:
> > >
> > > Process 37109 stopped
> > > *
> > > thread #6, stop reason = EXC_BAD_ACCESS (code=1,
> > > address=0xfd4f)
> > > frame #0: 0x0001002f1c90
> > > qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5
> > > [opt] 2528 TCGOp
> > > *tcg_emit_op(TCGOpcode opc)
> > >2529 {
> > >
> > > 2530 TCGOp *op = tcg_op_alloc(opc);
> > > -> 2531 QTAILQ_INSERT_TAIL(_ctx->ops, op, link);
> > >2532 return op;
> > >2533 }
> > >2534
> > > Target 0: (qemu-system-x86_64) stopped.
> > > (lldb) bt
> > > * thread #6, stop reason = EXC_BAD_ACCESS (code=1,
> > > address=0xfd4f)
> > > * frame #0: 0x0001002f1c90
> > > qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5 [opt]
> > > frame #1: 0x00010026f040 qemu-system-x86_64`tcg_gen_addi_i64
> > > [inlined] tcg_gen_op3(opc=INDEX_op_add_i64, a1=4430334952, a2=4430333440,
> > > a3=4430361496) at tcg-op.c:60:17 [opt]
> > > frame #2: 0x00010026f038 qemu-system-x86_64`tcg_gen_addi_i64
> > > [inlined] tcg_gen_op3_i64(opc=INDEX_op_add_i64, a1=, a2= > > ailable>, a3=) at tcg-op.h:94 [opt]
> > > frame #3: 0x00010026f030 qemu-system-x86_64`tcg_gen_addi_i64
> > > [inlined] tcg_gen_add_i64(ret=, arg1=, arg2= > > vailable>) at tcg-op.h:618 [opt]
> > > frame #4: 0x00010026f030
> > > qemu-system-x86_64`tcg_gen_addi_i64(ret=,
> > > arg1=, arg2=) at tcg-op.c:123
> > > 5 [opt]
> > > frame #5: 0x00010021d1e0
> > > qemu-system-x86_64`gen_lea_modrm_1(s=, a=(def_seg = 2, base
> > > = 5, index = -1, scale = 0, disp = -6
> > > 89)) at translate.c:2101:9 [opt]
> > > frame #6: 0x00010020eeec qemu-system-x86_64`disas_insn [inlined]
> > > gen_lea_modrm(env=0x000118610870, s=0x0001700b6b00, modrm= > > vailable>) at translate.c:2111:15 [opt]
> > > frame #7: 0x00010020eec0
> > > qemu-system-x86_64`disas_insn(s=0x0001700b6b00, cpu=) at
> > > translate.c:5509 [opt]
> > > frame #8: 0x00010020bb44
> > > qemu-system-x86_64`i386_tr_translate_insn(dcbase=0x0001700b6b00,
> > > cpu=) at translate.c:8573:15
> > > [opt]
> > > frame #9: 0x0001002fbcf8
> > > qemu-system-x86_64`translator_loop(ops=0x000100b209c8,
> > > db=0x0001700b6b00, cpu=0x000118608000, tb=0
> > > x000120017200, max_insns=512) at translator.c:0 [opt]
> > > frame #10: 0x00010020b73c
> > > qemu-system-x86_64`gen_intermediate_code(cpu=,
> > > tb=, max_insns=) at tra
> > > nslate.c:8635:5 [opt]
> > > frame #11: 0x000100257970
> > > qemu-system-x86_64`tb_gen_code(cpu=0x000118608000, pc=,
> > > cs_base=0, flags=4194483, cflags=-16
> > > 777216) at translate-all.c:1931:5 [opt]
> > > frame #12: 0x0001002deb90 qemu-system-x86_64`cpu_exec [inlined]
> > > tb_find(cpu=0x000118608000, last_tb=0x, tb_exit= > > available>, cf_mask=0) at cpu-exec.c:456:14 [opt]
> > > frame #13: 0x0001002deb54
> > > qemu-system-x86_64`cpu_exec(cpu=0x000118608000) at cpu-exec.c:812
> > > [opt]
> > > frame #14: 0x0001002bc0d0
> > > qemu-system-x86_64`tcg_cpus_exec(cpu=0x000118608000) at
> > > tcg-cpus.c:57:11 [opt]
> > > frame #15: 0x00010024c2cc
> > > qemu-system-x86_64`rr_cpu_thread_fn(arg=) at
> > > tcg-cpus-rr.c:217:21 [opt]
>
Re: [PATCH v4] tcg: Toggle page execution for Apple Silicon
On Sat, 23 Jan 2021, Roman Bolshakov wrote:
On Sat, Jan 23, 2021 at 02:53:49PM +0300, Roman Bolshakov wrote:
On Thu, Jan 21, 2021 at 08:47:52AM -1000, Richard Henderson wrote:
From: Roman Bolshakov
Pages can't be both write and executable at the same time on Apple
Silicon. macOS provides public API to switch write protection [1] for
JIT applications, like TCG.
