From: Sergey Fedorov <[email protected]> When invalidating a translation block, set an invalid CPU state into the TranslationBlock structure first. All subsequent changes are ordered after it with smp_wmb(). This pairs with implied smp_rmb() of qht_lookup() in tb_find_physical().
As soon as the TB is marked with an invalid CPU state, there is no need to remove it from CPU's 'tb_jmp_cache'. However it will be necessary to recheck whether the target TB is still valid after acquiring 'tb_lock' but before calling tb_add_jump() since TB lookup is to be performed out of 'tb_lock' in future. Note that we don't have to check 'last_tb' since it is safe to patch an already invalidated TB since it will not be executed anyway. Suggested-by: Paolo Bonzini <[email protected]> Signed-off-by: Sergey Fedorov <[email protected]> Signed-off-by: Sergey Fedorov <[email protected]> --- cpu-exec.c | 2 +- translate-all.c | 12 +++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/cpu-exec.c b/cpu-exec.c index c973e3b85922..07dc50c56e8d 100644 --- a/cpu-exec.c +++ b/cpu-exec.c @@ -352,7 +352,7 @@ static inline TranslationBlock *tb_find_fast(CPUState *cpu, /* Check if translation buffer has been flushed */ if (cpu->tb_flushed) { cpu->tb_flushed = false; - } else { + } else if (!tb_is_invalid(tb)) { tb_add_jump(last_tb, tb_exit, tb); } } diff --git a/translate-all.c b/translate-all.c index 788fed1e0765..ee8308209350 100644 --- a/translate-all.c +++ b/translate-all.c @@ -986,11 +986,13 @@ static inline void tb_jmp_unlink(TranslationBlock *tb) /* invalidate one TB */ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) { - CPUState *cpu; PageDesc *p; uint32_t h; tb_page_addr_t phys_pc; + tb_mark_invalid(tb); + smp_wmb(); + /* remove the TB from the hash list */ phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK); h = tb_hash_func(phys_pc, tb->pc, tb->flags); @@ -1008,14 +1010,6 @@ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) invalidate_page_bitmap(p); } - /* remove the TB from the hash list */ - h = tb_jmp_cache_hash_func(tb->pc); - CPU_FOREACH(cpu) { - if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) { - atomic_set(&cpu->tb_jmp_cache[h], NULL); - } - } - /* suppress this TB from the two jump lists */ tb_remove_from_jmp_list(tb, 0); tb_remove_from_jmp_list(tb, 1); -- 1.9.1
