1 /* 2 * mmap support for qemu 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 #include "qemu/osdep.h" 20 #include "trace.h" 21 #include "exec/log.h" 22 #include "qemu.h" 23 #include "user-internals.h" 24 #include "user-mmap.h" 25 26 static pthread_mutex_t mmap_mutex = PTHREAD_MUTEX_INITIALIZER; 27 static __thread int mmap_lock_count; 28 29 void mmap_lock(void) 30 { 31 if (mmap_lock_count++ == 0) { 32 pthread_mutex_lock(&mmap_mutex); 33 } 34 } 35 36 void mmap_unlock(void) 37 { 38 if (--mmap_lock_count == 0) { 39 pthread_mutex_unlock(&mmap_mutex); 40 } 41 } 42 43 bool have_mmap_lock(void) 44 { 45 return mmap_lock_count > 0 ? true : false; 46 } 47 48 /* Grab lock to make sure things are in a consistent state after fork(). */ 49 void mmap_fork_start(void) 50 { 51 if (mmap_lock_count) 52 abort(); 53 pthread_mutex_lock(&mmap_mutex); 54 } 55 56 void mmap_fork_end(int child) 57 { 58 if (child) 59 pthread_mutex_init(&mmap_mutex, NULL); 60 else 61 pthread_mutex_unlock(&mmap_mutex); 62 } 63 64 /* 65 * Validate target prot bitmask. 66 * Return the prot bitmask for the host in *HOST_PROT. 67 * Return 0 if the target prot bitmask is invalid, otherwise 68 * the internal qemu page_flags (which will include PAGE_VALID). 69 */ 70 static int validate_prot_to_pageflags(int *host_prot, int prot) 71 { 72 int valid = PROT_READ | PROT_WRITE | PROT_EXEC | TARGET_PROT_SEM; 73 int page_flags = (prot & PAGE_BITS) | PAGE_VALID; 74 75 /* 76 * For the host, we need not pass anything except read/write/exec. 77 * While PROT_SEM is allowed by all hosts, it is also ignored, so 78 * don't bother transforming guest bit to host bit. Any other 79 * target-specific prot bits will not be understood by the host 80 * and will need to be encoded into page_flags for qemu emulation. 81 * 82 * Pages that are executable by the guest will never be executed 83 * by the host, but the host will need to be able to read them. 84 */ 85 *host_prot = (prot & (PROT_READ | PROT_WRITE)) 86 | (prot & PROT_EXEC ? PROT_READ : 0); 87 88 #ifdef TARGET_AARCH64 89 { 90 ARMCPU *cpu = ARM_CPU(thread_cpu); 91 92 /* 93 * The PROT_BTI bit is only accepted if the cpu supports the feature. 94 * Since this is the unusual case, don't bother checking unless 95 * the bit has been requested. If set and valid, record the bit 96 * within QEMU's page_flags. 97 */ 98 if ((prot & TARGET_PROT_BTI) && cpu_isar_feature(aa64_bti, cpu)) { 99 valid |= TARGET_PROT_BTI; 100 page_flags |= PAGE_BTI; 101 } 102 /* Similarly for the PROT_MTE bit. */ 103 if ((prot & TARGET_PROT_MTE) && cpu_isar_feature(aa64_mte, cpu)) { 104 valid |= TARGET_PROT_MTE; 105 page_flags |= PAGE_MTE; 106 } 107 } 108 #endif 109 110 return prot & ~valid ? 0 : page_flags; 111 } 112 113 /* NOTE: all the constants are the HOST ones, but addresses are target. */ 114 int target_mprotect(abi_ulong start, abi_ulong len, int target_prot) 115 { 116 abi_ulong end, host_start, host_end, addr; 117 int prot1, ret, page_flags, host_prot; 118 119 trace_target_mprotect(start, len, target_prot); 120 121 if ((start & ~TARGET_PAGE_MASK) != 0) { 122 return -TARGET_EINVAL; 123 } 124 page_flags = validate_prot_to_pageflags(&host_prot, target_prot); 125 if (!page_flags) { 126 return -TARGET_EINVAL; 127 } 128 len = TARGET_PAGE_ALIGN(len); 129 end = start + len; 130 if (!guest_range_valid_untagged(start, len)) { 131 return -TARGET_ENOMEM; 132 } 133 if (len == 0) { 134 return 0; 135 } 136 137 mmap_lock(); 138 host_start = start & qemu_host_page_mask; 139 host_end = HOST_PAGE_ALIGN(end); 140 if (start > host_start) { 