From patchwork Thu Oct 27 15:10:06 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 79725 Delivered-To: patch@linaro.org Received: by 10.140.97.247 with SMTP id m110csp689465qge; Thu, 27 Oct 2016 08:35:39 -0700 (PDT) X-Received: by 10.31.130.74 with SMTP id e71mr6965901vkd.34.1477582539380; Thu, 27 Oct 2016 08:35:39 -0700 (PDT) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id 8si3555409uam.170.2016.10.27.08.35.39 for (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 27 Oct 2016 08:35:39 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:42330 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzmiQ-0007gs-KK for patch@linaro.org; Thu, 27 Oct 2016 11:35:38 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42593) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzmKp-0004hd-0Z for qemu-devel@nongnu.org; Thu, 27 Oct 2016 11:11:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bzmKj-0007fF-2J for qemu-devel@nongnu.org; Thu, 27 Oct 2016 11:11:14 -0400 Received: from mail-wm0-x233.google.com ([2a00:1450:400c:c09::233]:36008) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1bzmKi-0007eT-Nn for qemu-devel@nongnu.org; Thu, 27 Oct 2016 11:11:08 -0400 Received: by mail-wm0-x233.google.com with SMTP id b80so40028997wme.1 for ; Thu, 27 Oct 2016 08:11:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TQHagq0cJkU3TAUt3U7XCGU2I6C+FLa86cS3gCwCoEI=; b=a9w8+Iuhxxa5h7TalG7QRa66SJWHlkVAhQjY/yqqxJ4UCqknO5kk/ZH5lsLq/qRezB v7JIJ+zO+kVB4eSqv0fJubCSYgQD2EAzDG1z5qJHAKcvup3KARjeQL8vKr7MTb/9PNEd tQ/4B6TPRbkLWAUE1404mMsaez3tFpjUweRb8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TQHagq0cJkU3TAUt3U7XCGU2I6C+FLa86cS3gCwCoEI=; b=hChrc4uzU+UPQYJXsfELvq0QwiT0q+uhqmGmFLYfsoYY96wHNJw3AHtFJykbFrP94y 7IlXuIPR2RWkK2mgphdkjHEsmCWtL8f+/3ah/vzSdHwS6DeIZdAh2F6cfcjYX1zoMqzE h5x/lqMT7Fn2jNDBO8BFhRsKZR7CvWfJo7zsXcwXx0kpU+8W+ManSw2Qzk08C+4bB/wf 0RECPmq6udYp5zO1q265vy63liSZjCla4JYOMz24aGjKEs26gqy28V59X/giUYW/Fkcs 6XZf9QHr/M+HAkuS/uFb2O2oZMT+bqCJ6GUJMcfSOsWkOBLCgt1/rpbna4Zmy/nBp9Lw KVNQ== X-Gm-Message-State: ABUngve/mg6ZMDa9SQfAHKZEBLgKIYqblbdVzxp2rwEVzLKljtzN0DdoZZTDiaKINZeQs8tF X-Received: by 10.194.22.225 with SMTP id h1mr329538wjf.209.1477581067416; Thu, 27 Oct 2016 08:11:07 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id p13sm3771266wmd.20.2016.10.27.08.11.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Oct 2016 08:11:04 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id BEB423E02E1; Thu, 27 Oct 2016 16:10:59 +0100 (BST) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: pbonzini@redhat.com Date: Thu, 27 Oct 2016 16:10:06 +0100 Message-Id: <20161027151030.20863-10-alex.bennee@linaro.org> X-Mailer: git-send-email 2.10.1 In-Reply-To: <20161027151030.20863-1-alex.bennee@linaro.org> References: <20161027151030.20863-1-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:400c:c09::233 Subject: [Qemu-devel] [PATCH v5 09/33] tcg: protect translation related stuff with tb_lock. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mttcg@listserver.greensocs.com, peter.maydell@linaro.org, claudio.fontana@huawei.com, nikunj@linux.vnet.ibm.com, Peter Crosthwaite , jan.kiszka@siemens.com, "Michael S. Tsirkin" , mark.burton@greensocs.com, a.rigo@virtualopensystems.com, Eduardo Habkost , qemu-devel@nongnu.org, cota@braap.org, serge.fdrv@gmail.com, bobby.prani@gmail.com, rth@twiddle.net, =?UTF-8?q?Alex=20Benn=C3=A9e?= , fred.konrad@greensocs.com Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: KONRAD Frederic This protects all translation related work with tb_lock() too ensure thread safety. This effectively serialises all code generation. In addition to the code generation we also take the lock for TB invalidation. This has a knock on effect of meaning tb_lock() is held for modification of the SoftMMU TLB by non-self threads which will be used in later patches. Signed-off-by: KONRAD Frederic Message-Id: <1439220437-23957-8-git-send-email-fred.konrad@greensocs.com> Signed-off-by: Emilio G. Cota Signed-off-by: Paolo Bonzini [AJB: moved into tree, clean-up history] Signed-off-by: Alex Bennée Reviewed-by: Richard Henderson --- v5 (base-patches, ajb): - widen lock on cpu_restore_state to tb_find_pc doesn't race - expanded commit message v4 (base-patches, ajb): - protect tb_phys_invalidate with tb_lock - drop mention of tb_flush, thread safe flushing in earlier patch series v3 (base-patches, ajb): - more explicit comments on resetting tb_lock - more explicit comments about thread safety of user-mode tb_flush v2 (base-patches, ajb): - re-base fixes v7 (FK, MTTCG): - Drop a tb_lock in already locked restore_state_to_opc. v6 (FK, MTTCG): - Drop a tb_lock arround tb_find_fast in cpu-exec.c. --- cpu-exec.c | 6 ++++++ exec.c | 6 ++++++ hw/i386/kvmvapic.c | 4 ++++ translate-all.c | 34 ++++++++++++++++++++++++++++------ 4 files changed, 44 insertions(+), 6 deletions(-) -- 2.10.1 