From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36559) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bUdTx-0008Jl-Dq for qemu-devel@nongnu.org; Tue, 02 Aug 2016 13:27:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bUdTw-0002Wt-88 for qemu-devel@nongnu.org; Tue, 02 Aug 2016 13:27:57 -0400 Received: from mail-wm0-x22c.google.com ([2a00:1450:400c:c09::22c]:35824) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bUdTv-0002Wg-UK for qemu-devel@nongnu.org; Tue, 02 Aug 2016 13:27:56 -0400 Received: by mail-wm0-x22c.google.com with SMTP id f65so417910390wmi.0 for ; Tue, 02 Aug 2016 10:27:55 -0700 (PDT) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Tue, 2 Aug 2016 18:27:43 +0100 Message-Id: <1470158864-17651-13-git-send-email-alex.bennee@linaro.org> In-Reply-To: <1470158864-17651-1-git-send-email-alex.bennee@linaro.org> References: <1470158864-17651-1-git-send-email-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [Qemu-devel] [PATCH v5 12/13] tcg: Make tb_flush() thread safe List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: mttcg@listserver.greensocs.com, qemu-devel@nongnu.org, fred.konrad@greensocs.com, a.rigo@virtualopensystems.com, serge.fdrv@gmail.com, cota@braap.org, bobby.prani@gmail.com Cc: mark.burton@greensocs.com, pbonzini@redhat.com, jan.kiszka@siemens.com, rth@twiddle.net, peter.maydell@linaro.org, claudio.fontana@huawei.com, Sergey Fedorov , =?UTF-8?q?Alex=20Benn=C3=A9e?= , Peter Crosthwaite From: Sergey Fedorov Use async_safe_run_on_cpu() to make tb_flush() thread safe. It can happen that multiple threads schedule a safe work to flush the translation buffer. To keep statistics and debugging output sane, always check if the translation buffer has already been flushed. Signed-off-by: Sergey Fedorov Signed-off-by: Sergey Fedorov [AJB: minor re-base fixes] Signed-off-by: Alex Bennée --- cpu-exec.c | 12 ++---------- include/qom/cpu.h | 2 -- translate-all.c | 17 +++++++++++------ 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/cpu-exec.c b/cpu-exec.c index 49d9f34..f8cfdbd 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -203,20 +203,16 @@ static void cpu_exec_nocache(CPUState *cpu, int max_cycles, TranslationBlock *orig_tb, bool ignore_icount) { TranslationBlock *tb; - bool old_tb_flushed; /* Should never happen. We only end up here when an existing TB is too long. */ if (max_cycles > CF_COUNT_MASK) max_cycles = CF_COUNT_MASK; - old_tb_flushed = cpu->tb_flushed; - cpu->tb_flushed = false; tb = tb_gen_code(cpu, orig_tb->pc, orig_tb->cs_base, orig_tb->flags, max_cycles | CF_NOCACHE | (ignore_icount ? CF_IGNORE_ICOUNT : 0)); - tb->orig_tb = cpu->tb_flushed ? NULL : orig_tb; - cpu->tb_flushed |= old_tb_flushed; + tb->orig_tb = orig_tb; /* execute the generated code */ trace_exec_tb_nocache(tb, tb->pc); cpu_tb_exec(cpu, tb); @@ -337,10 +333,7 @@ static inline TranslationBlock *tb_find(CPUState *cpu, tb_lock(); have_tb_lock = true; } - /* Check if translation buffer has been flushed */ - if (cpu->tb_flushed) { - cpu->tb_flushed = false; - } else if (!tb->invalid) { + if (!tb->invalid) { tb_add_jump(last_tb, tb_exit, tb); } } @@ -605,7 +598,6 @@ int cpu_exec(CPUState *cpu) break; } - atomic_mb_set(&cpu->tb_flushed, false); /* reset before first TB lookup */ for(;;) { cpu_handle_interrupt(cpu, &last_tb); tb = tb_find(cpu, last_tb, tb_exit); diff --git a/include/qom/cpu.h b/include/qom/cpu.h index bc24514..dee5ad0 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -260,7 +260,6 @@ struct qemu_work_item { * @crash_occurred: Indicates the OS reported a crash (panic) for this CPU * @tcg_exit_req: Set to force TCG to stop executing linked TBs for this * CPU and return to its top level loop. - * @tb_flushed: Indicates the translation buffer has been flushed. * @singlestep_enabled: Flags for single-stepping. * @icount_extra: Instructions until next timer event. * @icount_decr: Number of cycles left, with interrupt flag in high bit. @@ -313,7 +312,6 @@ struct CPUState { bool unplug; bool crash_occurred; bool exit_request; - bool tb_flushed; uint32_t interrupt_request; int singlestep_enabled; int64_t icount_extra; diff --git a/translate-all.c b/translate-all.c index 1ce05ff..60527ad 100644 --- a/translate-all.c +++ b/translate-all.c @@ -832,9 +832,11 @@ static void page_flush_tb(void) } /* flush all the translation blocks */ -/* XXX: tb_flush is currently not thread safe */ -void tb_flush(CPUState *cpu) +static void do_tb_flush(CPUState *cpu, void *data) { + if (tcg_ctx.tb_ctx.nb_tbs == 0) { + return; + } #if defined(DEBUG_FLUSH) printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n", (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer), @@ -853,7 +855,6 @@ void tb_flush(CPUState *cpu) for (i = 0; i < TB_JMP_CACHE_SIZE; ++i) { atomic_set(&cpu->tb_jmp_cache[i], NULL); } - atomic_mb_set(&cpu->tb_flushed, true); } tcg_ctx.tb_ctx.nb_tbs = 0; @@ -866,6 +867,11 @@ void tb_flush(CPUState *cpu) tcg_ctx.tb_ctx.tb_flush_count++; } +void tb_flush(CPUState *cpu) +{ + async_safe_run_on_cpu(cpu, do_tb_flush, NULL); +} + #ifdef DEBUG_TB_CHECK static void @@ -1170,9 +1176,8 @@ TranslationBlock *tb_gen_code(CPUState *cpu, buffer_overflow: /* flush must be done */ tb_flush(cpu); - /* cannot fail at this point */ - tb = tb_alloc(pc); - assert(tb != NULL); + mmap_unlock(); + cpu_loop_exit(cpu); } gen_code_buf = tcg_ctx.code_gen_ptr; -- 2.7.4