From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36301)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <serge.fdrv@gmail.com>) id 1alhsa-00080Z-HM
	for qemu-devel@nongnu.org; Thu, 31 Mar 2016 15:03:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <serge.fdrv@gmail.com>) id 1alhsX-0007xv-4F
	for qemu-devel@nongnu.org; Thu, 31 Mar 2016 15:03:40 -0400
Received: from mail-lb0-x244.google.com ([2a00:1450:4010:c04::244]:33496)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <serge.fdrv@gmail.com>) id 1alhsW-0007xr-TC
	for qemu-devel@nongnu.org; Thu, 31 Mar 2016 15:03:37 -0400
Received: by mail-lb0-x244.google.com with SMTP id bc4so7656330lbc.0
	for <qemu-devel@nongnu.org>; Thu, 31 Mar 2016 12:03:36 -0700 (PDT)
References: <56FC0818.10002@linaro.org> <56FC174A.6070906@redhat.com>
	<56FD22A5.10501@gmail.com> <87wpoig44r.fsf@linaro.org>
	<56FD2EFB.3060302@gmail.com>
From: Sergey Fedorov <serge.fdrv@gmail.com>
Message-ID: <56FD7486.20707@gmail.com>
Date: Thu, 31 Mar 2016 22:03:34 +0300
MIME-Version: 1.0
In-Reply-To: <56FD2EFB.3060302@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] tcg: reworking tb_invalidated_flag
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: =?UTF-8?Q?Alex_Benn=c3=a9e?= <alex.bennee@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>, Peter Crosthwaite <crosthwaite.peter@gmail.com>, QEMU Developers <qemu-devel@nongnu.org>, Sergey Fedorov <sergey.fedorov@linaro.org>, Richard Henderson <rth@twiddle.net>

On 31/03/16 17:06, Sergey Fedorov wrote:
> It should be safe to invalidate a TB while some other CPU is executing
> its translated code.

Probably it's not safe to invalidate a TB while some other thread is
executing the translated code. Direct jumps to the TB being invalidated
should be reset. In case of using direct jump method, native jump
instruction should be patched in the translated code. There are some
restrictions on modification of concurrently executing code, e.g. see
section "3.4 Atomic Modification of Machine-Code Instructions" in [1].
For instance, only aligned, 8-byte atomic code modification are safe on
AMD processors, otherwise we can wind up executing a corrupted
instruction stream. I can't see i386 TCG backend does some alignment of
the jump target when translating goto_tb TCG op. I suspect other TCG
targets also have their limitations.

Looks like we have to ensure all vCPUs are out of translated code when
doing TB patching either doing tb_add_jump() or tb_phys_invalidate().
Did I missed something?

[1]
http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37204.pdf

Kind regards,
Sergey