From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, "Emilio G. Cota" <cota@braap.org>
Subject: [Qemu-devel] [PULL 51/51] translate-all: exit from tb_phys_invalidate if qht_remove fails
Date: Wed, 25 Oct 2017 11:35:35 +0200 [thread overview]
Message-ID: <20171025093535.10175-52-richard.henderson@linaro.org> (raw)
In-Reply-To: <20171025093535.10175-1-richard.henderson@linaro.org>
From: "Emilio G. Cota" <cota@braap.org>
Two or more threads might race while invalidating the same TB. We currently
do not check for this at all despite taking tb_lock, which means we would
wrongly invalidate the same TB more than once. This bug has actually been
hit by users: I recently saw a report on IRC, although I have yet to see
the corresponding test case.
Fix this by using qht_remove as the synchronization point; if it fails,
that means the TB has already been invalidated, and therefore there
is nothing left to do in tb_phys_invalidate.
Note that this solution works now that we still have tb_lock, and will
continue working once we remove tb_lock.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <1508445114-4717-1-git-send-email-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
accel/tcg/translate-all.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 5724149289..34c5e28d07 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1079,7 +1079,9 @@ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
h = tb_hash_func(phys_pc, tb->pc, tb->flags, tb->cflags & CF_HASH_MASK,
tb->trace_vcpu_dstate);
- qht_remove(&tb_ctx.htable, tb, h);
+ if (!qht_remove(&tb_ctx.htable, tb, h)) {
+ return;
+ }
/* remove the TB from the page list */
if (tb->page_addr[0] != page_addr) {
--
2.13.6
next prev parent reply other threads:[~2017-10-25 9:36 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 9:34 [Qemu-devel] [PULL 00/51] tcg queued patches Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 01/51] tcg: Merge opcode arguments into TCGOp Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 02/51] tcg: Propagate args to op->args in optimizer Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 03/51] tcg: Propagate args to op->args in tcg.c Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 04/51] tcg: Propagate TCGOp down to allocators Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 05/51] tcg: Introduce arg_temp Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 06/51] tcg: Add temp_global bit to TCGTemp Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 07/51] tcg: Return NULL temp for TCG_CALL_DUMMY_ARG Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 08/51] tcg: Introduce temp_arg, export temp_idx Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 09/51] tcg: Use per-temp state data in liveness Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 10/51] tcg: Avoid loops against variable bounds Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 11/51] tcg: Change temp_allocate_frame arg to TCGTemp Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 12/51] tcg: Remove unused TCG_CALL_DUMMY_TCGV Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 13/51] tcg: Use per-temp state data in optimize Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 14/51] tcg: Push tcg_ctx into generator functions Richard Henderson
2017-10-25 9:34 ` [Qemu-devel] [PULL 15/51] tcg: Push tcg_ctx into tcg_gen_callN Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 16/51] tcg: Introduce tcgv_{i32, i64, ptr}_{arg, temp} Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 17/51] tcg: Introduce temp_tcgv_{i32,i64,ptr} Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 18/51] tcg: Remove GET_TCGV_* and MAKE_TCGV_* Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 19/51] tcg: Remove TCGV_EQUAL* Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 20/51] qom: Introduce CPUClass.tcg_initialize Richard Henderson
2017-10-26 12:45 ` Eduardo Habkost
2017-10-25 9:35 ` [Qemu-devel] [PULL 21/51] tcg: Use offsets not indices for TCGv_* Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 22/51] tcg: define CF_PARALLEL and use it for TB hashing along with CF_COUNT_MASK Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 23/51] tcg: Add CPUState cflags_next_tb Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 24/51] tcg: Include CF_COUNT_MASK in CF_HASH_MASK Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 25/51] tcg: convert tb->cflags reads to tb_cflags(tb) Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 26/51] target/arm: check CF_PARALLEL instead of parallel_cpus Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 27/51] target/hppa: " Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 28/51] target/i386: " Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 29/51] target/m68k: " Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 30/51] target/s390x: " Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 31/51] target/sh4: " Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 32/51] target/sparc: " Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 33/51] tcg: " Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 34/51] cpu-exec: lookup/generate TB outside exclusive region during step_atomic Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 35/51] tcg: Add CF_LAST_IO + CF_USE_ICOUNT to CF_HASH_MASK Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 36/51] tcg: Remove CF_IGNORE_ICOUNT Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 37/51] translate-all: use a binary search tree to track TBs in TBContext Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 38/51] exec-all: rename tb_free to tb_remove Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 39/51] translate-all: report correct avg host TB size Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 40/51] tcg: take tb_ctx out of TCGContext Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 41/51] tcg: define tcg_init_ctx and make tcg_ctx a pointer Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 42/51] gen-icount: fold exitreq_label into TCGContext Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 43/51] tcg: introduce **tcg_ctxs to keep track of all TCGContext's Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 44/51] tcg: distribute profiling counters across TCGContext's Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 45/51] tcg: allocate optimizer temps with tcg_malloc Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 46/51] osdep: introduce qemu_mprotect_rwx/none Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 47/51] translate-all: use qemu_protect_rwx/none helpers Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 48/51] tcg: introduce regions to split code_gen_buffer Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 49/51] tcg: enable multiple TCG contexts in softmmu Richard Henderson
2017-10-25 9:35 ` [Qemu-devel] [PULL 50/51] tcg: Initialize cpu_env generically Richard Henderson
2017-10-25 9:35 ` Richard Henderson [this message]
2017-10-25 10:33 ` [Qemu-devel] [PULL 00/51] tcg queued patches no-reply
2017-10-25 19:03 ` Peter Maydell
2017-11-01 17:34 ` Thomas Huth
2017-11-01 20:36 ` Emilio G. Cota
2017-11-02 13:38 ` Peter Maydell
2017-11-02 19:53 ` Emilio G. Cota
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171025093535.10175-52-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=cota@braap.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).