From patchwork Fri Jun 3 20:40:17 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 9154027 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D606A60751 for ; Fri, 3 Jun 2016 20:53:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C4BB82832F for ; Fri, 3 Jun 2016 20:53:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B371928338; Fri, 3 Jun 2016 20:53:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id F22252832F for ; Fri, 3 Jun 2016 20:53:51 +0000 (UTC) Received: from localhost ([::1]:57693 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b8w6H-0003xE-TM for patchwork-qemu-devel@patchwork.kernel.org; Fri, 03 Jun 2016 16:53:49 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37483) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b8vtb-0008UL-Ch for qemu-devel@nongnu.org; Fri, 03 Jun 2016 16:40:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b8vtX-0000Uq-5K for qemu-devel@nongnu.org; Fri, 03 Jun 2016 16:40:42 -0400 Received: from mail-wm0-x22d.google.com ([2a00:1450:400c:c09::22d]:36981) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b8vtW-0000UF-HU for qemu-devel@nongnu.org; Fri, 03 Jun 2016 16:40:39 -0400 Received: by mail-wm0-x22d.google.com with SMTP id z87so9736373wmh.0 for ; Fri, 03 Jun 2016 13:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NUC5z0x90XL+YLKyGKp1oErGvOrVmw78Wvcbl3IF+Mg=; b=GElPFY2xvfRf6ro0E2thLS/ou08Sab3GDYix3cGuULUkRmIpQuV8zdBnbTGUXznJtF rg1kUxqFQAs7WBt0oOWJUMnGPdG0WR6sJDbXj72bg0AEcHvMXO6teT2nMcebw1c3GOA1 B+817k+riRCbL4fRLHbbQQSu9BJmTq5nwabnA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NUC5z0x90XL+YLKyGKp1oErGvOrVmw78Wvcbl3IF+Mg=; b=BMMwr6fHNkjZO6EbpKo+Ec8t+UG49dO93XN+zmIhj1+ACN7hoVNAi5NxfbCcsBSstk fm15+XmZkS5LzHRTOavH08EDHjtpewLR/dfBi8NwdKF2+utjg3X1aTaIu15lMJMrdkia rUEJhW8hOh4qdA4eBGWwUNsOIzicAeLlNxdFnDUtHcuiwPQEAHTY+gZWWfb3/lmeWvA+ s67BJ8aHJMhlwmb/4af9JU/peQUgBfPonWSG3D5yPl1CR3ATRrBNAQiEKHuyS6IE+ONc ABSm6l1l/iVioUg5+E9HXq2COc+1Ew/6FvK0GduDujrPeYTve9GbvrTBohMn9f/78d5e lMSA== X-Gm-Message-State: ALyK8tLT4eNWA+SFldb3niH0T+z2RBgCkh33q7qBEJToXtb2WAFa5kOkL0wCT4npaaQ2o+3u X-Received: by 10.194.69.229 with SMTP id h5mr4900641wju.45.1464986437683; Fri, 03 Jun 2016 13:40:37 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id ju6sm7386449wjb.14.2016.06.03.13.40.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Jun 2016 13:40:33 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id D79E83E2ED9; Fri, 3 Jun 2016 21:40:39 +0100 (BST) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: mttcg@listserver.greensocs.com, qemu-devel@nongnu.org, fred.konrad@greensocs.com, a.rigo@virtualopensystems.com, serge.fdrv@gmail.com, cota@braap.org, bobby.prani@gmail.com Date: Fri, 3 Jun 2016 21:40:17 +0100 Message-Id: <1464986428-6739-9-git-send-email-alex.bennee@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1464986428-6739-1-git-send-email-alex.bennee@linaro.org> References: <1464986428-6739-1-git-send-email-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:400c:c09::22d Subject: [Qemu-devel] [RFC v3 08/19] tcg: protect TBContext with tb_lock. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, Eduardo Habkost , Peter Crosthwaite , claudio.fontana@huawei.com, "Michael S. Tsirkin" , mark.burton@greensocs.com, jan.kiszka@siemens.com, pbonzini@redhat.com, =?UTF-8?q?Alex=20Benn=C3=A9e?= , rth@twiddle.net Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: KONRAD Frederic This protects TBContext with tb_lock to make tb_* thread safe. We can still have issue with tb_flush in case of multithread TCG: another CPU can be executing code during a flush. This can be fixed later by making all other TCG thread exiting before calling tb_flush(). Signed-off-by: KONRAD Frederic Message-Id: <1439220437-23957-8-git-send-email-fred.konrad@greensocs.com> Signed-off-by: Emilio G. Cota Signed-off-by: Paolo Bonzini [AJB: moved into tree, clean-up history] Signed-off-by: Alex Bennée Reviewed-by: Richard Henderson --- v3 (base-patches, ajb): - more explicit comments on resetting tb_lock - more explicit comments about thread safety of user-mode tb_flush v2 (base-patches, ajb): - re-base fixes v7 (FK, MTTCG): - Drop a tb_lock in already locked restore_state_to_opc. v6 (FK, MTTCG): - Drop a tb_lock arround tb_find_fast in cpu-exec.c. --- cpu-exec.c | 6 ++++++ exec.c | 6 ++++++ hw/i386/kvmvapic.c | 4 ++++ translate-all.c | 35 +++++++++++++++++++++++++++++------ 4 files changed, 45 insertions(+), 6 deletions(-) diff --git a/cpu-exec.c b/cpu-exec.c index b840e1d..ae81e8e 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -212,16 +212,22 