From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=49479 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OtLB5-0000iw-Pb
	for qemu-devel@nongnu.org; Wed, 08 Sep 2010 09:59:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <jakllsch@kollasch.net>) id 1OtLB4-0002n7-D4
	for qemu-devel@nongnu.org; Wed, 08 Sep 2010 09:59:07 -0400
Received: from poghril.kollasch.net ([68.68.99.156]:53465)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <jakllsch@kollasch.net>) id 1OtLB4-0002mf-3h
	for qemu-devel@nongnu.org; Wed, 08 Sep 2010 09:59:06 -0400
Received: from mail.kollasch.net (mail.kollasch.net
	[IPv6:2001:4978:1f7:410:0:454d:4149:4c30])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.kollasch.net",
	Issuer "CAcert Class 3 Root" (verified OK))
	by poghril.kollasch.net (Postfix) with ESMTPS id 65B99553
	for <qemu-devel@nongnu.org>; Wed,  8 Sep 2010 13:59:03 +0000 (UTC)
From: "Jonathan A. Kollasch" <jakllsch@kollasch.net>
Date: Wed,  8 Sep 2010 08:58:57 -0500
Message-Id: <1283954337-28760-1-git-send-email-jakllsch@kollasch.net>
Subject: [Qemu-devel] [PATCH] Improve cmpxchg emulation.
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: "Jonathan A. Kollasch" <jakllsch@kollasch.net>

Change the accumulator only after performing the redundant write during
cmpxchg.  This fixes pthreaded programs using fork() in NetBSD/i386
guests.

>>From Andreas Gustafsson in https://bugs.launchpad.net/qemu/+bug/569760.

Signed-off-by: Jonathan A. Kollasch <jakllsch@kollasch.net>
---
 target-i386/translate.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index 7b6e3c2..391830f 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -4879,20 +4879,24 @@ static target_ulong disas_insn(DisasContext *s, target_ulong pc_start)
             tcg_gen_sub_tl(t2, cpu_regs[R_EAX], t0);
             gen_extu(ot, t2);
             tcg_gen_brcondi_tl(TCG_COND_EQ, t2, 0, label1);
+	    label2 = gen_new_label();
             if (mod == 3) {
-                label2 = gen_new_label();
                 gen_op_mov_reg_v(ot, R_EAX, t0);
                 tcg_gen_br(label2);
                 gen_set_label(label1);
                 gen_op_mov_reg_v(ot, rm, t1);
-                gen_set_label(label2);
             } else {
-                tcg_gen_mov_tl(t1, t0);
+                /* perform no-op store cycle like physical cpu; must be
+		   before changing accumulator to ensure idempotency if
+		   the store faults and the instruction is restarted
+		*/
+                gen_op_st_v(ot + s->mem_index, t0, a0);
                 gen_op_mov_reg_v(ot, R_EAX, t0);
+                tcg_gen_br(label2);
                 gen_set_label(label1);
-                /* always store */
                 gen_op_st_v(ot + s->mem_index, t1, a0);
             }
+	    gen_set_label(label2);
             tcg_gen_mov_tl(cpu_cc_src, t0);
             tcg_gen_mov_tl(cpu_cc_dst, t2);
             s->cc_op = CC_OP_SUBB + ot;
-- 
1.6.6.2