Re: pkg/42158: qemu: pthread + fork = hang

[Andreas Gustafsson <gson%gson.org@localhost>]

The following reply was made to PR pkg/42158; it has been noted by GNATS.

From: Andreas Gustafsson <gson%gson.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/42158: qemu: pthread + fork = hang
Date: Sun, 25 Apr 2010 15:23:41 +0300

 I have reclassified this as category pkg because it's definitely a
 qemu bug.
 
 In a physical i386 CPU, the cmpxchg instruction performs a comparison
 and read-modify-write memory cycle.  In the case where the comparison
 outcome is "unequal", the read-modify-write cycle is an effective
 no-op, writing back the same value that was read, and the value of the
 source operand is loaded into the accumulator.  Qemu attempts to
 emulate this behavior including the redundant memory write.
 
 To be precise, qemu first loads the accumulator and then does the
 redundant memory write.  If a page fault occurs during the write, the
 cmpxchg instruction will be restarted after handling the page fault,
 but because the accumulator has already been changed, the comparison
 will now incorrectly yield a result of "equal", causing the memory
 write to write the value from the source operand instead of re-writing
 the original memory contents.
 
 I assume fork() triggers the bug because it write protects pages to
 implement copy-on-write, thereby producing a situation where the read
 part of the cmpxchg read-modify-write cycle succeeds but the write
 part causes a page fault.
 
 Patching qemu to only change the accumulator after performing the
 redundant write fixes the problem for me.  I will commit my patch to
 pkgsrc and report the problem upstream.
 -- 
 Andreas Gustafsson, gson%gson.org@localhost