From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Richard Henderson <rth@twiddle.net>,
Paolo Bonzini <pbonzini@redhat.com>,
Stuart Monteith <stuart.monteith@linaro.org>
Subject: [Qemu-devel] [PATCH for-2.11 0/2] Fix TCG atomic writes to nondirty pages
Date: Mon, 20 Nov 2017 13:26:59 +0000 [thread overview]
Message-ID: <1511184421-23535-1-git-send-email-peter.maydell@linaro.org> (raw)
To do a write to memory that is marked as notdirty, we need
to invalidate any TBs we have cached for that memory, and
update the cpu physical memory dirty flags for VGA and migration.
The slowpath code in notdirty_mem_write() does all this correctly,
but the new atomic handling code in atomic_mmu_lookup() doesn't
do anything at all, it just clears the dirty bit in the TLB.
The effect of this bug is that if the first write to a notdirty
page for which we have cached TBs is by a guest atomic access,
we fail to invalidate the TBs and subsequently will execute
incorrect code. This can be seen by trying to run 'javac' on AArch64.
The first patch here refactors notdirty_mem_write() to pull out
the "correctly handle dirty bit updates" parts of the code into
two new functions memory_notdirty_write_prepare() and
memory_notdirty_write_complete(). The second patch then uses
those functions to fix the atomic helpers.
In an ideal world I'd like to get this fix into rc2 tomorrow
so it gets wider testing exposure before release.
thanks
-- PMM
Peter Maydell (2):
exec.c: Factor out before/after actions for notdirty memory writes
accel/tcg: Handle atomic accesses to notdirty memory correctly
accel/tcg/atomic_template.h | 12 ++++++++
include/exec/memory-internal.h | 56 ++++++++++++++++++++++++++++++++++++
accel/tcg/cputlb.c | 29 ++++++++++---------
accel/tcg/user-exec.c | 1 +
exec.c | 65 ++++++++++++++++++++++++++++--------------
5 files changed, 129 insertions(+), 34 deletions(-)
--
2.7.4
next reply other threads:[~2017-11-20 13:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-20 13:26 Peter Maydell [this message]
2017-11-20 13:27 ` [Qemu-devel] [PATCH for-2.11 1/2] exec.c: Factor out before/after actions for notdirty memory writes Peter Maydell
2017-11-20 14:28 ` Richard Henderson
2017-11-20 13:27 ` [Qemu-devel] [PATCH for-2.11 2/2] accel/tcg: Handle atomic accesses to notdirty memory correctly Peter Maydell
2017-11-20 14:27 ` Richard Henderson
2017-11-20 14:47 ` Peter Maydell
2017-11-20 15:00 ` Richard Henderson
2017-11-20 18:09 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1511184421-23535-1-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=rth@twiddle.net \
--cc=stuart.monteith@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).