From patchwork Sun Nov 18 20:48:11 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Weil X-Patchwork-Id: 199908 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 55A3C2C0084 for ; Mon, 19 Nov 2012 07:48:29 +1100 (EST) Received: from localhost ([::1]:38394 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TaBn1-0000L7-8q for incoming@patchwork.ozlabs.org; Sun, 18 Nov 2012 15:48:27 -0500 Received: from eggs.gnu.org ([208.118.235.92]:36160) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TaBmr-0000Kh-Vj for qemu-devel@nongnu.org; Sun, 18 Nov 2012 15:48:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TaBmo-0001BW-Oo for qemu-devel@nongnu.org; Sun, 18 Nov 2012 15:48:17 -0500 Received: from v220110690675601.yourvserver.net ([78.47.199.172]:41730) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TaBmo-0001BM-EO for qemu-devel@nongnu.org; Sun, 18 Nov 2012 15:48:14 -0500 Received: from localhost (v220110690675601.yourvserver.net.local [127.0.0.1]) by v220110690675601.yourvserver.net (Postfix) with ESMTP id ED4D5728003A; Sun, 18 Nov 2012 21:48:12 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at weilnetz.de Received: from v220110690675601.yourvserver.net ([127.0.0.1]) by localhost (v220110690675601.yourvserver.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AFToMy-EGu4s; Sun, 18 Nov 2012 21:48:12 +0100 (CET) Received: from flocke.fritz.box (p54ADBD8C.dip.t-dialin.net [84.173.189.140]) by v220110690675601.yourvserver.net (Postfix) with ESMTPSA id 17FB3728002F; Sun, 18 Nov 2012 21:48:12 +0100 (CET) Received: from localhost ([127.0.0.1] ident=stefan) by flocke.fritz.box with esmtp (Exim 4.72) (envelope-from ) id 1TaBml-0000Oi-Bz; Sun, 18 Nov 2012 21:48:11 +0100 Message-ID: <50A9498B.2040209@weilnetz.de> Date: Sun, 18 Nov 2012 21:48:11 +0100 From: Stefan Weil User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20121027 Iceowl/1.0b1 Icedove/3.0.11 MIME-Version: 1.0 To: Richard Henderson References: <1350372614-30041-1-git-send-email-rth@twiddle.net> <1350372614-30041-4-git-send-email-rth@twiddle.net> In-Reply-To: <1350372614-30041-4-git-send-email-rth@twiddle.net> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 78.47.199.172 Cc: blauwirbel@gmail.com, qemu-devel@nongnu.org Subject: Re: [Qemu-devel] [PATCH 3/5] exec: Do not use absolute address hints for code_gen_buffer with -fpie X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Am 16.10.2012 09:30, schrieb Richard Henderson: > The hard-coded addresses inside alloc_code_gen_buffer only make sense > if we're building an executable that will actually run at the address > we've put into the linker scripts. > > When we're building with -fpie, the executable will run at some > random location chosen by the kernel. We get better placement for > the code_gen_buffer if we allow the kernel to place the memory, > as it will tend to to place it near the executable, based on the > PROT_EXEC bit. > > Since code_gen_prologue is always inside the executable, this effect > is easily seen at the end of most TB, with the exit_tb opcode, and > with any calls to helper functions. > > Signed-off-by: Richard Henderson > --- > exec.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/exec.c b/exec.c > index 6c0b2d7..5e33a3d 100644 > --- a/exec.c > +++ b/exec.c > @@ -578,7 +578,12 @@ static inline void *alloc_code_gen_buffer(void) > /* Constrain the position of the buffer based on the host cpu. > Note that these addresses are chosen in concert with the > addresses assigned in the relevant linker script file. */ > -# if defined(__x86_64__)&& defined(MAP_32BIT) > +# if defined(__PIE__) || defined(__PIC__) > + /* Don't bother setting a preferred location if we're building > + a position-independent executable. We're more likely to get > + an address near the main executable if we let the kernel > + choose the address. */ > +# elif defined(__x86_64__)&& defined(MAP_32BIT) > /* Force the memory down into low memory with the executable. > Leave the choice of exact location with the kernel. */ > flags |= MAP_32BIT; This patch breaks the TCG interpreter. Here is a test run on Debian x86_64 (output shortened): $ ./configure --enable-debug --enable-tcg-interpreter --target-list=i386-softmmu --disable-docs $ make $ gdb --args i386-softmmu/qemu-system-i386 -L pc-bios (gdb) r Starting program: i386-softmmu/qemu-system-i386 -L pc-bios [Thread debugging using libthread_db enabled] [New Thread 0x7fffe8f73700 (LWP 1446)] [New Thread 0x7fffe0470700 (LWP 1447)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe8f73700 (LWP 1446)] 0x00005555558e7ded in tcg_qemu_tb_exec (cpustate=0x55555656f7e0, tb_ptr=0xeab74acb
) at tci.c:445 445 TCGOpcode opc = tb_ptr[0]; (gdb) q QEMU crashes early while executing a jmp opcode. This patch restores functionality: an address near the main executable if we let the kernel Regards Stefan W. diff --git a/exec.c b/exec.c index 8435de0..44e4504 100644 --- a/exec.c +++ b/exec.c @@ -564,7 +564,7 @@ static inline void *alloc_code_gen_buffer(void) /* Constrain the position of the buffer based on the host cpu. Note that these addresses are chosen in concert with the addresses assigned in the relevant linker script file. */ -# if defined(__PIE__) || defined(__PIC__) +# if !defined(CONFIG_TCG_INTERPRETER) && (defined(__PIE__) || defined(__PIC__)) /* Don't bother setting a preferred location if we're building a position-independent executable. We're more likely to get