exec.c: Fix breakpoint invalidation race

A bug (1647683) was reported showing a crash when removing
breakpoints.  The reproducer was bisected to 3359baad when tb_flush
was finally made thread safe.  While in MTTCG the locking in
breakpoint_invalidate would have prevented any problems, but
currently tb_lock() is a NOP for system emulation.

The race is between a tb_flush from the gdbstub and the
tb_invalidate_phys_addr() in breakpoint_invalidate().

Ideally we'd have actual locking here; for the moment the
simple fix is to do a full tb_flush() for a bp invalidate,
since that is thread-safe even if no lock is taken.

Reported-by: Julian Brown <julian@codesourcery.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1481047629-7763-1-git-send-email-peter.maydell@linaro.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
1 file changed
tree: cdcbdc899172840177ee1330e69d5a101c07eb6d
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. contrib/
  6. crypto/
  7. default-configs/
  8. disas/
  9. docs/
  10. fpu/
  11. fsdev/
  12. gdb-xml/
  13. hw/
  14. include/
  15. io/
  16. libdecnumber/
  17. linux-headers/
  18. linux-user/
  19. migration/
  20. nbd/
  21. net/
  22. pc-bios/
  23. po/
  24. qapi/
  25. qga/
  26. qobject/
  27. qom/
  28. replay/
  29. roms/
  30. scripts/
  31. slirp/
  32. stubs/
  33. target-alpha/
  34. target-arm/
  35. target-cris/
  36. target-i386/
  37. target-lm32/
  38. target-m68k/
  39. target-microblaze/
  40. target-mips/
  41. target-moxie/
  42. target-openrisc/
  43. target-ppc/
  44. target-s390x/
  45. target-sh4/
  46. target-sparc/
  47. target-tilegx/
  48. target-tricore/
  49. target-unicore32/
  50. target-xtensa/
  51. tcg/
  52. tests/
  53. trace/
  54. ui/
  55. util/
  56. .dir-locals.el
  57. .exrc
  58. .gitignore
  59. .gitmodules
  60. .mailmap
  61. .travis.yml
  62. accel.c
  63. aio-posix.c
  64. aio-win32.c
  65. arch_init.c
  66. async.c
  67. atomic_template.h
  68. balloon.c
  69. block.c
  70. blockdev-nbd.c
  71. blockdev.c
  72. blockjob.c
  73. bootdevice.c
  74. bt-host.c
  75. bt-vhci.c
  76. Changelog
  77. CODING_STYLE
  78. configure
  79. COPYING
  80. COPYING.LIB
  81. cpu-exec-common.c
  82. cpu-exec.c
  83. cpus-common.c
  84. cpus.c
  85. cputlb.c
  86. device-hotplug.c
  87. device_tree.c
  88. disas.c
  89. dma-helpers.c
  90. dump.c
  91. exec.c
  92. gdbstub.c
  93. HACKING
  94. hmp-commands-info.hx
  95. hmp-commands.hx
  96. hmp.c
  97. hmp.h
  98. iohandler.c
  99. ioport.c
  100. iothread.c
  101. kvm-all.c
  102. kvm-stub.c
  103. LICENSE
  104. main-loop.c
  105. MAINTAINERS
  106. Makefile
  107. Makefile.objs
  108. Makefile.target
  109. memory.c
  110. memory_mapping.c
  111. module-common.c
  112. monitor.c
  113. numa.c
  114. os-posix.c
  115. os-win32.c
  116. page_cache.c
  117. qapi-schema.json
  118. qdev-monitor.c
  119. qdict-test-data.txt
  120. qemu-bridge-helper.c
  121. qemu-char.c
  122. qemu-doc.texi
  123. qemu-ga.texi
  124. qemu-img-cmds.hx
  125. qemu-img.c
  126. qemu-img.texi
  127. qemu-io-cmds.c
  128. qemu-io.c
  129. qemu-nbd.c
  130. qemu-nbd.texi
  131. qemu-option-trace.texi
  132. qemu-options-wrapper.h
  133. qemu-options.h
  134. qemu-options.hx
  135. qemu-seccomp.c
  136. qemu-tech.texi
  137. qemu-timer.c
  138. qemu.nsi
  139. qemu.sasl
  140. qmp.c
  141. qtest.c
  142. README
  143. replication.c
  144. replication.h
  145. rules.mak
  146. softmmu_template.h
  147. spice-qemu-char.c
  148. tcg-runtime.c
  149. tci.c
  150. thread-pool.c
  151. thunk.c
  152. tpm.c
  153. trace-events
  154. translate-all.c
  155. translate-all.h
  156. translate-common.c
  157. user-exec.c
  158. VERSION
  159. version.rc
  160. vl.c
  161. xen-common-stub.c
  162. xen-common.c
  163. xen-hvm-stub.c
  164. xen-hvm.c
  165. xen-mapcache.c