[PATCH 0/2] plugin: fix clearing of plugin_mem_cbs on TB exit

[PATCH 0/2] plugin: fix clearing of plugin_mem_cbs on TB exit

[Richard Henderson]

Supercedes: <20230222043204.941336-1-cota@braap.org>
("[PATCH] plugin: fix clearing of plugin_mem_cbs before TB exit")

Let's handle this as we do can_do_io, and reset the value in C.


r~


Richard Henderson (2):
  tcg: Clear plugin_mem_cbs on TB exit
  include/qemu/plugin: Remove QEMU_PLUGIN_ASSERT

 include/qemu/plugin.h       | 4 ----
 accel/tcg/cpu-exec-common.c | 4 ++++
 accel/tcg/cpu-exec.c        | 5 +++--
 3 files changed, 7 insertions(+), 6 deletions(-)

-- 
2.34.1

[PATCH 1/2] tcg: Clear plugin_mem_cbs on TB exit

[Richard Henderson]

Do this in cpu_tb_exec (normal exit) and cpu_loop_exit (exception),
adjacent to where we reset can_do_io.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1381
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec-common.c | 4 ++++
 accel/tcg/cpu-exec.c        | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
index c7bc8c6efa..e136b0843c 100644
--- a/accel/tcg/cpu-exec-common.c
+++ b/accel/tcg/cpu-exec-common.c
@@ -65,6 +65,10 @@ void cpu_loop_exit(CPUState *cpu)
 {
     /* Undo the setting in cpu_tb_exec.  */
     cpu->can_do_io = 1;
+#ifdef CONFIG_PLUGIN
+    /* Undo any setting in generated code. */
+    cpu->plugin_mem_cbs = NULL;
+#endif
     siglongjmp(cpu->jmp_env, 1);
 }
 
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 56aaf58b9d..2831fcafee 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -459,6 +459,9 @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
     qemu_thread_jit_execute();
     ret = tcg_qemu_tb_exec(env, tb_ptr);
     cpu->can_do_io = 1;
+#ifdef CONFIG_PLUGIN
+    cpu->plugin_mem_cbs = NULL;
+#endif
     /*
      * TODO: Delay swapping back to the read-write region of the TB
      * until we actually need to modify the TB.  The read-only copy,
@@ -526,7 +529,6 @@ static void cpu_exec_exit(CPUState *cpu)
     if (cc->tcg_ops->cpu_exec_exit) {
         cc->tcg_ops->cpu_exec_exit(cpu);
     }
-    QEMU_PLUGIN_ASSERT(cpu->plugin_mem_cbs == NULL);
 }
 
 void cpu_exec_step_atomic(CPUState *cpu)
@@ -1004,7 +1006,6 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
 
             cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit);
 
-            QEMU_PLUGIN_ASSERT(cpu->plugin_mem_cbs == NULL);
             /* Try to align the host and virtual clocks
                if the guest is in advance */
             align_clocks(sc, cpu);
-- 
2.34.1

[PATCH 2/2] include/qemu/plugin: Remove QEMU_PLUGIN_ASSERT

[Richard Henderson]

This macro is no longer used.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/qemu/plugin.h | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index fb338ba576..e0ebedef84 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -59,8 +59,6 @@ get_plugin_meminfo_rw(qemu_plugin_meminfo_t i)
 #ifdef CONFIG_PLUGIN
 extern QemuOptsList qemu_plugin_opts;
 
-#define QEMU_PLUGIN_ASSERT(cond) g_assert(cond)
-
 static inline void qemu_plugin_add_opts(void)
 {
     qemu_add_opts(&qemu_plugin_opts);
@@ -252,8 +250,6 @@ void qemu_plugin_user_postfork(bool is_child);
 
 #else /* !CONFIG_PLUGIN */
 
-#define QEMU_PLUGIN_ASSERT(cond)
-
 static inline void qemu_plugin_add_opts(void)
 { }
 
-- 
2.34.1

Re: [PATCH 1/2] tcg: Clear plugin_mem_cbs on TB exit

[Emilio Cota]

As I mentioned in the patch that is being superseded here
I like this approach -- it is simpler and generates less
code.

I'd also like to see the plugin_gen_disable_mem_helpers
function go away, and a mention somewhere that now we are
intentionally not clearing cpu->plugin_mem_cbs until TB exit
(before we weren't doing that either, but that was unintentional
due to a bug).  So, for instance when doing a goto_tb from a
TB with helpers, we leave plugin_mem_cbs set. This is not a
problem in practice because if subsequent TB's use helpers,
they will overwrite the pointer.

