[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Page protection and i386 cmpxchg8b
From: |
Ilya Shar |
Subject: |
Re: [Qemu-devel] Page protection and i386 cmpxchg8b |
Date: |
Fri, 23 Feb 2007 14:56:26 -0800 (PST) |
--- Pierre d'Herbemont <address@hidden> wrote:
Hi Pierre,
Thanks for your reply - please see comments inserted
below:
> Hi Ilya!
>
> On 23 févr. 07, at 21:32, Ilya Shar wrote:
>
> > I'm running i386-darwin-usrer on i386 and some
> apps
> > (Safari browser) crash because cmpxchg8b attempts
> to
> > wrie to a qemu-allocated page which is readable
> but
> > write-protected. When I comment out mprotect in
> > exec.c
>
> Are you sure it does Safari does crash because of
> that call? I have
> the Apple Bug Reporter which complains about the
> fact that qemu gets
> a EXC_BAD_ACCESS, but then I get this error:
> qemu: Unsupported mach syscall: -61(0xffffffc3) (=
> semaphore_signal_trap)
> or
> qemu: Unsupported mach syscall: -33(0xffffffdf) (=
> syscall_thread_switch)
>
> To fix this we have to implement those syscalls.
>
Sure. At first I was hitting unsupported mach
syscalls, so I modified darwin-user/syscall.h
according to
/Developer/SDKs/MacOSX10.3.9.sdk/usr/include/mach/syscall_sw.h
:
$ diff syscall.c syscall.c.orig
458,465d457
< case -33:
< DPRINTF("semaphore_signal_trap(0x%x)\n",
arg1);
< ret = semaphore_signal_trap(arg1);
< break;
< case -34:
< DPRINTF("semaphore_signal_all_trap(0x%x)\n",
arg1);
< ret = semaphore_signal_all_trap(arg1);
< break;
471,474d462
< case -37:
< DPRINTF("semaphore_wait_signal_trap(0x%x,
0x%x)\n", arg1, arg2);
< ret = semaphore_wait_signal_trap(arg1,arg2);
< break;
With this Sfari went past the unsupported call -33 and
now stops in call -61 (syscall_thread_switch). Can I
just modify syscalls.c in a similar way to fix it?
But a really alarming thing happens before it gets
there. If my ethernet cable is not plugged in,
cmpxchg8b write to a nonwritable page brings my system
down. I suppose it happens in somewhere in the
drivers.
...
>
> I think the idea behind the mprotect is to make sure
> that any changes
> to this pages gets monitored, and that the tb can be
> invalidated if
> the code was modified (self modify-ing code).
That makes sense. Still I am not sure why cmpxchg8b
causes problems.
Thanks!
Ilya
>
> Pierre.
>
> _______________________________________________
> Qemu-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/qemu-devel
>
____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/