diff --git a/cpu-exec.c b/cpu-exec.c index 4879c7d..e9b50a6 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -211,15 +211,21 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles, if (max_cycles > CF_COUNT_MASK) max_cycles = CF_COUNT_MASK; + tb_lock(); tb = tb_gen_code(cpu, orig_tb->pc, orig_tb->cs_base, orig_tb->flags, max_cycles | CF_NOCACHE | (ignore_icount ? CF_IGNORE_ICOUNT : 0)); tb->orig_tb = orig_tb; + tb_unlock(); + /* execute the generated code */ trace_exec_tb_nocache(tb, tb->pc); cpu_tb_exec(cpu, tb); + + tb_lock(); tb_phys_invalidate(tb, -1); tb_free(tb); + tb_unlock(); } #endif diff --git a/exec.c b/exec.c index 0096a54..30ae278 100644 --- a/exec.c +++ b/exec.c @@ -2023,6 +2023,12 @@ static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags) continue; } cpu->watchpoint_hit = wp; + + /* The tb_lock will be reset when cpu_loop_exit or + * cpu_loop_exit_noexc longjmp back into the cpu_exec + * main loop. + */ + tb_lock(); tb_check_watchpoint(cpu); if (wp->flags & BP_STOP_BEFORE_ACCESS) { cpu->exception_index = EXCP_DEBUG; diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c index 74a549b..4448253 100644 --- a/hw/i386/kvmvapic.c +++ b/hw/i386/kvmvapic.c @@ -17,6 +17,7 @@ #include "sysemu/kvm.h" #include "hw/i386/apic_internal.h" #include "hw/sysbus.h" +#include "tcg/tcg.h" #define VAPIC_IO_PORT 0x7e @@ -449,6 +450,9 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip) resume_all_vcpus(); if (!kvm_enabled()) { + /* tb_lock will be reset when cpu_loop_exit_noexc longjmps + * back into the cpu_exec loop. */ + tb_lock(); tb_gen_code(cs, current_pc, current_cs_base, current_flags, 1); cpu_loop_exit_noexc(cs); } diff --git a/translate-all.c b/translate-all.c index 5460cf2..1237f3c 100644 --- a/translate-all.c +++ b/translate-all.c @@ -344,7 +344,9 @@ static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb, bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr) { TranslationBlock *tb; + bool r = false; + tb_lock(); tb = tb_find_pc(retaddr); if (tb) { cpu_restore_state_from_tb(cpu, tb, retaddr); @@ -353,9 +355,11 @@ bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr) tb_phys_invalidate(tb, -1); tb_free(tb); } - return true; + r = true; } - return false; + tb_unlock(); + + return r; } void page_size_init(void) @@ -1435,6 +1439,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, /* we remove all the TBs in the range [start, end[ */ /* XXX: see if in some cases it could be faster to invalidate all the code */ + tb_lock(); tb = p->first_tb; while (tb != NULL) { n = (uintptr_t)tb & 3; @@ -1494,6 +1499,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end, cpu_loop_exit_noexc(cpu); } #endif + tb_unlock(); } #ifdef CONFIG_SOFTMMU @@ -1563,6 +1569,8 @@ static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc) if (!p) { return false; } + + tb_lock(); tb = p->first_tb; #ifdef TARGET_HAS_PRECISE_SMC if (tb && pc != 0) { @@ -1600,9 +1608,13 @@ static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc) modifying the memory. It will ensure that it cannot modify itself */ tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1); + /* tb_lock will be reset after cpu_loop_exit_noexc longjmps + * back into the cpu_exec loop. */ return true; } #endif + tb_unlock(); + return false; } #endif @@ -1697,6 +1709,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) target_ulong pc, cs_base; uint32_t flags; + tb_lock(); tb = tb_find_pc(retaddr); if (!tb) { cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p", @@ -1748,11 +1761,16 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr) /* FIXME: In theory this could raise an exception. In practice we have already translated the block once so it's probably ok. */ tb_gen_code(cpu, pc, cs_base, flags, cflags); + /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not - the first in the TB) then we end up generating a whole new TB and - repeating the fault, which is horribly inefficient. - Better would be to execute just this insn uncached, or generate a - second new TB. */ + * the first in the TB) then we end up generating a whole new TB and + * repeating the fault, which is horribly inefficient. + * Better would be to execute just this insn uncached, or generate a + * second new TB. + * + * cpu_loop_exit_noexc will longjmp back to cpu_exec where the + * tb_lock gets reset. + */ cpu_loop_exit_noexc(cpu); } @@ -1816,6 +1834,8 @@ void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) TranslationBlock *tb; struct qht_stats hst; + tb_lock(); + target_code_size = 0; max_target_code_size = 0; cross_page = 0; @@ -1877,6 +1897,8 @@ void dump_exec_info(FILE *f, fprintf_function cpu_fprintf) tcg_ctx.tb_ctx.tb_phys_invalidate_count); cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count); tcg_dump_info(f, cpu_fprintf); + + tb_unlock(); } void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)