From patchwork Thu Oct 27 15:10:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 79732 Delivered-To: patch@linaro.org Received: by 10.80.142.83 with SMTP id 19csp717814edx; Thu, 27 Oct 2016 08:47:23 -0700 (PDT) X-Received: by 10.31.11.145 with SMTP id 139mr7055343vkl.141.1477582841443; Thu, 27 Oct 2016 08:40:41 -0700 (PDT) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id v139si3578147vkd.22.2016.10.27.08.40.41 for (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 27 Oct 2016 08:40:41 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:42361 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzmnI-0003Q0-Fj for patch@linaro.org; Thu, 27 Oct 2016 11:40:40 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42849) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzmL4-00053s-H0 for qemu-devel@nongnu.org; Thu, 27 Oct 2016 11:11:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bzmKz-0007wC-L6 for qemu-devel@nongnu.org; Thu, 27 Oct 2016 11:11:30 -0400 Received: from mail-wm0-x233.google.com ([2a00:1450:400c:c09::233]:37557) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1bzmKz-0007u2-Aj for qemu-devel@nongnu.org; Thu, 27 Oct 2016 11:11:25 -0400 Received: by mail-wm0-x233.google.com with SMTP id 140so29484727wmv.0 for ; Thu, 27 Oct 2016 08:11:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dg7uo0sNZpoYVbSxzuZWeheB8FY6tiUgTvInThE4MsQ=; b=N7jZCysC2E3xi7X8Ilz2e6re59E7DFEyAfhWJtZq/4w+xv/z9Nx7QtneMQfAmp7b0J dgZhQCHb/B1uz9x90f9DNthvvcqn0OZL3eiW7rrBsF+HYcfP6OUJYWDXy1iwQqW6HQwm 5rnsHraSBvlMrHvM5LfYq16tEtmwZGAlUD17E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dg7uo0sNZpoYVbSxzuZWeheB8FY6tiUgTvInThE4MsQ=; b=XVVfnSzMt4XpomrJyvPwNxIVDCBBJGpFNv12S75rGjFks05R/ol6qf+jpcLvwD1aE2 bcxmQkT12H3A/V+Nm8BJKKK78XbsdlyOmh/4qSkVcA8xuGab4neKs15OyhF2mH6ABPM5 UjOq/s/h4lYPiDpPEp8DpTWJf3p9I3rYqHJqcz0fSL36mwWKPEvSHwrAgoIeA6CiR8XH wCa58aL7AVvW1WPX4f/+nFJMwD5gWhi4U5g9mp0qet2lSX4uCO6s2gODDzZa9Qf+koQ5 xiHZpgRofPJO4OIL4+uVcMuqynglY/Q9LiKWpjMxrcfXa6cpfKSq68Ju0t4sCJGxSI6e tkZA== X-Gm-Message-State: ABUngvf8+Tqna4+1JSCc1muPKj2qwRUi8vAg0Qd52zTZNOYD3g85b8p/zNEtMpDvSaKra0yx X-Received: by 10.194.125.114 with SMTP id mp18mr7194489wjb.106.1477581073890; Thu, 27 Oct 2016 08:11:13 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id v3sm9024658wjm.4.2016.10.27.08.11.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Oct 2016 08:11:11 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 3DC6A3E04B2; Thu, 27 Oct 2016 16:11:01 +0100 (BST) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: pbonzini@redhat.com Date: Thu, 27 Oct 2016 16:10:24 +0100 Message-Id: <20161027151030.20863-28-alex.bennee@linaro.org> X-Mailer: git-send-email 2.10.1 In-Reply-To: <20161027151030.20863-1-alex.bennee@linaro.org> References: <20161027151030.20863-1-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:400c:c09::233 Subject: [Qemu-devel] [PATCH v5 27/33] cputlb: atomically update tlb fields used by tlb_reset_dirty X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mttcg@listserver.greensocs.com, peter.maydell@linaro.org, claudio.fontana@huawei.com, nikunj@linux.vnet.ibm.com, Peter Crosthwaite , jan.kiszka@siemens.com, mark.burton@greensocs.com, a.rigo@virtualopensystems.com, qemu-devel@nongnu.org, cota@braap.org, serge.fdrv@gmail.com, bobby.prani@gmail.com, rth@twiddle.net, =?UTF-8?q?Alex=20Benn=C3=A9e?= , fred.konrad@greensocs.com Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" The main use case for tlb_reset_dirty is to set the TLB_NOTDIRTY flags in TLB entries to force the slow-path on writes. This is used to mark page ranges containing code which has been translated so it can be invalidated if written to. To do this safely we need to ensure the TLB entries in question for all vCPUs are updated before we attempt to run the code otherwise a race could be introduced. To achieve this we atomically set the flag in tlb_reset_dirty_range and take care when setting it when the TLB entry is filled. The helper function is made static as it isn't used outside of cputlb. Signed-off-by: Alex Bennée --- cputlb.c | 91 ++++++++++++++++++++++++++++++++++++++------------- include/exec/cputlb.h | 2 -- 2 files changed, 68 insertions(+), 25 deletions(-) -- 2.10.1 diff --git a/cputlb.c b/cputlb.c index 614c0b3..981cb42 100644 --- a/cputlb.c +++ b/cputlb.c @@ -303,32 +303,50 @@ void tlb_unprotect_code(ram_addr_t ram_addr) cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE); } -static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe) -{ - return (tlbe->addr_write & (TLB_INVALID_MASK|TLB_MMIO|TLB_NOTDIRTY)) == 0; -} -void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start, +/* + * Dirty write flag handling + * + * When the TCG code writes to a location it looks up the address in + * the TLB and uses that data to compute the final address. If any of + * the lower bits of the address are set then the slow path is forced. + * There are a number of reasons to do this but for normal RAM the + * most usual is detecting writes to code regions which may invalidate + * generated code. + * + * Because we want other vCPUs to respond to changes straight away we + * update the te->addr_write field atomically. If the TLB entry has + * been changed by the vCPU in the mean time we skip the update. + */ + +static void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start, uintptr_t length) { - uintptr_t addr; + /* paired with atomic_mb_set in tlb_set_page_with_attrs */ + uintptr_t orig_addr = atomic_mb_read(&tlb_entry->addr_write); + uintptr_t addr = orig_addr; - if (tlb_is_dirty_ram(tlb_entry)) { - addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend; + if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) { + addr &= TARGET_PAGE_MASK; + addr += atomic_read(&tlb_entry->addend); if ((addr - start) < length) { - tlb_entry->addr_write |= TLB_NOTDIRTY; + uintptr_t notdirty_addr = orig_addr | TLB_NOTDIRTY; + atomic_cmpxchg(&tlb_entry->addr_write, orig_addr, notdirty_addr); } } } +/* This is a cross vCPU call (i.e. another vCPU resetting the flags of + * the target vCPU). As such care needs to be taken that we don't + * dangerously race with another vCPU update. The only thing actually + * updated is the target TLB entry ->addr_write flags. + */ void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length) { CPUArchState *env; int mmu_idx; - assert_cpu_is_self(cpu); - env = cpu->env_ptr; for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) { unsigned int i; @@ -414,9 +432,9 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr, MemoryRegionSection *section; unsigned int index; target_ulong address; - target_ulong code_address; + target_ulong code_address, write_address; uintptr_t addend; - CPUTLBEntry *te; + CPUTLBEntry *te, *tv; hwaddr iotlb, xlat, sz; unsigned vidx = env->vtlb_index++ % CPU_VTLB_SIZE; int asidx = cpu_asidx_from_attrs(cpu, attrs); @@ -451,15 +469,21 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr, index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); te = &env->tlb_table[mmu_idx][index]; - /* do not discard the translation in te, evict it into a victim tlb */ - env->tlb_v_table[mmu_idx][vidx] = *te; + tv = &env->tlb_v_table[mmu_idx][vidx]; + + /* addr_write can race with tlb_reset_dirty_range_all */ + tv->addr_read = te->addr_read; + atomic_set(&tv->addr_write, atomic_read(&te->addr_write)); + tv->addr_code = te->addr_code; + atomic_set(&tv->addend, atomic_read(&te->addend)); + env->iotlb_v[mmu_idx][vidx] = env->iotlb[mmu_idx][index]; /* refill the tlb */ env->iotlb[mmu_idx][index].addr = iotlb - vaddr; env->iotlb[mmu_idx][index].attrs = attrs; - te->addend = addend - vaddr; + atomic_set(&te->addend, addend - vaddr); if (prot & PAGE_READ) { te->addr_read = address; } else { @@ -471,21 +495,24 @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr, } else { te->addr_code = -1; } + + write_address = -1; if (prot & PAGE_WRITE) { if ((memory_region_is_ram(section->mr) && section->readonly) || memory_region_is_romd(section->mr)) { /* Write access calls the I/O callback. */ - te->addr_write = address | TLB_MMIO; + write_address = address | TLB_MMIO; } else if (memory_region_is_ram(section->mr) && cpu_physical_memory_is_clean( memory_region_get_ram_addr(section->mr) + xlat)) { - te->addr_write = address | TLB_NOTDIRTY; + write_address = address | TLB_NOTDIRTY; } else { - te->addr_write = address; + write_address = address; } - } else { - te->addr_write = -1; } + + /* Pairs with flag setting in tlb_reset_dirty_range */ + atomic_mb_set(&te->addr_write, write_address); } /* Add a new TLB entry, but without specifying the memory @@ -648,10 +675,28 @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index, if (cmp == page) { /* Found entry in victim tlb, swap tlb and iotlb. */ CPUTLBEntry tmptlb, *tlb = &env->tlb_table[mmu_idx][index]; + + /* tmptlb = *tlb; */ + /* addr_write can race with tlb_reset_dirty_range_all */ + tmptlb.addr_read = tlb->addr_read; + tmptlb.addr_write = atomic_read(&tlb->addr_write); + tmptlb.addr_code = tlb->addr_code; + tmptlb.addend = atomic_read(&tlb->addend); + + /* *tlb = *vtlb; */ + tlb->addr_read = vtlb->addr_read; + atomic_set(&tlb->addr_write, atomic_read(&vtlb->addr_write)); + tlb->addr_code = vtlb->addr_code; + atomic_set(&tlb->addend, atomic_read(&vtlb->addend)); + + /* *vtlb = tmptlb; */ + vtlb->addr_read = tmptlb.addr_read; + atomic_set(&vtlb->addr_write, tmptlb.addr_write); + vtlb->addr_code = tmptlb.addr_code; + atomic_set(&vtlb->addend, tmptlb.addend); + CPUIOTLBEntry tmpio, *io = &env->iotlb[mmu_idx][index]; CPUIOTLBEntry *vio = &env->iotlb_v[mmu_idx][vidx]; - - tmptlb = *tlb; *tlb = *vtlb; *vtlb = tmptlb; tmpio = *io; *io = *vio; *vio = tmpio; return true; } diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h index d454c00..3f94178 100644 --- a/include/exec/cputlb.h +++ b/include/exec/cputlb.h @@ -23,8 +23,6 @@ /* cputlb.c */ void tlb_protect_code(ram_addr_t ram_addr); void tlb_unprotect_code(ram_addr_t ram_addr); -void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start, - uintptr_t length); extern int tlb_flush_count; #endif