From: Richard Henderson <richard.henderson@linaro.org>
To: Weiwei Li <liweiwei@iscas.ac.cn>,
qemu-riscv@nongnu.org, qemu-devel@nongnu.org
Cc: palmer@dabbelt.com, alistair.francis@wdc.com,
bin.meng@windriver.com, dbarboza@ventanamicro.com,
zhiwei_liu@linux.alibaba.com, wangjunqiang@iscas.ac.cn,
lazyparser@gmail.com
Subject: Re: [PATCH v4 6/8] accel/tcg: Fix tb mis-matched problem when CF_PCREL is enabled
Date: Fri, 31 Mar 2023 18:52:57 -0700 [thread overview]
Message-ID: <a669c6d9-98c6-5ad6-df56-319b12229eb6@linaro.org> (raw)
In-Reply-To: <3cf2469f-fd47-544d-1343-663a5e6c5b8d@linaro.org>
On 3/31/23 18:26, Richard Henderson wrote:
> On 3/31/23 08:06, Weiwei Li wrote:
>> A corner case is triggered when tb block with first_pc = 0x80000008
>> and first_pc = 0x800000200 has the same jump cache hash, and share
>> the same tb entry with the same tb information except PC.
>> The executed sequence is as follows:
>> tb(0x80000008) -> tb(0x80000008)-> tb(0x800000200) -> tb(0x80000008)
>>
>> 1. At the first time tb for 0x80000008 is loaded, tb in jmp_cache is
>> filled, however pc is not updated.
>> 2. At the second time tb for 0x80000008 is looked up in tb_lookup(),
>> pc in jmp cache is set to 0x80000008.
>> 3. when tb for 0x800000200 is loaded, tb for jmp cache is updated to
>> this block, however pc is not updated, and remains to be 0x80000008.
>> 4. Finally at the last time tb for 0x80000008 is looked up, tb for
>> 0x800000200 is mismatched.
>>
>> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
>> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
>> ---
>> accel/tcg/cpu-exec.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
>> index c815f2dbfd..faff413f42 100644
>> --- a/accel/tcg/cpu-exec.c
>> +++ b/accel/tcg/cpu-exec.c
>> @@ -983,6 +983,9 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
>> h = tb_jmp_cache_hash_func(pc);
>> /* Use the pc value already stored in tb->pc. */
>> qatomic_set(&cpu->tb_jmp_cache->array[h].tb, tb);
>> + if (cflags & CF_PCREL) {
>> + qatomic_set(&cpu->tb_jmp_cache->array[h].pc, pc);
>> + }
>
> Good catch on the bug, but incorrect fix. Need
>
> if (cflags & CF_PCREL) {
> qatomic_set(&cpu->tb_jmp_cache->array[h].pc, pc);
> qatomic_store_release(&cpu->tb_jmp_cache->array[h].tb, tb);
> } else {
> /* Use the pc value already stored in tb->pc. */
> qatomic_set(&cpu->tb_jmp_cache->array[h].tb, tb);
> }
Queuing the fix to tcg-next.
r~
next prev parent reply other threads:[~2023-04-01 1:53 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-31 15:06 [PATCH v4 0/8] target/riscv: Fix pointer mask related support Weiwei Li
2023-03-31 15:06 ` [PATCH v4 1/8] target/riscv: Fix pointer mask transformation for vector address Weiwei Li
2023-03-31 15:06 ` [PATCH v4 2/8] target/riscv: Update cur_pmmask/base when xl changes Weiwei Li
2023-03-31 15:06 ` [PATCH v4 3/8] target/riscv: Fix target address to update badaddr Weiwei Li
2023-04-01 1:06 ` Richard Henderson
2023-03-31 15:06 ` [PATCH v4 4/8] target/riscv: Add support for PC-relative translation Weiwei Li
2023-04-01 1:14 ` Richard Henderson
2023-03-31 15:06 ` [PATCH v4 5/8] accel/tcg: Fix overwrite problems of tcg_cflags Weiwei Li
2023-04-01 1:18 ` Richard Henderson
2023-04-01 1:33 ` Richard Henderson
2023-04-01 1:38 ` Richard Henderson
2023-03-31 15:06 ` [PATCH v4 6/8] accel/tcg: Fix tb mis-matched problem when CF_PCREL is enabled Weiwei Li
2023-04-01 1:26 ` Richard Henderson
2023-04-01 1:52 ` Richard Henderson [this message]
2023-03-31 15:06 ` [PATCH v4 7/8] target/riscv: Enable PC-relative translation in system mode Weiwei Li
2023-04-01 1:53 ` Richard Henderson
2023-03-31 15:06 ` [PATCH v4 8/8] target/riscv: Add pointer mask support for instruction fetch Weiwei Li
2023-04-01 1:54 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a669c6d9-98c6-5ad6-df56-319b12229eb6@linaro.org \
--to=richard.henderson@linaro.org \
--cc=alistair.francis@wdc.com \
--cc=bin.meng@windriver.com \
--cc=dbarboza@ventanamicro.com \
--cc=lazyparser@gmail.com \
--cc=liweiwei@iscas.ac.cn \
--cc=palmer@dabbelt.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=wangjunqiang@iscas.ac.cn \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).