| Message ID | 20230301024737.1210851-2-richard.henderson@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | plugin: fix clearing of plugin_mem_cbs on TB exit | expand |
As I mentioned in the patch that is being superseded here I like this approach -- it is simpler and generates less code. I'd also like to see the plugin_gen_disable_mem_helpers function go away, and a mention somewhere that now we are intentionally not clearing cpu->plugin_mem_cbs until TB exit (before we weren't doing that either, but that was unintentional due to a bug). So, for instance when doing a goto_tb from a TB with helpers, we leave plugin_mem_cbs set. This is not a problem in practice because if subsequent TB's use helpers, they will overwrite the pointer. Some more comments below. On Tue, Feb 28, 2023 at 16:47:36 -1000, Richard Henderson wrote: > Do this in cpu_tb_exec (normal exit) and cpu_loop_exit (exception), > adjacent to where we reset can_do_io. > > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1381 > Signed-off-by: Richard Henderson <richard.henderson@linaro.org> > --- > accel/tcg/cpu-exec-common.c | 4 ++++ > accel/tcg/cpu-exec.c | 5 +++-- > 2 files changed, 7 insertions(+), 2 deletions(-) > > diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c > index c7bc8c6efa..e136b0843c 100644 > --- a/accel/tcg/cpu-exec-common.c > +++ b/accel/tcg/cpu-exec-common.c > @@ -65,6 +65,10 @@ void cpu_loop_exit(CPUState *cpu) > { > /* Undo the setting in cpu_tb_exec. */ > cpu->can_do_io = 1; > +#ifdef CONFIG_PLUGIN > + /* Undo any setting in generated code. */ > + cpu->plugin_mem_cbs = NULL; > +#endif > siglongjmp(cpu->jmp_env, 1); > } > > diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c > index 56aaf58b9d..2831fcafee 100644 > --- a/accel/tcg/cpu-exec.c > +++ b/accel/tcg/cpu-exec.c > @@ -459,6 +459,9 @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit) > qemu_thread_jit_execute(); > ret = tcg_qemu_tb_exec(env, tb_ptr); > cpu->can_do_io = 1; > +#ifdef CONFIG_PLUGIN > + cpu->plugin_mem_cbs = NULL; > +#endif We should use qemu_plugin_disable_mem_helpers, which avoids the ifdef. Also note that there are existing calls to that function that should now go away because they happen after the clearings here. Thanks, Emilio
On 3/1/23 02:05, Emilio Cota wrote: > As I mentioned in the patch that is being superseded here > I like this approach -- it is simpler and generates less > code. > > I'd also like to see the plugin_gen_disable_mem_helpers > function go away, and a mention somewhere that now we are > intentionally not clearing cpu->plugin_mem_cbs until TB exit > (before we weren't doing that either, but that was unintentional > due to a bug). So, for instance when doing a goto_tb from a > TB with helpers, we leave plugin_mem_cbs set. This is not a > problem in practice because if subsequent TB's use helpers, > they will overwrite the pointer. If we can do that, go from one TB to another without clearing, then we don't need to clear it at all, ever. r~
On 3/1/23 02:05, Emilio Cota wrote: > As I mentioned in the patch that is being superseded here > I like this approach -- it is simpler and generates less > code. > > I'd also like to see the plugin_gen_disable_mem_helpers > function go away, and a mention somewhere that now we are > intentionally not clearing cpu->plugin_mem_cbs until TB exit > (before we weren't doing that either, but that was unintentional > due to a bug). So, for instance when doing a goto_tb from a > TB with helpers, we leave plugin_mem_cbs set. plugin_mem_cbs is used by all out-of-line load/store, therefore we cannot leave it set longer than required. r~
diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c index c7bc8c6efa..e136b0843c 100644 --- a/accel/tcg/cpu-exec-common.c +++ b/accel/tcg/cpu-exec-common.c @@ -65,6 +65,10 @@ void cpu_loop_exit(CPUState *cpu) { /* Undo the setting in cpu_tb_exec. */ cpu->can_do_io = 1; +#ifdef CONFIG_PLUGIN + /* Undo any setting in generated code. */ + cpu->plugin_mem_cbs = NULL; +#endif siglongjmp(cpu->jmp_env, 1); } diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index 56aaf58b9d..2831fcafee 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -459,6 +459,9 @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit) qemu_thread_jit_execute(); ret = tcg_qemu_tb_exec(env, tb_ptr); cpu->can_do_io = 1; +#ifdef CONFIG_PLUGIN + cpu->plugin_mem_cbs = NULL; +#endif /* * TODO: Delay swapping back to the read-write region of the TB * until we actually need to modify the TB. The read-only copy, @@ -526,7 +529,6 @@ static void cpu_exec_exit(CPUState *cpu) if (cc->tcg_ops->cpu_exec_exit) { cc->tcg_ops->cpu_exec_exit(cpu); } - QEMU_PLUGIN_ASSERT(cpu->plugin_mem_cbs == NULL); } void cpu_exec_step_atomic(CPUState *cpu) @@ -1004,7 +1006,6 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc) cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit); - QEMU_PLUGIN_ASSERT(cpu->plugin_mem_cbs == NULL); /* Try to align the host and virtual clocks if the guest is in advance */ align_clocks(sc, cpu);
Do this in cpu_tb_exec (normal exit) and cpu_loop_exit (exception), adjacent to where we reset can_do_io. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1381 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- accel/tcg/cpu-exec-common.c | 4 ++++ accel/tcg/cpu-exec.c | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-)