1.
https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon
Signed-off-by: Roman Bolshakov
Message-Id: <20210113032806.18220-1-r.bolsha...@yadro.com>
[rth: Inline the qemu_thread_jit_* functions;
drop the MAP_JIT change for a follow-on patch.]
Signed-off-by: Richard Henderson
---
Supercedes: <20210113032806.18220-1-r.bolsha...@yadro.com>
This is the version of Roman's patch that I'm queuing to tcg-next.
What's missing from the full "Fix execution" patch is setting MAP_JIT
for !splitwx in alloc_code_gen_buffer().
Richard, thanks for updating the patch. I have no objections against
moving the functions and inlining them. However I'm seeing an issue that
wasn't present in v3:
Process 37109 stopped
* thread #6,
stop reason = EXC_BAD_ACCESS (code=1, address=0xfd4f)
frame #0: 0x0001002f1c90
qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5 [opt]
2528 TCGOp *tcg_emit_op(TCGOpcode opc)
2529 {
2530
TCGOp *op = tcg_op_alloc(opc);
-> 2531 QTAILQ_INSERT_TAIL(_ctx->ops, op, link);
2532 return op;
2533 }
2534
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #6, stop reason = EXC_BAD_ACCESS (code=1, address=0xfd4f)
* frame #0: 0x0001002f1c90
qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5 [opt]
frame #1: 0x00010026f040 qemu-system-x86_64`tcg_gen_addi_i64 [inlined]
tcg_gen_op3(opc=INDEX_op_add_i64, a1=4430334952, a2=4430333440,
a3=4430361496) at tcg-op.c:60:17 [opt]
frame #2: 0x00010026f038 qemu-system-x86_64`tcg_gen_addi_i64 [inlined]
tcg_gen_op3_i64(opc=INDEX_op_add_i64, a1=, a2=, a3=) at tcg-op.h:94 [opt]
frame #3: 0x00010026f030 qemu-system-x86_64`tcg_gen_addi_i64 [inlined]
tcg_gen_add_i64(ret=, arg1=, arg2=) at tcg-op.h:618 [opt]
frame #4: 0x00010026f030 qemu-system-x86_64`tcg_gen_addi_i64(ret=,
arg1=, arg2=) at tcg-op.c:123
5 [opt]
frame #5: 0x00010021d1e0
qemu-system-x86_64`gen_lea_modrm_1(s=, a=(def_seg = 2, base = 5,
index = -1, scale = 0, disp = -6
89)) at translate.c:2101:9 [opt]
frame #6: 0x00010020eeec qemu-system-x86_64`disas_insn [inlined]
gen_lea_modrm(env=0x000118610870, s=0x0001700b6b00, modrm=) at translate.c:2111:15 [opt]
frame #7: 0x00010020eec0 qemu-system-x86_64`disas_insn(s=0x0001700b6b00,
cpu=) at translate.c:5509 [opt]
frame #8: 0x00010020bb44
qemu-system-x86_64`i386_tr_translate_insn(dcbase=0x0001700b6b00,
cpu=) at translate.c:8573:15
[opt]
frame #9: 0x0001002fbcf8
qemu-system-x86_64`translator_loop(ops=0x000100b209c8,
db=0x0001700b6b00, cpu=0x000118608000, tb=0
