From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57080)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cota@braap.org>) id 1bKCQb-00038V-E5
	for qemu-devel@nongnu.org; Mon, 04 Jul 2016 18:33:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cota@braap.org>) id 1bKCQW-0006HY-DS
	for qemu-devel@nongnu.org; Mon, 04 Jul 2016 18:33:20 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:58802)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cota@braap.org>) id 1bKCQU-0006EN-42
	for qemu-devel@nongnu.org; Mon, 04 Jul 2016 18:33:16 -0400
Date: Mon, 4 Jul 2016 18:33:04 -0400
From: "Emilio G. Cota" <cota@braap.org>
Message-ID: <20160704223304.GD2295@flamenco>
References: <1467389770-9738-1-git-send-email-alex.bennee@linaro.org>
	<1467389770-9738-2-git-send-email-alex.bennee@linaro.org>
	<20160702001736.GA2295@flamenco>
	<595ec08d-4e3b-0f1a-eee0-68c462108763@twiddle.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <595ec08d-4e3b-0f1a-eee0-68c462108763@twiddle.net>
Subject: Re: [Qemu-devel] [PATCH 1/2] tcg: Ensure safe tb_jmp_cache lookup
 out of 'tb_lock'
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Richard Henderson <rth@twiddle.net>
Cc: Alex =?iso-8859-1?Q?Benn=E9e?= <alex.bennee@linaro.org>, mttcg@greensocs.com, qemu-devel@nongnu.org, fred.konrad@greensocs.com, a.rigo@virtualopensystems.com, serge.fdrv@gmail.com, bobby.prani@gmail.com, mark.burton@greensocs.com, pbonzini@redhat.com, jan.kiszka@siemens.com, peter.maydell@linaro.org, claudio.fontana@huawei.com, Sergey Fedorov <sergey.fedorov@linaro.org>, Peter Crosthwaite <crosthwaite.peter@gmail.com>

On Fri, Jul 01, 2016 at 17:32:01 -0700, Richard Henderson wrote:
> On 07/01/2016 05:17 PM, Emilio G. Cota wrote:
> >On Fri, Jul 01, 2016 at 17:16:09 +0100, Alex Bennée wrote:
> >>From: Sergey Fedorov <serge.fdrv@gmail.com>
> >(snip)
> >>@@ -333,7 +338,7 @@ static inline TranslationBlock *tb_find_fast(CPUState *cpu,
> >>        is executed. */
> >>     cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
> >>     tb_lock();
> >>-    tb = cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)];
> >>+    tb = atomic_read(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)]);
> >>     if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base ||
> >>                  tb->flags != flags)) {
> >>         tb = tb_find_slow(cpu, pc, cs_base, flags);
> >>diff --git a/translate-all.c b/translate-all.c
> >>index eaa95e4..1fcfe79 100644
> >>--- a/translate-all.c
> >>+++ b/translate-all.c
> >>@@ -1004,11 +1004,16 @@ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
> >>         invalidate_page_bitmap(p);
> >>     }
> >>
> >>+    /* Ensure that we won't find the TB in the shared hash table
> >>+     * if we con't see it in CPU's local cache.
> >
> >s/con't/can't/
> >
> >>+     * Pairs with smp_rmb() in tb_find_slow(). */
> >>+    smp_wmb();
> >
> >This fence is already embedded in qht_remove, since it internally
> >calls seqlock_write_end() on a successful removal...
> 
> No.  There's stuff that happens after qht_remove and before this barrier:
> tb_page_remove and invalidate_page_bitmap.

I can't see how that "tb page" stuff you refer to is relevant here.

AFAICT the barrier pairing in this patch only applies to tb_jmp_cache
and qht. If as you say it does not, then all comments and the commit message
are wrong.

What am I missing?

		Emilio