From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52341)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1eGmRj-00045k-Q2
	for qemu-devel@nongnu.org; Mon, 20 Nov 2017 08:49:15 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1eGmRj-0008JS-4L
	for qemu-devel@nongnu.org; Mon, 20 Nov 2017 08:49:11 -0500
From: Peter Maydell <peter.maydell@linaro.org>
Date: Mon, 20 Nov 2017 13:26:59 +0000
Message-Id: <1511184421-23535-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PATCH for-2.11 0/2] Fix TCG atomic writes to nondirty
 pages
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Richard Henderson <rth@twiddle.net>, Paolo Bonzini <pbonzini@redhat.com>, Stuart Monteith <stuart.monteith@linaro.org>

To do a write to memory that is marked as notdirty, we need
to invalidate any TBs we have cached for that memory, and
update the cpu physical memory dirty flags for VGA and migration.
The slowpath code in notdirty_mem_write() does all this correctly,
but the new atomic handling code in atomic_mmu_lookup() doesn't
do anything at all, it just clears the dirty bit in the TLB.
    
The effect of this bug is that if the first write to a notdirty
page for which we have cached TBs is by a guest atomic access,
we fail to invalidate the TBs and subsequently will execute
incorrect code. This can be seen by trying to run 'javac' on AArch64.
    
The first patch here refactors notdirty_mem_write() to pull out
the "correctly handle dirty bit updates" parts of the code into
two new functions memory_notdirty_write_prepare() and
memory_notdirty_write_complete(). The second patch then uses
those functions to fix the atomic helpers.

In an ideal world I'd like to get this fix into rc2 tomorrow
so it gets wider testing exposure before release.

thanks
-- PMM

Peter Maydell (2):
  exec.c: Factor out before/after actions for notdirty memory writes
  accel/tcg: Handle atomic accesses to notdirty memory correctly

 accel/tcg/atomic_template.h    | 12 ++++++++
 include/exec/memory-internal.h | 56 ++++++++++++++++++++++++++++++++++++
 accel/tcg/cputlb.c             | 29 ++++++++++---------
 accel/tcg/user-exec.c          |  1 +
 exec.c                         | 65 ++++++++++++++++++++++++++++--------------
 5 files changed, 129 insertions(+), 34 deletions(-)

-- 
2.7.4