From ab096a75cd626dcd4ad34b2a11652df0269bee0d Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 18 Aug 2015 06:34:19 -0700
Subject: [PATCH] tcg: synchronize cpu->exit_request and cpu->tcg_exit_req
 accesses

Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 cpu-exec.c | 6 +++++-
 qom/cpu.c  | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/cpu-exec.c b/cpu-exec.c
index 567ae8bda1..e24c640013 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -507,8 +507,12 @@ int cpu_exec(CPUState *cpu)
                          * loop. Whatever requested the exit will also
                          * have set something else (eg exit_request or
                          * interrupt_request) which we will handle
-                         * next time around the loop.
+                         * next time around the loop.  But we need to
+                         * ensure the tcg_exit_req read in generated code
+                         * comes before the next read of cpu->exit_request
+                         * or cpu->interrupt_request.
                          */
+                        smp_rmb();
                         next_tb = 0;
                         break;
                     case TB_EXIT_ICOUNT_EXPIRED:
diff --git a/qom/cpu.c b/qom/cpu.c
index 62f4b5de44..02b56f7076 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -114,6 +114,8 @@ void cpu_reset_interrupt(CPUState *cpu, int mask)
 void cpu_exit(CPUState *cpu)
 {
     cpu->exit_request = 1;
+    /* Ensure cpu_exec will see the exit request after TCG has exited.  */
+    smp_wmb();
     cpu->tcg_exit_req = 1;
 }