From 14c6ed2cca31471ab24af2ecd5e0d25ef6a49e24 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Thu, 8 Aug 2019 17:12:21 -0400 Subject: [PATCH] RISC-V: Clear load reservations on context switch and SC This prevents a load reservation from being placed in one context/process, then being used in another, resulting in an SC succeeding incorrectly and breaking atomics. Backports commit c13b169f1a3dd158d6c75727cdc388f95988db39 from qemu --- qemu/target/riscv/cpu.c | 1 + qemu/target/riscv/cpu_helper.c | 10 ++++++++++ qemu/target/riscv/insn_trans/trans_rva.inc.c | 8 +++++++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/qemu/target/riscv/cpu.c b/qemu/target/riscv/cpu.c index cbffc3a5..f62df871 100644 --- a/qemu/target/riscv/cpu.c +++ b/qemu/target/riscv/cpu.c @@ -295,6 +295,7 @@ static void riscv_cpu_reset(CPUState *cs) env->pc = env->resetvec; #endif cs->exception_index = EXCP_NONE; + env->load_res = -1; set_default_nan_mode(1, &env->fp_status); } diff --git a/qemu/target/riscv/cpu_helper.c b/qemu/target/riscv/cpu_helper.c index a746452e..f0e8f538 100644 --- a/qemu/target/riscv/cpu_helper.c +++ b/qemu/target/riscv/cpu_helper.c @@ -114,6 +114,16 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong newpriv) } /* tlb_flush is unnecessary as mode is contained in mmu_idx */ env->priv = newpriv; + + /* + * Clear the load reservation - otherwise a reservation placed in one + * context/process can be used by another, resulting in an SC succeeding + * incorrectly. Version 2.2 of the ISA specification explicitly requires + * this behaviour, while later revisions say that the kernel "should" use + * an SC instruction to force the yielding of a load reservation on a + * preemptive context switch. As a result, do both. + */ + env->load_res = -1; } /* get_physical_address - get the physical address for this virtual address diff --git a/qemu/target/riscv/insn_trans/trans_rva.inc.c b/qemu/target/riscv/insn_trans/trans_rva.inc.c index 274700ea..eaed16a1 100644 --- a/qemu/target/riscv/insn_trans/trans_rva.inc.c +++ b/qemu/target/riscv/insn_trans/trans_rva.inc.c @@ -63,7 +63,7 @@ static inline bool gen_sc(DisasContext *ctx, arg_atomic *a, TCGMemOp mop) gen_set_label(tcg_ctx, l1); /* - * Address comparion failure. However, we still need to + * Address comparison failure. However, we still need to * provide the memory barrier implied by AQ/RL. */ tcg_gen_mb(tcg_ctx, TCG_MO_ALL + a->aq * TCG_BAR_LDAQ + a->rl * TCG_BAR_STRL); @@ -71,6 +71,12 @@ static inline bool gen_sc(DisasContext *ctx, arg_atomic *a, TCGMemOp mop) gen_set_gpr(ctx, a->rd, dat); gen_set_label(tcg_ctx, l2); + /* + * Clear the load reservation, since an SC must fail if there is + * an SC to any address, in between an LR and SC pair. + */ + tcg_gen_movi_tl(tcg_ctx, tcg_ctx->load_res_risc, -1); + tcg_temp_free(tcg_ctx, dat); tcg_temp_free(tcg_ctx, src1); tcg_temp_free(tcg_ctx, src2);