From: Aurelien Jarno <aurelien@aurel32.net>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [RFC][PATCH] Fix race condition on access to env->interrupt_request
Date: Fri, 6 Mar 2009 18:31:43 +0100 [thread overview]
Message-ID: <20090306173143.GA13368@volta.aurel32.net> (raw)
env->interrupt_request is accessed as the bit level from both main code
and signal handler, making a race condition possible even on CISC CPU.
This causes freeze of QEMU under high load when running the dyntick
clock.
The patch below move the bit corresponding to CPU_INTERRUPT_EXIT in a
separate variable, declared as volatile sig_atomic_t, so it should be
work even on RISC CPU.
We may want to move the cpu_interrupt(env, CPU_INTERRUPT_EXIT) case in
its own function and get rid of CPU_INTERRUPT_EXIT. That can be done
later, I wanted to keep the patch short for easier review.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
diff --git a/cpu-defs.h b/cpu-defs.h
index 758fa9f..aa46fc3 100644
--- a/cpu-defs.h
+++ b/cpu-defs.h
@@ -27,6 +27,7 @@
#include "config.h"
#include <setjmp.h>
#include <inttypes.h>
+#include <signal.h>
#include "osdep.h"
#include "sys-queue.h"
@@ -170,6 +171,7 @@ typedef struct CPUWatchpoint {
memory was accessed */ \
uint32_t halted; /* Nonzero if the CPU is in suspend state */ \
uint32_t interrupt_request; \
+ volatile sig_atomic_t exit_request; \
/* The meaning of the MMU modes is defined in the target code. */ \
CPUTLBEntry tlb_table[NB_MMU_MODES][CPU_TLB_SIZE]; \
target_phys_addr_t iotlb[NB_MMU_MODES][CPU_TLB_SIZE]; \
diff --git a/cpu-exec.c b/cpu-exec.c
index f7be38d..7607e24 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -311,7 +311,7 @@ int cpu_exec(CPUState *env1)
env->exception_index = -1;
}
#ifdef USE_KQEMU
- if (kqemu_is_ok(env) && env->interrupt_request == 0) {
+ if (kqemu_is_ok(env) && env->interrupt_request == 0 && env->exit_request == 0) {
int ret;
env->eflags = env->eflags | helper_cc_compute_all(CC_OP) | (DF & DF_MASK);
ret = kqemu_cpu_exec(env);
@@ -326,7 +326,7 @@ int cpu_exec(CPUState *env1)
} else if (ret == 2) {
/* softmmu execution needed */
} else {
- if (env->interrupt_request != 0) {
+ if (env->interrupt_request != 0 || env->exit_request != 0) {
/* hardware interrupt will be executed just after */
} else {
/* otherwise, we restart */
@@ -525,11 +525,11 @@ int cpu_exec(CPUState *env1)
the program flow was changed */
next_tb = 0;
}
- if (interrupt_request & CPU_INTERRUPT_EXIT) {
- env->interrupt_request &= ~CPU_INTERRUPT_EXIT;
- env->exception_index = EXCP_INTERRUPT;
- cpu_loop_exit();
- }
+ }
+ if (unlikely(env->exit_request)) {
+ env->exit_request = 0;
+ env->exception_index = EXCP_INTERRUPT;
+ cpu_loop_exit();
}
#ifdef DEBUG_EXEC
if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
@@ -599,7 +599,7 @@ int cpu_exec(CPUState *env1)
TB, but before it is linked into a potentially
infinite loop and becomes env->current_tb. Avoid
starting execution if there is a pending interrupt. */
- if (unlikely (env->interrupt_request & CPU_INTERRUPT_EXIT))
+ if (unlikely (env->exit_request))
env->current_tb = NULL;
while (env->current_tb) {
diff --git a/exec.c b/exec.c
index f4a071e..902031c 100644
--- a/exec.c
+++ b/exec.c
@@ -1501,9 +1501,12 @@ void cpu_interrupt(CPUState *env, int mask)
#endif
int old_mask;
+ if (mask & CPU_INTERRUPT_EXIT) {
+ env->exit_request = 1;
+ mask &= ~CPU_INTERRUPT_EXIT;
+ }
+
old_mask = env->interrupt_request;
- /* FIXME: This is probably not threadsafe. A different thread could
- be in the middle of a read-modify-write operation. */
env->interrupt_request |= mask;
#if defined(USE_NPTL)
/* FIXME: TB unchaining isn't SMP safe. For now just ignore the
@@ -1514,10 +1517,8 @@ void cpu_interrupt(CPUState *env, int mask)
if (use_icount) {
env->icount_decr.u16.high = 0xffff;
#ifndef CONFIG_USER_ONLY
- /* CPU_INTERRUPT_EXIT isn't a real interrupt. It just means
- an async event happened and we need to process it. */
if (!can_do_io(env)
- && (mask & ~(old_mask | CPU_INTERRUPT_EXIT)) != 0) {
+ && (mask & ~old_mask) != 0) {
cpu_abort(env, "Raised interrupt while not in I/O function");
}
#endif
diff --git a/kvm-all.c b/kvm-all.c
index 0b17427..28c9c07 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -445,7 +445,7 @@ int kvm_cpu_exec(CPUState *env)
do {
kvm_arch_pre_run(env, run);
- if ((env->interrupt_request & CPU_INTERRUPT_EXIT)) {
+ if (env->exit_request) {
dprintf("interrupt exit requested\n");
ret = 0;
break;
@@ -512,8 +512,8 @@ int kvm_cpu_exec(CPUState *env)
}
} while (ret > 0);
- if ((env->interrupt_request & CPU_INTERRUPT_EXIT)) {
- env->interrupt_request &= ~CPU_INTERRUPT_EXIT;
+ if (env->exit_request) {
+ env->exit_request = 0;
env->exception_index = EXCP_INTERRUPT;
}
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
next reply other threads:[~2009-03-06 17:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-06 17:31 Aurelien Jarno [this message]
2009-03-06 19:06 ` [Qemu-devel] [RFC][PATCH] Fix race condition on access to env->interrupt_request malc
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090306173143.GA13368@volta.aurel32.net \
--to=aurelien@aurel32.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).