[RFC,10/48] exec: export do_tb_flush

Message ID	20181025172057.20414-11-cota@braap.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> From: "Emilio G. Cota" <cota@braap.org> To: qemu-devel@nongnu.org Date: Thu, 25 Oct 2018 13:20:19 -0400 Message-Id: <20181025172057.20414-11-cota@braap.org> In-Reply-To: <20181025172057.20414-1-cota@braap.org> References: <20181025172057.20414-1-cota@braap.org> Subject: [Qemu-devel] [RFC 10/48] exec: export do_tb_flush Precedence: list Cc: Peter Maydell <peter.maydell@linaro.org>, =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, =?utf-8?q?Llu=C3=ADs?= =?utf-8?q?_Vilanova?= <vilanova@ac.upc.edu>, Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>, Stefan Hajnoczi <stefanha@gmail.com> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	Plugin support \| expand [RFC,00/48] Plugin support [RFC,01/48] cpu: introduce run_on_cpu_no_bql [RFC,02/48] trace: expand mem_info:size_shift to 3 bits [RFC,03/48] tcg/README: fix typo s/afterwise/afterwards/ [RFC,04/48] exec: introduce qemu_xxhash{2,4,5,6,7} [RFC,05/48] include: move exec/tb-hash-xx.h to qemu/xxhash.h [RFC,06/48] tcg: use QHT for helper_table [RFC,07/48] tcg: export TCGHelperInfo [RFC,08/48] tcg: export tcg_gen_runtime_helper [RFC,09/48] tcg: reset runtime helpers when flushing the code cache [RFC,10/48] exec: export do_tb_flush [RFC,11/48] atomic_template: fix indentation in GEN_ATOMIC_HELPER [RFC,12/48] atomic_template: define pre/post macros [RFC,13/48] xxhash: add qemu_xxhash8 [RFC,14/48] plugin: preliminary user-facing API [RFC,15/48] plugin: add core code [RFC,16/48] tcg: add plugin_mask to TB hash [RFC,17/48] plugin-gen: add TCG code generation helpers [RFC,18/48] tcg: add memory callbacks for plugins (WIP) [RFC,19/48] translate-all: notify plugin code of tb_flush [RFC,20/48] -user: notify plugin of exit [RFC,21/48] -user: plugin syscalls [RFC,22/48] cpu: hook plugin vcpu events [RFC,23/48] translator: add plugin_insn argument to translate_insn [RFC,24/48] translator: add .ctx_base_offset and .ctx_size to TranslatorOps [RFC,25/48] target/arm: prepare for 2-pass translation [RFC,26/48] target/ppc: prepare for 2-pass translation [RFC,27/48] target/sh4: prepare for 2-pass translation (WIP) [RFC,28/48] target/i386: prepare for 2-pass translation [RFC,29/48] target/hppa: prepare for 2-pass translation [RFC,30/48] target/m68k: prepare for 2-pass translation [RFC,31/48] target/mips: prepare for 2-pass translation (WIP) [RFC,32/48] target/alpha: prepare for 2-pass translation [RFC,33/48] target/riscv: prepare for 2-pass translation [RFC,34/48] target/s390x: prepare for 2-pass translation [RFC,35/48] target/sparc: prepare for 2-pass translation [RFC,36/48] target/xtensa: prepare for 2-pass translation [RFC,37/48] target/openrisc: prepare for 2-pass translation [RFC,38/48] translator: implement 2-pass translation [RFC,39/48] plugin: add API symbols to qemu-plugins.symbols [RFC,40/48] plugin: let plugins control the virtual clock [RFC,41/48] configure: add --enable-plugins [RFC,42/48] vl: support -plugin option [RFC,43/48] linux-user: support -plugin option [RFC,44/48] cpus: lockstep execution support [RFC,45/48] plugin: lockstep execution support [RFC,46/48] plugin: add plugin-chan PCI device [RFC,47/48] plugin: support guest hooks [RFC,48/48] plugin: add a couple of very simple examples

Message ID

20181025172057.20414-11-cota@braap.org (mailing list archive)

State

New, archived

Headers

From: "Emilio G. Cota" <cota@braap.org>
To: qemu-devel@nongnu.org
Date: Thu, 25 Oct 2018 13:20:19 -0400
Message-Id: <20181025172057.20414-11-cota@braap.org>
In-Reply-To: <20181025172057.20414-1-cota@braap.org>
References: <20181025172057.20414-1-cota@braap.org>
Subject: [Qemu-devel] [RFC 10/48] exec: export do_tb_flush
Precedence: list
Cc: Peter Maydell <peter.maydell@linaro.org>,
 =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, =?utf-8?q?Llu=C3=ADs?=
	=?utf-8?q?_Vilanova?= <vilanova@ac.upc.edu>,
 Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>,
 Stefan Hajnoczi <stefanha@gmail.com>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

Plugin support | expand

Commit Message

Emilio Cota Oct. 25, 2018, 5:20 p.m. UTC

This will be used by plugin code to flush the code cache as well
as doing other bookkeeping in a safe work environment.