141 /* handle host page containing start */ 142 prot1 = host_prot; 143 for (addr = host_start; addr < start; addr += TARGET_PAGE_SIZE) { 144 prot1 |= page_get_flags(addr); 145 } 146 if (host_end == host_start + qemu_host_page_size) { 147 for (addr = end; addr < host_end; addr += TARGET_PAGE_SIZE) { 148 prot1 |= page_get_flags(addr); 149 } 150 end = host_end; 151 } 152 ret = mprotect(g2h_untagged(host_start), qemu_host_page_size, 153 prot1 & PAGE_BITS); 154 if (ret != 0) { 155 goto error; 156 } 157 host_start += qemu_host_page_size; 158 } 159 if (end < host_end) { 160 prot1 = host_prot; 161 for (addr = end; addr < host_end; addr += TARGET_PAGE_SIZE) { 162 prot1 |= page_get_flags(addr); 163 } 164 ret = mprotect(g2h_untagged(host_end - qemu_host_page_size), 165 qemu_host_page_size, prot1 & PAGE_BITS); 166 if (ret != 0) { 167 goto error; 168 } 169 host_end -= qemu_host_page_size; 170 } 171 172 /* handle the pages in the middle */ 173 if (host_start < host_end) { 174 ret = mprotect(g2h_untagged(host_start), 175 host_end - host_start, host_prot); 176 if (ret != 0) { 177 goto error; 178 } 179 } 180 page_set_flags(start, start + len, page_flags); 181 mmap_unlock(); 182 return 0; 183 error: 184 mmap_unlock(); 185 return ret; 186 } 187 188 /* map an incomplete host page */ 189 static int mmap_frag(abi_ulong real_start, 190 abi_ulong start, abi_ulong end, 191 int prot, int flags, int fd, abi_ulong offset) 192 { 193 abi_ulong real_end, addr; 194 void *host_start; 195 int prot1, prot_new; 196 197 real_end = real_start + qemu_host_page_size; 198 host_start = g2h_untagged(real_start); 199 200 /* get the protection of the target pages outside the mapping */ 201 prot1 = 0; 202 for(addr = real_start; addr < real_end; addr++) { 203 if (addr < start || addr >= end) 204 prot1 |= page_get_flags(addr); 205 } 206 207 if (prot1 == 0) { 208 /* no page was there, so we allocate one */ 209 void *p = mmap(host_start, qemu_host_page_size, prot, 210 flags | MAP_ANONYMOUS, -1, 0); 211 if (p == MAP_FAILED) 212 return -1; 213 prot1 = prot; 214 } 215 prot1 &= PAGE_BITS; 216 217 prot_new = prot | prot1; 218 if (!(flags & MAP_ANONYMOUS)) { 219 /* msync() won't work here, so we return an error if write is 220 possible while it is a shared mapping */ 221 if ((flags & MAP_TYPE) == MAP_SHARED && 222 (prot & PROT_WRITE)) 223 return -1; 224 225 /* adjust protection to be able to read */ 226 if (!(prot1 & PROT_WRITE)) 227 mprotect(host_start, qemu_host_page_size, prot1 | PROT_WRITE); 228 229 /* read the corresponding file data */ 230 if (pread(fd, g2h_untagged(start), end - start, offset) == -1) 231 return -1; 232 233 /* put final protection */ 234 if (prot_new != (prot1 | PROT_WRITE)) 235 mprotect(host_start, qemu_host_page_size, prot_new); 236 } else { 237 if (prot_new != prot1) { 238 mprotect(host_start, qemu_host_page_size, prot_new); 239 } 240 if (prot_new & PROT_WRITE) { 241 memset(g2h_untagged(start), 0, end - start); 242 } 243 } 244 return 0; 245 } 246 247 #if HOST_LONG_BITS == 64 && TARGET_ABI_BITS == 64 248 #ifdef TARGET_AARCH64 249 # define TASK_UNMAPPED_BASE 0x5500000000 250 #else 251 # define TASK_UNMAPPED_BASE (1ul << 38) 252 #endif 253 #else 254 # define TASK_UNMAPPED_BASE 0x40000000 255 #endif 256 abi_ulong mmap_next_start = TASK_UNMAPPED_BASE; 257 258 unsigned long last_brk; 259 260 /* Subroutine of mmap_find_vma, used when we have pre-allocated a chunk 261 of guest address space. */ 262 static abi_ulong mmap_find_vma_reserved(abi_ulong start, abi_ulong size, 263 abi_ulong align) 264 { 265 