tcg: synchronize cpu->exit_request and cpu->tcg_exit_req accesses

Backports commit ab096a75cd626dcd4ad34b2a11652df0269bee0d from qemu
2025-05-04 15:12:16 +00:00 · 2018-02-15 13:09:37 -05:00 · 2018-02-15 13:09:37 -05:00 · 7f1d59bb83
parent 1cfd4190a7
commit 7f1d59bb83
2 changed files with 19 additions and 13 deletions
--- a/qemu/cpu-exec.c
+++ b/qemu/cpu-exec.c
@ -244,19 +244,23 @@ int cpu_exec(struct uc_struct *uc, CPUState *cpu)
                    cpu->current_tb = NULL;
                    switch (next_tb & TB_EXIT_MASK) {
-                        case TB_EXIT_REQUESTED:
+                    case TB_EXIT_REQUESTED:
-                            /* Something asked us to stop executing
+                        /* Something asked us to stop executing
-                             * chained TBs; just continue round the main
+                         * chained TBs; just continue round the main
-                             * loop. Whatever requested the exit will also
+                         * loop. Whatever requested the exit will also
-                             * have set something else (eg exit_request or
+                         * have set something else (eg exit_request or
-                             * interrupt_request) which we will handle
+                         * interrupt_request) which we will handle
-                             * next time around the loop.
+                         * next time around the loop.  But we need to
-                             */
+                         * ensure the tcg_exit_req read in generated code
-                            tb = (TranslationBlock *)(next_tb & ~TB_EXIT_MASK);
+                         * comes before the next read of cpu->exit_request
-                            next_tb = 0;
+                         * or cpu->interrupt_request.
-                            break;
+                         */
-                        default:
+                        smp_rmb();
-                            break;
+                        tb = (TranslationBlock *)(next_tb & ~TB_EXIT_MASK);
                        next_tb = 0;
                        break;
                    default:
                        break;
                    }
                }
                /* reset soft MMU for next block (it can currently
--- a/qemu/qom/cpu.c
+++ b/qemu/qom/cpu.c
@ -107,6 +107,8 @@ void cpu_reset_interrupt(CPUState *cpu, int mask)
 void cpu_exit(CPUState *cpu)
 {
    cpu->exit_request = 1;
    /* Ensure cpu_exec will see the exit request after TCG has exited.  */
    smp_wmb();
    cpu->tcg_exit_req = 1;
 }