OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
QEMU With E2K User Support
38,216 Commits 10 Branches 0 Tags 459 MiB
C 83.1%
C++ 6.3%
Python 3.2%
Dylan 2.8%
Shell 1.6%
Other 2.8%
Go to file
Paolo Bonzini e8d3b1a25f aio: strengthen memory barriers for bottom half scheduling 
There are two problems with memory barriers in async.c.  The fix is
to use atomic_xchg in order to achieve sequential consistency between
the scheduling of a bottom half and the corresponding execution.

First, if bh->scheduled is already 1 in qemu_bh_schedule, QEMU does
not execute a memory barrier to order any writes needed by the callback
before the read of bh->scheduled.  If the other side sees req->state as
THREAD_ACTIVE, the callback is not invoked and you get deadlock.

Second, the memory barrier in aio_bh_poll is too weak.  Without this
patch, it is possible that bh->scheduled = 0 is not "published" until
after the callback has returned.  Another thread wants to schedule the
bottom half, but it sees bh->scheduled = 1 and does nothing.  This causes
a lost wakeup.  The memory barrier should have been changed to smp_mb()
in commit 924fe12 (aio: fix qemu_bh_schedule() bh->ctx race condition,
2014-06-03) together with qemu_bh_schedule()'s.  Guess who reviewed
that patch?

Both of these involve a store and a load, so they are reproducible on
x86_64 as well.  It is however much easier on aarch64, where the
libguestfs test suite triggers the bug fairly easily.  Even there the
failure can go away or appear depending on compiler optimization level,
tracing options, or even kernel debugging options.

Paul Leveille however reported how to trigger the problem within 15
minutes on x86_64 as well.  His (untested) recipe, reproduced here
for reference, is the following:

   1) Qcow2 (or 3) is critical – raw files alone seem to avoid the problem.

   2) Use “cache=directsync” rather than the default of
   “cache=none” to make it happen easier.

   3) Use a server with a write-back RAID controller to allow for rapid
   IO rates.

   4) Run a random-access load that (mostly) writes chunks to various
   files on the virtual block device.

      a. I use ‘diskload.exe c:25’, a Microsoft HCT load
         generator, on Windows VMs.

      b. Iometer can probably be configured to generate a similar load.

   5) Run multiple VMs in parallel, against the same storage device,
   to shake the failure out sooner.

   6) IvyBridge and Haswell processors for certain; not sure about others.

A similar patch survived over 12 hours of testing, where an unpatched
QEMU would fail within 15 minutes.

This bug is, most likely, also the cause of failures in the libguestfs
testsuite on AArch64.