abi_ulong addr, end_addr, incr = qemu_host_page_size; 266 int prot; 267 bool looped = false; 268 269 if (size > reserved_va) { 270 return (abi_ulong)-1; 271 } 272 273 /* Note that start and size have already been aligned by mmap_find_vma. */ 274 275 end_addr = start + size; 276 if (start > reserved_va - size) { 277 /* Start at the top of the address space. */ 278 end_addr = ((reserved_va - size) & -align) + size; 279 looped = true; 280 } 281 282 /* Search downward from END_ADDR, checking to see if a page is in use. */ 283 addr = end_addr; 284 while (1) { 285 addr -= incr; 286 if (addr > end_addr) { 287 if (looped) { 288 /* Failure. The entire address space has been searched. */ 289 return (abi_ulong)-1; 290 } 291 /* Re-start at the top of the address space. */ 292 addr = end_addr = ((reserved_va - size) & -align) + size; 293 looped = true; 294 } else { 295 prot = page_get_flags(addr); 296 if (prot) { 297 /* Page in use. Restart below this page. */ 298 addr = end_addr = ((addr - size) & -align) + size; 299 } else if (addr && addr + size == end_addr) { 300 /* Success! All pages between ADDR and END_ADDR are free. */ 301 if (start == mmap_next_start) { 302 mmap_next_start = addr; 303 } 304 return addr; 305 } 306 } 307 } 308 } 309 310 /* 311 * Find and reserve a free memory area of size 'size'. The search 312 * starts at 'start'. 313 * It must be called with mmap_lock() held. 314 * Return -1 if error. 315 */ 316 abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong align) 317 { 318 void *ptr, *prev; 319 abi_ulong addr; 320 int wrapped, repeat; 321 322 align = MAX(align, qemu_host_page_size); 323 324 /* If 'start' == 0, then a default start address is used. */ 325 if (start == 0) { 326 start = mmap_next_start; 327 } else { 328 start &= qemu_host_page_mask; 329 } 330 start = ROUND_UP(start, align); 331 332 size = HOST_PAGE_ALIGN(size); 333 334 if (reserved_va) { 335 return mmap_find_vma_reserved(start, size, align); 336 } 337 338 addr = start; 339 wrapped = repeat = 0; 340 prev = 0; 341 342 for (;; prev = ptr) { 343 /* 344 * Reserve needed memory area to avoid a race. 345 * It should be discarded using: 346 * - mmap() with MAP_FIXED flag 347 * - mremap() with MREMAP_FIXED flag 348 * - shmat() with SHM_REMAP flag 349 */ 350 ptr = mmap(g2h_untagged(addr), size, PROT_NONE, 351 MAP_ANONYMOUS|MAP_PRIVATE|MAP_NORESERVE, -1, 0); 352 353 /* ENOMEM, if host address space has no memory */ 354 if (ptr == MAP_FAILED) { 355 return (abi_ulong)-1; 356 } 357 358 /* Count the number of sequential returns of the same address. 359 This is used to modify the search algorithm below. */ 360 repeat = (ptr == prev ? repeat + 1 : 0); 361 362 if (h2g_valid(ptr + size - 1)) { 363 addr = h2g(ptr); 364 365 if ((addr & (align - 1)) == 0) { 366 /* Success. */ 367 if (start == mmap_next_start && addr >= TASK_UNMAPPED_BASE) { 368 mmap_next_start = addr + size; 369 } 370 return addr; 371 } 372 373 /* The address is not properly aligned for the target. */ 374 switch (repeat) { 375 case 0: 376 /* Assume the result that the kernel gave us is the 377 first with enough free space, so start again at the 378 next higher target page. */ 379 addr = ROUND_UP(addr, align); 380 break; 381 case 1: 382 /* Sometimes the kernel decides to perform the allocation 383 at the top end of memory instead. */ 384 addr &= -align; 385 break; 386 case 2: 387 /* Start over at low memory. */ 388 addr = 0; 389 break; 390 default: 391 /* Fail. This unaligned block must the last. */ 392 addr = -1; 393 break; 394 } 395 } else { 396 /* Since the result the kernel gave didn't fit, start 397 again at low memory. If any repetition, fail. */ 398 addr = (repeat ? -1 : 0); 399 } 400 401 /* Unmap and try again. */ 402 munmap(ptr, size); 403 404 /* ENOMEM if we checked the whole of the target address space. */ 405 if (addr == (abi_ulong)-1) { 406 return (abi_ulong)-1; 407 } else if (addr == 0) { 408 if (wrapped) { 409 return (abi_ulong)-1; 410 } 411 wrapped = 1; 412 /* Don't actually use 0 when wrapping, instead indicate 413 that we'd truly like an allocation in low memory. */ 414 addr = (mmap_min_addr > TARGET_PAGE_SIZE 415 ? TARGET_PAGE_ALIGN(mmap_min_addr) 416 : TARGET_PAGE_SIZE); 417 } else if (wrapped && addr >= start) { 418 return (abi_ulong)-1; 419 } 420 } 421 } 422 423 /* NOTE: all the constants are the HOST ones */ 424 abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot, 425 int flags, int fd, abi_ulong offset) 426 { 427 abi_ulong ret, end, real_start, real_end, retaddr, host_offset, host_len; 428 int page_flags, host_prot; 429 430 mmap_lock(); 431 trace_target_mmap(start, len, target_prot, flags, fd, offset); 432 433 if (!len) { 434 errno = EINVAL; 435 goto fail; 436 } 437 438 page_flags = validate_prot_to_pageflags(&host_prot, target_prot); 439 if (!page_flags) { 440 errno = EINVAL; 441 goto fail; 442 } 443 444 /* Also check for overflows... */ 445 len = TARGET_PAGE_ALIGN(len); 446 if (!len) { 447 errno = ENOMEM; 448 goto fail; 449 } 450 451 if (offset & ~TARGET_PAGE_MASK) { 452 errno = EINVAL; 453 goto fail; 454 } 455 456 /* 457 * If we're mapping shared memory, ensure we generate code for parallel 458 * execution and flush old translations. This will work up to the level 459 * supported by the host -- anything that requires EXCP_ATOMIC will not 460 * be atomic with respect to an external process. 461 */ 462 if (flags & MAP_SHARED) { 463 CPUState *cpu = thread_cpu; 464 if (!(cpu->tcg_cflags & CF_PARALLEL)) { 465 cpu->tcg_cflags |= CF_PARALLEL; 466 tb_flush(cpu); 467 } 468 } 469 470 real_start = start & qemu_host_page_mask; 471 host_offset = offset & qemu_host_page_mask; 472 473 /* If the user is asking for the kernel to find a location, do that 474 before we truncate the length for mapping files below. */ 475 if (!(flags & MAP_FIXED)) { 476 host_len = len + offset - host_offset; 477 host_len = HOST_PAGE_ALIGN(host_len); 478 start = mmap_find_vma(real_start, host_len, TARGET_PAGE_SIZE); 479 if (start == (abi_ulong)-1) { 480 errno = ENOMEM; 481 goto fail; 482 } 483 } 484 485 /* When mapping files into a memory area larger than the file, accesses 486 to pages beyond the file size will cause a SIGBUS. 487 488 For example, if mmaping a file of 100 bytes on a host with 4K pages 489 emulating a target with 8K pages, the target expects to be able to 490 access the first 8K. But the host will trap us on any access beyond 491 4K. 492 493 When emulating a target with a larger page-size than the hosts, we 494 may need to truncate file maps at EOF and add extra anonymous pages 495 up to the targets page boundary. */ 496 497 if ((qemu_real_host_page_size() < qemu_host_page_size) && 498 !(flags & MAP_ANONYMOUS)) { 499 struct stat sb; 500 501 if (fstat (fd, &sb) == -1) 502 goto fail; 503 504 /* Are we trying to create a map beyond EOF?. */ 505 if (offset + len > sb.st_size) { 506 /* If so, truncate the file map at eof aligned with 507 the hosts real pagesize. Additional anonymous maps 508 will be created beyond EOF. */ 509 len = REAL_HOST_PAGE_ALIGN(sb.st_size - offset); 510 } 511 } 512 513 if (!