qemu
1485 строк · 45.3 Кб
1/*2* mmap support for qemu3*4* Copyright (c) 2003 Fabrice Bellard5*6* This program is free software; you can redistribute it and/or modify7* it under the terms of the GNU General Public License as published by8* the Free Software Foundation; either version 2 of the License, or9* (at your option) any later version.10*11* This program is distributed in the hope that it will be useful,12* but WITHOUT ANY WARRANTY; without even the implied warranty of13* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the14* GNU General Public License for more details.15*16* You should have received a copy of the GNU General Public License17* along with this program; if not, see <http://www.gnu.org/licenses/>.18*/19#include "qemu/osdep.h"20#include <sys/shm.h>21#include "trace.h"22#include "exec/log.h"23#include "exec/page-protection.h"24#include "qemu.h"25#include "user-internals.h"26#include "user-mmap.h"27#include "target_mman.h"28#include "qemu/interval-tree.h"29{39if (mmap_lock_count++ == 0) {40pthread_mutex_lock(&mmap_mutex);41}42}43{46assert(mmap_lock_count > 0);47if (--mmap_lock_count == 0) {48pthread_mutex_unlock(&mmap_mutex);49}50}51{54return mmap_lock_count > 0 ? true : false;55}56/* Grab lock to make sure things are in a consistent state after fork(). */58void mmap_fork_start(void)59{60if (mmap_lock_count)61abort();62pthread_mutex_lock(&mmap_mutex);63}64{67if (child) {68pthread_mutex_init(&mmap_mutex, NULL);69} else {70pthread_mutex_unlock(&mmap_mutex);71}72}73/* Protected by mmap_lock. */75static IntervalTreeRoot shm_regions;76{79IntervalTreeNode *i = g_new0(IntervalTreeNode, 1);80}85{88IntervalTreeNode *i;89}98{101IntervalTreeNode *i, *n;102}111/*113* Validate target prot bitmask.114* Return the prot bitmask for the host in *HOST_PROT.115* Return 0 if the target prot bitmask is invalid, otherwise116* the internal qemu page_flags (which will include PAGE_VALID).117*/118static int validate_prot_to_pageflags(int prot)119{120int valid = PROT_READ | PROT_WRITE | PROT_EXEC | TARGET_PROT_SEM;121int page_flags = (prot & PAGE_RWX) | PAGE_VALID;122* The PROT_BTI bit is only accepted if the cpu supports the feature.129* Since this is the unusual case, don't bother checking unless130* the bit has been requested. If set and valid, record the bit131* within QEMU's page_flags.132*/133if ((prot & TARGET_PROT_BTI) && cpu_isar_feature(aa64_bti, cpu)) {134valid |= TARGET_PROT_BTI;135page_flags |= PAGE_BTI;136}137/* Similarly for the PROT_MTE bit. */138if ((prot & TARGET_PROT_MTE) && cpu_isar_feature(aa64_mte, cpu)) {139valid |= TARGET_PROT_MTE;140page_flags |= PAGE_MTE;141}142}143#elif defined(TARGET_HPPA)144valid |= PROT_GROWSDOWN | PROT_GROWSUP;145#endif146}149/*151* For the host, we need not pass anything except read/write/exec.152* While PROT_SEM is allowed by all hosts, it is also ignored, so153* don't bother transforming guest bit to host bit. Any other154* target-specific prot bits will not be understood by the host155* and will need to be encoded into page_flags for qemu emulation.156*157* Pages that are executable by the guest will never be executed158* by the host, but the host will need to be able to read them.159*/160static int target_to_host_prot(int prot)161{162return (prot & (PROT_READ | PROT_WRITE)) |163(prot & PROT_EXEC ? PROT_READ : 0);164}165/* NOTE: all the constants are the HOST ones, but addresses are target. */167int target_mprotect(abi_ulong start, abi_ulong len, int target_prot)168{169int host_page_size = qemu_real_host_page_size();170abi_ulong starts[3];171abi_ulong lens[3];172int prots[3];173abi_ulong host_start, host_last, last;174int prot1, ret, page_flags, nranges;175}270/*272* Perform munmap on behalf of the target, with host parameters.273* If reserved_va, we must replace the memory reservation.274*/275static int do_munmap(void *addr, size_t len)276{277if (reserved_va) {278void *ptr = mmap(addr, len, PROT_NONE,279MAP_FIXED | MAP_ANONYMOUS280| MAP_PRIVATE | MAP_NORESERVE, -1, 0);281return ptr == addr ? 