x000120017200, max_insns=512) at translator.c:0 [opt]
frame #10: 0x00010020b73c
qemu-system-x86_64`gen_intermediate_code(cpu=, tb=,
max_insns=) at tra
nslate.c:8635:5 [opt]
frame #11: 0x000100257970
qemu-system-x86_64`tb_gen_code(cpu=0x000118608000, pc=,
cs_base=0, flags=4194483, cflags=-16
777216) at translate-all.c:1931:5 [opt]
frame #12: 0x0001002deb90 qemu-system-x86_64`cpu_exec [inlined]
tb_find(cpu=0x000118608000, last_tb=0x, tb_exit=, cf_mask=0) at cpu-exec.c:456:14 [opt]
frame #13: 0x0001002deb54
qemu-system-x86_64`cpu_exec(cpu=0x000118608000) at cpu-exec.c:812 [opt]
frame #14: 0x0001002bc0d0
qemu-system-x86_64`tcg_cpus_exec(cpu=0x000118608000) at tcg-cpus.c:57:11
[opt]
frame #15: 0x00010024c2cc
qemu-system-x86_64`rr_cpu_thread_fn(arg=) at tcg-cpus-rr.c:217:21
[opt]
frame #16: 0x0001004b00b4
qemu-system-x86_64`qemu_thread_start(args=) at
qemu-thread-posix.c:521:9 [opt]
frame #17: 0x000191c4d06c libsystem_pthread.dylib`_pthread_start + 320
I'm looking into the issue but perhaps we'll need v5.
Nope. The issue is not directly related to the patch and W^X. I think it
can be applied.
tcg_ctx->ops is somehow getting corrupted despite it's initialized
properly during TCG start:
(lldb) p tcg_ctx->ops
(TCGContext::(anonymous union)) $18 = {
tqh_first = 0x00840101
tqh_circ = {
tql_next = 0x00840101
tql_prev = 0xfd4f
}
}
I've bisected it (with v3 of Apple Silicon fix for TCG) to:
commit 8fe35e0444be88de4e3ab80a2a0e210a1f6d663d
Author: Richard
Re: [PATCH v4] tcg: Toggle page execution for Apple Silicon
On Sat, Jan 23, 2021 at 02:53:49PM +0300, Roman Bolshakov wrote:
> On Thu, Jan 21, 2021 at 08:47:52AM -1000, Richard Henderson wrote:
> > From: Roman Bolshakov
> >
> > Pages can't be both write and executable at the same time on Apple
> > Silicon. macOS provides public API to switch write protection [1] for
> > JIT applications, like TCG.
> >
> > 1.
> > https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon
> >
> > Signed-off-by: Roman Bolshakov
> > Message-Id: <20210113032806.18220-1-r.bolsha...@yadro.com>
> > [rth: Inline the qemu_thread_jit_* functions;
> > drop the MAP_JIT change for a follow-on patch.]
> > Signed-off-by: Richard Henderson
> > ---
> >
> > Supercedes: <20210113032806.18220-1-r.bolsha...@yadro.com>
> >
> > This is the version of Roman's patch that I'm queuing to tcg-next.
> > What's missing from the full "Fix execution" patch is setting MAP_JIT
> > for !splitwx in alloc_code_gen_buffer().
