aa42255b5b
- Include upstream patches targeted for the next stable release (bug fixes only) spapr-Fix-failure-path-for-attempting-to.patch target-i386-do-not-set-unsupported-VMX-s.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch tcg-mips-mips-sync-encode-error.patch vhost-user-gpu-Release-memory-returned-b.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch xen-block-Fix-double-qlist-remove-and-re.patch - Fix bug causing weak encryption in PAuth for ARM (CVE-2020-10702 bsc#1168681) target-arm-Fix-PAuth-sbox-functions.patch - Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713 net-tulip-check-frame-size-and-r-w-data-.patch - Note that previously included patch addresses CVE-2020-1711 and bsc#1166240 iscsi-Cap-block-count-from-GET-LBA-STATU.patch - Include performance improvement (and related?) patch aio-wait-delegate-polling-of-main-AioCon.patch async-use-explicit-memory-barriers.patch - Rework previous patch at Olaf H.'s direction hw-i386-disable-smbus-migration-for-xenf.patch - Eliminate is_opensuse usage in producing seabios version string what we are doing here is just replacing the upstream string with one indicating that the openSUSE build service built it, and so just leave it as "-rebuilt.opensuse.org" - Alter algorithm used to produce "unique" symbol for coordinating qemu with the optional modules it may load. This is a reasonable relaxation for broader compatibility configure-remove-pkgversion-from-CONFIG_.patch - Tweak supported.*.txt for latest deprecations, and other fixes - Tweak update_git.sh, config.sh - One more fix is needed for: s390x Protected Virtualization support - start and control guest in secure mode (bsc#1167075 jsc#SLE-7407) s390x-s390-virtio-ccw-Fix-build-on-syste.patch OBS-URL: https://build.opensuse.org/request/show/795118 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=542
169 lines
6.4 KiB
Diff
169 lines
6.4 KiB
Diff
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
Date: Tue, 7 Apr 2020 10:07:46 -0400
|
|
Subject: async: use explicit memory barriers
|
|
|
|
Git-commit: 5710a3e09f9b85801e5ce70797a4a511e5fc9e2c
|
|
|
|
When using C11 atomics, non-seqcst reads and writes do not participate
|
|
in the total order of seqcst operations. In util/async.c and util/aio-posix.c,
|
|
in particular, the pattern that we use
|
|
|
|
write ctx->notify_me write bh->scheduled
|
|
read bh->scheduled read ctx->notify_me
|
|
if !bh->scheduled, sleep if ctx->notify_me, notify
|
|
|
|
needs to use seqcst operations for both the write and the read. In
|
|
general this is something that we do not want, because there can be
|
|
many sources that are polled in addition to bottom halves. The
|
|
alternative is to place a seqcst memory barrier between the write
|
|
and the read. This also comes with a disadvantage, in that the
|
|
memory barrier is implicit on strongly-ordered architectures and
|
|
it wastes a few dozen clock cycles.
|
|
|
|
Fortunately, ctx->notify_me is never written concurrently by two
|
|
threads, so we can assert that and relax the writes to ctx->notify_me.
|
|
The resulting solution works and performs well on both aarch64 and x86.
|
|
|
|
Note that the atomic_set/atomic_read combination is not an atomic
|
|
read-modify-write, and therefore it is even weaker than C11 ATOMIC_RELAXED;
|
|
on x86, ATOMIC_RELAXED compiles to a locked operation.
|
|
|
|
Analyzed-by: Ying Fang <fangying1@huawei.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Tested-by: Ying Fang <fangying1@huawei.com>
|
|
Message-Id: <20200407140746.8041-6-pbonzini@redhat.com>
|
|
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
---
|
|
util/aio-posix.c | 16 ++++++++++++++--
|
|
util/aio-win32.c | 17 ++++++++++++++---
|
|
util/async.c | 16 ++++++++++++----
|
|
3 files changed, 40 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/util/aio-posix.c b/util/aio-posix.c
|
|
index a4977f538ef28d56178267a1795c..fe2a46c439fa1505f5f688274566 100644
|
|
--- a/util/aio-posix.c
|
|
+++ b/util/aio-posix.c
|
|
@@ -616,6 +616,11 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
|
int64_t timeout;
|
|
int64_t start = 0;
|
|
|
|
+ /*
|
|
+ * There cannot be two concurrent aio_poll calls for the same AioContext (or
|
|
+ * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
|
|
+ * We rely on this below to avoid slow locked accesses to ctx->notify_me.
|
|
+ */
|
|
assert(in_aio_context_home_thread(ctx));
|
|
|
|
/* aio_notify can avoid the expensive event_notifier_set if
|
|
@@ -626,7 +631,13 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
|
* so disable the optimization now.
