On Fri, Jul 01, 2016 at 17:16:09 +0100, Alex Bennée wrote: > From: Sergey Fedorov <serge.f...@gmail.com> (snip) > @@ -333,7 +338,7 @@ static inline TranslationBlock *tb_find_fast(CPUState > *cpu, > is executed. */ > cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags); > tb_lock(); > - tb = cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)]; > + tb = atomic_read(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)]); > if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base || > tb->flags != flags)) { > tb = tb_find_slow(cpu, pc, cs_base, flags); > diff --git a/translate-all.c b/translate-all.c > index eaa95e4..1fcfe79 100644 > --- a/translate-all.c > +++ b/translate-all.c > @@ -1004,11 +1004,16 @@ void tb_phys_invalidate(TranslationBlock *tb, > tb_page_addr_t page_addr) > invalidate_page_bitmap(p); > } > > + /* Ensure that we won't find the TB in the shared hash table > + * if we con't see it in CPU's local cache.
s/con't/can't/ > + * Pairs with smp_rmb() in tb_find_slow(). */ > + smp_wmb(); This fence is already embedded in qht_remove, since it internally calls seqlock_write_end() on a successful removal, so we could get away with a comment instead of emitting a redundant fence. However, if qht ever changed its implementation this would have to be taken into account. So I'd be OK with emitting the fence here too. > + > /* remove the TB from the hash list */ > h = tb_jmp_cache_hash_func(tb->pc); > CPU_FOREACH(cpu) { > if (cpu->tb_jmp_cache[h] == tb) { Missing atomic_read here: if (atomic_read(cpu->tb_jmp_cache[...])) { > - cpu->tb_jmp_cache[h] = NULL; > + atomic_set(&cpu->tb_jmp_cache[h], NULL); Other than that, Reviewed-by: Emilio G. Cota <c...@braap.org>