> >
>
> Richard, thanks for updating the patch. I have no objections against
> moving the functions and inlining them. However I'm seeing an issue that
> wasn't present in v3:
>
> Process 37109 stopped
> * thread #6,
> stop reason = EXC_BAD_ACCESS (code=1, address=0xfd4f)
> frame #0: 0x0001002f1c90
> qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5 [opt]
>2528 TCGOp *tcg_emit_op(TCGOpcode opc)
>2529 {
> 2530
> TCGOp *op = tcg_op_alloc(opc);
> -> 2531 QTAILQ_INSERT_TAIL(_ctx->ops, op, link);
>2532 return op;
>2533 }
>2534
> Target 0: (qemu-system-x86_64) stopped.
> (lldb) bt
> * thread #6, stop reason = EXC_BAD_ACCESS (code=1, address=0xfd4f)
> * frame #0: 0x0001002f1c90
> qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5 [opt]
> frame #1: 0x00010026f040 qemu-system-x86_64`tcg_gen_addi_i64
> [inlined] tcg_gen_op3(opc=INDEX_op_add_i64, a1=4430334952, a2=4430333440,
> a3=4430361496) at tcg-op.c:60:17 [opt]
> frame #2: 0x00010026f038 qemu-system-x86_64`tcg_gen_addi_i64
> [inlined] tcg_gen_op3_i64(opc=INDEX_op_add_i64, a1=, a2= ailable>, a3=) at tcg-op.h:94 [opt]
> frame #3: 0x00010026f030 qemu-system-x86_64`tcg_gen_addi_i64
> [inlined] tcg_gen_add_i64(ret=, arg1=, arg2= vailable>) at tcg-op.h:618 [opt]
> frame #4: 0x00010026f030
> qemu-system-x86_64`tcg_gen_addi_i64(ret=, arg1=,
> arg2=) at tcg-op.c:123
> 5 [opt]
> frame #5: 0x00010021d1e0
> qemu-system-x86_64`gen_lea_modrm_1(s=, a=(def_seg = 2, base = 5,
> index = -1, scale = 0, disp = -6
> 89)) at translate.c:2101:9 [opt]
> frame #6: 0x00010020eeec qemu-system-x86_64`disas_insn [inlined]
> gen_lea_modrm(env=0x000118610870, s=0x0001700b6b00, modrm= vailable>) at translate.c:2111:15 [opt]
> frame #7: 0x00010020eec0
> qemu-system-x86_64`disas_insn(s=0x0001700b6b00, cpu=) at
> translate.c:5509 [opt]
> frame #8: 0x00010020bb44
> qemu-system-x86_64`i386_tr_translate_insn(dcbase=0x0001700b6b00,
> cpu=) at translate.c:8573:15
> [opt]
> frame #9: 0x0001002fbcf8
> qemu-system-x86_64`translator_loop(ops=0x000100b209c8,
> db=0x0001700b6b00, cpu=0x000118608000, tb=0
> x000120017200, max_insns=512) at translator.c:0 [opt]
> frame #10: 0x00010020b73c
> qemu-system-x86_64`gen_intermediate_code(cpu=, tb=,
> max_insns=) at tra
> nslate.c:8635:5 [opt]
> frame #11: 0x000100257970
> qemu-system-x86_64`tb_gen_code(cpu=0x000118608000, pc=,
> cs_base=0, flags=4194483, cflags=-16
> 777216) at translate-all.c:1931:5 [opt]
> frame #12: 0x0001002deb90 qemu-system-x86_64`cpu_exec [inlined]
> tb_find(cpu=0x000118608000, last_tb=0x, tb_exit= available>, cf_mask=0) at cpu-exec.c:456:14 [opt]
> frame #13: 0x0001002deb54
> qemu-system-x86_64`cpu_exec(cpu=0x000118608000) at cpu-exec.c:812 [opt]
> frame #14: 0x0001002bc0d0
> qemu-system-x86_64`tcg_cpus_exec(cpu=0x000118608000) at tcg-cpus.c:57:11
> [opt]
> frame #15: 0x00010024c2cc
> qemu-system-x86_64`rr_cpu_thread_fn(arg=) at
> tcg-cpus-rr.c:217:21 [opt]
> frame #16: 0x0001004b00b4
> qemu-system-x86_64`qemu_thread_start(args=) at
> qemu-thread-posix.c:521:9 [opt]
> frame #17: 0x000191c4d06c libsystem_pthread.dylib`_pthread_start + 320
>
> I'm looking into the issue but perhaps we'll need v5.
