From d56a4b0be4f890bebe09cd9b77c4b81e26e63958 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>
Date: Fri, 2 Mar 2018 09:56:35 -0500
Subject: [PATCH] tcg: handle EXCP_ATOMIC exception for system emulation

The patch enables handling atomic code in the guest. This should be
preferably done in cpu_handle_exception(), but the current assumptions
regarding when we can execute atomic sections cause a deadlock.

The current mechanism discards the flags which were set in atomic
execution. We ensure they are properly saved by calling the
cc->cpu_exec_enter/leave() functions around the loop.

As we are running cpu_exec_step_atomic() from the outermost loop we
need to avoid an abort() when single stepping over atomic code since
debug exception longjmp will point to the the setlongjmp in
cpu_exec(). We do this by setting a new jmp_env so that it jumps back
here on an exception.

Backports relevant parts of commit 08e73c48b053566bfe0c994f154f73991cd0ff0e from qemu
---
 qemu/cpu-exec.c | 34 +++++++++++++++++++++++++---------
 qemu/cpus.c     |  2 +-
 2 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/qemu/cpu-exec.c b/qemu/cpu-exec.c
index d88d377e..b1c58e19 100644
--- a/qemu/cpu-exec.c
+++ b/qemu/cpu-exec.c
@@ -452,15 +452,31 @@ static void cpu_exec_step(struct uc_struct *uc, CPUState *cpu)
     uint32_t flags;
 
     cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
-    tb = tb_gen_code(cpu, pc, cs_base, flags,
-                     1 | CF_NOCACHE | CF_IGNORE_ICOUNT);
-    tb->orig_tb = NULL;
-    /* execute the generated code */
-    // Unicorn: commented out
-    //trace_exec_tb_nocache(tb, pc);
-    cpu_tb_exec(cpu, tb);
-    tb_phys_invalidate(uc, tb, -1);
-    tb_free(uc, tb);
+
+    if (sigsetjmp(cpu->jmp_env, 0) == 0) {
+        mmap_lock();
+        tb = tb_gen_code(cpu, pc, cs_base, flags,
+                         1 | CF_NOCACHE | CF_IGNORE_ICOUNT);
+        tb->orig_tb = NULL;
+        mmap_unlock();
+
+        /* execute the generated code */
+        cpu_tb_exec(cpu, tb);
+        tb_phys_invalidate(uc, tb, -1);
+        tb_free(uc, tb);
+    } else {
+        /* We may have exited due to another problem here, so we need
+         * to reset any tb_locks we may have taken but didn't release.
+         * The mmap_lock is dropped by tb_gen_code if it runs out of
+         * memory.
+         */
+#ifndef CONFIG_SOFTMMU
+        // Unicorn: Commented out
+        //tcg_debug_assert(!have_mmap_lock());
+#endif
+        // Unicorn: commented out
+        //tb_lock_reset();
+    }
 }
 
 void cpu_exec_step_atomic(struct uc_struct *uc, CPUState *cpu)
diff --git a/qemu/cpus.c b/qemu/cpus.c
index a4841a2a..427c642e 100644
--- a/qemu/cpus.c
+++ b/qemu/cpus.c
@@ -187,7 +187,7 @@ static bool tcg_exec_all(struct uc_struct* uc)
             } else if (r == EXCP_ATOMIC) {
                 cpu_exec_step_atomic(uc, cpu);
             }
-        } else if (cpu->stop || cpu->stopped) {
+        } else if (cpu->stop) {
             printf(">>> got stopped!!!\n");
             break;
         }