diff options
author | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2009-03-06 21:48:00 +0000 |
---|---|---|
committer | aurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162> | 2009-03-06 21:48:00 +0000 |
commit | be214e6c0557139ffa5551f77e339c07495bfec3 (patch) | |
tree | 0c85067ab440ccba46d3282cbe15cf75c8d6640f /exec.c | |
parent | 28a76be8f4536619ab15ce452308df78cfc65e39 (diff) | |
download | qemu-be214e6c0557139ffa5551f77e339c07495bfec3.tar.gz qemu-be214e6c0557139ffa5551f77e339c07495bfec3.tar.bz2 qemu-be214e6c0557139ffa5551f77e339c07495bfec3.zip |
Fix race condition on access to env->interrupt_request
env->interrupt_request is accessed as the bit level from both main code
and signal handler, making a race condition possible even on CISC CPU.
This causes freeze of QEMU under high load when running the dyntick
clock.
The patch below move the bit corresponding to CPU_INTERRUPT_EXIT in a
separate variable, declared as volatile sig_atomic_t, so it should be
work even on RISC CPU.
We may want to move the cpu_interrupt(env, CPU_INTERRUPT_EXIT) case in
its own function and get rid of CPU_INTERRUPT_EXIT. That can be done
later, I wanted to keep the patch short for easier review.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6728 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'exec.c')
-rw-r--r-- | exec.c | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -1501,9 +1501,12 @@ void cpu_interrupt(CPUState *env, int mask) #endif int old_mask; + if (mask & CPU_INTERRUPT_EXIT) { + env->exit_request = 1; + mask &= ~CPU_INTERRUPT_EXIT; + } + old_mask = env->interrupt_request; - /* FIXME: This is probably not threadsafe. A different thread could - be in the middle of a read-modify-write operation. */ env->interrupt_request |= mask; #if defined(USE_NPTL) /* FIXME: TB unchaining isn't SMP safe. For now just ignore the @@ -1514,10 +1517,8 @@ void cpu_interrupt(CPUState *env, int mask) if (use_icount) { env->icount_decr.u16.high = 0xffff; #ifndef CONFIG_USER_ONLY - /* CPU_INTERRUPT_EXIT isn't a real interrupt. It just means - an async event happened and we need to process it. */ if (!can_do_io(env) - && (mask & ~(old_mask | CPU_INTERRUPT_EXIT)) != 0) { + && (mask & ~old_mask) != 0) { cpu_abort(env, "Raised interrupt while not in I/O function"); } #endif |