[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-7.2.7 12/62] accel/tcg: mttcg remove false-negative halted asser
From: |
Michael Tokarev |
Subject: |
[Stable-7.2.7 12/62] accel/tcg: mttcg remove false-negative halted assertion |
Date: |
Thu, 9 Nov 2023 16:58:40 +0300 |
From: Nicholas Piggin <npiggin@gmail.com>
mttcg asserts that an execution ending with EXCP_HALTED must have
cpu->halted. However between the event or instruction that sets
cpu->halted and requests exit and the assertion here, an
asynchronous event could clear cpu->halted.
This leads to crashes running AIX on ppc/pseries because it uses
H_CEDE/H_PROD hcalls, where H_CEDE sets self->halted = 1 and
H_PROD sets other cpu->halted = 0 and kicks it.
H_PROD could be turned into an interrupt to wake, but several other
places in ppc, sparc, and semihosting follow what looks like a similar
pattern setting halted = 0 directly. So remove this assertion.
Reported-by: Ivan Warren <ivan@vmfacility.fr>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20230829010658.8252-1-npiggin@gmail.com>
[rth: Keep the case label and adjust the comment.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 0e5903436de712844b0e6cdd862b499c767e09e9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/accel/tcg/tcg-accel-ops-mttcg.c b/accel/tcg/tcg-accel-ops-mttcg.c
index d50239e0e2..3a021624f4 100644
--- a/accel/tcg/tcg-accel-ops-mttcg.c
+++ b/accel/tcg/tcg-accel-ops-mttcg.c
@@ -100,14 +100,9 @@ static void *mttcg_cpu_thread_fn(void *arg)
break;
case EXCP_HALTED:
/*
- * during start-up the vCPU is reset and the thread is
- * kicked several times. If we don't ensure we go back
- * to sleep in the halted state we won't cleanly
- * start-up when the vCPU is enabled.
- *
- * cpu->halted should ensure we sleep in wait_io_event
+ * Usually cpu->halted is set, but may have already been
+ * reset by another thread by the time we arrive here.
*/
- g_assert(cpu->halted);
break;
case EXCP_ATOMIC:
qemu_mutex_unlock_iothread();
--
2.39.2
- [Stable-7.2.7 08/62] linux-user/hppa: clear the PSW 'N' bit when delivering signals, (continued)
- [Stable-7.2.7 08/62] linux-user/hppa: clear the PSW 'N' bit when delivering signals, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 09/62] linux-user/hppa: lock both words of function descriptor, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 07/62] hw/ppc: Always store the decrementer value, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 05/62] target/ppc: Sign-extend large decrementer to 64-bits, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 22/62] target/i386: Fix and add some comments next to SSE/AVX instructions., Michael Tokarev, 2023/11/09
- [Stable-7.2.7 13/62] hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467], Michael Tokarev, 2023/11/09
- [Stable-7.2.7 06/62] target/ppc: Decrementer fix BookE semantics, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 10/62] hw/cxl: Fix CFMW config memory leak, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 15/62] ui/vnc: fix handling of VNC_FEATURE_XVP, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 11/62] target/arm: Don't skip MTE checks for LDRT/STRT at EL0, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 12/62] accel/tcg: mttcg remove false-negative halted assertion,
Michael Tokarev <=
- [Stable-7.2.7 14/62] ui/vnc: fix debug output for invalid audio message, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 16/62] optionrom: Remove build-id section, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 21/62] tests/tcg/i386: correct mask for VPERM2F128/VPERM2I128, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 19/62] scsi-disk: ensure that FORMAT UNIT commands are terminated, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 18/62] esp: restrict non-DMA transfer length to that of available data, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 20/62] target/i386: fix operand size of unary SSE operations, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 24/62] target/i386: Fix exception classes for MOVNTPS/MOVNTPD., Michael Tokarev, 2023/11/09
- [Stable-7.2.7 23/62] target/i386: Fix exception classes for SSE/AVX instructions., Michael Tokarev, 2023/11/09
- [Stable-7.2.7 26/62] target/i386: fix memory operand size for CVTPS2PD, Michael Tokarev, 2023/11/09
- [Stable-7.2.7 17/62] esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux(), Michael Tokarev, 2023/11/09