From patchwork Fri Jul 1 16:16:09 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 9210153 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 911D7607D8 for ; Fri, 1 Jul 2016 16:16:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8237E2854E for ; Fri, 1 Jul 2016 16:16:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 75442286A4; Fri, 1 Jul 2016 16:16:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0140E2854E for ; Fri, 1 Jul 2016 16:16:50 +0000 (UTC) Received: from localhost ([::1]:34333 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJ17Z-0008Af-3M for patchwork-qemu-devel@patchwork.kernel.org; Fri, 01 Jul 2016 12:16:49 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42785) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJ171-000886-58 for qemu-devel@nongnu.org; Fri, 01 Jul 2016 12:16:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bJ16v-0002aL-4J for qemu-devel@nongnu.org; Fri, 01 Jul 2016 12:16:14 -0400 Received: from mail-wm0-x232.google.com ([2a00:1450:400c:c09::232]:35563) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJ16u-0002a2-Ff for qemu-devel@nongnu.org; Fri, 01 Jul 2016 12:16:09 -0400 Received: by mail-wm0-x232.google.com with SMTP id v199so32643097wmv.0 for ; Fri, 01 Jul 2016 09:16:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DqgIIIQxfIF9V2937suZ+wAh9bIru7dHB9DQEHUATK4=; b=Wu45oRr43ji2WOSSjddbdcWWzqCuVtbkHj48TNEnhfwZWU6/TergWghicM0/PavDhE Sppfpr/hI06Qvic5a+gpN6s2EKXN/q0+lSk2jUE8nIqFxnL4ToH8TKFv6dQrvxfhnbt7 f+O4OpCEoDiQJN3eU59UvIW55XbWBxUrkTAcg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DqgIIIQxfIF9V2937suZ+wAh9bIru7dHB9DQEHUATK4=; b=ZkqRxBhKIAi/PufKsrRMcAqrSpky/48HJmUFv4Y8b2h1n8lv2WeckVbSv15cB5IrxR RK2neVVUCFPh1l8flRbvjYWtp9Owpa7cL6fQA8A7ce8hT47a23afffEtP9pNtnY4Jwxi RKC+GWv5nOuVsEa4cu2Vjjze9ycKaRpOxUPRGhwAtoipAE+c5HoBFq0MQQ3FlnBaAWLI L1hLI9hM/Ovl0+GOf297lwGE0IZWnORqLmd3uDAaL0Z1De4zY5Wu8UXwynAUV1+zeRaX jq3Q7qXynFoE1gh+UPawfNQtN7a5ckkAS9oa9jT74ZWla/aY+9e6gXV/62anMEq20ufU b1Yw== X-Gm-Message-State: ALyK8tJexFEO3hvIe+WnwI1/k4oiFGO3ApGuDQjAMAFY/BTrQyWZ3xrK/VpShW5Vjs2LSCol X-Received: by 10.28.142.144 with SMTP id q138mr392295wmd.30.1467389767009; Fri, 01 Jul 2016 09:16:07 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id xs9sm430763wjc.11.2016.07.01.09.16.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Jul 2016 09:16:05 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id E85773E024F; Fri, 1 Jul 2016 17:16:11 +0100 (BST) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: mttcg@listserver.greensocs.com, qemu-devel@nongnu.org, fred.konrad@greensocs.com, a.rigo@virtualopensystems.com, serge.fdrv@gmail.com, cota@braap.org, bobby.prani@gmail.com, rth@twiddle.net Date: Fri, 1 Jul 2016 17:16:09 +0100 Message-Id: <1467389770-9738-2-git-send-email-alex.bennee@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1467389770-9738-1-git-send-email-alex.bennee@linaro.org> References: <1467389770-9738-1-git-send-email-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:400c:c09::232 Subject: [Qemu-devel] [PATCH 1/2] tcg: Ensure safe tb_jmp_cache lookup out of 'tb_lock' X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, Sergey Fedorov , Peter Crosthwaite , claudio.fontana@huawei.com, mark.burton@greensocs.com, jan.kiszka@siemens.com, pbonzini@redhat.com, =?UTF-8?q?Alex=20Benn=C3=A9e?= Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Sergey Fedorov First, ensure atomicity of CPU's 'tb_jmp_cache' access by: * using atomic_read() to look up a TB when not holding 'tb_lock'; * using atomic_write() to remove a TB from each CPU's local cache on TB invalidation. Second, add some memory barriers to ensure we don't put the TB being invalidated back to CPU's 'tb_jmp_cache'. If we fail to look up a TB in CPU's local cache because it is being invalidated by some other thread then it must not be found in the shared TB hash table. Otherwise we'd put it back to CPU's local cache. Note that this patch does *not* make CPU's TLB invalidation safe if it is done from some other thread while the CPU is in its execution loop. Signed-off-by: Sergey Fedorov Signed-off-by: Sergey Fedorov [AJB: fixed missing atomic set, tweak title] Signed-off-by: Alex Bennée Reviewed-by: Richard Henderson --- AJB: - tweak title - fixed missing set of tb_jmp_cache --- cpu-exec.c | 9 +++++++-- translate-all.c | 7 ++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/cpu-exec.c b/cpu-exec.c index b840e1d..10ce1cb 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -285,6 +285,11 @@ static TranslationBlock *tb_find_slow(CPUState *cpu, { TranslationBlock *tb; + /* Ensure that we won't find a TB in the shared hash table + * if it is being invalidated by some other thread. + * Otherwise we'd put it back to CPU's local cache. + * Pairs with smp_wmb() in tb_phys_invalidate(). */ + smp_rmb(); tb = tb_find_physical(cpu, pc, cs_base, flags); if (tb) { goto found; @@ -315,7 +320,7 @@ static TranslationBlock *tb_find_slow(CPUState *cpu, found: /* we add the TB in the virtual pc hash table */ - cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb; + atomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)], tb); return tb; } @@ -333,7 +338,7 @@ static inline TranslationBlock *tb_find_fast(CPUState *cpu, is executed. */ cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags); tb_lock(); - tb = cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)]; + tb = atomic_read(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)]); if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base || tb->flags != flags)) { tb = tb_find_slow(cpu, pc, cs_base, flags); diff --git a/translate-all.c b/translate-all.c index eaa95e4..1fcfe79 100644 --- a/translate-all.c +++ b/translate-all.c @@ -1004,11 +1004,16 @@ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) invalidate_page_bitmap(p); } + /* Ensure that we won't find the TB in the shared hash table + * if we con't see it in CPU's local cache. + * Pairs with smp_rmb() in tb_find_slow(). */ + smp_wmb(); + /* remove the TB from the hash list */ h = tb_jmp_cache_hash_func(tb->pc); CPU_FOREACH(cpu) { if (cpu->tb_jmp_cache[h] == tb) { - cpu->tb_jmp_cache[h] = NULL; + atomic_set(&cpu->tb_jmp_cache[h], NULL); } }