Changeset 37702 in vbox

Timestamp:

Jun 30, 2011 10:09:59 AM (14 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

72562

Message:

REM/VMM: Don't flush the TLB if you don't hold the EM/REM lock, some other EMT may be executing code in the recompiler and could be really surprised by a TLB flush.

Location:

trunk

Files:

• include/VBox/dis.h (modified) (6 diffs)
• include/VBox/types.h (modified) (1 diff)
• include/VBox/vmm/em.h (modified) (2 diffs)
• src/VBox/VMM/VMMAll/EMAll.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMAll/REMAll.cpp (modified) (1 diff)
• src/VBox/VMM/include/REMInternal.h (modified) (1 diff)
• src/recompiler/VBoxRecompiler.c (modified) (8 diffs)
• src/recompiler/cpu-all.h (modified) (1 diff)
• src/recompiler/cpu-exec.c (modified) (1 diff)
• src/recompiler/exec-all.h (modified) (1 diff)
• src/recompiler/exec.c (modified) (3 diffs)
• src/recompiler/target-i386/op_helper.c (modified) (4 diffs)

trunk/include/VBox/dis.h

@@ -32 +32 @@
 
 #if defined(__L4ENV__)
-#include <setjmp.h>
+# include <setjmp.h>
 #endif
 
@@ -368 +368 @@
  * Operand Parameter.
  */
-typedef struct _OP_PARAMETER
+typedef struct OP_PARAMETER
 {
     /** @todo switch param and parval and move disp64 and flags up here with the other 64-bit vars to get more natural alignment and save space. */
@@ -416 +416 @@
 
 
-struct _OPCODE;
 /** Pointer to opcode. */
-typedef struct _OPCODE *POPCODE;
+typedef struct OPCODE *POPCODE;
 /** Pointer to const opcode. */
-typedef const struct _OPCODE *PCOPCODE;
+typedef const struct OPCODE *PCOPCODE;
 
 typedef DECLCALLBACK(int) FN_DIS_READBYTES(RTUINTPTR pSrc, uint8_t *pDest, unsigned size, void *pvUserdata);
 typedef FN_DIS_READBYTES *PFN_DIS_READBYTES;
-
-/* forward decl */
-struct _DISCPUSTATE;
-/** Pointer to the disassembler CPU state. */
-typedef struct _DISCPUSTATE *PDISCPUSTATE;
 
 /** Parser callback.
@@ -435 +429 @@
 typedef FNDISPARSE *PFNDISPARSE;
 
-typedef struct _DISCPUSTATE
+typedef struct DISCPUSTATE
 {
     /* Global setting */
@@ -513 +507 @@
 } DISCPUSTATE;
 
-/** Pointer to a const disassembler CPU state. */
-typedef DISCPUSTATE const *PCDISCPUSTATE;
-
 /** The storage padding sufficient to hold the largest DISCPUSTATE in all
  * contexts (R3, R0 and RC). Used various places in the VMM internals.   */
@@ -522 +513 @@
 /** Opcode. */
 #pragma pack(4)
-typedef struct _OPCODE
+typedef struct OPCODE
 {
 #ifndef DIS_CORE_ONLY

trunk/include/VBox/types.h

@@ -1054 +1054 @@
 } CPUMMODE;
 
+
+/** Pointer to the disassembler CPU state. */
+typedef struct DISCPUSTATE *PDISCPUSTATE;
+/** Pointer to a const disassembler CPU state. */
+typedef struct DISCPUSTATE const *PCDISCPUSTATE;
+
+
 /** @} */
 

trunk/include/VBox/vmm/em.h

@@ -29 +29 @@
 #include <VBox/types.h>
 #include <VBox/vmm/trpm.h>
-#include <VBox/dis.h>
 
 
@@ -189 +188 @@
 VMMDECL(void)       EMRemLock(PVM pVM);
 VMMDECL(bool)       EMRemIsLockOwner(PVM pVM);
-VMMDECL(int)        EMTryEnterRemLock(PVM pVM);
+VMMDECL(int)        EMRemTryLock(PVM pVM);
 /** @} */
 

trunk/src/VBox/VMM/VMMAll/EMAll.cpp

@@ -3136 +3136 @@
 VMMDECL(bool) EMRemIsLockOwner(PVM pVM)
 {
+    if (!PDMCritSectIsInitialized(&pVM->em.s.CritSectREM))
+        return true;   /* early init */
+
     return PDMCritSectIsOwner(&pVM->em.s.CritSectREM);
 }
@@ -3145 +3148 @@
  * @param   pVM         The VM to operate on.
  */
-VMMDECL(int) EMTryEnterRemLock(PVM pVM)
-{
+VMMDECL(int) EMRemTryLock(PVM pVM)
+{
+    if (!PDMCritSectIsInitialized(&pVM->em.s.CritSectREM))
+        return VINF_SUCCESS; /* early init */
+
     return PDMCritSectTryEnter(&pVM->em.s.CritSectREM);
 }

