linux-user: Fix stale tbs after mmap

If we execute linux-user code that does the following: * A = mmap() * execute code in A * munmap(A) * B = mmap(), but mmap returns the same address as A * execute code in B we end up executing a stale cached tb that contains translated code from A, while we want new code from B. This patch adds a TB flush for mmap'ed regions, before we return them, avoiding the whole issue. It also adds a flush for munmap, so that we don't execute stale TBs instead of getting a segfault. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Riku Voipio <riku.voipio@linaro.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2025-08-04 00:03:54 -06:00 · 2012-05-10 22:40:10 +00:00 · 2012-05-10 22:40:10 +00:00 · 77a8f1a512
commit 77a8f1a512
parent 4636b9d146
3 changed files with 24 additions and 1 deletions
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@ -573,6 +573,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
    page_dump(stdout);
    printf("\n");
 #endif
+    tb_invalidate_phys_range(start, start + len, 0);
    mmap_unlock();
    return start;
 fail:
@ -675,8 +676,10 @@ int target_munmap(abi_ulong start, abi_ulong len)
        }
    }

-    if (ret == 0)
+    if (ret == 0) {
        page_set_flags(start, start + len, 0);
+        tb_invalidate_phys_range(start, start + len, 0);
+    }
    mmap_unlock();
    return ret;
 }
@ -754,6 +757,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
        page_set_flags(old_addr, old_addr + old_size, 0);
        page_set_flags(new_addr, new_addr + new_size, prot | PAGE_VALID);
    }
+    tb_invalidate_phys_range(new_addr, new_addr + new_size, 0);
    mmap_unlock();
    return new_addr;
 }