>
Nope. The issue is not directly related to the patch and W^X. I think it
can be applied.
tcg_ctx->ops is somehow getting corrupted despite it's initialized
properly during TCG start:
(lldb) p tcg_ctx->ops
(TCGContext::(anonymous union)) $18 = {
tqh_first =
Re: [PATCH v4] tcg: Toggle page execution for Apple Silicon
On Thu, Jan 21, 2021 at 08:47:52AM -1000, Richard Henderson wrote:
> From: Roman Bolshakov
>
> Pages can't be both write and executable at the same time on Apple
> Silicon. macOS provides public API to switch write protection [1] for
> JIT applications, like TCG.
>
> 1.
> https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon
>
> Signed-off-by: Roman Bolshakov
> Message-Id: <20210113032806.18220-1-r.bolsha...@yadro.com>
> [rth: Inline the qemu_thread_jit_* functions;
> drop the MAP_JIT change for a follow-on patch.]
> Signed-off-by: Richard Henderson
> ---
>
> Supercedes: <20210113032806.18220-1-r.bolsha...@yadro.com>
>
> This is the version of Roman's patch that I'm queuing to tcg-next.
> What's missing from the full "Fix execution" patch is setting MAP_JIT
> for !splitwx in alloc_code_gen_buffer().
>
Richard, thanks for updating the patch. I have no objections against
moving the functions and inlining them. However I'm seeing an issue that
wasn't present in v3:
Process 37109 stopped
* thread #6,
stop reason = EXC_BAD_ACCESS (code=1, address=0xfd4f)
frame #0: 0x0001002f1c90
qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5 [opt]
2528 TCGOp *tcg_emit_op(TCGOpcode opc)
2529 {
2530
TCGOp *op = tcg_op_alloc(opc);
-> 2531 QTAILQ_INSERT_TAIL(_ctx->ops, op, link);
2532 return op;
2533 }
2534
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #6, stop reason = EXC_BAD_ACCESS (code=1, address=0xfd4f)
* frame #0: 0x0001002f1c90
qemu-system-x86_64`tcg_emit_op(opc=INDEX_op_add_i64) at tcg.c:2531:5 [opt]
frame #1: 0x00010026f040 qemu-system-x86_64`tcg_gen_addi_i64 [inlined]
tcg_gen_op3(opc=INDEX_op_add_i64, a1=4430334952, a2=4430333440,
a3=4430361496) at tcg-op.c:60:17 [opt]
frame #2: 0x00010026f038 qemu-system-x86_64`tcg_gen_addi_i64 [inlined]
tcg_gen_op3_i64(opc=INDEX_op_add_i64, a1=, a2=, a3=) at tcg-op.h:94 [opt]
frame #3: 0x00010026f030 qemu-system-x86_64`tcg_gen_addi_i64 [inlined]
tcg_gen_add_i64(ret=, arg1=, arg2=) at tcg-op.h:618 [opt]
frame #4: 0x00010026f030
qemu-system-x86_64`tcg_gen_addi_i64(ret=, arg1=,
arg2=) at tcg-op.c:123
5 [opt]
frame #5: 0x00010021d1e0
qemu-system-x86_64`gen_lea_modrm_1(s=, a=(def_seg = 2, base = 5,
index = -1, scale = 0, disp = -6
89)) at translate.c:2101:9 [opt]
frame #6: 0x00010020eeec qemu-system-x86_64`disas_insn [inlined]
gen_lea_modrm(env=0x000118610870, s=0x0001700b6b00, modrm=) at translate.c:2111:15 [opt]
frame #7: 0x00010020eec0
qemu-system-x86_64`disas_insn(s=0x0001700b6b00, cpu=) at
translate.c:5509 [opt]
frame #8: 0x00010020bb44
qemu-system-x86_64`i386_tr_translate_insn(dcbase=0x0001700b6b00,
