From patchwork Mon Mar 30 12:52:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 185053 Delivered-To: patch@linaro.org Received: by 2002:a92:de47:0:0:0:0:0 with SMTP id e7csp2484294ilr; Mon, 30 Mar 2020 05:53:49 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsEO6gffnHdr+ho2ltTLJXOk+ytGH/p+6D/qWg7F+BWi5+bhNNrpi/sukCPKB6+vgxnF9Cc X-Received: by 2002:a05:620a:11:: with SMTP id j17mr10645572qki.117.1585572829236; Mon, 30 Mar 2020 05:53:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585572829; cv=none; d=google.com; s=arc-20160816; b=IMj1OyhrJ4rsm9vj0KDDUbF5lO7s5y+BORReTFTErAs1+cTFULSvKrZnY9DJr8Lt9p y7WW+kco9ga4rcj26YNXHmqLPyityHsqPhqTvPv3vd242/Hf4CE8r/FjHLJE7dkLU97w YwGIvh+QFXAnrBa6FbCPiJGJiuhVVYI/GbX7CpxlAfjeOziehPJOWXeG2eOSPHdtjURY cAK2WC5kqREepIonDjHw62xNSu2VJP9F+ZTAkAEYH05TiHwn7YFh88lfIHltnYyafa/T mJNIotAAzA462N8/edO5gCG8YX9sO9kfwgEt4Hppjk9B9X1fqjmce7knS5DbM/J2dI/P j6RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:to:from:dkim-signature; bh=ALfi4lR0Lc+6XLpLaDFdkaksDiC94nJZHheu4aK1Grg=; b=Zrvnl+PnHnxuYNgCq279IKLseJk0pAFY3e/9HGZvwFEtpDuI6aHrlXRGIb5DNaE59J QkEJdcyj8aZmHAqCvZ93ZItVH2GqAS4dq1hRwR4Ilc05X/AMxVipoWUOxxYt2vvAr6Wy UFf5WpIQugClFrJsi0qOPfQ4PDyQEoTedI9F2q6GSToDhMUuDIrYuBYaRjFOBLRgmXbA cE1RrLv/W7rh6YjaGSWKQai5JOYYcxzkOmB1yXyLGz+Y/zqAT3BX6gFlIDB8vLMPYcb1 7aMhL82RJ2ntZuM0oLenSAQ1mv0YORoRFx+EtmknHYHigc5dD9NjUpGkDgKpEYhuch/c jYig== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=xXp1CYVu; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id b25si8333103qtq.373.2020.03.30.05.53.49 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Mar 2020 05:53:49 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=xXp1CYVu; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:49184 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jItvI-00017z-QG for patch@linaro.org; Mon, 30 Mar 2020 08:53:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41572) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jItu7-0008Ng-IH for qemu-devel@nongnu.org; Mon, 30 Mar 2020 08:52:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jItu6-0007ll-5z for qemu-devel@nongnu.org; Mon, 30 Mar 2020 08:52:35 -0400 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]:37487) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jItu5-0007jr-Ts for qemu-devel@nongnu.org; Mon, 30 Mar 2020 08:52:34 -0400 Received: by mail-wr1-x442.google.com with SMTP id w10so21529946wrm.4 for ; Mon, 30 Mar 2020 05:52:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ALfi4lR0Lc+6XLpLaDFdkaksDiC94nJZHheu4aK1Grg=; b=xXp1CYVu02IZNbasReIyYkb8nPg4FbluXCa1DGpywJas0VU9cRm4ySwS2ccDw8rzHJ 6a/1V2Ee6aWk4zrMFnVf+lUJ5OBLV8p/kcTNgZsZQLXGRGQTygFmeo7Xvs2yqw0kMf9X LAiEoF3HRuZXYi6Gp7Sj0WV8CyDYyJJWDoSvjMgmzTE1YpI9fxkXiprrYfG0r53V5srY Kq0gaQSQgsJX5rUYEKw6rRqAbUkjHL8XMCczGvA2849Zoc3USyxjN2RwpROWuMNAUvS7 M9v0TRaX8CVctecJ57zTWsYBJmxvRWUNpZR9a/fkcdqfCPRHd8yyysPFhealsUiPpWr1 2WKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ALfi4lR0Lc+6XLpLaDFdkaksDiC94nJZHheu4aK1Grg=; b=q4nVLdiND9LUa7Tq89oVBmjAxuweDWWn7J1armR4INF2Ia+HASpTGwxtFn15CyaJMj