Some more comments below.

On Tue, Feb 28, 2023 at 16:47:36 -1000, Richard Henderson wrote:
> Do this in cpu_tb_exec (normal exit) and cpu_loop_exit (exception),
> adjacent to where we reset can_do_io.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1381
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  accel/tcg/cpu-exec-common.c | 4 ++++
>  accel/tcg/cpu-exec.c        | 5 +++--
>  2 files changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
> index c7bc8c6efa..e136b0843c 100644
> --- a/accel/tcg/cpu-exec-common.c
> +++ b/accel/tcg/cpu-exec-common.c
> @@ -65,6 +65,10 @@ void cpu_loop_exit(CPUState *cpu)
>  {
>      /* Undo the setting in cpu_tb_exec.  */
>      cpu->can_do_io = 1;
> +#ifdef CONFIG_PLUGIN
> +    /* Undo any setting in generated code. */
> +    cpu->plugin_mem_cbs = NULL;
> +#endif
>      siglongjmp(cpu->jmp_env, 1);
>  }
>  
> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> index 56aaf58b9d..2831fcafee 100644
> --- a/accel/tcg/cpu-exec.c
> +++ b/accel/tcg/cpu-exec.c
> @@ -459,6 +459,9 @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int *tb_exit)
>      qemu_thread_jit_execute();
>      ret = tcg_qemu_tb_exec(env, tb_ptr);
>      cpu->can_do_io = 1;
> +#ifdef CONFIG_PLUGIN
> +    cpu->plugin_mem_cbs = NULL;
> +#endif

We should use qemu_plugin_disable_mem_helpers, which avoids the
ifdef.

Also note that there are existing calls to that function that
should now go away because they happen after the clearings here.

Thanks,

		Emilio

Re: [PATCH 1/2] tcg: Clear plugin_mem_cbs on TB exit

[Richard Henderson]

On 3/1/23 02:05, Emilio Cota wrote:
> As I mentioned in the patch that is being superseded here
> I like this approach -- it is simpler and generates less
> code.
> 
> I'd also like to see the plugin_gen_disable_mem_helpers
> function go away, and a mention somewhere that now we are
> intentionally not clearing cpu->plugin_mem_cbs until TB exit
> (before we weren't doing that either, but that was unintentional
> due to a bug).  So, for instance when doing a goto_tb from a
> TB with helpers, we leave plugin_mem_cbs set. This is not a
> problem in practice because if subsequent TB's use helpers,
> they will overwrite the pointer.

If we can do that, go from one TB to another without clearing, then we don't need to clear 
it at all, ever.


r~

Re: [PATCH 1/2] tcg: Clear plugin_mem_cbs on TB exit

[Richard Henderson]

On 3/1/23 02:05, Emilio Cota wrote:
> As I mentioned in the patch that is being superseded here
> I like this approach -- it is simpler and generates less
> code.
> 
> I'd also like to see the plugin_gen_disable_mem_helpers
> function go away, and a mention somewhere that now we are
> intentionally not clearing cpu->plugin_mem_cbs until TB exit
> (before we weren't doing that either, but that was unintentional
> due to a bug).  So, for instance when doing a goto_tb from a
> TB with helpers, we leave plugin_mem_cbs set.

plugin_mem_cbs is used by all out-of-line load/store, therefore we cannot leave it set 
longer than required.


r~

Re: [PATCH 0/2] plugin: fix clearing of plugin_mem_cbs on TB exit

[Alex Bennée]

Richard Henderson <richard.henderson@linaro.org> writes:

> Supercedes: <20230222043204.941336-1-cota@braap.org>
> ("[PATCH] plugin: fix clearing of plugin_mem_cbs before TB exit")
>
> Let's handle this as we do can_do_io, and reset the value in C.

Queued to plugins/next, thanks.

I've manually fixed up the #ifdefs and called
plugin_gen_disable_mem_helpers() directly as Emilio recommended.

>
>
> r~
>
>
> Richard Henderson (2):
>   tcg: Clear plugin_mem_cbs on TB exit
>   include/qemu/plugin: Remove QEMU_PLUGIN_ASSERT
>
>  include/qemu/plugin.h       | 4 ----
>  accel/tcg/cpu-exec-common.c | 4 ++++
>  accel/tcg/cpu-exec.c        | 5 +++--
>  3 files changed, 7 insertions(+), 6 deletions(-)


-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro