From nobody Tue Feb 10 04:30:29 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1488902881440649.2711785154945;
 Tue, 7 Mar 2017 08:08:01 -0800 (PST)
Received: from localhost ([::1]:51417 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1clHeV-0000IB-MP
	for importer@patchew.org; Tue, 07 Mar 2017 11:07:55 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45807)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alex.bennee@linaro.org>) id 1clHO4-0002SY-4w
	for qemu-devel@nongnu.org; Tue, 07 Mar 2017 10:50:57 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <alex.bennee@linaro.org>) id 1clHO3-0005qF-4E
	for qemu-devel@nongnu.org; Tue, 07 Mar 2017 10:50:56 -0500
Received: from mail-wr0-x231.google.com ([2a00:1450:400c:c0c::231]:33405)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <alex.bennee@linaro.org>)
	id 1clHO2-0005px-KA
	for qemu-devel@nongnu.org; Tue, 07 Mar 2017 10:50:54 -0500
Received: by mail-wr0-x231.google.com with SMTP id u48so4379024wrc.0
	for <qemu-devel@nongnu.org>; Tue, 07 Mar 2017 07:50:54 -0800 (PST)
Received: from zen.linaro.local ([81.128.185.34])
	by smtp.gmail.com with ESMTPSA id
	t103sm479237wrc.43.2017.03.07.07.50.45
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 07 Mar 2017 07:50:49 -0800 (PST)
Received: from zen.linaroharston (localhost [127.0.0.1])
	by zen.linaro.local (Postfix) with ESMTP id B99513E3009;
	Tue,  7 Mar 2017 15:50:54 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=xghB2+k6vzdm0OczMY4d5pjgKabpj0Re/RUs8e6z0kw=;
	b=HCrduoSAhTyjIJ/mR1ArsJb9us5E7JWGhAW6OOeeYxt0z/PbrQ25KLN0c/hYKtNI96
	ORZf38SKPugYMlbVyjt/wNfNw6cWrSWC23cUxadfSRi4Ti6IyLsMjG1h5bofu77wyUjP
	rAjXU4UtKT9+QDt0QRL3U+W+2jUOUCuPw0JK8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=xghB2+k6vzdm0OczMY4d5pjgKabpj0Re/RUs8e6z0kw=;
	b=kvcUaamtUV57RrkRQ31+WPkk1U3prKovAKe7pb/qoUWXtb9Rg01ZugdVurXoJpHWEs
	2dI6AdlIEoCsNTr/ROdHhooc2dAVu3ld5b940moaE+F2zQId1S7VuFNMqdMnMeO3/LbO
	Ajrz6n5XRkB1siqYX9jHDDNo+geSK9JiDM+2PX7rbgMKa9xzEmz88JTbLo77fockFN3p
	qKEBVW6AijKl1BmaL/f0q4b609pqgY24nhQv/6oR56E/87ItwN+0Dzbu0emFY3cfweAb
	yAmk51hDgiETxGaYmuiXgKAocCj9+d35Zxrs7c5/c5UXezd+AKrF4+Fu/ysvUFgW+PmJ
	MYmg==
X-Gm-Message-State: 
 AMke39lLgLe86XKmjCFBnoNyXaER768jKQjM0/z+f9C20ZLD1yeh+r7NKv9+OPaqtLfy9Iyr
X-Received: by 10.223.136.182 with SMTP id f51mr841671wrf.90.1488901853358;
	Tue, 07 Mar 2017 07:50:53 -0800 (PST)
From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>
To: peter.maydell@linaro.org,
	rth@twiddle.net,
	pbonzini@redhat.com
Date: Tue,  7 Mar 2017 15:50:47 +0000
Message-Id: <20170307155054.5833-5-alex.bennee@linaro.org>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170307155054.5833-1-alex.bennee@linaro.org>
References: <20170307155054.5833-1-alex.bennee@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c0c::231
Subject: [Qemu-devel] [PATCH v3 04/11] sparc/sparc64: grab BQL before
 calling cpu_check_irqs
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: mttcg@listserver.greensocs.com, nikunj@linux.vnet.ibm.com,
	Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>,
	a.rigo@virtualopensystems.com, qemu-devel@nongnu.org,
	cota@braap.org, bobby.prani@gmail.com,
	=?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>,
	Artyom Tarasenko <atar4qemu@gmail.com>, fred.konrad@greensocs.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0

IRQ modification is part of device emulation and should be done while
the BQL is held to prevent races when MTTCG is enabled. This adds
assertions in the hw emulation layer and wraps the calls from helpers
in the BQL.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>

