qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Page protection and i386 cmpxchg8b

From: Ilya Shar
Subject: Re: [Qemu-devel] Page protection and i386 cmpxchg8b
Date: Fri, 23 Feb 2007 14:56:26 -0800 (PST) 
--- Pierre d'Herbemont <address@hidden> wrote:
Hi Pierre, 

Thanks for your reply - please see comments inserted
below: 

> Hi Ilya!
> 
> On 23 févr. 07, at 21:32, Ilya Shar wrote:
> 
> > I'm running i386-darwin-usrer on i386 and some
> apps
> > (Safari browser) crash because cmpxchg8b attempts
> to
> > wrie to a qemu-allocated page which is readable
> but
> > write-protected.  When I comment out mprotect in
> > exec.c
> 
> Are you sure it does Safari does crash because of
> that call? I have  
> the Apple Bug Reporter which complains about the
> fact that qemu gets  
> a EXC_BAD_ACCESS, but then I get this error:
> qemu: Unsupported mach syscall: -61(0xffffffc3) (=  
> semaphore_signal_trap)
> or
> qemu: Unsupported mach syscall: -33(0xffffffdf) (=  
> syscall_thread_switch)
> 
> To fix this we have to implement those syscalls.
> 

Sure.  At first I was hitting unsupported mach
syscalls, so I modified darwin-user/syscall.h
according to
/Developer/SDKs/MacOSX10.3.9.sdk/usr/include/mach/syscall_sw.h
: 

$ diff syscall.c syscall.c.orig 
458,465d457
<     case -33:
<         DPRINTF("semaphore_signal_trap(0x%x)\n",
arg1);
<         ret = semaphore_signal_trap(arg1);
<         break;
<     case -34:
<         DPRINTF("semaphore_signal_all_trap(0x%x)\n",
arg1);
<         ret = semaphore_signal_all_trap(arg1);
<         break;
471,474d462
<     case -37:
<         DPRINTF("semaphore_wait_signal_trap(0x%x,
0x%x)\n", arg1, arg2);
<         ret = semaphore_wait_signal_trap(arg1,arg2);

<         break;

With this Sfari went past the unsupported call -33 and
now stops in call -61 (syscall_thread_switch).  Can I
just modify syscalls.c in a similar way to fix it?  

But a really alarming thing happens before it gets
there.  If my ethernet cable is not plugged in,
cmpxchg8b write to a nonwritable page brings my system
down.  I suppose it happens in somewhere in the
drivers. 

...

> 
> I think the idea behind the mprotect is to make sure
> that any changes  
> to this pages gets monitored, and that the tb can be
> invalidated if  
> the code was modified (self modify-ing code).

That makes sense.  Still I am not sure why cmpxchg8b
causes problems. 

Thanks! 
Ilya 

> 
> Pierre.
> 
> _______________________________________________
> Qemu-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/qemu-devel
> 



 
____________________________________________________________________________________
Looking for earth-friendly autos? 
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]