> RISC CPUs don't support self-modifying code unless the affected area > is flushed explicitly.
For experience with ARM cpus, I think this is only true for userspace. Many CPUs only require explicit flushes when the icache is enabled. It's not uncommon for bootloaders to leave the icache disabled and omit the cache flushes. The ARM cache flush instructions/syscalls are currently implemented as a no-op, so nontrivial additional work would be required to disabled the qemu SMC detections. IIRC there are also special cases where a system call instruction guarantees some level of architectural consistency for backwards compatibility. On some cores it is only necessary to flush the pipeline, but it's also common to know that e.g. a particular core has a 4-stage pipeline, so inserting 4 NOPs is sufficient to ensure consistency. Paul
