{"id":2219889,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2219889/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260405072857.66484-3-scottjgo@gmail.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.2/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260405072857.66484-3-scottjgo@gmail.com>","list_archive_url":null,"date":"2026-04-05T07:28:46","name":"[RFC,02/10] accel/hvf: avoid executable mappings for RAM-device memory","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"151d8f70f2a69d70f172fa8d995baeefcb6d1989","submitter":{"id":93060,"url":"http://patchwork.ozlabs.org/api/1.2/people/93060/?format=json","name":"Scott J. Goldman","email":"scottjgo@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260405072857.66484-3-scottjgo@gmail.com/mbox/","series":[{"id":498765,"url":"http://patchwork.ozlabs.org/api/1.2/series/498765/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=498765","date":"2026-04-05T07:28:44","name":"vfio: PCI device passthrough on Apple Silicon Macs","version":1,"mbox":"http://patchwork.ozlabs.org/series/498765/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2219889/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2219889/checks/","tags":{},"related":[],"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=ng7a5H+2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fpPJz058Sz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Sun, 05 Apr 2026 17:31:15 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1w9HvI-0003uP-Ot; Sun, 05 Apr 2026 03:29:32 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <scottjgo@gmail.com>)\n id 1w9HvH-0003tu-DD\n for qemu-devel@nongnu.org; Sun, 05 Apr 2026 03:29:31 -0400","from mail-dy1-x1333.google.com ([2607:f8b0:4864:20::1333])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <scottjgo@gmail.com>)\n id 1w9HvF-0007Eo-Tl\n for qemu-devel@nongnu.org; Sun, 05 Apr 2026 03:29:31 -0400","by mail-dy1-x1333.google.com with SMTP id\n 5a478bee46e88-2c54c68db4dso6147470eec.0\n for <qemu-devel@nongnu.org>; Sun, 05 Apr 2026 00:29:29 -0700 (PDT)","from localhost.localdomain ([2601:645:8200:47:41e4:ff2b:ff70:4d75])\n by smtp.gmail.com with ESMTPSA id\n 5a478bee46e88-2cb92ea0ef1sm7636502eec.21.2026.04.05.00.29.26\n (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);\n Sun, 05 Apr 2026 00:29:27 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1775374168; x=1775978968; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=U5URZfSAg9FIccdRM6Usf30iSs9MBUi6bDCXKqbZ7TQ=;\n b=ng7a5H+2Cmrfc/S1PAJei6UV03yf5u7x/k7KDzrLQMtpVJQL2pebzgW81yT2bnqpbe\n eIMUrWHlgWgXk6+sK3VMu2Ts+vaC1ZNuU6tznst2S7TczQm6ajbVeAE0vvSVzNpVVQl8\n eFKGs+JT8Llo/uvKW5VGor9eQD8olOPP40yhiOmSHAmvwSvJGiOdh7/qjdVnDj34pOmb\n 6Yx5jSFAbGDipQiHksu+mIGcbaZcM027mSot7A68nry8kjil/tMUg0tI5TVhYJvcvmTW\n +fJr5ET0Ncb+PlUls3FddMyLZZx0NS17nS6X73y4NrN4zvHAoEaAq4nKO5gaSaADyOD9\n LcDw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775374168; x=1775978968;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=U5URZfSAg9FIccdRM6Usf30iSs9MBUi6bDCXKqbZ7TQ=;\n b=haeZho7RHoK3tXFbwc15gbkG+CJVm6HZ50A0Q2h8lRBl5fudUeMUJooFvGtENy6tJ4\n FsXgAmHsqxWuMGS4mx6k8Op56FTaMORRkOBcEpgCPffbEpcuJKVueBmSRW7nG/my8120\n AeOnAeQNvC+YDyA9a/eQYlPn2JYGPJR5Ktniwei9uzCdVos9RNH9fmdafeiWGLPcfDll\n 2XM1G+/9+dRfAU/V5qbkz3q/Z9ALeoDkwYgV6kkbcCJsW9mjYlHsDol8e0yHg2fwZfcz\n