---
v3
  - move BQL from cpu_put_psr to helper_wpsr
  - comment cpu_put_psr is under BQL
---
 hw/sparc/sun4m.c            |  3 +++
 hw/sparc64/sparc64.c        |  3 +++
 target/sparc/int64_helper.c |  3 +++
 target/sparc/win_helper.c   | 13 +++++++++++++
 4 files changed, 22 insertions(+)

diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 61416a6426..873cd7df9a 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -142,6 +142,9 @@ void cpu_check_irqs(CPUSPARCState *env)
 {
     CPUState *cs;
=20
+    /* We should be holding the BQL before we mess with IRQs */
+    g_assert(qemu_mutex_iothread_locked());
+
     if (env->pil_in && (env->interrupt_index =3D=3D 0 ||
                         (env->interrupt_index & ~15) =3D=3D TT_EXTINT)) {
         unsigned int i;
diff --git a/hw/sparc64/sparc64.c b/hw/sparc64/sparc64.c
index b3d219c769..4e4fdab065 100644
--- a/hw/sparc64/sparc64.c
+++ b/hw/sparc64/sparc64.c
@@ -55,6 +55,9 @@ void cpu_check_irqs(CPUSPARCState *env)
     uint32_t pil =3D env->pil_in |
                   (env->softint & ~(SOFTINT_TIMER | SOFTINT_STIMER));
=20
+    /* We should be holding the BQL before we mess with IRQs */
+    g_assert(qemu_mutex_iothread_locked());
+
     /* TT_IVEC has a higher priority (16) than TT_EXTINT (31..17) */
     if (env->ivec_status & 0x20) {
         return;
diff --git a/target/sparc/int64_helper.c b/target/sparc/int64_helper.c
index 605747c93c..f942973c22 100644
--- a/target/sparc/int64_helper.c
+++ b/target/sparc/int64_helper.c
@@ -18,6 +18,7 @@
  */
=20
 #include "qemu/osdep.h"
+#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/log.h"
@@ -208,7 +209,9 @@ static bool do_modify_softint(CPUSPARCState *env, uint3=
2_t value)
         env->softint =3D value;
 #if !defined(CONFIG_USER_ONLY)
         if (cpu_interrupts_enabled(env)) {
+            qemu_mutex_lock_iothread();
             cpu_check_irqs(env);
+            qemu_mutex_unlock_iothread();
         }
 #endif
         return true;
diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
index 71b3dd37e8..154279ecda 100644
--- a/target/sparc/win_helper.c
+++ b/target/sparc/win_helper.c
@@ -18,6 +18,7 @@
  */
=20
 #include "qemu/osdep.h"
+#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "exec/helper-proto.h"
@@ -82,6 +83,7 @@ void cpu_put_psr_raw(CPUSPARCState *env, target_ulong val)
 #endif
 }
=20
+/* Called with BQL held */
 void cpu_put_psr(CPUSPARCState *env, target_ulong val)
 {
     cpu_put_psr_raw(env, val);
@@ -153,7 +155,10 @@ void helper_wrpsr(CPUSPARCState *env, target_ulong new=
_psr)
     if ((new_psr & PSR_CWP) >=3D env->nwindows) {
         cpu_raise_exception_ra(env, TT_ILL_INSN, GETPC());
     } else {
+        /* cpu_put_psr may trigger interrupts, hence BQL */
+        qemu_mutex_lock_iothread();
         cpu_put_psr(env, new_psr);
+        qemu_mutex_unlock_iothread();
     }
 }
=20
@@ -368,7 +373,9 @@ void helper_wrpstate(CPUSPARCState *env, target_ulong n=
ew_state)
=20
 #if !defined(CONFIG_USER_ONLY)
     if (cpu_interrupts_enabled(env)) {
+        qemu_mutex_lock_iothread();
         cpu_check_irqs(env);
+        qemu_mutex_unlock_iothread();
     }
 #endif
 }
@@ -381,7 +388,9 @@ void helper_wrpil(CPUSPARCState *env, target_ulong new_=
pil)
     env->psrpil =3D new_pil;
=20
     if (cpu_interrupts_enabled(env)) {
+        qemu_mutex_lock_iothread();
         cpu_check_irqs(env);
+        qemu_mutex_unlock_iothread();
     }
 #endif
 }
@@ -408,7 +417,9 @@ void helper_done(CPUSPARCState *env)
=20
 #if !defined(CONFIG_USER_ONLY)
     if (cpu_interrupts_enabled(env)) {
+        qemu_mutex_lock_iothread();
         cpu_check_irqs(env);
+        qemu_mutex_unlock_iothread();
     }
 #endif
 }
@@ -435,7 +446,9 @@ void helper_retry(CPUSPARCState *env)
=20
 #if !defined(CONFIG_USER_ONLY)
     if (cpu_interrupts_enabled(env)) {
+        qemu_mutex_lock_iothread();
         cpu_check_irqs(env);
+        qemu_mutex_unlock_iothread();
     }
 #endif
 }
--=20
2.11.0