[Qemu-commits] [qemu/qemu] 055b86: util/interval-tree: Use qatomic

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 055b86: util/interval-tree: Use qatomic_read

From:	Richard Henderson
Subject:	[Qemu-commits] [qemu/qemu] 055b86: util/interval-tree: Use qatomic_read for left/righ...
Date:	Mon, 31 Jul 2023 21:08:00 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 055b86e0f0b4325117055d8d31c49011258f4af3
      
https://github.com/qemu/qemu/commit/055b86e0f0b4325117055d8d31c49011258f4af3
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M util/interval-tree.c

  Log Message:
  -----------
  util/interval-tree: Use qatomic_read for left/right while searching

Fixes a race condition (generally without optimization) in which
the subtree is re-read after the protecting if condition.

Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 4c8baa02d36379507afd17bdea87aabe0aa32ed3
      
https://github.com/qemu/qemu/commit/4c8baa02d36379507afd17bdea87aabe0aa32ed3
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M util/interval-tree.c

  Log Message:
  -----------
  util/interval-tree: Use qatomic_set_mb in rb_link_node

Ensure that the stores to rb_left and rb_right are complete before
inserting the new node into the tree.  Otherwise a concurrent reader
could see garbage in the new leaf.

Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: d37a259fa4f5164e300e8a20cdd83fe39c7fdadb
      
https://github.com/qemu/qemu/commit/d37a259fa4f5164e300e8a20cdd83fe39c7fdadb
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M util/interval-tree.c

  Log Message:
  -----------
  util/interval-tree: Introduce pc_parent

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 79e29851bf57741252a20838cdc59074ab5bac29
      
https://github.com/qemu/qemu/commit/79e29851bf57741252a20838cdc59074ab5bac29
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M util/interval-tree.c

  Log Message:
  -----------
  util/interval-tree: Use qatomic_read/set for rb_parent_color

While less susceptible to optimization problems than left and right,
interval_tree_iter_next also reads rb_parent(), so make sure that
stores and loads are atomic.

This goes further than technically required, changing all loads to
be atomic, rather than simply the ones in the iteration side.  But
it doesn't really affect the code generation on the rebalance side
and is cleaner to handle everything the same.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: ad17868eb162a5466d8ad43e5ccb428776403308
      
https://github.com/qemu/qemu/commit/ad17868eb162a5466d8ad43e5ccb428776403308
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M accel/tcg/translate-all.c

  Log Message:
  -----------
  accel/tcg: Clear tcg_ctx->gen_tb on buffer overflow

On overflow of code_gen_buffer, we unlock the guest pages we had been
translating, but failed to clear gen_tb.  On restart, if we cannot
allocate a TB, we exit to the main loop to perform the flush of all
TBs as soon as possible.  With garbage in gen_tb, we hit an assert:

../src/accel/tcg/tb-maint.c:348:page_unlock__debug: \
    assertion failed: (page_is_locked(pd))

Fixes: deba78709ae8 ("accel/tcg: Always lock pages before translation")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 28b61d49ac80bac8ef74aff0b75058bdd0b2f108
      
https://github.com/qemu/qemu/commit/28b61d49ac80bac8ef74aff0b75058bdd0b2f108
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M bsd-user/main.c

  Log Message:
  -----------
  bsd-user: Allocate guest virtual address space

With reserved_va, mmap.c expects to have pre-allocated host address
space for the entire guest address space.  When combined with the -B
command-line option, ensure that the chosen address does not overlap
anything else.  Ensure that mmap_next_start is within reserved_va,
as we use it within mmap.c without checking.

Reviewed by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230727161148.444988-1-richard.henderson@linaro.org>


  Commit: 0f2f3247d456e08baa345768824dae6864d9acb6
      
https://github.com/qemu/qemu/commit/0f2f3247d456e08baa345768824dae6864d9acb6
  Author: Warner Losh <imp@bsdimp.com>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M bsd-user/mmap.c

  Log Message:
  -----------
  bsd-user: Specify host page alignment if none specified

We're hitting an assert when we pass in alignment == 0 since that's not
a power of two. so pass in the ideal page size.

Signed-off-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230728162927.5009-1-imp@bsdimp.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 2e718e665706d5fcc3e3501bda26f277f055ed85
      
https://github.com/qemu/qemu/commit/2e718e665706d5fcc3e3501bda26f277f055ed85
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M target/ppc/translate.c

  Log Message:
  -----------
  target/ppc: Disable goto_tb with architectural singlestep

The change to use translator_use_goto_tb went too far, as the
CF_SINGLE_STEP flag managed by the translator only handles
gdb single stepping and not the architectural single stepping
modeled in DisasContext.singlestep_enabled.

