From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35915)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alex.bennee@linaro.org>) id 1bp1Pz-0003w4-Td
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 19:04:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <alex.bennee@linaro.org>) id 1bp1Pu-0001Dj-Dl
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 19:04:06 -0400
Received: from mail-wm0-x234.google.com ([2a00:1450:400c:c09::234]:38178)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alex.bennee@linaro.org>) id 1bp1Pu-0001DM-73
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 19:04:02 -0400
Received: by mail-wm0-x234.google.com with SMTP id l132so39687104wmf.1
	for <qemu-devel@nongnu.org>; Tue, 27 Sep 2016 16:04:02 -0700 (PDT)
References: <87wpk8k3dn.fsf@linaro.org>
	<f9d2b151-3a79-547b-b8d2-db6a4650936b@redhat.com>
	<87eg677k2x.fsf@linaro.org>
	<5d48957b-780b-aa9c-7061-cba6808909b4@redhat.com>
	<20160927222935.GA21144@flamenco>
From: Alex =?utf-8?Q?Benn=C3=A9e?= <alex.bennee@linaro.org>
In-reply-to: <20160927222935.GA21144@flamenco>
Date: Wed, 28 Sep 2016 00:04:00 +0100
Message-ID: <87shsleyhr.fsf@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] Making cputlb.c operations safe for MTTCG
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Emilio G. Cota" <cota@braap.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>, MTTCG Devel <mttcg@greensocs.com>, QEMU Developers <qemu-devel@nongnu.org>, a.rigo@virtualopensystems.com, Sergey Fedorov <serge.fdrv@gmail.com>, Richard Henderson <rth@twiddle.net>, Frederic Konrad <fred.konrad@greensocs.com>


Emilio G. Cota <cota@braap.org> writes:

> On Tue, Sep 27, 2016 at 18:16:45 +0200, Paolo Bonzini wrote:
>> Anyhow, the next step is to merge either cmpxchg-based atomics
>> or iothread-free single-threaded TCG.  Either will do. :)
>>
>> I think that even iothread-free single-threaded TCG requires this
>> TLB stuff, because the iothread's address_space_write (and hence
>> invalidate_and_set_dirty) can race against the TCG thread's
>> code generation.
>
> What's a quick-and-dirty way to disable the fast-path TLB lookups?
> Alex: you told me the monitor has an option for this, but I can't
> find it. I'm looking for something that'd go in tcg/i386 to simply
> bypass the fast path.

Hack up tlb_set_page_with_attrs() to always set one of the TLB_FOO bits
(you might want to invent a new one as the other do have meanings).

>
> Forcing the slow TLB lookup would be an easy way to then implement
> a per-TLB seqlock. I think TLB corruption might explain the crashes I
> see when booting Ubuntu in a many-core guest (running on a many-core
> host).

TLB corruption is suspected but I've never come up with a clean test
case to force it. I find heavy compiles in a system image can do it but
my SMC torture test never crashes.

>
> Thanks,
>
> 		Emilio


--
Alex Bennée