summaryrefslogtreecommitdiffstats
path: root/accel/tcg
Commit message (Collapse)AuthorAgeFilesLines
* accel/tcg/cpu-exec: Fix precise single-stepping after interruptLuc Michel2022-02-281-2/+6
| | | | | | | | | | | | | | In some cases, cpu->exit_request can be false after handling the interrupt, leading to another TB being executed instead of returning to the main loop. Fix this by returning true unconditionally when in single-step mode. Fixes: ba3c35d9c402 ("tcg/cpu-exec: precise single-stepping after an interrupt") Signed-off-by: Luc Michel <lmichel@kalray.eu> Message-Id: <20220214132656.11397-1-lmichel@kalray.eu> [rth: Unlock iothread mutex; simplify indentation] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* include: Move qemu_[id]cache_* declarations to new qemu/cacheinfo.hPeter Maydell2022-02-211-0/+1
| | | | | | | | | | | | The qemu_icache_linesize, qemu_icache_linesize_log, qemu_dcache_linesize, and qemu_dcache_linesize_log variables are not used in many files. Move them out of osdep.h to a new qemu/cacheinfo.h, and document them. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220208200856.3558249-5-peter.maydell@linaro.org
* Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20220211' ↵Peter Maydell2022-02-142-1/+11
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging Fix safe_syscall_base for sparc64. Fix host signal handling for sparc64-linux. Speedups for jump cache and work list probing. Fix for exception replays. Raise guest SIGBUS for user-only misaligned accesses. # gpg: Signature made Fri 11 Feb 2022 01:27:16 GMT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth-gitlab/tags/pull-tcg-20220211: (34 commits) tests/tcg/multiarch: Add sigbus.c tcg/sparc: Support unaligned access for user-only tcg/sparc: Add tcg_out_jmpl_const for better tail calls tcg/sparc: Use the constant pool for 64-bit constants tcg/sparc: Convert patch_reloc to return bool tcg/sparc: Improve code gen for shifted 32-bit constants tcg/sparc: Add scratch argument to tcg_out_movi_int tcg/sparc: Split out tcg_out_movi_imm32 tcg/sparc: Use tcg_out_movi_imm13 in tcg_out_addsub2_i64 tcg/mips: Support unaligned access for softmmu tcg/mips: Support unaligned access for user-only tcg/arm: Support raising sigbus for user-only tcg/arm: Reserve a register for guest_base tcg/arm: Support unaligned access for softmmu tcg/arm: Check alignment for ldrd and strd tcg/arm: Remove use_armv6_instructions tcg/arm: Remove use_armv5t_instructions tcg/arm: Drop support for armv4 and armv5 hosts tcg/loongarch64: Support raising sigbus for user-only tcg/tci: Support raising sigbus for user-only ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * replay: use CF_NOIRQ for special exception-replaying TBPavel Dovgalyuk2022-02-081-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Commit aff0e204cb1f1c036a496c94c15f5dfafcd9b4b4 introduced CF_NOIRQ usage, but one case was forgotten. Record/replay uses one special TB which is not really executed, but used to cause a correct exception in replay mode. This patch adds CF_NOIRQ flag for such block. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <164362834054.1754532.7678416881159817273.stgit@pasha-ThinkPad-X280> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
| * accel/tcg: Optimize jump cache flush during tlb range flushIdan Horowitz2022-02-081-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When the length of the range is large enough, clearing the whole cache is faster than iterating over the (possibly extremely large) set of pages contained in the range. This mimics the pre-existing similar optimization done on the flush of the tlb itself. Signed-off-by: Idan Horowitz <idan.horowitz@gmail.com> Message-Id: <20220110164754.1066025-1-idan.horowitz@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | plugins: move reset of plugin data to tb_startAlex Bennée2022-02-091-11/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can't always guarantee we get to the end of a translator loop. Although this can happen for a variety of reasons it does happen more often on x86 system emulation when an instruction spans across to an un-faulted page. This caused confusion of the instruction tracking data resulting in apparent reverse execution (at least from the plugins point of view). Fix this by moving the reset code to plugin_gen_tb_start so we always start with a clean slate. We unconditionally reset tcg_ctx->plugin_insn as the plugin_insn_append code uses this as a proxy for knowing if plugins are enabled for the current instruction. Otherwise we can hit a race where a previously instrumented thread leaves a stale value after the main thread exits and disables instrumentation. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/824 Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220204204335.1689602-27-alex.bennee@linaro.org>
* | tracing: remove TCG memory access tracingAlex Bennée2022-02-094-48/+0Star
