On 13 January 2016 at 16:45, farmdve <farm...@gmail.com> wrote: > On Windows, in software MMU mode, how does QEMU handle > self-modifying code?
When we translate the guest code in a page of guest memory, we mark that page as "not dirty for code" by calling tlb_protect_code(), which clears a DIRTY_MEMORY_CODE bit and also ensures that subsequent guest writes to this page will take a slow code path. On that slow code path (in notdirty_mem_write()) we check to see if the DIRTY_MEMORY_CODE flag is clear for this page, and if it is then we throw away the translated code by calling tb_invalidate_phys_page_fast(). If the guest later tries to execute from the page again, we will translate the guest code again (and so will use the freshly modified code). There is some slight extra complication for CPUs which can validly modify the code they're executing (ie which don't need any kind of "flush cache/pipeline" or a branch between the store which modifies the code and the execution of the modified code). You can find those by looking at the changes controlled by the TARGET_HAS_PRECISE_SMC #define, which we only need for x86 guests at the moment. (For CPUs which don't set that, attempting to self-modify code in the same TB won't work, which is OK because architecturally that doesn't work on hardware either.) thanks -- PMM