From patchwork Sat Mar 15 07:42:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 873861 Delivered-To: patch@linaro.org Received: by 2002:a5d:4308:0:b0:38f:210b:807b with SMTP id h8csp1081853wrq; Sat, 15 Mar 2025 00:50:31 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVDwO5jNgyJeFsEcEDQceCddYlk+ahl583KutFI4HdyMHHxIVeZUbsFH1SOnvcJAJj+Mkeagw==@linaro.org X-Google-Smtp-Source: AGHT+IHWmqMbGOZEupfD2oeFckjHkwC0PsATU/bZwfrG6vhCgH5FR6MoWJmAWpmIhG3yhVbkybFY X-Received: by 2002:a05:622a:1807:b0:476:b7e2:385c with SMTP id d75a77b69052e-476c8130ec1mr78392711cf.2.1742025031665; Sat, 15 Mar 2025 00:50:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1742025031; cv=none; d=google.com; s=arc-20240605; b=UGusUZ2GhVz73+uTKu7HhXYyO980tOEGKUYOWOxFrbHIIzenToEGX3GjfYxEhxHm9g 2UvV2H/akDry7dSqIaegRLAj9t1ESxyx/hMUwWH1zUDbsnjWqFIYvji2xYOaBTrlKjdQ eNoPRqhPO3Z+1KzdLCGjYl2ojqNl2kY/1q82l8QWYu7wQ5Cs2XdtCD6S3ZOjJTNMikAD ctWq9TDCUwg77l8s5IB4JL4Ft/aCt9FBiH3x1G5Jl16haWplWCf8TseW/Anak4xY7BR4 BZUN11d+rCRhjYEI77cuBNELZTeGYNW8IZRuZMnOb6thDsM+6T0LgSiA+1pKgUQK8Nub /NgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=9fjyVnErh/VyUVu3bBqpGsdFbnPmpr60c240xPyLWBY=; fh=GanseRjrcQuAMREH5dzTEIrzdKej3kFdmGlqcUMu4ko=; b=W2ct3xVn89PKu3kOUAlqnaQs9qDWgTHMwTb9l+LSwWfz2GdHHK26713zNWiY7TFtPg P3RZed6fVlh/z9f9yr5OLW2X+iu6GwBMwyAadmiCUCfQsUqNleyZTTaqH63uL2T6EKeq II7uw88JvS4CdKUIvwK76IchPU/rXPzx6pD7W+q9dF49DlvUMiDpfWt/jaYtQ/1AqNrA Cfir8+fAlQPm5l7Fjm1mMgE81HLFykE3tXcoCq6b66uuOciMv4SLG4jw55SZaZN+5TIb LBMOLMKlmxAZG+LOfLe/fmjYduA/3iwLN2rUEFNkgSfiKLmEl7fp6tLpevwoRkGKtsuN qbbw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-476bb64ba6bsi51341851cf.147.2025.03.15.00.50.31 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Sat, 15 Mar 2025 00:50:31 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ttMDN-0000hP-Vr; Sat, 15 Mar 2025 03:45:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ttMD9-0008T8-Sv; Sat, 15 Mar 2025 03:45:39 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ttMD7-0005JQ-2f; Sat, 15 Mar 2025 03:45:35 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 0B2D1FFB14; Sat, 15 Mar 2025 10:41:56 +0300 (MSK) Received: from gandalf.tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with ESMTP id EDF321CACDE; Sat, 15 Mar 2025 10:42:49 +0300 (MSK) Received: by gandalf.tls.msk.ru (Postfix, from userid 1000) id A4CE155A14; Sat, 15 Mar 2025 10:42:49 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , =?utf-8?q?Alex_Benn=C3=A9?= =?utf-8?q?e?= , Michael Tokarev Subject: [Stable-8.2.10 32/42] util/qemu-timer.c: Don't warp timer from timerlist_rearm() Date: Sat, 15 Mar 2025 10:42:34 +0300 Message-Id: <20250315074249.634718-32-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.5 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell Currently we call icount_start_warp_timer() from timerlist_rearm(). This produces incorrect behaviour, because timerlist_rearm() is called, for instance, when a timer callback modifies its timer. We cannot decide here to warp the timer forwards to the next timer deadline merely because all_cpu_threads_idle() is true, because the timer callback we were called from (or some other callback later in the list of callbacks being invoked) may be about to raise a CPU interrupt and move a CPU from idle to ready. The only valid place to choose to warp the timer forward is from the main loop, when we know we have no outstanding IO or timer callbacks that might be about to wake up a CPU. For Arm guests, this bug was mostly latent until the refactoring commit f6fc36deef6abc ("target/arm/helper: Implement CNTHCTL_EL2.CNT[VP]MASK"), which exposed it because it refactored a timer callback so that it happened to call timer_mod() first and raise the interrupt second, when it had previously raised the interrupt first and called timer_mod() afterwards. This call seems to have originally derived from the pre-record-and-replay icount code, which (as of e.g. commit db1a49726c3c in 2010) in this location did a call to qemu_notify_event(), necessary to get the icount code in the vCPU round-robin thread to stop and recalculate the icount deadline when a timer was reprogrammed from the IO thread. In current QEMU, everything is done on the vCPU thread when we are in icount mode, so there's no need to try to notify another thread here. I suspect that the other reason why this call was doing icount timer warping is that it pre-dates commit efab87cf79077a from 2015, which added a call to icount_start_warp_timer() to main_loop_wait(). Once the call in timerlist_rearm() has been removed, if the timer callbacks don't cause any CPU to be woken up then we will end up calling icount_start_warp_timer() from main_loop_wait() when the rr main loop code calls rr_wait_io_event(). Remove the incorrect call from timerlist_rearm(). Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2703 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Alex Bennée Tested-by: Alex Bennée Message-id: 20250210135804.3526943-1-peter.maydell@linaro.org (cherry picked from commit 02ae315467cee589d02dfb89e13a2a6a8de09fc5) Signed-off-by: Michael Tokarev diff --git a/util/qemu-timer.c b/util/qemu-timer.c index 6a0de33dd2..84db26b8dd 100644 --- a/util/qemu-timer.c +++ b/util/qemu-timer.c @@ -419,10 +419,6 @@ static bool timer_mod_ns_locked(QEMUTimerList *timer_list, static void timerlist_rearm(QEMUTimerList *timer_list) { - /* Interrupt execution to force deadline recalculation. */ - if (icount_enabled() && timer_list->clock->type == QEMU_CLOCK_VIRTUAL) { - icount_start_warp_timer(); - } timerlist_notify(timer_list); }