|/ | | | | | | | | | | | If you really want to trace all memory operations TCG plugins gives you a more flexible interface for doing so. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Luis Vilanova <vilanova@imperial.ac.uk> Cc: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20220204204335.1689602-19-alex.bennee@linaro.org>
* monitor: move x-query-profile into accel/tcg to fix buildAlex Bennée2022-01-181-0/+31
| | | | | | | | | | | | | | | | As --enable-profiler isn't defended in CI we missed this breakage. Move the qmp handler into accel/tcg so we have access to the helpers we need. While we are at it ensure we gate the feature on CONFIG_TCG. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Fixes: 37087fde0e ("qapi: introduce x-query-profile QMP command") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/773 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220105135009.1584676-23-alex.bennee@linaro.org>
* exec/memop: Adding signedness to quad definitionsFrédéric Pétrot2022-01-083-23/+23
| | | | | | | | | | | | | | Renaming defines for quad in their various forms so that their signedness is now explicit. Done using git grep as suggested by Philippe, with a bit of hand edition to keep assignments aligned. Signed-off-by: Frédéric Pétrot <frederic.petrot@univ-grenoble-alpes.fr> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20220106210108.138226-2-frederic.petrot@univ-grenoble-alpes.fr Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
* accel/tcg: suppress IRQ check for special TBsAlex Bennée2021-11-292-2/+11
| | | | | | | | | | | | | | | | | | When we set cpu->cflags_next_tb it is because we want to carefully control the execution of the next TB. Currently there is a race that causes the second stage of watchpoint handling to get ignored if an IRQ is processed before we finish executing the instruction that triggers the watchpoint. Use the new CF_NOIRQ facility to avoid the race. We also suppress IRQs when handling precise self modifying code to avoid unnecessary bouncing. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/245 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211129140932.4115115-3-alex.bennee@linaro.org>
* meson: remove useless libdl testPaolo Bonzini2021-11-161-1/+1
| | | | | | | | | | | | dlopen is never used after it is sought via cc.find_library, because plugins use gmodule instead; remove the test. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20211110092454.30916-1-pbonzini@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211115142915.3797652-5-alex.bennee@linaro.org>
* accel/tcg: Register a force_rcu notifierGreg Kurz2021-11-102-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A TCG vCPU doing a busy loop systematicaly hangs the QEMU monitor if the user passes 'device_add' without argument. This is because drain_cpu_all() which is called from qmp_device_add() cannot return if readers don't exit read-side critical sections. That is typically what busy-looping TCG vCPUs do: int cpu_exec(CPUState *cpu) { [...] rcu_read_lock(); [...] while (!cpu_handle_exception(cpu, &ret)) { // Busy loop keeps vCPU here } [...] rcu_read_unlock(); return ret; } For MTTCG, have all vCPU threads register a force_rcu notifier that will kick them out of the loop using async_run_on_cpu(). The notifier is called with the rcu_registry_lock mutex held, using async_run_on_cpu() ensures there are no deadlocks. For RR, a single thread runs all vCPUs. Just register a single notifier that kicks the current vCPU to the next one. For MTTCG: Suggested-by: Paolo Bonzini <pbonzini@redhat.com> For RR: Suggested-by: Richard Henderson <richard.henderson@linaro.org> Fixes: 7bed89958bfb ("device_core: use drain_call_rcu in in qmp_device_add") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/650 Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211109183523.47726-3-groug@kaod.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* plugins: try and make plugin_insn_append more ergonomicAlex Bennée2021-11-042-3/+2Star
| | | | | | | | | | | | | | | | | | Currently we make the assumption that the guest frontend loads all op code bytes sequentially. This mostly holds up for regular fixed encodings but some architectures like s390x like to re-read the instruction which causes weirdness to occur. Rather than changing the frontends make the plugin API a little more ergonomic and able to handle the re-read case. Stuff will still get strange if we read ahead of the opcode but so far no front ends have done that and this patch asserts the case so we can catch it early if they do. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211026102234.3961636-21-alex.bennee@linaro.org>
* Merge remote-tracking branch ↵Richard Henderson2021-11-033-65/+92