trunk/src/VBox/VMM/VMMAll/REMAll.cpp

@@ -47 +47 @@
      */
     if (   pVM->rem.s.cInvalidatedPages < RT_ELEMENTS(pVM->rem.s.aGCPtrInvalidatedPages)
-        && EMTryEnterRemLock(pVM) == VINF_SUCCESS)
+        && EMRemTryLock(pVM) == VINF_SUCCESS)
     {
         uint32_t iPage = pVM->rem.s.cInvalidatedPages;

trunk/src/VBox/VMM/include/REMInternal.h

@@ -238 +238 @@
 bool    remR3DisasInstr(CPUState *env, int f32BitCode, char *pszPrefix);
 void    remR3FlushPage(CPUState *env, RTGCPTR GCPtr);
-void    remR3SetPage(CPUState *env, CPUTLBEntry *pRead,  CPUTLBEntry *pWrite, int prot, int is_user);
 void    remR3FlushTLB(CPUState *env, bool fGlobal);
 void    remR3ProtectCode(CPUState *env, RTGCPTR GCPtr);

trunk/src/recompiler/VBoxRecompiler.c

@@ -311 +311 @@
     CPUMGetGuestCpuId(pVCpu, 0x80000001, &u32Dummy, &u32Dummy, &pVM->rem.s.Env.cpuid_ext3_features, &pVM->rem.s.Env.cpuid_ext2_features);
 
+    EMRemLock(pVM);
     cpu_reset(&pVM->rem.s.Env);
+    EMRemUnlock(pVM);
 
     /* allocate code buffer for single instruction emulation. */
@@ -607 +609 @@
 REMR3DECL(void) REMR3Reset(PVM pVM)
 {
+    EMRemLock(pVM); /* Only pro forma, we're in a rendezvous. */
+
     /*
      * Reset the REM cpu.
@@ -622 +626 @@
     /* Flush the TBs the next time we execute code here. */
     pVM->rem.s.fFlushTBs = true;
+
+    EMRemUnlock(pVM);
 }
 
@@ -764 +770 @@
 
     /*
-     * Sync the Load Flush the TLB
-     */
-    tlb_flush(&pRem->Env, 1);
-
-    /*
      * Stop ignoring ignorable notifications.
      */
@@ -814 +815 @@
      */
     interrupt_request = pVM->rem.s.Env.interrupt_request;
-    Assert(!(interrupt_request & ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB | CPU_INTERRUPT_TIMER  | CPU_INTERRUPT_EXTERNAL_HARD | CPU_INTERRUPT_EXTERNAL_EXIT | CPU_INTERRUPT_EXTERNAL_TIMER)));
+    Assert(!(interrupt_request & ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB | CPU_INTERRUPT_TIMER  | CPU_INTERRUPT_EXTERNAL_HARD | CPU_INTERRUPT_EXTERNAL_EXIT | CPU_INTERRUPT_EXTERNAL_FLUSH_TLB | CPU_INTERRUPT_EXTERNAL_TIMER)));
     pVM->rem.s.Env.interrupt_request = 0;
     cpu_single_step(&pVM->rem.s.Env, 1);
@@ -954 +955 @@
     {
         int interrupt_request = pVM->rem.s.Env.interrupt_request;
-        Assert(!(interrupt_request & ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB | CPU_INTERRUPT_TIMER | CPU_INTERRUPT_EXTERNAL_HARD | CPU_INTERRUPT_EXTERNAL_EXIT | CPU_INTERRUPT_EXTERNAL_TIMER)));
+        Assert(!(interrupt_request & ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB | CPU_INTERRUPT_TIMER | CPU_INTERRUPT_EXTERNAL_HARD | CPU_INTERRUPT_EXTERNAL_EXIT | CPU_INTERRUPT_EXTERNAL_FLUSH_TLB | CPU_INTERRUPT_EXTERNAL_TIMER)));
 #ifdef REM_USE_QEMU_SINGLE_STEP_FOR_LOGGING
         cpu_single_step(&pVM->rem.s.Env, 0);
@@ -1677 +1678 @@
     int rc;
 
+    Assert(EMRemIsLockOwner(env->pVM));
+
     /*
      * When we're replaying invlpg instructions or restoring a saved
@@ -1786 +1789 @@
 void remR3FlushTLB(CPUX86State *env, bool fGlobal)
 {
-    PVM pVM = env->pVM;
+    PVM      pVM = env->pVM;
     PCPUMCTX pCtx;
+    Assert(EMRemIsLockOwner(pVM));
 
