From patchwork Mon Apr 23 13:19:46 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Michael S. Tsirkin" <mst@redhat.com>
X-Patchwork-Id: 154433
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 4ECB5B6FA3
	for <incoming@patchwork.ozlabs.org>;
	Mon, 23 Apr 2012 23:20:05 +1000 (EST)
Received: from localhost ([::1]:60024 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1SMJBT-00020f-1n
	for incoming@patchwork.ozlabs.org; Mon, 23 Apr 2012 09:20:03 -0400
Received: from eggs.gnu.org ([208.118.235.92]:38765)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1SMJBI-0001ru-JY
	for qemu-devel@nongnu.org; Mon, 23 Apr 2012 09:19:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1SMJBA-0002Sc-3j
	for qemu-devel@nongnu.org; Mon, 23 Apr 2012 09:19:52 -0400
Received: from mx1.redhat.com ([209.132.183.28]:22667)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1SMJB9-0002QY-Sq
	for qemu-devel@nongnu.org; Mon, 23 Apr 2012 09:19:44 -0400
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q3NDJdJi012765
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 23 Apr 2012 09:19:39 -0400
Received: from redhat.com (vpn-202-51.tlv.redhat.com [10.35.202.51])
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	SMTP id q3NDJZ9K013343; Mon, 23 Apr 2012 09:19:36 -0400
Date: Mon, 23 Apr 2012 16:19:46 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Message-ID: 
 <89f5bc9dc88a401b472508586752d8906b7505d6.1335186822.git.mst@redhat.com>
References: <cover.1335186822.git.mst@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1335186822.git.mst@redhat.com>
X-Mutt-Fcc: =sent
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 209.132.183.28
Cc: Anthony Liguori <aliguori@us.ibm.com>,
	Juan Quintela <quintela@redhat.com>,
	Alexey Kardashevskiy <aik@ozlabs.ru>, stefanha@gmail.com,
	Jason Wang <jasowang@redhat.com>,
	Eric Sunshine <sunshine@sunshineco.com>,
	Amit Shah <amit.shah@redhat.com>,
	David Gibson <david@gibson.dropbear.id.au>
Subject: [Qemu-devel] [PATCHv2 2/3] virtio: add missing mb() on enable
	notification
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

This fixes an issue dual to the one fixed by
patch 'virtio: add missing mb() on notification'
and applies on top.

In this case, to enable vq kick to exit to host,
qemu writes out used flag then reads the
avail index. if these are reordered we get a race:

    host avail index read: ring is empty
    		guest avail index write
    		guest flag read: exit disabled
    host used flag write: enable exit

which results in a lost exit: host will never be notified about the
avail index update.  Again, happens in the field but only seems to
trigger on some specific hardware.

Insert an smp_mb barrier operation to ensure the correct ordering.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/virtio.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/hw/virtio.c b/hw/virtio.c
index 6449746..def0bf1 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -209,6 +209,10 @@ void virtio_queue_set_notification(VirtQueue *vq, int enable)
     } else {
         vring_used_flags_set_bit(vq, VRING_USED_F_NO_NOTIFY);
     }
+    if (enable) {
+        /* Expose avail event/used flags before caller checks the avail idx. */
+        smp_mb();
+    }
 }
 
 int virtio_queue_ready(VirtQueue *vq)
@@ -694,7 +698,7 @@ static bool vring_notify(VirtIODevice *vdev, VirtQueue *vq)
     uint16_t old, new;
     bool v;
     /* We need to expose used array entries before checking used event. */
-    mb();
+    smp_mb();
     /* Always notify when queue is empty (when feature acknowledge) */
     if (((vdev->guest_features & (1 << VIRTIO_F_NOTIFY_ON_EMPTY)) &&
          !vq->inuse && vring_avail_idx(vq) == vq->last_avail_idx)) {