diff mbox

exec.c: ensure all AddressSpaceDispatch updates under RCU

Message ID 20161021153418.21571-1-alex.bennee@linaro.org
State Superseded
Headers show

Commit Message

Alex Bennée Oct. 21, 2016, 3:34 p.m. UTC 
The memory_dispatch field is meant to be protected by RCU so we should
use the correct primitives when accessing it. This race was flagged up
by the ThreadSanitizer.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

---
 exec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.9.3

Comments

Paolo Bonzini Oct. 24, 2016, 2:17 p.m. UTC | #1 
On 21/10/2016 17:34, Alex Bennée wrote:
> The memory_dispatch field is meant to be protected by RCU so we should

> use the correct primitives when accessing it. This race was flagged up

> by the ThreadSanitizer.

> 

> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

> ---

>  exec.c | 4 ++--

>  1 file changed, 2 insertions(+), 2 deletions(-)

> 

> diff --git a/exec.c b/exec.c

> index 738e8ba..c5e4073 100644

> --- a/exec.c

> +++ b/exec.c

> @@ -459,7 +459,7 @@ address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,

>                                    hwaddr *xlat, hwaddr *plen)

>  {

>      MemoryRegionSection *section;

> -    AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;

> +    AddressSpaceDispatch *d = atomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);

>  

>      section = address_space_translate_internal(d, addr, xlat, plen, false);

>  

> @@ -2342,7 +2342,7 @@ static void tcg_commit(MemoryListener *listener)

>       * may have split the RCU critical section.

>       */

>      d = atomic_rcu_read(&cpuas->as->dispatch);

> -    cpuas->memory_dispatch = d;

> +    atomic_rcu_set(&cpuas->memory_dispatch, d);

>      tlb_flush(cpuas->cpu, 1);

>  }

>  

> 


Oops, this missed today's pull request but it's a bug so it can go in later.

Thanks,

Paolo
diff mbox

Patch

diff --git a/exec.c b/exec.c
index 738e8ba..c5e4073 100644
--- a/exec.c
+++ b/exec.c
@@ -459,7 +459,7 @@  address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
                                   hwaddr *xlat, hwaddr *plen)
 {
     MemoryRegionSection *section;
-    AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
+    AddressSpaceDispatch *d = atomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);
 
     section = address_space_translate_internal(d, addr, xlat, plen, false);
 
@@ -2342,7 +2342,7 @@  static void tcg_commit(MemoryListener *listener)
      * may have split the RCU critical section.
      */
     d = atomic_rcu_read(&cpuas->as->dispatch);
-    cpuas->memory_dispatch = d;
+    atomic_rcu_set(&cpuas->memory_dispatch, d);
     tlb_flush(cpuas->cpu, 1);
 }