     /*

trunk/src/recompiler/cpu-all.h

@@ -945 +945 @@
 #ifdef VBOX
 /** Executes a single instruction. cpu_exec() will normally return EXCP_SINGLE_INSTR. */
-# define CPU_INTERRUPT_SINGLE_INSTR             0x02000000
+# define CPU_INTERRUPT_SINGLE_INSTR             0x01000000
 /** Executing a CPU_INTERRUPT_SINGLE_INSTR request, quit the cpu_loop. (for exceptions and suchlike) */
-# define CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT   0x04000000
+# define CPU_INTERRUPT_SINGLE_INSTR_IN_FLIGHT   0x02000000
 /** VM execution was interrupted by VMR3Reset, VMR3Suspend or VMR3PowerOff. */
-# define CPU_INTERRUPT_RC                       0x08000000
+# define CPU_INTERRUPT_RC                       0x04000000
+/** Exit current TB to process an external request. */
+# define CPU_INTERRUPT_EXTERNAL_FLUSH_TLB       0x08000000
 /** Exit current TB to process an external request. */
 # define CPU_INTERRUPT_EXTERNAL_EXIT            0x10000000

trunk/src/recompiler/cpu-exec.c

@@ -417 +417 @@
 #if defined(TARGET_I386)
 # ifdef VBOX
+                    /* Memory registration may post a tlb flush request, process it ASAP. */
+                    if (interrupt_request & (CPU_INTERRUPT_EXTERNAL_FLUSH_TLB)) {
+                        tlb_flush(env, true); /* (clears the flush flag) */
+                    }
+
                     /* Single instruction exec request, we execute it and return (one way or the other).
                        The caller will always reschedule after doing this operation! */

trunk/src/recompiler/exec-all.h

@@ -34 +34 @@
 # include <VBox/vmm/tm.h>
 # include <VBox/vmm/pgm.h> /* PGM_DYNAMIC_RAM_ALLOC */
+# include <VBox/vmm/em.h>  /* EMRemIsLockOwner */
 # ifndef LOG_GROUP
 #  define LOG_GROUP LOG_GROUP_REM

trunk/src/recompiler/exec.c

@@ -2108 +2108 @@
     int i;
 
+#ifdef VBOX
+    Assert(EMRemIsLockOwner(env->pVM));
+    ASMAtomicAndS32((int32_t volatile *)&env->interrupt_request, ~CPU_INTERRUPT_EXTERNAL_FLUSH_TLB);
+#endif
+
 #if defined(DEBUG_TLB)
     printf("tlb_flush:\n");
@@ -2151 +2156 @@
     int mmu_idx;
 
+    Assert(EMRemIsLockOwner(env->pVM));
 #if defined(DEBUG_TLB)
     printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
@@ -2923 +2929 @@
     /* since each CPU stores ram addresses in its TLB cache, we must
        reset the modified entries */
+#ifndef VBOX
     /* XXX: slow ! */
     for(env = first_cpu; env != NULL; env = env->next_cpu) {
         tlb_flush(env, 1);
     }
+#else
+    /* We have one thread per CPU, so, one of the other EMTs might be executing
+       code right now and flushing the TLB may crash it. */
+    env = first_cpu;
+    if (EMRemIsLockOwner(env->pVM))
+        tlb_flush(env, 1);
+    else
+        ASMAtomicOrS32((int32_t volatile *)&env->interrupt_request,
+                       CPU_INTERRUPT_EXTERNAL_FLUSH_TLB);
+#endif
 }
 

trunk/src/recompiler/target-i386/op_helper.c

@@ -679 +679 @@
 void helper_check_external_event()
 {
-    if (    (env->interrupt_request & (  CPU_INTERRUPT_EXTERNAL_EXIT
+    if (    (env->interrupt_request & (  CPU_INTERRUPT_EXTERNAL_FLUSH_TLB
+                                       | CPU_INTERRUPT_EXTERNAL_EXIT
                                        | CPU_INTERRUPT_EXTERNAL_TIMER
                                        | CPU_INTERRUPT_EXTERNAL_DMA))
@@ -1476 +1477 @@
                         ~CPU_INTERRUPT_EXTERNAL_TIMER);
         remR3TimersRun(env);
+    }
+    if (env->interrupt_request & CPU_INTERRUPT_EXTERNAL_FLUSH_TLB)
+    {
+        ASMAtomicAndS32((int32_t volatile *)&env->interrupt_request,
+                        ~CPU_INTERRUPT_EXTERNAL_HARD);
+        cpu_interrupt(env, CPU_INTERRUPT_HARD);
     }
 }
@@ -5836 +5843 @@
          * Exit once we detect an external interrupt and interrupts are enabled
          */
-        if (   (env->interrupt_request & (CPU_INTERRUPT_EXTERNAL_EXIT|CPU_INTERRUPT_EXTERNAL_TIMER))
+        if (   (env->interrupt_request & (CPU_INTERRUPT_EXTERNAL_EXIT | CPU_INTERRUPT_EXTERNAL_TIMER))
             || (   (env->eflags & IF_MASK)
                 && !(env->hflags & HF_INHIBIT_IRQ_MASK)
@@ -5843 +5850 @@
         {
             break;
+        }
+        if (env->interrupt_request & CPU_INTERRUPT_EXTERNAL_FLUSH_TLB) {
+            tlb_flush(env, true);
         }
     }