Fixes: 6e9cc373ec5 ("target/ppc: Use translator_use_goto_tb")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1795
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 38dd78c41eaf08b490c9e7ec68fc508bbaa5cb1d
      
https://github.com/qemu/qemu/commit/38dd78c41eaf08b490c9e7ec68fc508bbaa5cb1d
  Author: Helge Deller <deller@gmx.de>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M linux-user/arm/cpu_loop.c

  Log Message:
  -----------
  linux-user/armeb: Fix __kernel_cmpxchg() for armeb

Commit 7f4f0d9ea870 ("linux-user/arm: Implement __kernel_cmpxchg with host
atomics") switched to use qatomic_cmpxchg() to swap a word with the memory
content, but missed to endianess-swap the oldval and newval values when
emulating an armeb CPU, which expects words to be stored in big endian in
the guest memory.

The bug can be verified with qemu >= v7.0 on any little-endian host, when
starting the armeb binary of the upx program, which just hangs without
this patch.

Cc: qemu-stable@nongnu.org
Signed-off-by: Helge Deller <deller@gmx.de>
Reported-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Reported-by: John Reiser <jreiser@BitWagon.com>
Closes: https://github.com/upx/upx/issues/687
Message-Id: <ZMQVnqY+F+5sTNFd@p100>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 8b94ec53f367db7adcc9b59c483ce3e6c7bc3740
      
https://github.com/qemu/qemu/commit/8b94ec53f367db7adcc9b59c483ce3e6c7bc3740
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M target/s390x/tcg/excp_helper.c

  Log Message:
  -----------
  target/s390x: Move trans_exc_code update to do_program_interrupt

This solves a problem in which the store to LowCore during tlb_fill
triggers a clean-page TB invalidation for page0 during translation,
which results in an assertion failure for locked pages.

By delaying the store until after the exception has been raised,
we will have unwound the pages locked for translation and the
problem does not arise.  There are plenty of other updates to
LowCore while delivering an interrupt/exception; trans_exc_code
does not need to be special.

Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 802341823f1720511dd5cf53ae40285f7978c61b
      
https://github.com/qemu/qemu/commit/802341823f1720511dd5cf53ae40285f7978c61b
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-31 (Mon, 31 Jul 2023)

  Changed paths:
    M accel/tcg/translate-all.c
    M bsd-user/main.c
    M bsd-user/mmap.c
    M linux-user/arm/cpu_loop.c
    M target/ppc/translate.c
    M target/s390x/tcg/excp_helper.c
    M util/interval-tree.c

  Log Message:
  -----------
  Merge tag 'pull-tcg-20230731' of https://gitlab.com/rth7680/qemu into staging

util/interval-tree: Access left/right/parent atomically
accel/tcg: Clear gen_tb on buffer overflow
bsd-user: Specify host page alignment if none specified
bsd-user: Allocate guest virtual address space
target/ppc: Disable goto_tb with architectural singlestep
target/s390x: Move trans_exc_code update to do_program_interrupt

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTIIQUdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV87JAf/ZgJTq26oniJ4TLkS
# 2UVBEcxGnnA2L1n4zcXG1o0onT5dAqm/6YjSlVD7C+Ol8pzQMomJKcWLL/jrCEUp
# rQXPV9ibD5bCtO47MY3ZS3aW3pqOhXOeKUFer1+YHWRRyi9Y6kEx0d2No3MSGo18
# S5A6zPwqduQvZPBPVualmtdIrpTasxhUdNfbqBW31pxYpCNg1wqIiwKoLcD5NJeX
# epVhaUi/7TwqljrK7SGXmmfDWiTHIXDtvPrJQcSYGgqpVNFzRuq6jTXRJObeWen0
# DhOHqC0Z6OkZ2gU+eso/VRbcbawQNQohUHQzZ7c0643TxncPDKG82/MDRe2MTJnq
# /z+jpw==
# =Z8UY
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 31 Jul 2023 02:00:53 PM PDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" 
[ultimate]

* tag 'pull-tcg-20230731' of https://gitlab.com/rth7680/qemu:
  target/s390x: Move trans_exc_code update to do_program_interrupt
  linux-user/armeb: Fix __kernel_cmpxchg() for armeb
  target/ppc: Disable goto_tb with architectural singlestep
  bsd-user: Specify host page alignment if none specified
  bsd-user: Allocate guest virtual address space
  accel/tcg: Clear tcg_ctx->gen_tb on buffer overflow
  util/interval-tree: Use qatomic_read/set for rb_parent_color
  util/interval-tree: Introduce pc_parent
  util/interval-tree: Use qatomic_set_mb in rb_link_node
  util/interval-tree: Use qatomic_read for left/right while searching

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


Compare: https://github.com/qemu/qemu/compare/234320cd0573...802341823f17
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 055b86: util/interval-tree: Use qatomic_read for left/righ..., Richard Henderson <=
Next by Date: [Qemu-commits] [qemu/qemu] ace33a: hw/xen: Clarify (lack of) error handling in transa...
Next by thread: [Qemu-commits] [qemu/qemu] ace33a: hw/xen: Clarify (lack of) error handling in transa...
Index(es):
- Date
- Thread