diff options
| author | Alex Bennée <alex.bennee@linaro.org> | 2021-07-21 00:26:54 +0100 |
|---|---|---|
| committer | Alex Bennée <alex.bennee@linaro.org> | 2021-07-23 17:22:16 +0100 |
| commit | f7e68c9c99ad94f23d3ba3af1642c805b11c71c1 (patch) | |
| tree | 0a1141f57b680499f943b37beee3093c6cfa8514 /plugins | |
| parent | 094d278547dcb66ad222047ab9c325c452fe31e3 (diff) | |
| download | focaccia-qemu-f7e68c9c99ad94f23d3ba3af1642c805b11c71c1.tar.gz focaccia-qemu-f7e68c9c99ad94f23d3ba3af1642c805b11c71c1.zip | |
tcg/plugins: implement a qemu_plugin_user_exit helper
In user-mode emulation there is a small race between preexit_cleanup and exit_group() which means we may end up calling instrumented instructions before the kernel reaps child threads. To solve this we implement a new helper which ensures the callbacks are flushed along with any translations before we let the host do it's a thing. While we are at it make the documentation of qemu_plugin_register_atexit_cb clearer as to what the user can expect. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Mahmoud Mandour <ma.mandourr@gmail.com> Acked-by: Warner Losh <imp@bsdimp.com> Message-Id: <20210720232703.10650-21-alex.bennee@linaro.org>
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/core.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/plugins/core.c b/plugins/core.c index 474db287cb..6b2490f973 100644 --- a/plugins/core.c +++ b/plugins/core.c @@ -488,6 +488,45 @@ void qemu_plugin_register_atexit_cb(qemu_plugin_id_t id, } /* + * Handle exit from linux-user. Unlike the normal atexit() mechanism + * we need to handle the clean-up manually as it's possible threads + * are still running. We need to remove all callbacks from code + * generation, flush the current translations and then we can safely + * trigger the exit callbacks. + */ + +void qemu_plugin_user_exit(void) +{ + enum qemu_plugin_event ev; + CPUState *cpu; + + QEMU_LOCK_GUARD(&plugin.lock); + + start_exclusive(); + + /* un-register all callbacks except the final AT_EXIT one */ + for (ev = 0; ev < QEMU_PLUGIN_EV_MAX; ev++) { + if (ev != QEMU_PLUGIN_EV_ATEXIT) { + struct qemu_plugin_ctx *ctx; + QTAILQ_FOREACH(ctx, &plugin.ctxs, entry) { + plugin_unregister_cb__locked(ctx, ev); + } + } + } + + tb_flush(current_cpu); + + CPU_FOREACH(cpu) { + qemu_plugin_disable_mem_helpers(cpu); + } + + end_exclusive(); + + /* now it's safe to handle the exit case */ + qemu_plugin_atexit_cb(); +} + +/* * Call this function after longjmp'ing to the main loop. It's possible that the * last instruction of a TB might have used helpers, and therefore the * "disable" instruction will never execute because it ended up as dead code. |