Signed-off-by: Emilio G. Cota <cota@braap.org>
---
 include/exec/exec-all.h   | 1 +
 accel/tcg/translate-all.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

Comments

Alex Bennée Nov. 22, 2018, 5:09 p.m. UTC | #1

Emilio G. Cota <cota@braap.org> writes:

> This will be used by plugin code to flush the code cache as well
> as doing other bookkeeping in a safe work environment.

This seems a little excessive given the plugin code could just call
tb_flush() directly. Wouldn't calling tb_flush after scheduling the
plugin_destroy be enough?

If there is a race condition here maybe we could build some sort of
awareness into tb_flush as to the current run state. But having two
entry points to this rather fundamental action seems likely to either be
misused or misunderstood.

>
> Signed-off-by: Emilio G. Cota <cota@braap.org>
> ---
>  include/exec/exec-all.h   | 1 +
>  accel/tcg/translate-all.c | 2 +-
>  2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
> index 815e5b1e83..232e2f8966 100644
> --- a/include/exec/exec-all.h
> +++ b/include/exec/exec-all.h
> @@ -427,6 +427,7 @@ void tb_invalidate_phys_range(target_ulong start, target_ulong end);
>  void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs);
>  #endif
>  void tb_flush(CPUState *cpu);
> +void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count);
>  void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
>  TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
>                                     target_ulong cs_base, uint32_t flags,
> diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
> index c8b3e0a491..db2d28f8d3 100644
> --- a/accel/tcg/translate-all.c
> +++ b/accel/tcg/translate-all.c
> @@ -1230,7 +1230,7 @@ static gboolean tb_host_size_iter(gpointer key, gpointer value, gpointer data)
>  }
>
>  /* flush all the translation blocks */
> -static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
> +void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
>  {
>      mmap_lock();
>      /* If it is already been done on request of another CPU,


--
Alex Bennée

Emilio Cota Nov. 23, 2018, 11:19 p.m. UTC | #2

On Thu, Nov 22, 2018 at 17:09:22 +0000, Alex Bennée wrote:
> 
> Emilio G. Cota <cota@braap.org> writes:
> 
> > This will be used by plugin code to flush the code cache as well
> > as doing other bookkeeping in a safe work environment.
> 
> This seems a little excessive given the plugin code could just call
> tb_flush() directly. Wouldn't calling tb_flush after scheduling the
> plugin_destroy be enough?
> 
> If there is a race condition here maybe we could build some sort of
> awareness into tb_flush as to the current run state. But having two
> entry points to this rather fundamental action seems likely to either be
> misused or misunderstood.

We have to make sure that no callback left in the generated code is
called once a plugin has been uninstalled. To me, using the same safe
work window to both flush the TB and uninstall the plugin seems the
simplest way to do this.

Thanks,

		Emilio

Alex Bennée Nov. 26, 2018, 11:11 a.m. UTC | #3

Emilio G. Cota <cota@braap.org> writes:

> On Thu, Nov 22, 2018 at 17:09:22 +0000, Alex Bennée wrote:
>>
>> Emilio G. Cota <cota@braap.org> writes:
>>
>> > This will be used by plugin code to flush the code cache as well
>> > as doing other bookkeeping in a safe work environment.
>>
>> This seems a little excessive given the plugin code could just call
>> tb_flush() directly. Wouldn't calling tb_flush after scheduling the
>> plugin_destroy be enough?
>>
>> If there is a race condition here maybe we could build some sort of
>> awareness into tb_flush as to the current run state. But having two
>> entry points to this rather fundamental action seems likely to either be
>> misused or misunderstood.
>
> We have to make sure that no callback left in the generated code is
> called once a plugin has been uninstalled. To me, using the same safe
> work window to both flush the TB and uninstall the plugin seems the
> simplest way to do this.