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles, old_tb_flushed = cpu->tb_flushed; cpu->tb_flushed = false; + tb_lock(); tb = tb_gen_code(cpu, orig_tb->pc, orig_tb->cs_base, orig_tb->flags, max_cycles | CF_NOCACHE | (ignore_icount ? CF_IGNORE_ICOUNT : 0)); tb->orig_tb = cpu->tb_flushed ? NULL : orig_tb; cpu->tb_flushed |= old_tb_flushed; + + tb_unlock(); /* execute the generated code */ trace_exec_tb_nocache(tb, tb->pc); cpu_tb_exec(cpu, tb); + tb_lock(); + tb_phys_invalidate(tb, -1); tb_free(tb); + tb_unlock(); } #endif diff --git a/exec.c b/exec.c index b225282..e23039c 100644 --- a/exec.c +++ b/exec.c @@ -2148,6 +2148,12 @@ static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags) continue; } cpu->watchpoint_hit = wp; + + /* The tb_lock will be reset when cpu_loop_exit or + * cpu_resume_from_signal longjmp back into the cpu_exec + * main loop. + */ + tb_lock(); tb_check_watchpoint(cpu); if (wp->flags & BP_STOP_BEFORE_ACCESS) { cpu->exception_index = EXCP_DEBUG; diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c index 5b71b1b..d98fe2a 100644 --- a/hw/i386/kvmvapic.c +++ b/hw/i386/kvmvapic.c @@ -17,6 +17,7 @@ #include "sysemu/kvm.h" #include "hw/i386/apic_internal.h" #include "hw/sysbus.h" +#include "tcg/tcg.h" #define VAPIC_IO_PORT 0x7e @@ -449,6 +450,9 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip) resume_all_vcpus(); if (!kvm_enabled()) { + /* tb_lock will be reset when cpu_resume_from_signal longjmps + * back into the cpu_exec loop. */ + tb_lock(); tb_gen_code(cs, current_pc, current_cs_base, current_flags, 1); cpu_resume_from_signal(cs, NULL); } diff --git a/translate-all.c b/translate-all.c index aba6cb6..f54ab3e 100644 --- a/translate-all.c +++ b/translate-all.c @@ -891,8 +891,13 @@ static void page_flush_tb(void) } } -/* flush all the translation blocks */ -/* XXX: tb_flush is currently not thread safe */ +/* Flush all the translation blocks: + * + * System emulation calls it only with tb_lock taken or from + * safe_work, so no need to take tb_lock here. + * + * User-mode tb_flush is currently not thread safe (FIXME). + */ void tb_flush(CPUState *cpu) { #if defined(DEBUG_TB_FLUSH) @@ -1407,6 +1412,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, /* we remove all the TBs in the range [start, end[ */ /* XXX: see if in some cases it could be faster to invalidate all the code */ + tb_lock(); tb = p->first_tb; while (tb != NULL) { n = (uintptr_t)tb & 3; @@ -1466,6 +1472,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, cpu_resume_from_signal(cpu, NULL); } #endif + tb_unlock(); } #ifdef CONFIG_SOFTMMU @@ -1532,6 +1539,8 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr, if (!p) { return; } + + tb_lock(); tb = p->first_tb; #ifdef TARGET_HAS_PRECISE_SMC if (tb && pc != 0) { @@ -1572,9 +1581,13 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr, if (locked) { mmap_unlock(); } + + /* tb_lock will be reset after cpu_resume_from_signal longjmps + * back into the cpu_exec loop. */ cpu_resume_from_signal(cpu, puc); } #endif + tb_unlock(); } #endif @@ -1668,6 +1681,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) target_ulong pc, cs_base; uint32_t flags; + tb_lock(); tb = tb_find_pc(retaddr); if (!tb) { cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p", @@ -1719,11 +1733,16 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) /* FIXME: In theory this could raise an exception. In practice we have already translated the block once so it's probably ok. */ tb_gen_code(cpu, pc, cs_base, flags, cflags); + /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not - the first in the TB) then we end up generating a whole new TB and - repeating the fault, which is horribly inefficient. - Better would be to execute just this insn uncached, or generate a - second new TB. */ + * the first in the TB) then we end up generating a whole new TB and + * repeating the fault, which is horribly inefficient. + * Better would be to execute just this insn uncached, or generate a + * second new TB. + * + * cpu_resume_from_signal will longjmp back to cpu_exec where the + * tb_lock gets reset. + */ cpu_resume_from_signal(cpu, NULL); } @@ -1752,6 +1771,8 @@ void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) size_t hgram_bins; char *hgram; + tb_lock(); + target_code_size = 0; max_target_code_size = 0; cross_page = 0; @@ -1839,6 +1860,8 @@ void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) tcg_ctx.tb_ctx.tb_phys_invalidate_count); cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count); tcg_dump_info(f, cpu_fprintf); + + tb_unlock(); } void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)