0 : -1;282}283return munmap(addr, len);284}285/*287* Perform a pread on behalf of target_mmap. We can reach EOF, we can be288* interrupted by signals, and in general there's no good error return path.289* If @zero, zero the rest of the block at EOF.290* Return true on success.291*/292static bool mmap_pread(int fd, void *p, size_t len, off_t offset, bool zero)293{294while (1) {295ssize_t r = pread(fd, p, len, offset);296}319/*321* Map an incomplete host page.322*323* Here be dragons. This case will not work if there is an existing324* overlapping host page, which is file mapped, and for which the mapping325* is beyond the end of the file. In that case, we will see SIGBUS when326* trying to write a portion of this page.327*328* FIXME: Work around this with a temporary signal handler and longjmp.329*/330static bool mmap_frag(abi_ulong real_start, abi_ulong start, abi_ulong last,331int prot, int flags, int fd, off_t offset)332{333int host_page_size = qemu_real_host_page_size();334abi_ulong real_last;335void *host_start;336int prot_old, prot_new;337int host_prot_old, host_prot_new;338* msync() won't work with the partial page, so we return an344* error if write is possible while it is a shared mapping.345*/346errno = EINVAL;347return false;348}349* Since !(prot_old & PAGE_VALID), there were no guest pages365* outside of the fragment we need to map. Allocate a new host366* page to cover, discarding whatever else may have been present.367*/368void *p = mmap(host_start, host_page_size,369target_to_host_prot(prot),370flags | MAP_ANONYMOUS, -1, 0);371if (p != host_start) {372if (p != MAP_FAILED) {373do_munmap(p, host_page_size);374errno = EEXIST;375}376return false;377}378prot_old = prot;379}380prot_new = prot | prot_old;381}405/*411* Subroutine of mmap_find_vma, used when we have pre-allocated412* a chunk of guest address space.413*/414static abi_ulong mmap_find_vma_reserved(abi_ulong start, abi_ulong size,415abi_ulong align)416{417target_ulong ret;418}427/*429* Find and reserve a free memory area of size 'size'. The search430* starts at 'start'.431* It must be called with mmap_lock() held.432* Return -1 if error.433*/434abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong align)435{436int host_page_size = qemu_real_host_page_size();437void *ptr, *prev;438abi_ulong addr;439int wrapped, repeat;440* Reserve needed memory area to avoid a race.463* It should be discarded using:464* - mmap() with MAP_FIXED flag465* - mremap() with MREMAP_FIXED flag466* - shmat() with SHM_REMAP flag467*/468ptr = mmap(g2h_untagged(addr), size, PROT_NONE,469MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0);470* Count the number of sequential returns of the same address.478* This is used to modify the search algorithm below.479*/480repeat = (ptr == prev ? repeat + 1 : 0);481* Assume the result that the kernel gave us is the498* first with enough free space, so start again at the499* next higher target page.500*/501addr = ROUND_UP(addr, align);502break;503case 1:504/*505* Sometimes the kernel decides to perform the allocation506* at the top end of memory instead.507*/508addr &= -align;509break;510case 2:511/* Start over at low memory. */512addr = 0;513break;514default:515/* Fail. This unaligned block must the last. */516addr = -1;517break;518}519} else {520/*521* Since the result the kernel gave didn't fit, start522* again at low memory. If any repetition, fail.523*/524addr = (repeat ? -1 : 0);525}526* Don't actually use 0 when wrapping, instead indicate540* that we'd truly like an allocation in low memory.541*/542addr = (mmap_min_addr > TARGET_PAGE_SIZE543? TARGET_PAGE_ALIGN(mmap_min_addr)544: TARGET_PAGE_SIZE);545} else if (wrapped && addr >= start) {546return (abi_ulong)-1;547}548}549}550/*552* Record a successful mmap within the user-exec interval tree.553*/554static abi_long mmap_end(abi_ulong start, abi_ulong last,555abi_ulong passthrough_start,556abi_ulong passthrough_last,557int flags, int page_flags)558{559if (flags & MAP_ANONYMOUS) {560page_flags |= PAGE_ANON;561}562page_flags |= PAGE_RESET;563if (passthrough_start > passthrough_last) {564page_set_flags(start, last, page_flags);565} else {566if (start < passthrough_start) {567page_set_flags(start, passthrough_start - 1, page_flags);568}569page_set_flags(passthrough_start, passthrough_last,570page_flags | PAGE_PASSTHROUGH);571if (passthrough_last < last) {572page_set_flags(passthrough_last + 1, last, page_flags);573}574}575shm_region_rm_complete(start, last);576trace_target_mmap_complete(start);577if (qemu_loglevel_mask(CPU_LOG_PAGE)) {578FILE *f = qemu_log_trylock();579if (f) {580fprintf(f, "page layout changed following mmap\n");581page_dump(f);582qemu_log_unlock(f);583}584}585return start;586}587/*589* Special case host page size == target page size,590* where there are no edge conditions.591*/592static abi_long mmap_h_eq_g(abi_ulong start, abi_ulong len,593int host_prot, int flags, int page_flags,594int fd, off_t offset)595{596void *p, *want_p = NULL;597abi_ulong last;598}618/*620* Special case host page size < target page size.621*622* The two special cases are increased guest alignment, and mapping623* past the end of a file.624*625* When mapping files into a memory area larger than the file,626* accesses to pages beyond the file size will cause a SIGBUS.627*628* For example, if mmaping a file of 100 bytes on a host with 4K629* pages emulating a target with 8K pages, the target expects to630* be able to access the first 8K. But the host will trap us on631* any access beyond 4K.632*633* When emulating a target with a larger page-size than the hosts,634* we may need to truncate file maps at EOF and add extra anonymous635* pages up to the targets page boundary.636*637* This workaround only works for files that do not change.638* If the file is later extended (e.g. ftruncate), the SIGBUS639* vanishes and the proper behaviour is that changes within the640* anon page should be reflected in the file.641*642* However, this case is rather common with executable images,643* so the workaround is important for even trivial tests, whereas644* the mmap of of a file being extended is less common.645*/646static abi_long mmap_h_lt_g(abi_ulong start, abi_ulong len, int host_prot,647int mmap_flags, int page_flags, int fd,648off_t offset, int host_page_size)649{650void *p, *want_p = NULL;651off_t fileend_adj = 0;652int flags = mmap_flags;653abi_ulong last, pass_last;654* The entire map is beyond the end of the file.668* Transform it to an anonymous mapping.669*/670flags |= MAP_ANONYMOUS;671fd = -1;672offset = 0;673} else if (offset + len > sb.st_size) {674/*675* A portion of the map is beyond the end of the file.676* Truncate the file portion of the allocation.677*/678fileend_adj = offset + len - sb.st_size;679}680}681* We failed a map over the top of the successful anonymous707* mapping above. The only failure mode is running out of VMAs,708* and there's nothing that we can do to detect that earlier.709* If we have replaced an existing mapping with MAP_FIXED,710* then we cannot properly recover. It's a coin toss whether711* it would be better to exit or continue here.712*/713if (!(flags & MAP_FIXED_NOREPLACE) &&714!page_check_range_empty(start, start + len - 1)) {715qemu_log("QEMU target_mmap late failure: %s",716strerror(save_errno));717}718* Take care to align the host memory. Perform a larger anonymous729* allocation and extract the aligned portion. Remap the file on730* top of that.731*/732host_len = len + TARGET_PAGE_SIZE - host_page_size;733p = mmap(want_p, host_len, host_prot, flags | MAP_ANONYMOUS, -1, 0);734if (p == MAP_FAILED) {735return -1;736}737}772/*774* Special case host page size > target page size.775*776* The two special cases are address and file offsets that are valid777* for the guest that cannot be directly represented by the host.778*/779static abi_long mmap_h_gt_g(abi_ulong start, abi_ulong len,780int target_prot, int host_prot,781int flags, int page_flags, int fd,782off_t offset, int host_page_size)783{784void *p, *want_p = NULL;785off_t host_offset = offset & -host_page_size;786abi_ulong last, real_start, real_last;787bool misaligned_offset = false;788size_t host_len;789* Adjust the offset to something representable on the host.797*/798host_len = len + offset - host_offset;799p = mmap(want_p, host_len, host_prot, flags, fd, host_offset);800if (p == MAP_FAILED) {801return -1;802}803* The fallback for misalignment is a private mapping + read.817* This carries none of semantics required of MAP_SHARED.818*/819if (misaligned_offset && (flags & MAP_TYPE) != MAP_PRIVATE) {820errno = EINVAL;821return -1;822}823}824* Handle the start and end of the mapping.831*/832if (real_start < start) {833abi_ulong real_page_last = real_start + host_page_size - 1;834if (last <= real_page_last) {835/* Entire allocation a subset of one host page. */836if (!mmap_frag(real_start, start, last, target_prot,837flags, fd, offset)) {838return -1;839}840return mmap_end(start, last, -1, 0, flags, page_flags);841}842* Handle the middle of the mapping.866*/867}900{905int host_page_size = qemu_real_host_page_size();906int host_prot;907* For reserved_va, we are in full control of the allocation.910* Find a suitable hole and convert to MAP_FIXED.911*/912if (reserved_va) {913if (flags & MAP_FIXED_NOREPLACE) {914/* Validate that the chosen range is empty. */915if (!page_check_range_empty(start, start + len - 1)) {916errno = EEXIST;917return -1;918}919flags = (flags & ~MAP_FIXED_NOREPLACE) | MAP_FIXED;920} else if (!(flags & MAP_FIXED)) {921abi_ulong real_start = start & -host_page_size;922off_t host_offset = offset & -host_page_size;923size_t real_len = len + offset - host_offset;924abi_ulong align = MAX(host_page_size, TARGET_PAGE_SIZE);925}949/* NOTE: all the constants are the HOST ones */951abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot,952int flags, int fd, off_t offset)953{954abi_long ret;955int page_flags;956* If we're mapping shared memory, ensure we generate code for parallel1001* execution and flush old translations. This will work up to the level1002* supported by the host -- anything that requires EXCP_ATOMIC will not1003* be atomic with respect to an external process.1004*/1005if (ret != -1 && (flags & MAP_TYPE) != MAP_PRIVATE) {1006CPUState *cpu = thread_cpu;1007if (!tcg_cflags_has(cpu, CF_PARALLEL)) {1008tcg_cflags_set(cpu, CF_PARALLEL);1009tb_flush(cpu);1010}1011}1012}1015{1018int host_page_size = qemu_real_host_page_size();1019abi_ulong real_start;1020abi_ulong real_last;1021abi_ulong real_len;1022abi_ulong last;1023abi_ulong a;1024void *host_start;1025int prot;1026* If guest pages remain on the first or last host pages,1033* adjust the deallocation to retain those guest pages.1034* The single page special case is required for the last page,1035* lest real_start overflow to zero.1036*/1037if (real_last - real_start < host_page_size) {1038prot = 0;1039for (a = real_start; a < start; a += TARGET_PAGE_SIZE) {1040prot |= page_get_flags(a);1041}1042for (a = last; a < real_last; a += TARGET_PAGE_SIZE) {1043prot |= page_get_flags(a + 1);1044}1045if (prot != 0) {1046return 0;1047}1048} else {1049for (prot = 0, a = real_start; a < start; a += TARGET_PAGE_SIZE) {1050prot |= page_get_flags(a);1051}1052if (prot != 0) {1053real_start += host_page_size;1054}1055}1073{1076int ret;1077}1100{1105int prot;1106void *host_addr;1107* If new and old addresses overlap then the above mremap will1126* already have failed with EINVAL.1127*/1128mmap_reserve_or_unmap(old_addr, old_size);1129}1130} else if (flags & MREMAP_MAYMOVE) {1131abi_ulong mmap_start;1132}1193{1196abi_ulong len;1197int ret = 0;1198* Most advice values are hints, so ignoring and returning success is ok.1226*1227* However, some advice values such as MADV_DONTNEED, MADV_WIPEONFORK and1228* MADV_KEEPONFORK are not hints and need to be emulated.1229*1230* A straight passthrough for those may not be safe because qemu sometimes1231* turns private file-backed mappings into anonymous mappings.1232* If all guest pages have PAGE_PASSTHROUGH set, mappings have the1233* same semantics for the host as for the guest.1234*1235* We pass through MADV_WIPEONFORK and MADV_KEEPONFORK if possible and1236* return failure if not.1237*1238* MADV_DONTNEED is passed through as well, if possible.1239* If passthrough isn't possible, we nevertheless (wrongly!) return1240* success, which is broken but some userspace programs fail to work1241* otherwise. Completely implementing such emulation is quite complicated1242* though.1243*/1244mmap_lock();1245switch (advice) {1246case MADV_WIPEONFORK:1247case MADV_KEEPONFORK:1248ret = -EINVAL;1249/* fall through */1250case MADV_DONTNEED:1251if (page_check_range(start, len, PAGE_PASSTHROUGH)) {1252ret = get_errno(madvise(g2h_untagged(start), len, advice));1253if ((advice == MADV_DONTNEED) && (ret == 0)) {1254page_reset_target_data(start, start + len - 1);1255}1256}1257}1258mmap_unlock();1259}1262/*1265* For most architectures, SHMLBA is the same as the page size;1266* some architectures have larger values, in which case they should1267* define TARGET_FORCE_SHMLBA and provide a target_shmlba() function.1268* This corresponds to the kernel arch code defining __ARCH_FORCE_SHMLBA1269* and defining its own value for SHMLBA.1270*1271* The kernel also permits SHMLBA to be set by the architecture to a1272* value larger than the page size without setting __ARCH_FORCE_SHMLBA;1273* this means that addresses are rounded to the large size if1274* SHM_RND is set but addresses not aligned to that size are not rejected1275* as long as they are at least page-aligned. Since the only architecture1276* which uses this is ia64 this code doesn't provide for that oddity.1277*/1278static inline abi_ulong target_shmlba(CPUArchState *cpu_env)1279{1280return TARGET_PAGE_SIZE;1281}1282#endif1283{1293CPUState *cpu = env_cpu(cpu_env);1294struct shmid_ds shm_info;1295int ret;1296int h_pagesize;1297int t_shmlba, h_shmlba, m_shmlba;1298size_t t_len, h_len, m_len;1299* Because we can't use host shmat() unless the address is sufficiently1304* aligned for the host, we'll need to check both.1305* TODO: Could be fixed with softmmu.1306*/1307t_shmlba = target_shmlba(cpu_env);1308h_pagesize = qemu_real_host_page_size();1309h_shmlba = (HOST_FORCE_SHMLBA ? SHMLBA : h_pagesize);1310m_shmlba = MAX(t_shmlba, h_shmlba);1311* The guest is allowing the kernel to round the address.1317* Assume that the guest is ok with us rounding to the1318* host required alignment too. Anyway if we don't, we'll1319* get an error from the kernel.1320*/1321shmaddr &= ~(m_shmlba - 1);1322if (shmaddr == 0 && (shmflg & SHM_REMAP)) {1323return -TARGET_EINVAL;1324}1325} else {1326int require = TARGET_PAGE_SIZE;1327#ifdef TARGET_FORCE_SHMLBA1328require = t_shmlba;1329#endif1330/*1331* Include host required alignment, as otherwise we cannot1332* use host shmat at all.1333*/1334require = MAX(require, h_shmlba);1335if (shmaddr & (require - 1)) {1336return -TARGET_EINVAL;1337}1338}1339}1340} else {1341if (shmflg & SHM_REMAP) {1342return -TARGET_EINVAL;1343}1344}1345/* All rounding now manually concluded. */1346shmflg &= ~SHM_RND;1347* If host page size > target page size, the host shmat may map1376* more memory than the guest expects. Reject a mapping that1377* would replace memory in the unexpected gap.1378* TODO: Could be fixed with softmmu.1379*/1380if (t_len < h_len &&1381!page_check_range_empty(shmaddr + t_len,1382shmaddr + h_len - 1)) {1383return -TARGET_EINVAL;1384}1385} else {1386if (!page_check_range_empty(shmaddr, shmaddr + m_len - 1)) {1387return -TARGET_EINVAL;1388}1389}1390* Map anonymous pages across the entire range, then remap with1396* the shared memory. This is required for a number of corner1397* cases for which host and guest page sizes differ.1398*/1399if (h_len != t_len) {1400int mmap_p = PROT_READ | (shmflg & SHM_RDONLY ? 0 : PROT_WRITE);1401int mmap_f = MAP_PRIVATE | MAP_ANONYMOUS1402| (reserved_va || mapped || (shmflg & SHM_REMAP)1403? MAP_FIXED : MAP_FIXED_NOREPLACE);1404* We're mapping shared memory, so ensure we generate code for parallel1443* execution and flush old translations. This will work up to the level1444* supported by the host -- anything that requires EXCP_ATOMIC will not1445* be atomic with respect to an external process.1446*/1447if (!tcg_cflags_has(cpu, CF_PARALLEL)) {1448tcg_cflags_set(cpu, CF_PARALLEL);1449tb_flush(cpu);1450}1451}1462{1465abi_long rv;1466}1486