I'm okay with moving it to set_page to simplify the logic, but

I think in the case where a page is cut short, the current change invalidates a lot more than necessary because it invalidates until the end of the page that was cut short. That can possibly step on PROT_NONE addresses because we didn't actually write that much.

I'm not sure if this happens. Sure, without_page_end_reserve might add add a few unnecessary bytes to the previous page, but it's not "a lot more than necessary". The block skipped by the jump is filtered out by writable_addrs, and the range on the next page will be start == end, which may not do anything and is at least not "a lot more than necessary".

because it invalidates until the end of the page that was cut short

Ah sorry, I finally got the actual situation of this. When other cb jumps from an early position, it does have a lot of gap until the destination. That makes sense. Never mind about my previous reply. I'll write something to improve it.

We could also pass a slightly different function that does the invalidation in the ARM backend.

I'm not sure if this is what you meant, but I addressed the problem you described with deb763c.

well, okay

It'd invalidate the icache twice for the jump in the assembler's code block, but it's only 20 bytes.

I guess this is what you mean. Maybe we don't want to put aarch64-specific code there, so I can do that instead.

I think this is what you meant 6a0b643.

Thanks for finding the root cause here. I know this isn't the first time we've had cache_invalidation issues lead to these sorts of failures. I would love to think about how we could setup our codeblock/page/codegen api to maybe make those sorts of errors a bit harder to make.