User-mode emulation correctly uses cpu_exit() whenever it needs to go
all the way out of the cpu exec loop.  It never uses qemu_cpu_kick();
therefore, there is no need for tcg_kick_vcpu_thread() to set
cpu->exit_request again.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 accel/tcg/cpu-exec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 1a973596d87..b9da2e3770e 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -750,6 +750,7 @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
 
 void tcg_kick_vcpu_thread(CPUState *cpu)
 {
+#ifdef CONFIG_SYSTEM
     /*
      * Ensure cpu_exec will see the reason why the exit request was set.
      * FIXME: this is not always needed.  Other accelerators instead
@@ -757,6 +758,7 @@ void tcg_kick_vcpu_thread(CPUState *cpu)
      * CPU thread; see kvm_arch_pre_run() for example.
      */
     qatomic_store_release(&cpu->exit_request, 1);
+#endif
 
     /* Ensure cpu_exec will see the exit request after TCG has exited.  */
     qatomic_store_release(&cpu->neg.icount_decr.u16.high, -1);
-- 
2.50.1

On 8/8/25 20:59, Paolo Bonzini wrote:
> User-mode emulation correctly uses cpu_exit() whenever it needs to go
> all the way out of the cpu exec loop.  It never uses qemu_cpu_kick();
> therefore, there is no need for tcg_kick_vcpu_thread() to set
> cpu->exit_request again.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   accel/tcg/cpu-exec.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> index 1a973596d87..b9da2e3770e 100644
> --- a/accel/tcg/cpu-exec.c
> +++ b/accel/tcg/cpu-exec.c
> @@ -750,6 +750,7 @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
>   
>   void tcg_kick_vcpu_thread(CPUState *cpu)
>   {
> +#ifdef CONFIG_SYSTEM
>       /*
>        * Ensure cpu_exec will see the reason why the exit request was set.
>        * FIXME: this is not always needed.  Other accelerators instead
> @@ -757,6 +758,7 @@ void tcg_kick_vcpu_thread(CPUState *cpu)
>        * CPU thread; see kvm_arch_pre_run() for example.
>        */
>       qatomic_store_release(&cpu->exit_request, 1);
> +#endif
>   
>       /* Ensure cpu_exec will see the exit request after TCG has exited.  */
>       qatomic_store_release(&cpu->neg.icount_decr.u16.high, -1);

What about cpu_handle_interrupt()?

On Fri, Aug 8, 2025 at 11:21 PM Philippe Mathieu-Daudé
<philmd@linaro.org> wrote:
> > diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> > index 1a973596d87..b9da2e3770e 100644
> > --- a/accel/tcg/cpu-exec.c
> > +++ b/accel/tcg/cpu-exec.c
> > @@ -750,6 +750,7 @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
> >
> >   void tcg_kick_vcpu_thread(CPUState *cpu)
> >   {
> > +#ifdef CONFIG_SYSTEM
> >       /*
> >        * Ensure cpu_exec will see the reason why the exit request was set.
> >        * FIXME: this is not always needed.  Other accelerators instead
> > @@ -757,6 +758,7 @@ void tcg_kick_vcpu_thread(CPUState *cpu)
> >        * CPU thread; see kvm_arch_pre_run() for example.
> >        */
> >       qatomic_store_release(&cpu->exit_request, 1);
> > +#endif
> >
> >       /* Ensure cpu_exec will see the exit request after TCG has exited.  */
> >       qatomic_store_release(&cpu->neg.icount_decr.u16.high, -1);
>
> What about cpu_handle_interrupt()?

The point of this patch isn't that qemu-user never reads exit_request
(as you point out, it does). The point is that qemu-user always uses
cpu_exit() rather than qemu_cpu_kick(), and therefore it's already
always writing exit_request.

For system emulation, writing cpu->exit_request should be moved from
tcg_kick_vcpu_thread to tcg_ops->cpu_exec_interrupt.

Paolo
Paolo