From 1e4154af83121f2763818d3b16342e9de1d3ee07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>
Date: Thu, 1 Mar 2018 08:44:12 -0500
Subject: [PATCH] exec.c: ensure all AddressSpaceDispatch updates under RCU

The memory_dispatch field is meant to be protected by RCU so we should
use the correct primitives when accessing it. This race was flagged up
by the ThreadSanitizer.

Backports commit f35e44e7645edbb08e35b111c10c2fc57e2905c7 from qemu
---
 qemu/exec.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/qemu/exec.c b/qemu/exec.c
index 113ca18c..7fa202bb 100644
--- a/qemu/exec.c
+++ b/qemu/exec.c
@@ -432,7 +432,8 @@ address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
                                   hwaddr *xlat, hwaddr *plen)
 {
     MemoryRegionSection *section;
-    AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
+    // Unicorn: atomic_read used instead of atomic_rcu_read
+    AddressSpaceDispatch *d = atomic_read(&cpu->cpu_ases[asidx].memory_dispatch);
 
     section = address_space_translate_internal(d, addr, xlat, plen, false);
 
@@ -1809,7 +1810,8 @@ static void tcg_commit(MemoryListener *listener)
      */
     // Unicorn: uses atomic_read instead of atomic_rcu_read
     d = atomic_read(&cpuas->as->dispatch);
-    cpuas->memory_dispatch = d;
+    // Unicorn: atomic_set used instead of atomic_rcu_set
+    atomic_set(&cpuas->memory_dispatch, d);
     tlb_flush(cpuas->cpu, 1);
 }