Fix race condition on access to env->interrupt_request

env->interrupt_request is accessed as the bit level from both main code and signal handler, making a race condition possible even on CISC CPU. This causes freeze of QEMU under high load when running the dyntick clock. The patch below move the bit corresponding to CPU_INTERRUPT_EXIT in a separate variable, declared as volatile sig_atomic_t, so it should be work even on RISC CPU. We may want to move the cpu_interrupt(env, CPU_INTERRUPT_EXIT) case in its own function and get rid of CPU_INTERRUPT_EXIT. That can be done later, I wanted to keep the patch short for easier review. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6728 c046a42c-6fe2-441c-8c8c-71466251a162
2025-08-02 15:23:53 -06:00 · 2009-03-06 21:48:00 +00:00 · 2009-03-06 21:48:00 +00:00 · be214e6c05
commit be214e6c05
parent 28a76be8f4
4 changed files with 19 additions and 16 deletions
--- a/cpu-exec.c
+++ b/cpu-exec.c
@ -311,7 +311,7 @@ int cpu_exec(CPUState *env1)
                env->exception_index = -1;
            }
 #ifdef USE_KQEMU
-            if (kqemu_is_ok(env) && env->interrupt_request == 0) {
+            if (kqemu_is_ok(env) && env->interrupt_request == 0 && env->exit_request == 0) {
                int ret;
                env->eflags = env->eflags | helper_cc_compute_all(CC_OP) | (DF & DF_MASK);
                ret = kqemu_cpu_exec(env);
@ -326,7 +326,7 @@ int cpu_exec(CPUState *env1)
                } else if (ret == 2) {
                    /* softmmu execution needed */
                } else {
-                    if (env->interrupt_request != 0) {
+                    if (env->interrupt_request != 0 || env->exit_request != 0) {
                        /* hardware interrupt will be executed just after */
                    } else {
                        /* otherwise, we restart */
@ -525,11 +525,11 @@ int cpu_exec(CPUState *env1)
                           the program flow was changed */
                        next_tb = 0;
                    }
-                    if (interrupt_request & CPU_INTERRUPT_EXIT) {
-                        env->interrupt_request &= ~CPU_INTERRUPT_EXIT;
-                        env->exception_index = EXCP_INTERRUPT;
-                        cpu_loop_exit();
-                    }
+                }
+                if (unlikely(env->exit_request)) {
+                    env->exit_request = 0;
+                    env->exception_index = EXCP_INTERRUPT;
+                    cpu_loop_exit();
                }
 #ifdef DEBUG_EXEC
                if (qemu_loglevel_mask(CPU_LOG_TB_CPU)) {
@ -599,7 +599,7 @@ int cpu_exec(CPUState *env1)
                   TB, but before it is linked into a potentially
                   infinite loop and becomes env->current_tb. Avoid
                   starting execution if there is a pending interrupt. */
-                if (unlikely (env->interrupt_request & CPU_INTERRUPT_EXIT))
+                if (unlikely (env->exit_request))
                    env->current_tb = NULL;

                while (env->current_tb) {