From: "Alex Bennée" <alex.bennee@linaro.org>
To: mttcg@listserver.greensocs.com, fred.konrad@greensocs.com,
a.rigo@virtualopensystems.com, serge.fdrv@gmail.com,
cota@braap.org
Cc: "Eduardo Habkost" <ehabkost@redhat.com>,
"Peter Crosthwaite" <crosthwaite.peter@gmail.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
mark.burton@greensocs.com, qemu-devel@nongnu.org,
pbonzini@redhat.com, "Alex Bennée" <alex.bennee@linaro.org>,
"Richard Henderson" <rth@twiddle.net>
Subject: [Qemu-devel] [RFC v1 04/11] tcg: protect TBContext with tb_lock.
Date: Fri, 18 Mar 2016 16:18:45 +0000 [thread overview]
Message-ID: <1458317932-1875-5-git-send-email-alex.bennee@linaro.org> (raw)
In-Reply-To: <1458317932-1875-1-git-send-email-alex.bennee@linaro.org>
From: KONRAD Frederic <fred.konrad@greensocs.com>
This protects TBContext with tb_lock to make tb_* thread safe.
We can still have issue with tb_flush in case of multithread TCG:
another CPU can be executing code during a flush.
This can be fixed later by making all other TCG thread exiting before calling
tb_flush().
Signed-off-by: KONRAD Frederic <fred.konrad@greensocs.com>
Message-Id: <1439220437-23957-8-git-send-email-fred.konrad@greensocs.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[AJB: moved into tree, clean-up history]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
v7 (FK):
- Drop a tb_lock in already locked restore_state_to_opc.
v6 (FK):
- Drop a tb_lock arround tb_find_fast in cpu-exec.c.
---
cpu-exec.c | 6 ++++++
exec.c | 3 +++
hw/i386/kvmvapic.c | 3 +++
translate-all.c | 32 +++++++++++++++++++++++++-------
4 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index e71113e..3572256 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -196,18 +196,24 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles,
if (max_cycles > CF_COUNT_MASK)
max_cycles = CF_COUNT_MASK;
+ tb_lock();
cpu->tb_invalidated_flag = 0;
tb = tb_gen_code(cpu, orig_tb->pc, orig_tb->cs_base, orig_tb->flags,
max_cycles | CF_NOCACHE
| (ignore_icount ? CF_IGNORE_ICOUNT : 0));
tb->orig_tb = cpu->tb_invalidated_flag ? NULL : orig_tb;
cpu->current_tb = tb;
+ tb_unlock();
+
/* execute the generated code */
trace_exec_tb_nocache(tb, tb->pc);
cpu_tb_exec(cpu, tb->tc_ptr);
+
+ tb_lock();
cpu->current_tb = NULL;
tb_phys_invalidate(tb, -1);
tb_free(tb);
+ tb_unlock();
}
#endif
diff --git a/exec.c b/exec.c
index 4f0e5ed..402b751 100644
--- a/exec.c
+++ b/exec.c
@@ -2112,6 +2112,9 @@ static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
continue;
}
cpu->watchpoint_hit = wp;
+
+ /* Unlocked by cpu_loop_exit or cpu_resume_from_signal. */
+ tb_lock();
tb_check_watchpoint(cpu);
if (wp->flags & BP_STOP_BEFORE_ACCESS) {
cpu->exception_index = EXCP_DEBUG;
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index c69f374..7c0d542 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -14,6 +14,7 @@
#include "sysemu/kvm.h"
#include "hw/i386/apic_internal.h"
#include "hw/sysbus.h"
+#include "tcg/tcg.h"
#define VAPIC_IO_PORT 0x7e
@@ -446,6 +447,8 @@ static void patch_instruction(VAPICROMState *s, X86CPU *cpu, target_ulong ip)
resume_all_vcpus();
if (!kvm_enabled()) {
+ /* Unlocked by cpu_resume_from_signal. */
+ tb_lock();
cs->current_tb = NULL;
tb_gen_code(cs, current_pc, current_cs_base, current_flags, 1);
cpu_resume_from_signal(cs, NULL);
diff --git a/translate-all.c b/translate-all.c
index 1a02450..1aab243 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -847,7 +847,9 @@ static void page_flush_tb(void)
}
/* flush all the translation blocks */
-/* XXX: tb_flush is currently not thread safe */
+/* XXX: tb_flush is currently not thread safe. System emulation calls it only
+ * with tb_lock taken or from safe_work, so no need to take tb_lock here.
