ppc patch queue 2017-12-05

Alas, this is yet another fix for ppc that I think it's worth
 squeezing into 2.11.  It's a really ugly fix for some pretty ugly
 code, but it does seem to address a real problem.  It's also a problem
 that's appeared relatively recently, since it was either created by,
 or made much easier to trigger by, by the merge of MTTCG.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAlomLXQACgkQbDjKyiDZ
 s5IHeg//X3JQ//s7BhmAAPERA4p/0bwuRZWk1T+zwypc1HZegjDfwMtH0GCjhabU
 OhVgdneuqFwHJEeWyLWLpEwHazX8hk9CYRYi186oblHgKtPaqXRI30Pnywni3hx6
 Bx4GFf84fZmPdibbE3IGNpyXOjUuAsx54MaWKpIZzYTTrZYUc2+W8DK7B9kiiAfm
 Tv1mWJxg7YVtnedB8wo+HyEjGL3V3Ww+09YmYqjJz+AQT05fFONYJddLjvnFInFs
 FtSqeF8KD86KbhPSWVJtSGwHMXO344F2ZhIjk57JwKDxDC/x/0Xg/7pmQ0RMSvxW
 phTHsQ0iCoJs0ix6B0ATlqxgMlVf5GkveqIkgxF8z9QrAjajHSHasVsBRbb+qaRS
 ozWdtYPHiN/+hjg8zEsmUR3yPtyHysk5KDWCq7rAt7thFEV6xTMfIDNAKDlwmE5i
 JhoTHLj+wH+l6q3/iuzQpSLTfymN2fA2f58IK+U1WUo0fHEg4bRW/dHz+SO6gJwV
 iTyl0Du2T5eaKGvfdB9jfGQXrmXcOu1yNLTD4pUG3cpGI57dPnoL+/Qq/gIQgmwl
 qBTCSlJWWoiwy0v7iEixd5ULDAG5l8niUyGNPTsN8PXtwProyfSvY/eHwEcrmwWo
 0lt+sJUywKEeL+TVnRdny4fFSOcb861m3GEYfAj/uSlYKLDjnaE=
 =L4ZT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171205' into staging

ppc patch queue 2017-12-05

Alas, this is yet another fix for ppc that I think it's worth
squeezing into 2.11.  It's a really ugly fix for some pretty ugly
code, but it does seem to address a real problem.  It's also a problem
that's appeared relatively recently, since it was either created by,
or made much easier to trigger by, by the merge of MTTCG.

# gpg: Signature made Tue 05 Dec 2017 05:24:04 GMT
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.11-20171205:
  target/ppc: Fix system lockups caused by interrupt_request state corruption

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/ppc/excp_helper.c

@@ -207,7 +207,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp)
                         "Entering checkstop state\n");
             }
             cs->halted = 1;
-            cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
+            cpu_interrupt_exittb(cs);
         }
         if (env->msr_mask & MSR_HVB) {
             /* ISA specifies HV, but can be delivered to guest with HV clear
@@ -940,7 +940,7 @@ void helper_store_msr(CPUPPCState *env, target_ulong val)
 
     if (excp != 0) {
         CPUState *cs = CPU(ppc_env_get_cpu(env));
-        cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
+        cpu_interrupt_exittb(cs);
         raise_exception(env, excp);
     }
 }
@@ -995,8 +995,7 @@ static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr)
     /* No need to raise an exception here,
      * as rfi is always the last insn of a TB
      */
-    cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
-
+    cpu_interrupt_exittb(cs);
     /* Reset the reservation */
     env->reserve_addr = -1;
 

target/ppc/helper_regs.h

@@ -20,6 +20,8 @@
 #ifndef HELPER_REGS_H
 #define HELPER_REGS_H
 
+#include "qemu/main-loop.h"
+
 /* Swap temporary saved registers with GPRs */
 static inline void hreg_swap_gpr_tgpr(CPUPPCState *env)
 {
@@ -96,6 +98,17 @@ static inline void hreg_compute_hflags(CPUPPCState *env)
     env->hflags |= env->hflags_nmsr;
 }
 
+static inline void cpu_interrupt_exittb(CPUState *cs)
+{
+    if (!qemu_mutex_iothread_locked()) {
+        qemu_mutex_lock_iothread();
+        cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
+        qemu_mutex_unlock_iothread();
+    } else {
+        cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
+    }
+}
+
 static inline int hreg_store_msr(CPUPPCState *env, target_ulong value,
                                  int alter_hv)
 {
@@ -114,11 +127,11 @@ static inline int hreg_store_msr(CPUPPCState *env, target_ulong value,
     }
     if (((value >> MSR_IR) & 1) != msr_ir ||
         ((value >> MSR_DR) & 1) != msr_dr) {
-        cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
+        cpu_interrupt_exittb(cs);
     }
     if ((env->mmu_model & POWERPC_MMU_BOOKE) &&
         ((value >> MSR_GS) & 1) != msr_gs) {
-        cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
+        cpu_interrupt_exittb(cs);
     }
     if (unlikely((env->flags & POWERPC_FLAG_TGPR) &&
                  ((value ^ env->msr) & (1 << MSR_TGPR)))) {