Re: [Qemu-devel] Status of my hacks on the MTTCG WIP branch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Alex Bennée" <alex.bennee@linaro.org>
To: alvise rigo <a.rigo@virtualopensystems.com>
Cc: MTTCG Devel <mttcg@listserver.greensocs.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Pranith Kumar <bobby.prani@gmail.com>,
	QEMU Developers <qemu-devel@nongnu.org>,
	KONRAD Frederic <fred.konrad@greensocs.com>
Subject: Re: [Qemu-devel] Status of my hacks on the MTTCG WIP branch
Date: Mon, 18 Jan 2016 19:09:11 +0000	[thread overview]
Message-ID: <87h9iad7s8.fsf@linaro.org> (raw)
In-Reply-To: <8760yudbiu.fsf@linaro.org>


Alex Bennée <alex.bennee@linaro.org> writes:

> alvise rigo <a.rigo@virtualopensystems.com> writes:
>
>> On Fri, Jan 15, 2016 at 4:25 PM, Alex Bennée <alex.bennee@linaro.org> wrote:
>>>
>>> alvise rigo <a.rigo@virtualopensystems.com> writes:
>>>
>>>> On Fri, Jan 15, 2016 at 3:51 PM, Alex Bennée <alex.bennee@linaro.org> wrote:
>>>>>
>>>>> alvise rigo <a.rigo@virtualopensystems.com> writes:
>>>>>
<snip>
>>>> Keep in mind that Linux on arm64 uses the LDXP/STXP instructions that
>>>> exist solely in aarch64.
>>>> These instructions are purely emulated now and can potentially write
>>>> 128 bits of data in a non-atomic fashion.
>>>
>>> Sure, but I doubt they are the reason for this hang as the kernel
>>> doesn't use them.
>>
>> The kernel does use them for __cmpxchg_double in
>> arch/arm64/include/asm/atomic_ll_sc.h.
>
> I take it back, if I'd have grepped for "ldxp" instead of "stxp" I would
> have seen it, sorry about that ;-)
>
>> In any case, the normal exclusive instructions are also emulated in
>> target-arm/translate-a64.c.
>
> I'll check on them on Monday. I'd assumed all the stuff was in the
> helpers as I scanned through and missed the translate.c changes Fred
> made. Hopefully that will be the last hurdle.

I'm pleased to confirm you were right. I hacked up Fred's helper based
solution for aarch64 including the ldxp/stxp stuff. It's not
semantically correct because:

  result = atomic_bool_cmpxchg(p, oldval, (uint8_t)newval) &&
           atomic_bool_cmpxchg(&p[1], oldval2, (uint8_t)newval2);

won't leave the system as it was before if the race causes the second
cmpxchg to fail. I assume this won't be a problem in the LL/SC world as
we'll be able to serialise all accesses to the exclusive page properly?

See:

https://github.com/stsquad/qemu/tree/mttcg/multi_tcg_v8_wip_ajb_fix_locks-r2

>
> In the meantime if I'm not booting Jessie I can get MTTCG aarch64
> working with a initrd based rootfs. Once I've gone through those I'm
> planning on giving it a good stress test with -fsantize=threads.

My first pass with this threw up a bunch of errors with the RCU code
like this:

WARNING: ThreadSanitizer: data race (pid=15387)
  Atomic write of size 4 at 0x7f59efa51d48 by main thread (mutexes: write M172):
    #0 __tsan_atomic32_fetch_add <null> (libtsan.so.0+0x000000058e8f)
    #1 call_rcu1 util/rcu.c:288 (qemu-system-aarch64+0x0000006c3bd0)
    #2 address_space_update_topology /home/alex/lsrc/qemu/qemu.git/memory.c:806 (qemu-system-aarch64+0x0000001ed9ca)
    #3 memory_region_transaction_commit /home/alex/lsrc/qemu/qemu.git/memory.c:842 (qemu-system-aarch64+0x0000001ed9ca)
    #4 address_space_init /home/alex/lsrc/qemu/qemu.git/memory.c:2136 (qemu-system-aarch64+0x0000001f1fa6)
    #5 memory_map_init /home/alex/lsrc/qemu/qemu.git/exec.c:2344 (qemu-system-aarch64+0x000000196607)
    #6 cpu_exec_init_all /home/alex/lsrc/qemu/qemu.git/exec.c:2795 (qemu-system-aarch64+0x000000196607)
    #7 main /home/alex/lsrc/qemu/qemu.git/vl.c:4083 (qemu-system-aarch64+0x0000001829aa)

  Previous read of size 4 at 0x7f59efa51d48 by thread T1:
    #0 call_rcu_thread util/rcu.c:242 (qemu-system-aarch64+0x0000006c3d92)
    #1 <null> <null> (libtsan.so.0+0x0000000235f9)

  Location is global 'rcu_call_count' of size 4 at 0x7f59efa51d48 (qemu-system-aarch64+0x0000010f1d48)

  Mutex M172 (0x7f59ef6254e0) created at:
    #0 pthread_mutex_init <null> (libtsan.so.0+0x000000027ee5)
    #1 qemu_mutex_init util/qemu-thread-posix.c:55 (qemu-system-aarch64+0x0000006ad747)
    #2 qemu_init_cpu_loop /home/alex/lsrc/qemu/qemu.git/cpus.c:890 (qemu-system-aarch64+0x0000001d4166)
    #3 main /home/alex/lsrc/qemu/qemu.git/vl.c:3005 (qemu-system-aarch64+0x0000001820ac)

  Thread T1 (tid=15389, running) created by main thread at:
    #0 pthread_create <null> (libtsan.so.0+0x0000000274c7)
    #1 qemu_thread_create util/qemu-thread-posix.c:525 (qemu-system-aarch64+0x0000006ae04d)
    #2 rcu_init_complete util/rcu.c:320 (qemu-system-aarch64+0x0000006c3d52)
    #3 rcu_init util/rcu.c:351 (qemu-system-aarch64+0x00000018e288)
    #4 __libc_csu_init <null> (qemu-system-aarch64+0x0000006c63ec)


but I don't know how many are false positives so I'm going to look in more
detail now.

<snip>

--
Alex Bennée

next prev parent reply	other threads:[~2016-01-18 19:09 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-12 17:29 [Qemu-devel] Status of my hacks on the MTTCG WIP branch Alex Bennée
2016-01-12 20:23 ` Pranith Kumar
2016-01-13 10:28   ` Alex Bennée
2016-01-14 13:10     ` Alex Bennée
2016-01-14 13:12       ` KONRAD Frederic
2016-01-14 13:58         ` Alex Bennée
2016-01-15 13:53   ` Alex Bennée
2016-01-15 14:24     ` Pranith Kumar
2016-01-15 14:30       ` KONRAD Frederic
2016-01-15 14:46         ` Alex Bennée
2016-01-15 14:49           ` KONRAD Frederic
2016-01-15 16:02             ` Paolo Bonzini
2016-01-15 14:32       ` alvise rigo
2016-01-15 14:51         ` Alex Bennée
2016-01-15 15:08           ` alvise rigo
2016-01-15 15:25             ` Alex Bennée
2016-01-15 16:34               ` alvise rigo
2016-01-15 16:59                 ` Alex Bennée
2016-01-18 19:09                   ` Alex Bennée [this message]
2016-01-19  8:31                     ` alvise rigo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87h9iad7s8.fsf@linaro.org \
    --to=alex.bennee@linaro.org \
    --cc=a.rigo@virtualopensystems.com \
    --cc=bobby.prani@gmail.com \
    --cc=fred.konrad@greensocs.com \
    --cc=mttcg@listserver.greensocs.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.