From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58384) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZWrNe-0002ih-Ig for qemu-devel@nongnu.org; Tue, 01 Sep 2015 15:38:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZWrNa-0000w1-Fs for qemu-devel@nongnu.org; Tue, 01 Sep 2015 15:38:06 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:53089) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZWrNa-0000tY-8K for qemu-devel@nongnu.org; Tue, 01 Sep 2015 15:38:02 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 05FD5209B3 for ; Tue, 1 Sep 2015 15:37:58 -0400 (EDT) Date: Tue, 1 Sep 2015 15:38:28 -0400 From: "Emilio G. Cota" Message-ID: <20150901193828.GA23249@flamenco> References: <1440375847-17603-1-git-send-email-cota@braap.org> <1440375847-17603-36-git-send-email-cota@braap.org> <87k2sai0i1.fsf@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87k2sai0i1.fsf@linaro.org> Subject: Re: [Qemu-devel] [RFC 35/38] cputlb: use cpu_tcg_sched_work for tlb_flush_all List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Alex =?iso-8859-1?Q?Benn=E9e?= Cc: mttcg@listserver.greensocs.com, mark.burton@greensocs.com, a.rigo@virtualopensystems.com, qemu-devel@nongnu.org, guillaume.delbergue@greensocs.com, pbonzini@redhat.com, Frederic Konrad On Tue, Sep 01, 2015 at 17:10:30 +0100, Alex Bennée wrote: > > Emilio G. Cota writes: > > > Signed-off-by: Emilio G. Cota > > --- > > cputlb.c | 41 +++++++++++------------------------------ > > 1 file changed, 11 insertions(+), 30 deletions(-) > > I bisected my Jessie boot failure to this commit. Before it boots up > fine, here it just hangs before the kernel starts init. > > 17:05 alex@zen/x86_64 [qemu.git/bisect:???] > >./arm-softmmu/qemu-system-arm -machine virt -cpu cortex-a15 -machine > type=virt -display none -serial telnet:127.0.0.1:4444 -monitor stdio > -smp 4 -m 4096 -kernel ../images/aarch32-current-linux-kernel-only.img > --append "console=ttyAMA0 root=/dev/vda1" -drive > file=../images/jessie-arm32.qcow2,id=myblock,index=0,if=none -device > virtio-b > lk-device,drive=myblock -netdev user,id=unet,hostfwd=tcp::2222-:22 > -device virtio-net-device,netdev=unet -D /tmp/qemu.log -d un > imp -name debug-threads=on > > See people.linaro.org/~alex.bennee/images Thanks for testing! I can replicate it; what's happening is that tlb_flush_all calls cpu_loop_exit(), then re-enters the cpu loop, performs the job while other CPUs are asleep(i.e. __tlb_flush_all in this case), but then when it continues execution it loads the same instruction (say a TLBIALLIS) again. So we end up with the same CPU calling tlb_flush_all in an infinite loop. A possible way to fix this is to finish the TB right after the helper and then add a flag in cpu_sched_work to not call cpu_exit_loop, raising an exit interrupt instead. (Note that cpu_exit_loop is still necessary when doing work out-of-band wrt to execution, e.g. we *want* to come back to the same PC when doing a tb_flush.) I've tried doing this but I can't see an obvious place to insert the call to tcg_gen_exit_tb()--I see the calls to the TLB helpers are embedded in structs that I presume are called by some generic helper code. A little bit of help here would be appreciated, I'm not very familiar with target-arm. Thanks, Emilio