unicorn/qemu
Emilio G. Cota f66e74d65b
tcg: consistently access cpu->tb_jmp_cache atomically
Some code paths can lead to atomic accesses racing with memset()
on cpu->tb_jmp_cache, which can result in torn reads/writes
and is undefined behaviour in C11.

These torn accesses are unlikely to show up as bugs, but from code
inspection they seem possible. For example, tb_phys_invalidate does:
/* remove the TB from the hash list */
h = tb_jmp_cache_hash_func(tb->pc);
CPU_FOREACH(cpu) {
if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) {
atomic_set(&cpu->tb_jmp_cache[h], NULL);
}
}
Here atomic_set might race with a concurrent memset (such as the
ones scheduled via "unsafe" async work, e.g. tlb_flush_page) and
therefore we might end up with a torn pointer (or who knows what,
because we are under undefined behaviour).

This patch converts parallel accesses to cpu->tb_jmp_cache to use
atomic primitives, thereby bringing these accesses back to defined
behaviour. The price to pay is to potentially execute more instructions
when clearing cpu->tb_jmp_cache, but given how infrequently they happen
and the small size of the cache, the performance impact I have measured
is within noise range when booting debian-arm.

Note that under "safe async" work (e.g. do_tb_flush) we could use memset
because no other vcpus are running. However I'm keeping these accesses
atomic as well to keep things simple and to avoid confusing analysis
tools such as ThreadSanitizer.

Backports commit f3ced3c59287dabc253f83f0c70aa4934470c15e from qemu
2018-03-03 21:12:36 -05:00
..
crypto crypto: Clean up includes 2018-02-19 00:47:40 -05:00
default-configs arm64eb: add support for ARM64 big endian. 2017-04-24 23:30:01 +08:00
docs docs: clarify memory region lifecycle 2018-02-12 15:11:21 -05:00
fpu softfloat: define floatx80_round() 2018-03-03 20:57:27 -05:00
hw i386: Remove AMD feature flag aliases from Opteron models 2018-03-01 23:49:04 -05:00
include tcg: consistently access cpu->tb_jmp_cache atomically 2018-03-03 21:12:36 -05:00
qapi qapi: add explicit null to string input and output visitors 2018-03-03 20:32:50 -05:00
qobject qnum: add uint type 2018-03-03 18:37:56 -05:00
qom tcg: consistently access cpu->tb_jmp_cache atomically 2018-03-03 21:12:36 -05:00
scripts qapi: Remove visit_start_alternate() parameter promote_int 2018-03-03 18:34:35 -05:00
target target/m68k: add fmovem 2018-03-03 21:05:56 -05:00
tcg target-m68k: use floatx80 internally 2018-03-03 19:35:17 -05:00
util util: add cacheinfo 2018-03-03 16:58:28 -05:00
aarch64.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
aarch64eb.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
accel.c clean-up: removed duplicate #includes 2018-02-28 08:51:56 -05:00
arm.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
armeb.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
atomic_template.h tcg: Add atomic128 helpers 2018-02-27 21:43:48 -05:00
CODING_STYLE import 2015-08-21 15:04:50 +08:00
configure configure: remove Cygwin 2018-03-02 14:17:41 -05:00
COPYING import 2015-08-21 15:04:50 +08:00
COPYING.LIB import 2015-08-21 15:04:50 +08:00
cpu-exec-common.c tcg: Add EXCP_ATOMIC 2018-02-27 11:57:58 -05:00
cpu-exec.c tcg: Introduce goto_ptr opcode and tcg_gen_lookup_and_goto_ptr 2018-03-02 21:05:18 -05:00
cpus.c tcg: handle EXCP_ATOMIC exception for system emulation 2018-03-02 09:56:43 -05:00
cputlb.c tcg: consistently access cpu->tb_jmp_cache atomically 2018-03-03 21:12:36 -05:00
exec.c exec: simplify phys_page_find() params 2018-03-03 14:28:25 -05:00
gen_all_header.sh arm64eb: add support for ARM64 big endian. 2017-04-24 23:30:01 +08:00
glib_compat.c qapi: Improve qobject input visitor error reporting 2018-03-02 12:05:53 -05:00
HACKING import 2015-08-21 15:04:50 +08:00
header_gen.py tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
ioport.c hw: remove pio_addr_t 2018-02-24 02:43:16 -05:00
LICENSE import 2015-08-21 15:04:50 +08:00
m68k.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
Makefile Makefile: Add a FORCE target 2018-02-24 17:03:51 -05:00
Makefile.objs tcg: Add atomic helpers 2018-02-27 15:57:47 -05:00
Makefile.target Move target-* CPU file into a target/ folder 2018-03-01 22:50:58 -05:00
memory.c memory: Introduce DEVICE_HOST_ENDIAN for ram device 2018-03-02 11:24:32 -05:00
memory_ldst.inc.c exec: introduce memory_ldst.inc.c 2018-03-01 09:59:34 -05:00
memory_mapping.c include/qemu/osdep.h: Don't include qapi/error.h 2018-02-21 23:08:18 -05:00
mips.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
mips64.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
mips64el.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
mipsel.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
powerpc.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
qapi-schema.json qapi: Update scripts to commit 01b2ffcedd94ad7b42bc870e4c6936c87ad03429 2018-03-03 18:32:12 -05:00
qemu-timer.c timer/cpus: fix some typos and update some comments 2018-02-25 23:21:57 -05:00
rules.mak rules.mak: Don't extract libs from .mo-libs in link command 2018-02-26 02:08:03 -05:00
softmmu_template.h cputlb: Remove includes from softmmu_template.h 2018-02-27 12:40:43 -05:00
sparc.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
sparc64.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00
tcg-runtime.c tcg: Increase hit rate of lookup_tb_ptr 2018-03-03 17:16:23 -05:00
translate-all.c tcg: consistently access cpu->tb_jmp_cache atomically 2018-03-03 21:12:36 -05:00
translate-all.h translate-all.c: Compute L1 page table properties at runtime 2018-02-26 11:46:58 -05:00
translate-common.c exec: Clean up includes 2018-02-19 00:49:55 -05:00
unicorn_common.h qom/cpu: Add MemoryRegion property 2018-02-18 21:54:50 -05:00
VERSION import 2015-08-21 15:04:50 +08:00
vl.c util: add cacheinfo 2018-03-03 16:58:28 -05:00
vl.h import 2015-08-21 15:04:50 +08:00
x86_64.h tcg: allocate TB structs before the corresponding translated code 2018-03-03 17:05:49 -05:00