cpu=) at translate.c:8573:15
[opt]
frame #9: 0x0001002fbcf8
qemu-system-x86_64`translator_loop(ops=0x000100b209c8,
db=0x0001700b6b00, cpu=0x000118608000, tb=0
x000120017200, max_insns=512) at translator.c:0 [opt]
frame #10: 0x00010020b73c
qemu-system-x86_64`gen_intermediate_code(cpu=, tb=,
max_insns=) at tra
nslate.c:8635:5 [opt]
frame #11: 0x000100257970
qemu-system-x86_64`tb_gen_code(cpu=0x000118608000, pc=,
cs_base=0, flags=4194483, cflags=-16
777216) at translate-all.c:1931:5 [opt]
frame #12: 0x0001002deb90 qemu-system-x86_64`cpu_exec [inlined]
tb_find(cpu=0x000118608000, last_tb=0x, tb_exit=, cf_mask=0) at cpu-exec.c:456:14 [opt]
frame #13: 0x0001002deb54
qemu-system-x86_64`cpu_exec(cpu=0x000118608000) at cpu-exec.c:812 [opt]
frame #14: 0x0001002bc0d0
qemu-system-x86_64`tcg_cpus_exec(cpu=0x000118608000) at tcg-cpus.c:57:11
[opt]
frame #15: 0x00010024c2cc
qemu-system-x86_64`rr_cpu_thread_fn(arg=) at tcg-cpus-rr.c:217:21
[opt]
frame #16: 0x0001004b00b4
qemu-system-x86_64`qemu_thread_start(args=) at
qemu-thread-posix.c:521:9 [opt]
frame #17: 0x000191c4d06c libsystem_pthread.dylib`_pthread_start + 320
I'm looking into the issue but perhaps we'll need v5.
Best regards,
Roman
>
> r~
>
> ---
> include/qemu/osdep.h | 28
> accel/tcg/cpu-exec.c | 2 ++
> accel/tcg/translate-all.c | 3 +++
> tcg/tcg.c | 1 +
> 4 files changed, 34 insertions(+)
>
> diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
> index a434382c58..b6ffdc15bf 100644
> --- a/include/qemu/osdep.h
> +++ b/include/qemu/osdep.h
> @@ -119,6 +119,10 @@ extern int daemon(int, int);
> #include "sysemu/os-posix.h"
> #endif
>
> +#ifdef __APPLE__
> +#include
> +#endif
> +
> #include
Re: [PATCH v4] tcg: Toggle page execution for Apple Silicon
On 21.01.21 21:01, Alexander Graf wrote: > On 21.01.21 19:47, Richard Henderson wrote: >> From: Roman Bolshakov >> >> Pages can't be both write and executable at the same time on Apple >> Silicon. macOS provides public API to switch write protection [1] for >> JIT applications, like TCG. >> >> 1. >> https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon >> >> Signed-off-by: Roman Bolshakov >> Message-Id: <20210113032806.18220-1-r.bolsha...@yadro.com> >> [rth: Inline the qemu_thread_jit_* functions; >> drop the MAP_JIT change for a follow-on patch.] >> Signed-off-by: Richard Henderson >> --- >> >> Supercedes: <20210113032806.18220-1-r.bolsha...@yadro.com> >> >> This is the version of Roman's patch that I'm queuing to tcg-next. >> What's missing from the full "Fix execution" patch is setting MAP_JIT >> for !splitwx in alloc_code_gen_buffer(). > > This patch segfaults in tcg_out32() for me if I add the MAP_JIT flag > manually to the mmap call: I take it all back. I forgot to actually git am the patch :(. It works just fine. Tested-by: Alexander Graf Alex
Re: [PATCH v4] tcg: Toggle page execution for Apple Silicon
