From patchwork Mon Jan 7 16:31:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 154931 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp3684983ljp; Mon, 7 Jan 2019 08:50:42 -0800 (PST) X-Google-Smtp-Source: ALg8bN44azSbzoD2kgCdj5Zu8U9GfjkRH7sq4ISLKgj+cYouSYAFk6eUB5sKaQRmt99JrjgEWaDt X-Received: by 2002:a5d:45d0:: with SMTP id b16mr49610442wrs.86.1546879842061; Mon, 07 Jan 2019 08:50:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546879842; cv=none; d=google.com; s=arc-20160816; b=yYwytWrb6AhxNHEUibjpQW/rEOAMRStGF6zYcb5cTeFKgdoUvnBTZGgTjVUzJA8/AM qC+B92ugQLjBknWM1S5qUvpU7yqx+pT54hBPLNrcDxE7Ig32+VyfwPt+jnsa/aaqG+7i J3udARbVMFLhhSYGng9ARxvrV59QLWSa4UHwt8zHdwdxdHKny3A0zEbeEKNlevjxMdE1 p9p0HTxoWI3Pqc0JxuTax+Od08tU+nGE+s1KonH8XuybsxxTO3kKCa48iS6Q9a13sMIR Pe4jTVbOOUSnSMyTGFp3UKssoh0wAPdQMV9tyHL5rd6kvH1CVXxaub/6rVF3nNYvD2UD V9XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature; bh=TOtzORjw7YC4m6L0fj5Wo5LEgSmQNqLx7l1bWVlv6Zs=; b=AcR4j1voOo2NCN2UjfeZNCXfrhiNP9iToLmNBYY+KTE8siXl1kXiR41e81yTicEzfz 9GdWY7hKkVxveGWo+SYLT64SVBry5XA91YyCHAIOEbd+egw/3dXDswEzqJ2wDjny1vVq p2OiykYxyKQ3LnLmdLgFkYyuISG1Onc81OXkixgJbIckg1jISWbcBufg0AekW2LJKQum HcS2KGYrPBZ/iA0Lo4ZocbU5E3PyzC+sz37ymqsCypToha5f1ROXyKToJD224fn6Nms4 C0YzeuahHm3N6AoZwZJIs0VOp+f18O6buqvSocTUwTTUkY6NF/JW2iMFU0j64mA8KKt8 BzxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=OBoSISdh; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id g5si5633717wma.148.2019.01.07.08.50.41 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 07 Jan 2019 08:50:42 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=OBoSISdh; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([127.0.0.1]:46919 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ggY6r-0003Kr-49 for patch@linaro.org; Mon, 07 Jan 2019 11:50:41 -0500 Received: from eggs.gnu.org ([209.51.188.92]:46434) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ggXod-00053K-25 for qemu-devel@nongnu.org; Mon, 07 Jan 2019 11:31:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ggXoa-0002Bg-Pl for qemu-devel@nongnu.org; Mon, 07 Jan 2019 11:31:50 -0500 Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c]:38747) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ggXoa-00029M-Ep for qemu-devel@nongnu.org; Mon, 07 Jan 2019 11:31:48 -0500 Received: by mail-wr1-x42c.google.com with SMTP id v13so1074532wrw.5 for ; Mon, 07 Jan 2019 08:31:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=TOtzORjw7YC4m6L0fj5Wo5LEgSmQNqLx7l1bWVlv6Zs=; b=OBoSISdh8OdMe08k6MDfolscA1raoDNnsZgRiIdvyfMczU2GSKjd6OaOZgu6LgVhmg uYU94Yv/o6gber87zgGPvhY2+c3Qdgd74RZ1yEDdza3kIyEar7zBbrcRsTdM4KirNgu7 NPgDd/saCOJ8UatmBJQNhZejH+WjzmcirMCLM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TOtzORjw7YC4m6L0fj5Wo5LEgSmQNqLx7l1bWVlv6Zs=; b=DJgL0qNOo4X3jvMg7z/JcCgw5UmmLY8sYSYor62IDRLuPA9B0vSrwMUTmijH1scWdw 9sFk/q5WH6oiKZRCE09RB+yMl+nEej1fg1A6BpCavnPUfD8J/hAnqbzAObPLB18X+U+J uT8yXWYWEwTKXv5AMNFr4i8lWehlYF+M2c7EuEP52LXeDUYK8aOU76TLaBDzoBiJhYlv Ra9ddLcUF/tAFjE4DtBx7hgcK7M5WnH+f4+U2EA0m8KKItGhKYBowQQQXCHT4YSBoqvn ymuNqXrQ159HUlaERvrJT1OLoA/MhqmKzi9qEAHS9CsmURdA5MLhbIGD45jPk9+5LJcW SXhw== X-Gm-Message-State: AJcUukfCWTcDXQK0DOd3LLyPyCBHxHyBWztcKj9c1l7vw5RAgWW5pXfX hTLPELS8z8zHpm8WgzvRjjc0wala0kKRuw== X-Received: by 2002:a5d:6450:: with SMTP id d16mr52215154wrw.64.1546878707068; Mon, 07 Jan 2019 08:31:47 -0800 (PST) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id j14sm46039759wrv.96.2019.01.07.08.31.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 07 Jan 2019 08:31:46 -0800 (PST) From: Peter Maydell To: qemu-devel@nongnu.org Date: Mon, 7 Jan 2019 16:31:02 +0000 Message-Id: <20190107163117.16269-23-peter.maydell@linaro.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20190107163117.16269-1-peter.maydell@linaro.org> References: <20190107163117.16269-1-peter.maydell@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::42c Subject: [Qemu-devel] [PULL 22/37] cpus.c: Fix race condition in cpu_stop_current() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" We use cpu_stop_current() to ensure the current CPU has stopped from places like qemu_system_reset_request(). Unfortunately its current implementation has a race. It calls qemu_cpu_stop(), which sets cpu->stopped to true even though the CPU hasn't actually stopped yet. The main thread will look at the flags set by qemu_system_reset_request() and call pause_all_vcpus(). pause_all_vcpus() waits for every cpu to have cpu->stopped true, so it can continue (and we will start the system reset operation) before the vcpu thread has got back to its top level loop. Instead, just set cpu->stop and call cpu_exit(). This will cause the vcpu to exit back to the top level loop, and there (as part of the wait_io_event code) it will call qemu_cpu_stop(). This fixes bugs where the reset request appeared to be ignored or the CPU misbehaved because the reset operation started to change vcpu state while the vcpu thread was still using it. Signed-off-by: Peter Maydell Reviewed-by: Emilio G. Cota Tested-by: Jaap Crezee Message-id: 20181207155911.12710-1-peter.maydell@linaro.org --- cpus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.19.2 diff --git a/cpus.c b/cpus.c index 0ddeeefc14f..b09b7027126 100644 --- a/cpus.c +++ b/cpus.c @@ -2100,7 +2100,8 @@ void qemu_init_vcpu(CPUState *cpu) void cpu_stop_current(void) { if (current_cpu) { - qemu_cpu_stop(current_cpu, true); + current_cpu->stop = true; + cpu_exit(current_cpu); } }