From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lfdtk-0006et-FF for qemu-devel@nongnu.org; Fri, 06 Mar 2009 12:31:48 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lfdtj-0006eS-Gf for qemu-devel@nongnu.org; Fri, 06 Mar 2009 12:31:48 -0500 Received: from [199.232.76.173] (port=47529 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lfdtj-0006eO-5X for qemu-devel@nongnu.org; Fri, 06 Mar 2009 12:31:47 -0500 Received: from hall.aurel32.net ([88.191.82.174]:56543) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Lfdti-0002Qv-IT for qemu-devel@nongnu.org; Fri, 06 Mar 2009 12:31:46 -0500 Received: from volta.aurel32.net ([2002:52e8:2fb:1:21e:8cff:feb0:693b]) by hall.aurel32.net with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1Lfdtg-0000G0-Rj for qemu-devel@nongnu.org; Fri, 06 Mar 2009 18:31:44 +0100 Received: from aurel32 by volta.aurel32.net with local (Exim 4.69) (envelope-from ) id 1Lfdtf-0003YP-4X for qemu-devel@nongnu.org; Fri, 06 Mar 2009 18:31:43 +0100 Date: Fri, 6 Mar 2009 18:31:43 +0100 From: Aurelien Jarno Message-ID: <20090306173143.GA13368@volta.aurel32.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Subject: [Qemu-devel] [RFC][PATCH] Fix race condition on access to env->interrupt_request Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org env->interrupt_request is accessed as the bit level from both main code and signal handler, making a race condition possible even on CISC CPU. This causes freeze of QEMU under high load when running the dyntick clock. The patch below move the bit corresponding to CPU_INTERRUPT_EXIT in a separate variable, declared as volatile sig_atomic_t, so it should be work even on RISC CPU. We may want to move the cpu_interrupt(env, CPU_INTERRUPT_EXIT) case in its own function and get rid of CPU_INTERRUPT_EXIT. That can be done later, I wanted to keep the patch short for easier review. Signed-off-by: Aurelien Jarno diff --git a/cpu-defs.h b/cpu-defs.h index 758fa9f..aa46fc3 100644 --- a/cpu-defs.h +++ b/cpu-defs.h @@ -27,6 +27,7 @@ #include "config.h" #include #include +#include #include "osdep.h" #include "sys-queue.h" @@ -170,6 +171,7 @@ typedef struct CPUWatchpoint { memory was accessed */ \ uint32_t halted; /* Nonzero if the CPU is in suspend state */ \ uint32_t interrupt_request; \ + volatile sig_atomic_t exit_request; \ /* The meaning of the MMU modes is defined in the target code. */ \ CPUTLBEntry tlb_table[NB_MMU_MODES][CPU_TLB_SIZE]; \ target_phys_addr_t iotlb[NB_MMU_MODES][CPU_TLB_SIZE]; \ diff --git a/cpu-exec.c b/cpu-exec.c index f7be38d..7607e24 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -311,7 +311,7 @@ int cpu_exec(CPUState *env1) env->exception_index = -1; } #ifdef USE_KQEMU - if (kqemu_is_ok(env) && env->interrupt_request == 0) { + if (kqemu_is_ok(env) && env->interrupt_request == 0 && env->exit_request == 0) { int ret; env->eflags = env->eflags | helper_cc_compute_all(CC_OP) | (DF & DF_MASK); ret = kqemu_cpu_exec(env); @@ -326,7 +326,7 @@ int cpu_exec(CPUState *env1) } else if (ret == 2) { /* softmmu execution needed */ } else { - if (env->interrupt_request != 0) { + if (env->interrupt_request != 0 || env->exit_request != 0) { /* hardware interrupt will be executed just after */ } else { /* otherwise, we restart */ @@ -525,11 +525,11 @@ int cpu_exec(CPUState *env1) the program flow was changed */ next_tb = 0; } - if (interrupt_request & CPU_INTERRUPT_EXIT) { - env->interrupt_request &= ~CPU_INTERRUPT_EXIT; - env->exception_index = EXCP_INTERRUPT; - cpu_loop_exit(); - } + } + if (unlikely(env->exit_request)) { + env->exit_request = 0; + env->exception_index = EXCP_INTERRUPT; + cpu_loop_exit(); } #ifdef DEBUG_EXEC if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) { @@ -599,7 +599,7 @@ int cpu_exec(CPUState *env1) TB, but before it is linked into a potentially infinite loop and becomes env->current_tb. Avoid starting execution if there is a pending interrupt. */ - if (unlikely (env->interrupt_request & CPU_INTERRUPT_EXIT)) + if (unlikely (env->exit_request)) env->current_tb = NULL; while (env->current_tb) { diff --git a/exec.c b/exec.c index f4a071e..902031c 100644 --- a/exec.c +++ b/exec.c @@ -1501,9 +1501,12 @@ void cpu_interrupt(CPUState *env, int mask) #endif int old_mask; + if (mask & CPU_INTERRUPT_EXIT) { + env->exit_request = 1; + mask &= ~CPU_INTERRUPT_EXIT; + } + old_mask = env->interrupt_request; - /* FIXME: This is probably not threadsafe. A different thread could - be in the middle of a read-modify-write operation. */ env->interrupt_request |= mask; #if defined(USE_NPTL) /* FIXME: TB unchaining isn't SMP safe. For now just ignore the @@ -1514,10 +1517,8 @@ void cpu_interrupt(CPUState *env, int mask) if (use_icount) { env->icount_decr.u16.high = 0xffff; #ifndef CONFIG_USER_ONLY - /* CPU_INTERRUPT_EXIT isn't a real interrupt. It just means - an async event happened and we need to process it. */ if (!can_do_io(env) - && (mask & ~(old_mask | CPU_INTERRUPT_EXIT)) != 0) { + && (mask & ~old_mask) != 0) { cpu_abort(env, "Raised interrupt while not in I/O function"); } #endif diff --git a/kvm-all.c b/kvm-all.c index 0b17427..28c9c07 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -445,7 +445,7 @@ int kvm_cpu_exec(CPUState *env) do { kvm_arch_pre_run(env, run); - if ((env->interrupt_request & CPU_INTERRUPT_EXIT)) { + if (env->exit_request) { dprintf("interrupt exit requested\n"); ret = 0; break; @@ -512,8 +512,8 @@ int kvm_cpu_exec(CPUState *env) } } while (ret > 0); - if ((env->interrupt_request & CPU_INTERRUPT_EXIT)) { - env->interrupt_request &= ~CPU_INTERRUPT_EXIT; + if (env->exit_request) { + env->exit_request = 0; env->exception_index = EXCP_INTERRUPT; } -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurelien@aurel32.net http://www.aurel32.net