On 21.01.21 19:47, Richard Henderson wrote: > From: Roman Bolshakov > > Pages can't be both write and executable at the same time on Apple > Silicon. macOS provides public API to switch write protection [1] for > JIT applications, like TCG. > > 1. > https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon > > Signed-off-by: Roman Bolshakov > Message-Id: <20210113032806.18220-1-r.bolsha...@yadro.com> > [rth: Inline the qemu_thread_jit_* functions; > drop the MAP_JIT change for a follow-on patch.] > Signed-off-by: Richard Henderson > --- > > Supercedes: <20210113032806.18220-1-r.bolsha...@yadro.com> > > This is the version of Roman's patch that I'm queuing to tcg-next. > What's missing from the full "Fix execution" patch is setting MAP_JIT > for !splitwx in alloc_code_gen_buffer(). This patch segfaults in tcg_out32() for me if I add the MAP_JIT flag manually to the mmap call: (lldb) bt * thread #3, stop reason = EXC_BAD_ACCESS (code=2, address=0x11800) * frame #0: 0x000100297e8c qemu-system-x86_64`tcg_prologue_init [inlined] tcg_out32(s=0x000100bb64c0, v=2847570941) at tcg.c:250:24 [opt] frame #1: 0x000100297e7c qemu-system-x86_64`tcg_prologue_init [inlined] tcg_out_insn_3314(s=0x000100bb64c0, insn=2847539200, r1=TCG_REG_X29, r2=TCG_REG_X30, rn=TCG_REG_SP, ofs=-96, pre=true, w=true) at tcg-target.c.inc:666 [opt] frame #2: 0x000100297e7c qemu-system-x86_64`tcg_prologue_init [inlined] tcg_target_qemu_prologue(s=0x000100bb64c0) at tcg-target.c.inc:2858 [opt] frame #3: 0x000100297e7c qemu-system-x86_64`tcg_prologue_init(s=0x000100bb64c0) at tcg.c:1116 [opt] frame #4: 0x0001002d7ab8 qemu-system-x86_64`tcg_exec_init(tb_size=, splitwx=) at translate-all.c:1349:5 [opt] frame #5: 0x00010028d690 qemu-system-x86_64`tcg_init(ms=) at tcg-all.c:113:5 [opt] frame #6: 0x00010007d540 qemu-system-x86_64`accel_init_machine(accel=0x0001020c9ec0, ms=0x0001020c6880) at accel.c:55:11 [opt] frame #7: 0x0001002b90f0 qemu-system-x86_64`do_configure_accelerator(opaque=0x00016ff12ea0, opts=0x0001020c9e30, errp=0x000100bc18e0) at vl.c:2148:11 [opt] frame #8: 0x000100482c00 qemu-system-x86_64`qemu_opts_foreach(list=, func=(qemu-system-x86_64`do_configure_accelerator at vl.c:2125), opaque=0x00016ff12ea0, errp=0x000100bc18e0) at qemu-option.c:1147:14 [opt] frame #9: 0x0001002b6d48 qemu-system-x86_64`qemu_init [inlined] configure_accelerators(progname=) at vl.c:2216:10 [opt] frame #10: 0x0001002b6bd8 qemu-system-x86_64`qemu_init(argc=, argv=, envp=) at vl.c:3484 [opt] frame #11: 0x00017aac qemu-system-x86_64`qemu_main(argc=3, argv=0x00016fdff848, envp=) at main.c:49:5 [opt] frame #12: 0x00010001dd34 qemu-system-x86_64`call_qemu_main(opaque=0x) at cocoa.m:1714:14 [opt] frame #13: 0x000100477c1c qemu-system-x86_64`qemu_thread_start(args=) at qemu-thread-posix.c:521:9 [opt] frame #14: 0x00019846106c libsystem_pthread.dylib`_pthread_start + 320 Alex