Thanks to Laszlo Ersek for initially reporting this bug, to Stefan
Hajnoczi for suggesting closer examination of qemu_bh_schedule, and to
Paul for providing test input and a prototype patch.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Reported-by: Paul Leveille <Paul.Leveille@stratus.com>
Reported-by: John Snow <jsnow@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 1428419779-26062-1-git-send-email-pbonzini@redhat.com
Suggested-by: Paul Leveille <Paul.Leveille@stratus.com>
Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 		2015-04-09 10:29:29 +01:00
audio audio: Don't free hw resources until after hw backend is stopped 2014-12-22 23:12:25 +00:00
backends hostmem: Prevent removing an in-use memory backend 2015-04-01 10:06:38 +02:00
block qcow2: Fix header update with overridden backing file 2015-04-08 10:29:20 +01:00
bsd-user cpu: Make cpu_init() return QOM CPUState object 2015-03-10 17:33:51 +01:00
default-configs hw/usb: Include USB files only if necessary 2015-03-18 11:50:47 +01:00
disas cris: remove unused cris_cond15 declarations 2015-03-19 11:11:55 +03:00
docs docs: add memory-hotplug.txt 2015-03-04 13:00:36 -05:00
dtc@bc895d6d09 dtc: add submodule 2013-04-18 13:50:53 +02:00
fpu softfloat: expand out STATUS macro 2015-02-06 16:11:38 +00:00
fsdev Fix typos in comments 2015-03-19 11:30:37 +03:00
gdb-xml s390x/gdb: add the feature xml files for s390x 2014-09-01 09:45:19 +02:00
hw virtio-blk: correctly dirty guest memory 2015-04-08 10:39:18 +01:00
include virtio-blk: correctly dirty guest memory 2015-04-08 10:39:18 +01:00
libcacard libcacard: stop linking against every single 3rd party library 2015-02-10 09:27:20 +03:00
libdecnumber libdecnumber: Fix warnings from smatch (missing static, boolean operations) 2014-08-24 13:21:06 +04:00
linux-headers synchronize Linux headers to 4.0-rc3 2015-03-10 09:26:22 +01:00
linux-user rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
migration rdma: Fix cleanup in error paths 2015-03-26 15:31:46 +01:00
net net: synchronize net_host_device_remove with host_net_remove_completion 2015-03-12 19:59:39 +00:00
pc-bios pseries: Update SLOF firmware image to qemu-slof-20150313 2015-03-25 22:49:45 +01:00
pixman@87eea99e44 pixman: update internal copy to pixman-0.32.6 2014-09-15 08:14:19 +02:00
po po: fix conflict with %.mo rule in rules.mak 2014-09-26 13:35:08 +02:00
qapi block: Document blockdev-add's immaturity 2015-03-27 10:01:12 +00:00
qga qga: fitering out -fstack-protector-strong 2015-04-02 15:57:27 +02:00
qobject qjson: Drop trailing space for pretty formatting 2014-12-10 10:25:30 +01:00
qom qom: Add can_be_deleted callback to UserCreatableClass 2015-04-01 10:06:38 +02:00
roms pseries: Update SLOF firmware image to qemu-slof-20150313 2015-03-25 22:49:45 +01:00
scripts build: pass .d file name to scripts/make_device_config.sh, fix makefile target 2015-03-18 12:07:25 +01:00
slirp slirp: udp: fix NULL pointer dereference because of uninitialized socket 2014-09-23 19:15:05 +01:00
stubs pci, pc, virtio fixes and cleanups 2015-03-09 09:14:28 +00:00
sysconfigs/target Eliminate cpus-x86_64.conf file 2012-09-21 15:12:58 +02:00
target-alpha tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-arm target-arm: kvm64 fix save/restore of SPSR regs 2015-04-01 17:57:30 +01:00
target-cris cris: remove unused cris_cond15 declarations 2015-03-19 11:11:55 +03:00
target-i386 target-i386: remove superfluous TARGET_HAS_SMC macro 2015-04-04 09:45:59 +03:00
