summaryrefslogtreecommitdiffstats
path: root/accel/tcg
diff options
context:
space:
mode:
authorAlex Bennée2021-02-13 14:03:22 +0100
committerAlex Bennée2021-02-18 09:19:23 +0100
commitcfd405eae6ad7a0e20b006e3295c5e8edab3ce3f (patch)
treee65cff6041fc797b3ce6eaebe19547c046ff8e54 /accel/tcg
parentaccel/tcg: remove CF_NOCACHE and special cases (diff)
downloadqemu-cfd405eae6ad7a0e20b006e3295c5e8edab3ce3f.tar.gz
qemu-cfd405eae6ad7a0e20b006e3295c5e8edab3ce3f.tar.xz
qemu-cfd405eae6ad7a0e20b006e3295c5e8edab3ce3f.zip
accel/tcg: allow plugin instrumentation to be disable via cflags
When icount is enabled and we recompile an MMIO access we end up double counting the instruction execution. To avoid this we introduce the CF_MEMI cflag which only allows memory instrumentation for the next TB (which won't yet have been counted). As this is part of the hashed compile flags we will only execute the generated TB while coming out of a cpu_io_recompile. While we are at it delete the old TODO. We might as well keep the translation handy as it's likely you will repeatedly hit it on each MMIO access. Reported-by: Aaron Lindsay <aaron@os.amperecomputing.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210213130325.14781-21-alex.bennee@linaro.org>
Diffstat (limited to 'accel/tcg')
-rw-r--r--accel/tcg/plugin-gen.c3
-rw-r--r--accel/tcg/translate-all.c18
-rw-r--r--accel/tcg/translator.c5
3 files changed, 15 insertions, 11 deletions
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index 8a1bb801e0..c3dc3effe7 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -842,7 +842,7 @@ static void plugin_gen_inject(const struct qemu_plugin_tb *plugin_tb)
pr_ops();
}
-bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb)
+bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb, bool mem_only)
{
struct qemu_plugin_tb *ptb = tcg_ctx->plugin_tb;
bool ret = false;
@@ -855,6 +855,7 @@ bool plugin_gen_tb_start(CPUState *cpu, const TranslationBlock *tb)
ptb->vaddr2 = -1;
get_page_addr_code_hostp(cpu->env_ptr, tb->pc, &ptb->haddr1);
ptb->haddr2 = NULL;
+ ptb->mem_only = mem_only;
plugin_gen_empty_callback(PLUGIN_GEN_FROM_TB);
}
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 464b3c3394..bbd919a393 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -2400,7 +2400,8 @@ void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr)
}
#ifndef CONFIG_USER_ONLY
-/* in deterministic execution mode, instructions doing device I/Os
+/*
+ * In deterministic execution mode, instructions doing device I/Os
* must be at the end of the TB.
*
* Called by softmmu_template.h, with iothread mutex not held.
@@ -2431,19 +2432,18 @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
n = 2;
}
- /* Generate a new TB executing the I/O insn. */
- cpu->cflags_next_tb = curr_cflags() | CF_LAST_IO | n;
+ /*
+ * Exit the loop and potentially generate a new TB executing the
+ * just the I/O insns. We also limit instrumentation to memory
+ * operations only (which execute after completion) so we don't
+ * double instrument the instruction.
+ */
+ cpu->cflags_next_tb = curr_cflags() | CF_MEMI_ONLY | CF_LAST_IO | n;
qemu_log_mask_and_addr(CPU_LOG_EXEC, tb->pc,
"cpu_io_recompile: rewound execution of TB to "
TARGET_FMT_lx "\n", tb->pc);
- /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
- * the first in the TB) then we end up generating a whole new TB and
- * repeating the fault, which is horribly inefficient.
- * Better would be to execute just this insn uncached, or generate a
- * second new TB.
- */
cpu_loop_exit_noexc(cpu);
}
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index a49a794065..2dfc27102f 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -58,7 +58,8 @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
ops->tb_start(db, cpu);
tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */
- plugin_enabled = plugin_gen_tb_start(cpu, tb);
+ plugin_enabled = plugin_gen_tb_start(cpu, tb,
+ tb_cflags(db->tb) & CF_MEMI_ONLY);
while (true) {
db->num_insns++;
@@ -100,6 +101,8 @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
gen_io_start();
ops->translate_insn(db, cpu);
} else {
+ /* we should only see CF_MEMI_ONLY for io_recompile */
+ tcg_debug_assert(!(tb_cflags(db->tb) & CF_MEMI_ONLY));
ops->translate_insn(db, cpu);
}