fSZnEKAsALLCx8Tepzf78aq65+D6UE4c/yMXkNd68r8U7lsPgD3f6X7/KYC5jBkmk1kl\n x+Cw==","X-Gm-Message-State":"AOJu0YwwiSDBiFBmHvUODpWM3KlGvWbqITmm3Lo6Z5fTWNBPpMGBi4p7\n SUx5HWLDtaYEby8aMUl5DQCAJ+0Bmz7TqoG3QYJWUTcmiF4qIsqbmPkMFv9D4wvwEI0=","X-Gm-Gg":"AeBDiev4iG1HXPZSN0wWDx+TRoCYhYwtoBTcNMUKd4fxJLg+1pZzhkvGu6U/FEhNzkB\n ZbzhPLaQt1GR8V1Hlpa4/yaOwXOokpD6YX0eAPCV/M5xAWsG4H6WdxiTu7/KkSCo9kiG2LURM9I\n Ak2w1I1KR91nhnFNz3GrErf3T8UwZgQSopAhw8/MpKIs0cVwQEapVjg6oUtLYQDYE4NY1aaN4Ke\n SbXAaGSZ7SmUvf7uy7VdoOAmNYVDaOR2WcV7IBZGYayrIaLV87t14soVQ3q7eNPSx32zlF1h7rr\n WHJ0szH5kHOxaLO9H9ZxgUECWL1+HLWPtxPmaQZKSMJLeZBNS3K4i3zo/fJVdxPWEyDgf0Aij/X\n f1EOUhrz03FI93djv1hSETYLriQZdTLAJKdd7H+SnjwjX3wweUYFuiIOxycYd64/ojV8aUvUB9/\n 2Mj405/mbzkXHsmh+Be7BasY0X/6hdTEmWKN6jui8L9iP/3O8yMqVIE2nM3G3tGKFKed4IZjTvm\n 80zh7SnuzawXG76t73nbfwLM74=","X-Received":"by 2002:a05:693c:3009:b0:2c1:5b23:1752 with SMTP id\n 5a478bee46e88-2cbfc463645mr4676211eec.23.1775374168034;\n Sun, 05 Apr 2026 00:29:28 -0700 (PDT)","From":"\"Scott J. Goldman\" <scottjgo@gmail.com>","To":"qemu-devel@nongnu.org","Cc":"alex@shazbot.org, clg@redhat.com, pbonzini@redhat.com, rbolshakov@ddn.com,\n phil@philjordan.eu, mst@redhat.com, john.levon@nutanix.com,\n thanos.makatos@nutanix.com, qemu-s390x@nongnu.org,\n \"Scott J. Goldman\" <scottjgo@gmail.com>","Subject":"[RFC PATCH 02/10] accel/hvf: avoid executable mappings for RAM-device\n memory","Date":"Sun,  5 Apr 2026 00:28:46 -0700","Message-ID":"<20260405072857.66484-3-scottjgo@gmail.com>","X-Mailer":"git-send-email 2.50.1","In-Reply-To":"<20260405072857.66484-1-scottjgo@gmail.com>","References":"<20260405072857.66484-1-scottjgo@gmail.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=2607:f8b0:4864:20::1333;\n envelope-from=scottjgo@gmail.com; helo=mail-dy1-x1333.google.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"On macOS, HVF can panic the host kernel if a guest accesses device-backed\nmemory through an executable mapping. Leave RAM-device/MMIO regions\nmapped read/write only and keep EXEC for ordinary guest RAM.\n\nThis works around the immediate crash seen with passthrough BAR\nmappings. There are still platform-specific performance issues with\nguest write-combining mappings, but uncached mappings behave much more\nlike the host-side mapping and this at least avoids the panic.\n\nSigned-off-by: Scott J. Goldman <scottjgo@gmail.com>\n---\n accel/hvf/hvf-all.c | 10 +++++++++-\n 1 file changed, 9 insertions(+), 1 deletion(-)","diff":"diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c\nindex 5f357c6d19..76cec4655b 100644\n--- a/accel/hvf/hvf-all.c\n+++ b/accel/hvf/hvf-all.c\n@@ -114,7 +114,15 @@ static void hvf_set_phys_mem(MemoryRegionSection *section, bool add)\n         return;\n     }\n \n-    flags = HV_MEMORY_READ | HV_MEMORY_EXEC | (writable ? HV_MEMORY_WRITE : 0);\n+    flags = HV_MEMORY_READ | (writable ? HV_MEMORY_WRITE : 0);\n+    /*\n+     * Leave RAM-device/MMIO mappings RW-only: on macOS, accessing them through\n+     * executable HVF mappings can panic the host kernel. Ordinary guest RAM\n+     * still needs EXEC.\n+     */\n+    if (!memory_region_is_ram_device(area)) {\n+        flags |= HV_MEMORY_EXEC;\n+    }\n     mem = memory_region_get_ram_ptr(area) + section->offset_within_region;\n \n     trace_hvf_vm_map(gpa, size, mem, flags,\n","prefixes":["RFC","02/10"]}