(flags & MAP_FIXED)) { 514 unsigned long host_start; 515 void *p; 516 517 host_len = len + offset - host_offset; 518 host_len = HOST_PAGE_ALIGN(host_len); 519 520 /* Note: we prefer to control the mapping address. It is 521 especially important if qemu_host_page_size > 522 qemu_real_host_page_size */ 523 p = mmap(g2h_untagged(start), host_len, host_prot, 524 flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0); 525 if (p == MAP_FAILED) { 526 goto fail; 527 } 528 /* update start so that it points to the file position at 'offset' */ 529 host_start = (unsigned long)p; 530 if (!(flags & MAP_ANONYMOUS)) { 531 p = mmap(g2h_untagged(start), len, host_prot, 532 flags | MAP_FIXED, fd, host_offset); 533 if (p == MAP_FAILED) { 534 munmap(g2h_untagged(start), host_len); 535 goto fail; 536 } 537 host_start += offset - host_offset; 538 } 539 start = h2g(host_start); 540 } else { 541 if (start & ~TARGET_PAGE_MASK) { 542 errno = EINVAL; 543 goto fail; 544 } 545 end = start + len; 546 real_end = HOST_PAGE_ALIGN(end); 547 548 /* 549 * Test if requested memory area fits target address space 550 * It can fail only on 64-bit host with 32-bit target. 551 * On any other target/host host mmap() handles this error correctly. 552 */ 553 if (end < start || !guest_range_valid_untagged(start, len)) { 554 errno = ENOMEM; 555 goto fail; 556 } 557 558 /* worst case: we cannot map the file because the offset is not 559 aligned, so we read it */ 560 if (!(flags & MAP_ANONYMOUS) && 561 (offset & ~qemu_host_page_mask) != (start & ~qemu_host_page_mask)) { 562 /* msync() won't work here, so we return an error if write is 563 possible while it is a shared mapping */ 564 if ((flags & MAP_TYPE) == MAP_SHARED && 565 (host_prot & PROT_WRITE)) { 566 errno = EINVAL; 567 goto fail; 568 } 569 retaddr = target_mmap(start, len, target_prot | PROT_WRITE, 570 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, 571 -1, 0); 572 if (retaddr == -1) 573 goto fail; 574 if (pread(fd, g2h_untagged(start), len, offset) == -1) 575 goto fail; 576 if (!(host_prot & PROT_WRITE)) { 577 ret = target_mprotect(start, len, target_prot); 578 assert(ret == 0); 579 } 580 goto the_end; 581 } 582 583 /* handle the start of the mapping */ 584 if (start > real_start) { 585 if (real_end == real_start + qemu_host_page_size) { 586 /* one single host page */ 587 ret = mmap_frag(real_start, start, end, 588 host_prot, flags, fd, offset); 589 if (ret == -1) 590 goto fail; 591 goto the_end1; 592 } 593 ret = mmap_frag(real_start, start, real_start + qemu_host_page_size, 594 host_prot, flags, fd, offset); 595 if (ret == -1) 596 goto fail; 597 real_start += qemu_host_page_size; 598 } 599 /* handle the end of the mapping */ 600 if (end < real_end) { 601 ret = mmap_frag(real_end - qemu_host_page_size, 602 real_end - qemu_host_page_size, end, 603 host_prot, flags, fd, 604 offset + real_end - qemu_host_page_size - start); 605 if (ret == -1) 606 goto fail; 607 real_end -= qemu_host_page_size; 608 } 609 610 /* map the middle (easier) */ 611 if (real_start < real_end) { 612 void *p; 613 unsigned long offset1; 614 if (flags & MAP_ANONYMOUS) 615 offset1 = 0; 616 else 617 offset1 = offset + real_start - start; 618 p = mmap(g2h_untagged(real_start), real_end - real_start, 619 host_prot, flags, fd, offset1); 620 if (p == MAP_FAILED) 621 goto fail; 622 } 623 } 624 the_end1: 625 if (flags & MAP_ANONYMOUS) { 626 page_flags |= PAGE_ANON; 627 } 628 page_flags |= PAGE_RESET; 629 page_set_flags(start, start + len, page_flags); 630 the_end: 631 trace_target_mmap_complete(start); 