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/berrange/tags/hmp-x-qmp-620-pull-request' into staging Initial conversion of HMP debugging commands to QMP This introduces a new policy that all HMP commands will be converted to have QMP equivalents, marked unstable if no formal QAPI modelling is intended to be done. New unstable commands are added as follows: - HMP "info roms" => QMP "x-query-roms" - HMP "info profile" => QMP "x-query-profile" - HMP "info numa" => QMP "x-query-numa" - HMP "info usb" => QMP "x-query-usb" - HMP "info rdma" => QMP "x-query-rdma" - HMP "info ramblock" => QMP "x-query-ramblock" - HMP "info irq" => QMP "x-query-irq" - HMP "info jit" => QMP "x-query-jit" - HMP "info opcount" => QMP "x-query-opcount" # gpg: Signature made Tue 02 Nov 2021 01:54:28 PM EDT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] * remotes/berrange/tags/hmp-x-qmp-620-pull-request: qapi: introduce x-query-opcount QMP command qapi: introduce x-query-jit QMP command qapi: introduce x-query-irq QMP command qapi: introduce x-query-ramblock QMP command qapi: introduce x-query-rdma QMP command qapi: introduce x-query-usb QMP command qapi: introduce x-query-numa QMP command qapi: introduce x-query-profile QMP command qapi: introduce x-query-roms QMP command docs/devel: document expectations for HMP commands in the future docs/devel: add example of command returning unstructured text docs/devel: document expectations for QAPI data modelling for QMP monitor: introduce HumanReadableText and HMP support docs/devel: update error handling guidance for HMP commands docs/devel: tweak headings in monitor command docs docs/devel: rename file for writing monitor commands monitor: make hmp_handle_error return a boolean monitor: remove 'info ioapic' HMP command Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
| * qapi: introduce x-query-opcount QMP commandDaniel P. Berrangé2021-11-023-8/+17
| | | | | | | | | | | | | | | | | | | | | | This is a counterpart to the HMP "info opcount" command. It is being added with an "x-" prefix because this QMP command is intended as an ad hoc debugging tool and will thus not be modelled in QAPI as fully structured data, nor will it have long term guaranteed stability. The existing HMP command is rewritten to call the QMP command. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
| * qapi: introduce x-query-jit QMP commandDaniel P. Berrangé2021-11-023-57/+75
| | | | | | | | | | | | | | | | | | | | | | This is a counterpart to the HMP "info jit" command. It is being added with an "x-" prefix because this QMP command is intended as an ad hoc debugging tool and will thus not be modelled in QAPI as fully structured data, nor will it have long term guaranteed stability. The existing HMP command is rewritten to call the QMP command. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* | tcg: Add helper_unaligned_{ld,st} for user-only sigbusRichard Henderson2021-11-021-0/+11
| | | | | | | | | | | | | | | | | | | | | | To be called from tcg generated code on hosts that support unaligned accesses natively, in response to an access that is supposed to be aligned. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | accel/tcg: Report unaligned load/store for user-onlyRichard Henderson2021-11-021-1/+6
| | | | | | | | | | | | | | | | | | Use the new cpu_loop_exit_sigbus for cpu_mmu_lookup. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | accel/tcg: Report unaligned atomics for user-onlyRichard Henderson2021-11-021-1/+12
| | | | | | | | | | | | | | | | | | Use the new cpu_loop_exit_sigbus for atomic_mmu_lookup, which has access to complete alignment info from the TCGMemOpIdx arg. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user: Add cpu_loop_exit_sigsegvRichard Henderson2021-11-021-15/+18
| | | | | | | | | | | | | | | | | | This is a new interface to be provided by the os emulator for raising SIGSEGV on fault. Use the new record_sigsegv target hook. Reviewed by: Warner Losh <imp@bsdimp.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/riscv: Populate host_signal.hRichard Henderson2021-11-021-134/+0Star
| | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/mips: Populate host_signal.hRichard Henderson2021-11-021-51/+1Star
| | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/s390: Populate host_signal.hRichard Henderson2021-11-021-87/+1Star
| | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/aarch64: Populate host_signal.hRichard Henderson2021-11-021-93/+1Star
| | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Drop the *BSD code, to be re-created under bsd-user/ later. Reviewed-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/arm: Populate host_signal.hRichard Henderson2021-11-021-44/+1Star
| | | | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Drop the *BSD code, to be re-created under bsd-user/ later. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/sparc: Populate host_signal.hRichard Henderson2021-11-021-61/+1Star
| | | | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Drop the *BSD code, to be re-created under bsd-user/ later. Drop the Solaris code as completely unused. Reviewed-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/alpha: Populate host_signal.hRichard Henderson2021-11-021-30/+1Star
| | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/ppc: Populate host_signal.hRichard Henderson2021-11-021-78/+1Star
| | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Drop the *BSD code, to be re-created under bsd-user/ later. Reviewed-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | linux-user/host/x86: Populate host_signal.hRichard Henderson2021-11-021-135/+1Star
| | | | | | | | | | | | | | | | Split host_signal_pc and host_signal_write out of user-exec.c. Drop the *BSD code, to be re-created under bsd-user/ later. Reviewed-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | accel/tcg: Fold cpu_exit_tb_from_sighandler into callerRichard Henderson2021-10-301-12/+2Star
| | | | | | | | | | | | | | | | | | Remove the comment about siglongjmp. We do use sigsetjmp in the main cpu loop, but we do not save the signal mask as most exits from the cpu loop do not require them. Reviewed-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | accel/tcg: Split out handle_sigsegv_accerr_writeRichard Henderson2021-10-301-41/+60
| | | | | | | | | | | | | | | | | | | | | | | | This is the major portion of handle_cpu_signal which is specific to tcg, handling the page protections for the translations. Most of the rest will migrate to linux-user/ shortly. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- v2: Pass guest address to handle_sigsegv_accerr_write.
* | accel/tcg: Move clear_helper_retaddr to cpu loopRichard Henderson2021-10-302-3/+2Star
| | | | | | | | | | | | | | | | Currently there are only two places that require we reset this value before exiting to the main loop, but that will change. Reviewed-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | accel/tcg: Split out adjust_signal_pcRichard Henderson2021-10-301-16/+25
|/ | | | | | | | | | | Split out a function to adjust the raw signal pc into a value that could be passed to cpu_restore_state. Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- v2: Adjust pc in place; return MMUAccessType.
* accel/tcg: Handle gdb singlestep in cpu_tb_execRichard Henderson2021-10-161-0/+11
| | | | | | | Currently the change in cpu_tb_exec is masked by the debug exception being raised by the translators. But this allows us to remove that code. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Move helper_*_mmu decls to tcg/tcg-ldst.hRichard Henderson2021-10-131-0/+1
| | | | | | | | | | These functions have been replaced by cpu_*_mmu as the most proper interface to use from target code. Hide these declarations from code that should not use them. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Add cpu_{ld,st}*_mmu interfacesRichard Henderson2021-10-133-475/+571
| | | | | | | | | | | | | | | | These functions are much closer to the softmmu helper functions, in that they take the complete MemOpIdx, and from that they may enforce required alignment. The previous cpu_ldst.h functions did not have alignment info, and so did not enforce it. Retain this by adding MO_UNALN to the MemOp that we create in calling the new functions. Note that we are not yet enforcing alignment for user-only, but we now have the information with which to do so. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: re-factor plugin_inject_cb so we can assert insn_idx is validAlex Bennée2021-10-121-72/+85
| | | | | | | | | | | | | | | | | | | | | | | | Coverity doesn't know enough about how we have arranged our plugin TCG ops to know we will always have incremented insn_idx before injecting the callback. Let us assert it for the benefit of Coverity and protect ourselves from accidentally breaking the assumption and triggering harder to grok errors deeper in the code if we attempt a negative indexed array lookup. However to get to this point we re-factor the code and remove the second hand instruction boundary detection in favour of scanning the full set of ops and using the existing INDEX_op_insn_start to cleanly detect when the instruction has started. As we no longer need the plugin specific list of ops we delete that. My initial benchmarks shows no discernible impact of dropping the plugin specific ops list. Fixes: Coverity 1459509 Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210917162332.3511179-12-alex.bennee@linaro.org>
* trace: Split guest_mem_beforeRichard Henderson2021-10-064-44/+20Star
| | | | | | | | | | There is no point in encoding load/store within a bit of the memory trace info operand. Represent atomic operations as a single read-modify-write tracepoint. Use MemOpIdx instead of inventing a form specifically for traces. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* plugins: Reorg arguments to qemu_plugin_vcpu_mem_cbRichard Henderson2021-10-064-29/+21Star