target-lm32 tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-m68k tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-microblaze tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-mips trivial patches for 2015-03-19 2015-03-19 14:10:20 +00:00
target-moxie target-moxie: Fix warnings from Sparse (one-bit signed bitfield) 2015-03-19 11:11:55 +03:00
target-openrisc tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-ppc target-ppc: Remove POWER5+ v0.0 that never existed 2015-03-25 22:49:46 +01:00
target-s390x Final batch of s390x enhancements/fixes for 2.3: 2015-03-16 11:44:55 +00:00
target-sh4 tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-sparc tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-tricore target-tricore: Fix check which was always false 2015-04-04 09:45:59 +03:00
target-unicore32 tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-xtensa tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
tcg tcg/optimize: Handle or r,a,a with constant a 2015-03-16 08:46:13 -07:00
tests qcow2: Fix header update with overridden backing file 2015-04-08 10:29:20 +01:00
trace Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
ui CVE-2015-1779: limit size of HTTP headers from websockets clients 2015-04-01 17:12:55 +02:00
util util/qemu-config: fix regression of qmp_query_command_line_options 2015-04-02 15:57:27 +02:00
.exrc qemu: add .exrc 2012-09-07 09:02:44 +03:00
.gitignore gitignore: Ignore more .pod files. 2015-04-04 09:45:59 +03:00
.gitmodules PPC: Add u-boot firmware for e500 2014-06-16 13:24:35 +02:00
.mailmap Update mailmap 2013-09-05 09:40:31 -05:00
.travis.yml .travis.yml: Add "--enable-modules" 2015-01-26 12:27:05 +01:00
CODING_STYLE CODING_STYLE: Section about conditional statement 2014-08-15 18:54:06 +04:00
COPYING COPYING: update from FSF 2008-10-12 17:54:42 +00:00
COPYING.LIB Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
Changelog Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
HACKING HACKING: Document vaddr type usage 2013-07-23 02:41:31 +02:00
LICENSE vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio 2014-12-19 15:24:06 -07:00
MAINTAINERS misc fixes and cleanups 2015-03-12 09:13:07 +00:00
Makefile Use $(MAKE) for recursive make 2015-04-02 15:58:39 +02:00
Makefile.objs QJSON: Add JSON writer 2015-02-05 17:16:14 +01:00
Makefile.target Makefile.target: binary depends on config-devices 2015-03-01 19:41:50 +01:00
README Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
VERSION Update version for v2.3.0-rc2 release 2015-04-02 18:02:02 +01:00
accel.c accel: Create accel object when initializing machine 2014-10-09 15:36:14 +02:00
aio-posix.c block: Use g_new0() for a bit of extra type checking 2014-12-10 10:31:21 +01:00
aio-win32.c block: Use g_new0() for a bit of extra type checking 2014-12-10 10:31:21 +01:00
arch_init.c migration: remove last_sent_block from save_page_header 2015-03-26 15:31:46 +01:00
async.c aio: strengthen memory barriers for bottom half scheduling 2015-04-09 10:29:29 +01:00
balloon.c balloon: Fix typo 2015-02-23 10:56:09 -05:00
block.c block: Fix unaligned zero write 2015-03-27 10:01:12 +00:00
blockdev-nbd.c nbd: Fix up comment after commit e140177 2015-03-25 13:38:07 +01:00
blockdev.c block: Fix blockdev-backup not to use funky error class 2015-03-19 16:02:59 +01:00
blockjob.c block: declare blockjobs and dataplane friends! 2014-11-03 11:41:49 +00:00
bootdevice.c misc: fix typos in copyright declaration 2015-03-26 14:21:43 +01:00
bt-host.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
bt-vhci.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
configure seccomp: libseccomp version varying according to arch 2015-03-26 16:58:22 +00:00