632 if (qemu_loglevel_mask(CPU_LOG_PAGE)) { 633 FILE *f = qemu_log_trylock(); 634 if (f) { 635 fprintf(f, "page layout changed following mmap\n"); 636 page_dump(f); 637 qemu_log_unlock(f); 638 } 639 } 640 tb_invalidate_phys_range(start, start + len); 641 mmap_unlock(); 642 return start; 643 fail: 644 mmap_unlock(); 645 return -1; 646 } 647 648 static void mmap_reserve(abi_ulong start, abi_ulong size) 649 { 650 abi_ulong real_start; 651 abi_ulong real_end; 652 abi_ulong addr; 653 abi_ulong end; 654 int prot; 655 656 real_start = start & qemu_host_page_mask; 657 real_end = HOST_PAGE_ALIGN(start + size); 658 end = start + size; 659 if (start > real_start) { 660 /* handle host page containing start */ 661 prot = 0; 662 for (addr = real_start; addr < start; addr += TARGET_PAGE_SIZE) { 663 prot |= page_get_flags(addr); 664 } 665 if (real_end == real_start + qemu_host_page_size) { 666 for (addr = end; addr < real_end; addr += TARGET_PAGE_SIZE) { 667 prot |= page_get_flags(addr); 668 } 669 end = real_end; 670 } 671 if (prot != 0) 672 real_start += qemu_host_page_size; 673 } 674 if (end < real_end) { 675 prot = 0; 676 for (addr = end; addr < real_end; addr += TARGET_PAGE_SIZE) { 677 prot |= page_get_flags(addr); 678 } 679 if (prot != 0) 680 real_end -= qemu_host_page_size; 681 } 682 if (real_start != real_end) { 683 mmap(g2h_untagged(real_start), real_end - real_start, PROT_NONE, 684 MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, 685 -1, 0); 686 } 687 } 688 689 int target_munmap(abi_ulong start, abi_ulong len) 690 { 691 abi_ulong end, real_start, real_end, addr; 692 int prot, ret; 693 694 trace_target_munmap(start, len); 695 696 if (start & ~TARGET_PAGE_MASK) 697 return -TARGET_EINVAL; 698 len = TARGET_PAGE_ALIGN(len); 699 if (len == 0 || !guest_range_valid_untagged(start, len)) { 700 return -TARGET_EINVAL; 701 } 702 703 mmap_lock(); 704 end = start + len; 705 real_start = start & qemu_host_page_mask; 706 real_end = HOST_PAGE_ALIGN(end); 707 708 if (start > real_start) { 709 /* handle host page containing start */ 710 prot = 0; 711 for(addr = real_start; addr < start; addr += TARGET_PAGE_SIZE) { 712 prot |= page_get_flags(addr); 713 } 714 if (real_end == real_start + qemu_host_page_size) { 715 for(addr = end; addr < real_end; addr += TARGET_PAGE_SIZE) { 716 prot |= page_get_flags(addr); 717 } 718 end = real_end; 719 } 720 if (prot != 0) 721 real_start += qemu_host_page_size; 722 } 723 if (end < real_end) { 724 prot = 0; 725 for(addr = end; addr < real_end; addr += TARGET_PAGE_SIZE) { 726 prot |= page_get_flags(addr); 727 } 728 if (prot != 0) 729 real_end -= qemu_host_page_size; 730 } 731 732 ret = 0; 733 /* unmap what we can */ 734 if (real_start < real_end) { 735 if (reserved_va) { 736 mmap_reserve(real_start, real_end - real_start); 737 } else { 738 ret = munmap(g2h_untagged(real_start), real_end - real_start); 739 } 740 } 741 742 if (ret == 0) { 743 page_set_flags(start, start + len, 0); 744 tb_invalidate_phys_range(start, start + len); 745 } 746 mmap_unlock(); 747 return ret; 748 } 749 750 abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, 751 abi_ulong new_size, unsigned long flags, 752 abi_ulong new_addr) 753 { 754 int prot; 755 void *host_addr; 756 757 if (!guest_range_valid_untagged(old_addr, old_size) || 758 ((flags & MREMAP_FIXED) && 759 !guest_range_valid_untagged(new_addr, new_size)) || 760 ((flags & MREMAP_MAYMOVE) == 0 && 761 !guest_range_valid_untagged(old_addr, new_size))) { 762 errno = ENOMEM; 763 return -1; 764 } 765 766 mmap_lock(); 767 768 if (flags & MREMAP_FIXED) { 769 host_addr = mremap(g2h_untagged(old_addr), old_size, new_size, 770 flags, g2h_untagged(new_addr)); 771 772 if (reserved_va && host_addr != MAP_FAILED) { 773 /* If new and old addresses overlap then the above mremap will 774 already have failed with EINVAL. */ 775 mmap_reserve(old_addr, old_size); 776 } 777 } else if (flags & MREMAP_MAYMOVE) { 778 abi_ulong mmap_start; 779 780 mmap_start = mmap_find_vma(0, new_size, TARGET_PAGE_SIZE); 781 782 if (mmap_start == -1) { 783 errno = ENOMEM; 784 host_addr = MAP_FAILED; 785 } else { 786 host_addr = mremap(g2h_untagged(old_addr), old_size, new_size, 787 flags | MREMAP_FIXED, 788 g2h_untagged(mmap_start)); 789 if (reserved_va) { 790 mmap_reserve(old_addr, old_size); 791 } 792 } 793 } else { 794 int prot = 0; 795 if (reserved_va && old_size < new_size) { 796 abi_ulong addr; 797 for (addr = old_addr + old_size; 798 addr < old_addr + new_size; 799 addr++) { 800 prot |= page_get_flags(addr); 801 } 802 } 803 if (prot == 0) { 804 host_addr = mremap(g2h_untagged(old_addr), 805 old_size, new_size, flags); 806 807 if (host_addr != MAP_FAILED) { 808 /* Check if address fits target address space */ 809 if (!guest_range_valid_untagged(h2g(host_addr), new_size)) { 810 /* Revert mremap() changes */ 811 host_addr = mremap(g2h_untagged(old_addr), 812 new_size, old_size, flags); 813 errno = ENOMEM; 814 host_addr = MAP_FAILED; 815 } else if (reserved_va && old_size > new_size) { 816 mmap_reserve(old_addr + old_size, old_size - new_size); 817 } 818 } 819 } else { 820 errno = ENOMEM; 821 host_addr = MAP_FAILED; 822 } 823 } 824 825 if (host_addr == MAP_FAILED) { 826 new_addr = -1; 827 } else { 828 new_addr = h2g(host_addr); 829 prot = page_get_flags(old_addr); 830 page_set_flags(old_addr, old_addr + old_size, 0); 831 page_set_flags(new_addr, new_addr + new_size, 832 prot | PAGE_VALID | PAGE_RESET); 833 } 834 tb_invalidate_phys_range(new_addr, new_addr + new_size); 835 mmap_unlock(); 836 return new_addr; 837 } 838 839 static bool can_passthrough_madv_dontneed(abi_ulong start, abi_ulong end) 840 { 841 ulong addr; 842 843 if ((start | end) & ~qemu_host_page_mask) { 844 return false; 845 } 846 847 for (addr = start; addr < end; addr += TARGET_PAGE_SIZE) { 848 if (!(page_get_flags(addr) & PAGE_ANON)) { 849 return false; 850 } 851 } 852 853 return true; 854 } 855 856 abi_long target_madvise(abi_ulong start, abi_ulong len_in, int advice) 857 { 858 abi_ulong len, end; 859 int ret = 0; 860 861 if (start & ~TARGET_PAGE_MASK) { 862 return -TARGET_EINVAL; 863 } 864 len = TARGET_PAGE_ALIGN(len_in); 865 866 if (len_in && !len) { 867 return -TARGET_EINVAL; 868 } 869 870 end = start + len; 871 if (end < start) { 872 return -TARGET_EINVAL; 873 } 874 875 if (end == start) { 876 return 0; 877 } 878 879 if (!guest_range_valid_untagged(start, len)) { 880 return -TARGET_EINVAL; 881 } 882 883 /* 884 * A straight passthrough may not be safe because qemu sometimes turns 885 * private file-backed mappings into anonymous mappings. 886 * 887 * This is a hint, so ignoring and returning success is ok. 888 * 889 * This breaks MADV_DONTNEED, completely implementing which is quite 890 * complicated. However, there is one low-hanging fruit: host-page-aligned 891 * anonymous mappings. In this case passthrough is safe, so do it. 892 */ 893 mmap_lock(); 894 if (advice == MADV_DONTNEED && 895 can_passthrough_madv_dontneed(start, end)) { 896 ret = get_errno(madvise(g2h_untagged(start), len, MADV_DONTNEED)); 897 } 898 mmap_unlock(); 899 900 return ret; 901 } 902