iLcR1DsjLPnW/6q3aj3wMKySJKikJN4xxnp9baYYkCbqq07QfxVYtrS1Dm2UvgBnBqnv Lu5Kn5AmyOQsD/7r+oeEihmJGbYQljUtpZ8QP6bNWaTVfu16QyDKTZ3AZFD7kVRy1Kxo LljRKtCTybjVZTeglausewqTyGK25BFp5EO6ZOET6APNyioBG5T157E2qBU+40bCDEHr Zl0bQBV6HqYR9xeVMSPJPtCG47Ne5iDcfanPH9kvKQGdTlqiQtE3wFjqW/lsY/HkF7wn oY+A== X-Gm-Message-State: ANhLgQ1lAMVnXB4pYe5rYA/1ZsWrsRO5dUOutK2p4FQU66z607nsehEl QwpxhNnqUrrSRDBKs+VEQVKdfxC6EjEreg== X-Received: by 2002:adf:a348:: with SMTP id d8mr14831676wrb.83.1585572751023; Mon, 30 Mar 2020 05:52:31 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [81.2.115.148]) by smtp.gmail.com with ESMTPSA id a10sm13775028wrm.87.2020.03.30.05.52.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2020 05:52:30 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PATCH for-5.0] hw/ppc/ppc440_uc.c: Remove incorrect iothread locking from dcr_write_pcie() Date: Mon, 30 Mar 2020 13:52:28 +0100 Message-Id: <20200330125228.24994-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::442 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-ppc@nongnu.org, David Gibson Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" In dcr_write_pcie() we take the iothread lock around a call to pcie_host_mmcfg_udpate(). This is an incorrect attempt to deal with the bug fixed in commit 235352ee6e73d7716, where we were not taking the iothread lock before calling device dcr read/write functions. (It's not sufficient locking, because although the other cases in the switch statement won't assert, there is no locking which prevents multiple guest CPUs from trying to access the PPC460EXPCIEState struct at the same time and corrupting data.) Unfortunately with commit 235352ee6e73d7716 we are now trying to recursively take the iothread lock, which will assert: $ qemu-system-ppc -M sam460ex --display none ** ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/cpus.c:1830:qemu_mutex_lock_iothread_impl: assertion failed: (!qemu_mutex_iothread_locked()) Aborted (core dumped) Remove the locking within dcr_write_pcie(). Fixes: 235352ee6e73d7716 Signed-off-by: Peter Maydell --- I did a grep of hw/ppc and didn't see anything else that was doing its own locking inside a dcr read/write fn. --- hw/ppc/ppc440_uc.c | 3 --- 1 file changed, 3 deletions(-) -- 2.20.1 Tested-by: BALATON Zoltan diff --git a/hw/ppc/ppc440_uc.c b/hw/ppc/ppc440_uc.c index d5ea962249f..b30e093cbb0 100644 --- a/hw/ppc/ppc440_uc.c +++ b/hw/ppc/ppc440_uc.c @@ -13,7 +13,6 @@ #include "qemu/error-report.h" #include "qapi/error.h" #include "qemu/log.h" -#include "qemu/main-loop.h" #include "qemu/module.h" #include "cpu.h" #include "hw/irq.h" @@ -1183,9 +1182,7 @@ static void dcr_write_pcie(void *opaque, int dcrn, uint32_t val) case PEGPL_CFGMSK: s->cfg_mask = val; size = ~(val & 0xfffffffe) + 1; - qemu_mutex_lock_iothread(); pcie_host_mmcfg_update(PCIE_HOST_BRIDGE(s), val & 1, s->cfg_base, size); - qemu_mutex_unlock_iothread(); break; case PEGPL_MSGBAH: s->msg_base = ((uint64_t)val << 32) | (s->msg_base & 0xffffffff);