coroutine-gthread.c glib-compat.h: add new thread API emulation on top of pre-2.31 API 2014-06-10 07:44:01 +02:00
coroutine-sigaltstack.c coroutine-sigaltstack: Change jmp_buf to sigjmp_buf 2014-11-11 11:07:55 +03:00
coroutine-ucontext.c coroutine-ucontext: use __thread 2015-01-13 13:43:28 +00:00
coroutine-win32.c coroutine-win32.c: Add noinline attribute to work around gcc bug 2014-06-26 14:08:14 +01:00
cpu-exec.c - vhost-scsi: add bootindex property 2015-02-24 13:58:18 +00:00
cpus.c cpus: Don't kick un-realized cpus. 2015-03-25 13:38:07 +01:00
cputlb.c exec: RCUify AddressSpaceDispatch 2015-02-16 17:30:19 +01:00
device-hotplug.c pci-hotplug-old: Has been dead for five major releases, bury 2015-03-01 12:37:54 +01:00
device_tree.c machine: query phandle-start machine property 2015-03-11 18:17:11 +01:00
disas.c monitor: QEMU Monitor Instruction Disassembly Incorrect for PowerPC LE Mode 2014-06-16 13:24:26 +02:00
dma-helpers.c hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
dump.c dump: Fix dump-guest-memory termination and use-after-close 2014-11-02 10:04:34 +03:00
exec.c Revert "exec: Respect as_tranlsate_internal length clamp" 2015-04-01 10:06:38 +02:00
gdbstub.c gdbstub: avoid possible NULL pointer dereference 2015-03-10 08:15:34 +03:00
hmp-commands.hx hmp: Fix texinfo documentation 2015-03-19 11:35:52 +03:00
hmp.c migration/next for 20150317 2015-03-17 17:11:33 +00:00
hmp.h qom: Implement qom-set HMP command 2015-03-17 14:31:15 +01:00
iohandler.c iohandler.c: Properly initialize sigaction struct 2014-05-24 00:07:29 +04:00
ioport.c memory: convert memory_region_destroy to object_unparent 2014-08-18 12:06:20 +02:00
iothread.c async: aio_context_new(): Handle event_notifier_init failure 2014-09-22 11:39:48 +01:00
kvm-all.c kvm-all: Sync dirty-bitmap from kvm before kvm destroy the corresponding dirty_bitmap 2015-04-02 15:58:37 +02:00
kvm-stub.c pc: kvm: check if KVM has free memory slots to avoid abort() 2014-11-23 12:11:29 +02:00
main-loop.c Revert "main-loop.c: Handle SIGINT, SIGHUP and SIGTERM synchronously" 2014-10-27 15:05:09 +00:00
memory.c memory: Move owner-less MemoryRegions to /machine/unattached 2015-03-17 14:31:26 +01:00
memory_mapping.c Add skip_dump flag to ignore memory region during dump 2014-10-31 11:29:01 +01:00
module-common.c module: implement module loading 2014-02-20 13:14:18 +01:00
monitor.c usb: bugfix collection. 2015-03-20 09:50:08 +00:00
nbd.c nbd: Drop unexpected data for NBD_OPT_LIST 2015-03-18 12:07:16 +01:00
numa.c numa: Print warning if no node is assigned to a CPU 2015-03-19 16:20:15 -03:00
os-posix.c rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
os-win32.c pidfile: stop making pidfile error a special case 2014-11-02 10:04:34 +03:00
page_cache.c xbzrle: rebuild the cache_is_cached function 2015-01-15 17:49:43 +05:30
qapi-schema.json migration: Convert 'status' of MigrationInfo to use an enum type 2015-03-17 15:20:37 +01:00
qdev-monitor.c qom: Implement info qom-tree HMP command 2015-03-17 14:31:21 +01:00
qdict-test-data.txt Introduce QDict test data file 2009-09-04 09:37:34 -05:00
qemu-bridge-helper.c qemu-bridge-helper: Fix fd leak in main() 2014-06-27 10:39:10 +02:00
qemu-char.c qemu-img: Suppress unhelpful extra errors in convert, amend 2015-02-26 14:51:21 +01:00
qemu-coroutine-io.c coroutine-io: Return -errno in case of error 2015-03-18 12:07:21 +01:00
qemu-coroutine-lock.c coroutine: remove qemu_co_queue_wait_insert_head 2013-12-02 17:11:49 +01:00
qemu-coroutine-sleep.c coroutine: Drop co_sleep_ns 2014-08-29 10:46:58 +01:00
qemu-coroutine.c coroutine: Clean up qemu_coroutine_enter() 2015-03-09 11:11:59 +01:00
