On 04/09/2018 07:13 PM, Pavel Dovgalyuk wrote:
> In icount mode instructions, that access io memory spaces in the middle
> of the translation blocks, invoke TB recompilation.
> After recompilation such instructions become last in the TB and are
> allowed to access io memory spaces.
> When the code includes instruction like i386 'xchg eax, 0xffffd080'
> which accesses APIC, QEMU goes into the infinite loop of the recompilation.
> This instruction includes two memory accesses - one read and one write.
> After first access APIC calls cpu_report_tpr_access, which restores
> the CPU state to get the current eip. But cpu_restore_state_from_tb
> resets cpu->can_do_io flag and makes second memory access invalid.
> Therefore second memory access causes a recompilation of the block.
> Then these operations repeat again and again.
> 
> This patch moves resetting cpu->can_do_io flag from cpu_restore_state_from_tb
> to cpu_loop_exit* functions. It also adds a parameter for cpu_restore_state*()
> which controls restoring icount. There is no need in restoring icount,
> when we only query CPU state without breaking the TB. Restoring it in such
> cases leads to the incorrect flow of the virtual time.
> 
> In most cases new parameter is true (icount should be recalculated).
> But there are two cases in i386 and openrisc when the CPU state is only
> queued without the need to break the TB. This patch fixes both
> of these cases.
> 
> Signed-off-by: Pavel Dovgalyuk <pavel.dovga...@ispras.ru>
> ---

Thanks for the patch and the detailed description.  I've applied this (with
some editing of the english in the description) to my tcg branch for 2.12.


r~

Reply via email to