I still think making tb_flush() aware that it can run in an exclusive
period would be a better solution than exposing two functions for the
operation. So tb_flush could be something like:

  void tb_flush(CPUState *cpu)
  {
      if (tcg_enabled()) {
          unsigned tb_flush_count = atomic_mb_read(&tb_ctx.tb_flush_count);
          if (cpu_current_and_exclusive(cpu)) {
              do_tb_flush(RUN_ON_CPU_HOST_INT(tb_flush_count))
          } else {
              async_safe_run_on_cpu(cpu, do_tb_flush,
                                    RUN_ON_CPU_HOST_INT(tb_flush_count));
          }
      }
  }

Or possibly push that logic down into async_safe_run_on_cpu()?

--
Alex Bennée

Emilio Cota Nov. 26, 2018, 11:56 p.m. UTC | #4

On Mon, Nov 26, 2018 at 11:11:53 +0000, Alex Bennée wrote:
> 
> Emilio G. Cota <cota@braap.org> writes:
> 
> > On Thu, Nov 22, 2018 at 17:09:22 +0000, Alex Bennée wrote:
> >>
> >> Emilio G. Cota <cota@braap.org> writes:
> >>
> >> > This will be used by plugin code to flush the code cache as well
> >> > as doing other bookkeeping in a safe work environment.
> >>
> >> This seems a little excessive given the plugin code could just call
> >> tb_flush() directly. Wouldn't calling tb_flush after scheduling the
> >> plugin_destroy be enough?
> >>
> >> If there is a race condition here maybe we could build some sort of
> >> awareness into tb_flush as to the current run state. But having two
> >> entry points to this rather fundamental action seems likely to either be
> >> misused or misunderstood.
> >
> > We have to make sure that no callback left in the generated code is
> > called once a plugin has been uninstalled. To me, using the same safe
> > work window to both flush the TB and uninstall the plugin seems the
> > simplest way to do this.
> 
> I still think making tb_flush() aware that it can run in an exclusive
> period would be a better solution than exposing two functions for the
> operation. So tb_flush could be something like:
> 
>   void tb_flush(CPUState *cpu)
>   {
>       if (tcg_enabled()) {
>           unsigned tb_flush_count = atomic_mb_read(&tb_ctx.tb_flush_count);
>           if (cpu_current_and_exclusive(cpu)) {
>               do_tb_flush(RUN_ON_CPU_HOST_INT(tb_flush_count))
>           } else {
>               async_safe_run_on_cpu(cpu, do_tb_flush,
>                                     RUN_ON_CPU_HOST_INT(tb_flush_count));
>           }
>       }
>   }
> 
> Or possibly push that logic down into async_safe_run_on_cpu()?

The latter option would be much harder, because in async_safe_run_on_cpu
we always queue the work and kick the CPU (which could be ourselves).
IOW the job is always asynchronous, as the name implies.

I've thus implemented the former in v2, as follows (I'm using a hole
in struct CPUState to add the bool):

@@ -1277,8 +1277,13 @@ void tb_flush(CPUState *cpu)
 {
     if (tcg_enabled()) {
         unsigned tb_flush_count = atomic_mb_read(&tb_ctx.tb_flush_count);
-        async_safe_run_on_cpu(cpu, do_tb_flush,
-                              RUN_ON_CPU_HOST_INT(tb_flush_count));
+
+        if (cpu_in_exclusive_work_context(cpu)) {
+            do_tb_flush(cpu, RUN_ON_CPU_HOST_INT(tb_flush_count));
+        } else {
+            async_safe_run_on_cpu(cpu, do_tb_flush,
+                                  RUN_ON_CPU_HOST_INT(tb_flush_count));
+        }
     }
 }

+++ b/cpus-common.c
@@ -386,7 +386,9 @@ static void process_queued_cpu_work_locked(CPUState *cpu)
                 qemu_mutex_unlock_iothread();
             }
             start_exclusive();
+            cpu->in_exclusive_work_context = true;
             wi->func(cpu, wi->data);
+            cpu->in_exclusive_work_context = false;
             end_exclusive();

I've also fixed a couple of unrelated bugs when uninstalling a plugin
with memory callbacks enabled.

Thanks,

		Emilio

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 815e5b1e83..232e2f8966 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -427,6 +427,7 @@  void tb_invalidate_phys_range(target_ulong start, target_ulong end);
 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr, MemTxAttrs attrs);
 #endif
 void tb_flush(CPUState *cpu);
+void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count);
 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
 TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc,
                                    target_ulong cs_base, uint32_t flags,
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index c8b3e0a491..db2d28f8d3 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1230,7 +1230,7 @@  static gboolean tb_host_size_iter(gpointer key, gpointer value, gpointer data)
 }
 
 /* flush all the translation blocks */
-static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
+void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
 {
     mmap_lock();
     /* If it is already been done on request of another CPU,

[RFC,10/48] exec: export do_tb_flush

Commit Message

Comments

Patch