| | | | | | | | | | Use the MemOpIdx directly, rather than the rearrangement of the same bits currently done by the trace infrastructure. Pass in enum qemu_plugin_mem_rw so that we are able to treat read-modify-write operations as a single operation. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Pass MemOpIdx to atomic_trace_*_postRichard Henderson2021-10-062-39/+39
| | | | | | | | We will shortly use the MemOpIdx directly, but in the meantime re-compute the trace meminfo. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* trace/mem: Pass MemOpIdx to trace_mem_get_infoRichard Henderson2021-10-063-25/+35
| | | | | | | | We (will) often have the complete MemOpIdx handy, so use that. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Rename TCGMemOpIdx to MemOpIdxRichard Henderson2021-10-064-55/+55
| | | | | | | | | We're about to move this out of tcg.h, so rename it as we did when moving MemOp. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Drop signness in tracing in cputlb.cRichard Henderson2021-10-062-46/+9Star
| | | | | | | | | We are already inconsistent about whether or not MO_SIGN is set in trace_mem_get_info. Dropping it entirely allows some simplification. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Restrict cpu_handle_halt() to sysemuPhilippe Mathieu-Daudé2021-09-221-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | Commit 372579427a5 ("tcg: enable thread-per-vCPU") added the following comment describing EXCP_HALTED in qemu_tcg_cpu_thread_fn(): case EXCP_HALTED: /* during start-up the vCPU is reset and the thread is * kicked several times. If we don't ensure we go back * to sleep in the halted state we won't cleanly * start-up when the vCPU is enabled. * * cpu->halted should ensure we sleep in wait_io_event */ g_assert(cpu->halted); break; qemu_wait_io_event() is sysemu-specific, so we can restrict the cpu_handle_halt() call in cpu_exec() to system emulation. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210912172731.789788-2-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg/user-exec: Fix read-modify-write of code on s390 hostsIlya Leoshkevich2021-09-141-7/+41
| | | | | | | | | | | | x86_64 dotnet/runtime uses cmpxchg for code patching. When running it under s390x qemu-linux user, cpu_signal_handler() does not recognize this as a write and does not restore PAGE_WRITE cleared by tb_page_add(), incorrectly forwarding the signal to the guest code. Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210803221606.150103-1-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Restrict TCGCPUOps::cpu_exec_interrupt() to sysemuPhilippe Mathieu-Daudé2021-09-141-3/+7
| | | | | | | | | | | | | All targets call TCGCPUOps::cpu_exec_interrupt() from sysemu code. Move its declaration to restrict it to system emulation. Extend the code guarded. Restrict the static inlined need_replay_interrupt() method to avoid a "defined but not used" warning. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210911165434.531552-24-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Rename user-mode do_interrupt hack as fake_user_interruptPhilippe Mathieu-Daudé2021-09-141-2/+2
| | | | | | | | | | | | | | | | do_interrupt() is sysemu specific. However due to some X86 specific hack, it is also used in user-mode emulation, which is why it couldn't be restricted to CONFIG_SOFTMMU (see the comment around added in commit 78271684719: "cpu: tcg_ops: move to tcg-cpu-ops.h, keep a pointer in CPUClass"). Keep the hack but rename the handler as fake_user_interrupt() and restrict do_interrupt() to sysemu. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210911165434.531552-6-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: remove redundant TCG_KICK_PERIOD defineLuc Michel2021-09-141-2/+0Star
| | | | | | | | | | | The TCG_KICK_PERIOD macro is already defined in tcg-accel-ops-rr.h. Remove it from tcg-accel-ops-rr.c. Signed-off-by: Luc Michel <lmichel@kalray.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210811141229.12470-1-lmichel@kalray.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Clear PAGE_WRITE before translationIlya Leoshkevich2021-09-142-25/+73
| | | | | | | | | | | | | | | translate_insn() implementations fetch instruction bytes piecemeal, which can cause qemu-user to generate inconsistent translations if another thread modifies them concurrently [1]. Fix by making pages containing translated instruction non-writable right before loading instruction bytes from them. [1] https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg00644.html Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Message-Id: <20210805204835.158918-1-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Remove double bswap for helper_atomic_sto_*_mmuRichard Henderson2021-07-301-1/+0Star
| | | | | | | | | This crept in as either a cut-and-paste error, or rebase error. Fixes: cfec388518d ("atomic_template: add inline trace/plugin helpers") Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210729004647.282017-24-richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>