qemu-doc.texi raw-posix: Deprecate host floppy passthrough 2015-03-19 11:43:02 +01:00
qemu-img-cmds.hx qemu-img: Add progress output for amend 2014-11-03 11:41:48 +00:00
qemu-img.c qemu-img: Avoid qerror_report_err() outside QMP handlers, again 2015-03-16 17:07:25 +01:00
qemu-img.texi qemu-img: Add progress output for amend 2014-11-03 11:41:48 +00:00
qemu-io-cmds.c qemu-io: Use BlockBackend 2015-02-16 15:07:19 +00:00
qemu-io.c Clean up around error_get_pretty(), qerror_report_err() 2015-02-26 07:01:08 +00:00
qemu-log.c qemu-log: Correct help text of 'log cpu_reset' 2015-02-10 09:27:20 +03:00
qemu-nbd.c nbd: Set block size to BDRV_SECTOR_SIZE 2015-03-18 12:07:01 +01:00
qemu-nbd.texi nbd: Miscellaneous typo fixes. 2014-05-24 00:07:29 +04:00
qemu-options-wrapper.h vl.c: In qemu -h output, only print options for the arch we are running as 2011-12-19 10:27:33 -06:00
qemu-options.h vl.c: Move option generation logic into a wrapper file 2011-12-19 10:27:33 -06:00
qemu-options.hx Block patches for 2.3.0-rc1 2015-03-19 17:47:08 +00:00
qemu-seccomp.c seccomp: add mlockall to whitelist 2015-01-23 14:07:08 +01:00
qemu-tech.texi qemu-tech.texi: update implemented xtensa features list 2012-11-29 13:00:52 -06:00
qemu-timer.c qemu-timer.c: Trim list of included headers 2015-01-26 18:15:54 +00:00
qemu.nsi nsis: Improved support for parallel installation of 32 and 64 bit code 2013-11-07 07:02:44 +01:00
qemu.sasl sasl: Avoid 'Could not find keytab file' in syslog 2014-03-15 13:54:18 +04:00
qjson.c QJSON: fix typo in author's email address 2015-02-10 09:27:20 +03:00
qmp-commands.hx block: Document blockdev-add's immaturity 2015-03-27 10:01:12 +00:00
qmp.c qom: Add can_be_deleted callback to UserCreatableClass 2015-04-01 10:06:38 +02:00
qtest.c qtest: Use qemu_opt_set() instead of qemu_opts_parse() 2015-02-26 14:52:13 +01:00
rules.mak rules.mak: Fix module build 2015-01-14 10:38:57 +01:00
savevm.c error: Replace error_report() & error_free() with error_report_err() 2015-03-19 11:11:55 +03:00
softmmu_template.h exec: make iotlb RCU-friendly 2015-02-16 17:30:19 +01:00
spice-qemu-char.c spice: Add missing 'static' attribute 2015-02-10 10:26:05 +03:00
tcg-runtime.c tcg: Push tcg-runtime routines into exec/helper-* 2014-05-28 09:33:54 -07:00
tci.c tcg: Remove unused opcodes 2015-02-12 21:21:38 -08:00
thread-pool.c block: Rename BlockDriverCompletionFunc to BlockCompletionFunc 2014-10-20 13:41:27 +02:00
thunk.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
tpm.c tpm: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
trace-events s390x/kvm: trace all SIGP orders 2015-03-10 09:26:22 +01:00
translate-all.c target-i386: remove superfluous TARGET_HAS_SMC macro 2015-04-04 09:45:59 +03:00
translate-all.h translate-all: Change tb_check_watchpoint() argument to CPUState 2014-03-13 19:20:48 +01:00
user-exec.c user-exec.c: fix build on NetBSD/sparc64 and NetBSD/arm 2015-03-13 15:57:00 +00:00
version.rc Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
vl.c Avoid crashing on multiple -incoming 2015-03-26 15:31:46 +01:00
xen-common-stub.c accel: Move Xen registration code to xen-common.c 2014-10-04 08:59:15 +02:00
xen-common.c accel: Pass MachineState object to accel init functions 2014-10-09 12:57:10 +02:00
xen-hvm-stub.c xen: Remove xen_cmos_set_s3_resume() 2015-03-10 08:15:33 +03:00
xen-hvm.c Xen: Use the ioreq-server API when available 2015-01-20 14:24:10 +00:00
xen-mapcache.c xen: add a lock for the mapcache 2015-01-20 14:24:17 +00:00

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team