+ */
void tb_flush(CPUState *cpu)
{
#if defined(DEBUG_FLUSH)
@@ -1253,6 +1255,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
/* we remove all the TBs in the range [start, end[ */
/* XXX: see if in some cases it could be faster to invalidate all
the code */
+ tb_lock();
tb = p->first_tb;
while (tb != NULL) {
n = (uintptr_t)tb & 3;
@@ -1320,12 +1323,13 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
if (current_tb_modified) {
/* we generate a block containing just the instruction
modifying the memory. It will ensure that it cannot modify
- itself */
+ itself. cpu_resume_from_signal unlocks tb_lock. */
cpu->current_tb = NULL;
tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
cpu_resume_from_signal(cpu, NULL);
}
#endif
+ tb_unlock();
}
#ifdef CONFIG_SOFTMMU
@@ -1392,6 +1396,8 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr,
if (!p) {
return;
}
+
+ tb_lock();
tb = p->first_tb;
#ifdef TARGET_HAS_PRECISE_SMC
if (tb && pc != 0) {
@@ -1433,9 +1439,12 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr,
if (locked) {
mmap_unlock();
}
+
+ /* tb_lock released by cpu_resume_from_signal. */
cpu_resume_from_signal(cpu, puc);
}
#endif
+ tb_unlock();
}
#endif
@@ -1639,6 +1648,7 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
target_ulong pc, cs_base;
uint64_t flags;
+ tb_lock();
tb = tb_find_pc(retaddr);
if (!tb) {
cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
@@ -1690,11 +1700,15 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
/* FIXME: In theory this could raise an exception. In practice
we have already translated the block once so it's probably ok. */
tb_gen_code(cpu, pc, cs_base, flags, cflags);
- /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
- the first in the TB) then we end up generating a whole new TB and
- repeating the fault, which is horribly inefficient.
- Better would be to execute just this insn uncached, or generate a
- second new TB. */
+
+ /* This unlocks the tb_lock.
+ *
+ * TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
+ * the first in the TB) then we end up generating a whole new TB and
+ * repeating the fault, which is horribly inefficient.
+ * Better would be to execute just this insn uncached, or generate a
+ * second new TB.
+ */
cpu_resume_from_signal(cpu, NULL);
}
@@ -1719,6 +1733,8 @@ void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
int direct_jmp_count, direct_jmp2_count, cross_page;
TranslationBlock *tb;
+ tb_lock();
+
target_code_size = 0;
max_target_code_size = 0;
cross_page = 0;
@@ -1774,6 +1790,8 @@ void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
tcg_ctx.tb_ctx.tb_phys_invalidate_count);
cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
tcg_dump_info(f, cpu_fprintf);
+
+ tb_unlock();
}
void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)
--
2.7.3
next prev parent reply other threads:[~2016-03-18 16:19 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-18 16:18 [Qemu-devel] [RFC v1 00/11] Base enabling patches for MTTCG Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 01/11] tcg: move tb_find_fast outside the tb_lock critical section Alex Bennée
2016-03-18 16:54 ` Paolo Bonzini
2016-03-21 21:50 ` Emilio G. Cota
2016-03-21 22:08 ` Peter Maydell
2016-03-21 23:59 ` Emilio G. Cota
2016-03-22 8:29 ` Paolo Bonzini
2016-03-22 11:59 ` Alex Bennée
2016-03-22 11:55 ` Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 02/11] cpu-exec: elide more icount code if CONFIG_USER_ONLY Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 03/11] tcg: comment on which functions have to be called with tb_lock held Alex Bennée
2016-03-18 16:59 ` Paolo Bonzini
2016-03-21 21:50 ` Emilio G. Cota
2016-03-21 22:12 ` Paolo Bonzini
2016-03-18 16:18 ` Alex Bennée [this message]
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 05/11] target-arm/psci.c: wake up sleeping CPUs Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 06/11] tcg: cpus rm tcg_exec_all() Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 07/11] tcg: add options for enabling MTTCG Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 08/11] tcg: add kick timer for single-threaded vCPU emulation Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 09/11] tcg: drop global lock during TCG code execution Alex Bennée
2016-03-18 16:49 ` Paolo Bonzini
2016-03-23 9:19 ` KONRAD Frederic
2016-03-23 16:27 ` Alex Bennée
2016-03-23 20:36 ` Jan Kiszka
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 10/11] tcg: grab iothread lock in cpu-exec interrupt handling Alex Bennée
2016-03-18 16:48 ` Paolo Bonzini
2016-03-22 12:03 ` Alex Bennée
2016-03-18 16:18 ` [Qemu-devel] [RFC v1 11/11] tcg: enable thread-per-vCPU Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1458317932-1875-5-git-send-email-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=a.rigo@virtualopensystems.com \
--cc=cota@braap.org \
--cc=crosthwaite.peter@gmail.com \
--cc=ehabkost@redhat.com \
--cc=fred.konrad@greensocs.com \
--cc=mark.burton@greensocs.com \
--cc=mst@redhat.com \
--cc=mttcg@listserver.greensocs.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=serge.fdrv@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).