|
|
*/
|
|
if (blocking) {
|
|
- atomic_add(&ctx->notify_me, 2);
|
|
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
|
|
+ /*
|
|
+ * Write ctx->notify_me before computing the timeout
|
|
+ * (reading bottom half flags, etc.). Pairs with
|
|
+ * smp_mb in aio_notify().
|
|
+ */
|
|
+ smp_mb();
|
|
}
|
|
|
|
qemu_lockcnt_inc(&ctx->list_lock);
|
|
@@ -671,7 +682,8 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
|
}
|
|
|
|
if (blocking) {
|
|
- atomic_sub(&ctx->notify_me, 2);
|
|
+ /* Finish the poll before clearing the flag. */
|
|
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
|
|
aio_notify_accept(ctx);
|
|
}
|
|
|
|
diff --git a/util/aio-win32.c b/util/aio-win32.c
|
|
index a23b9c364db3a764a3e00c6b62e9..729d533faf4d807e0a5388edd2af 100644
|
|
--- a/util/aio-win32.c
|
|
+++ b/util/aio-win32.c
|
|
@@ -321,6 +321,12 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
|
int count;
|
|
int timeout;
|
|
|
|
+ /*
|
|
+ * There cannot be two concurrent aio_poll calls for the same AioContext (or
|
|
+ * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
|
|
+ * We rely on this below to avoid slow locked accesses to ctx->notify_me.
|
|
+ */
|
|
+ assert(in_aio_context_home_thread(ctx));
|
|
progress = false;
|
|
|
|
/* aio_notify can avoid the expensive event_notifier_set if
|
|
@@ -331,7 +337,13 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
|
* so disable the optimization now.
|
|
*/
|
|
if (blocking) {
|
|
- atomic_add(&ctx->notify_me, 2);
|
|
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
|
|
+ /*
|
|
+ * Write ctx->notify_me before computing the timeout
|
|
+ * (reading bottom half flags, etc.). Pairs with
|
|
+ * smp_mb in aio_notify().
|
|
+ */
|
|
+ smp_mb();
|
|
}
|
|
|
|
qemu_lockcnt_inc(&ctx->list_lock);
|
|
@@ -364,8 +376,7 @@ bool aio_poll(AioContext *ctx, bool blocking)
|
|
ret = WaitForMultipleObjects(count, events, FALSE, timeout);
|
|
if (blocking) {
|
|
assert(first);
|
|
- assert(in_aio_context_home_thread(ctx));
|
|
- atomic_sub(&ctx->notify_me, 2);
|
|
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
|
|
aio_notify_accept(ctx);
|
|
}
|
|
|
|
diff --git a/util/async.c b/util/async.c
|
|
index b1fa5319e5bc7830d50108f91139..c65c58bbc9f57bf1bbdb6acd5fd1 100644
|
|
--- a/util/async.c
|
|
+++ b/util/async.c
|
|
@@ -220,7 +220,14 @@ aio_ctx_prepare(GSource *source, gint *timeout)
|
|
{
|
|
AioContext *ctx = (AioContext *) source;
|
|
|
|
- atomic_or(&ctx->notify_me, 1);
|
|
+ atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) | 1);
|
|
+
|
|
+ /*
|
|
+ * Write ctx->notify_me before computing the timeout
|
|
+ * (reading bottom half flags, etc.). Pairs with
|
|
+ * smp_mb in aio_notify().
|
|
+ */
|
|
+ smp_mb();
|
|
|
|
/* We assume there is no timeout already supplied */
|
|
*timeout = qemu_timeout_ns_to_ms(aio_compute_timeout(ctx));
|
|
@@ -238,7 +245,8 @@ aio_ctx_check(GSource *source)
|
|
AioContext *ctx = (AioContext *) source;
|
|
QEMUBH *bh;
|
|
|
|
- atomic_and(&ctx->notify_me, ~1);
|
|
+ /* Finish computing the timeout before clearing the flag. */
|
|
+ atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) & ~1);
|
|
aio_notify_accept(ctx);
|
|
|
|
for (bh = ctx->first_bh; bh; bh = bh->next) {
|
|
@@ -343,10 +351,10 @@ LinuxAioState *aio_get_linux_aio(AioContext *ctx)
|
|
void aio_notify(AioContext *ctx)
|
|
{
|
|
/* Write e.g. bh->scheduled before reading ctx->notify_me. Pairs
|
|
- * with atomic_or in aio_ctx_prepare or atomic_add in aio_poll.
|
|
+ * with smp_mb in aio_ctx_prepare or aio_poll.
|
|
*/
|
|
smp_mb();
|
|
- if (ctx->notify_me) {
|
|
+ if (atomic_read(&ctx->notify_me)) {
|
|
event_notifier_set(&ctx->notifier);
|
|
atomic_mb_set(&ctx->notified, true);
|
|
}
|