cputlb: Pass cpu_transaction_failed() the correct physaddr

The API for cpu_transaction_failed() says that it takes the physical
address for the failed transaction. However we were actually passing
it the offset within the target MemoryRegion. We don't currently
have any target CPU implementations of this hook that require the
physical address; fix this bug so we don't get confused if we ever
do add one.

Backports commit 2d54f19401bc54b3b56d1cc44c96e4087b604b97 from qemu

qemu/aarch64.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_aarch64
 #define io_writeq io_writeq_aarch64
 #define io_writew io_writew_aarch64
-#define iotlb_to_region iotlb_to_region_aarch64
+#define iotlb_to_section iotlb_to_section_aarch64
 #define is_a64 is_a64_aarch64
 #define is_help_option is_help_option_aarch64
 #define is_valid_option_list is_valid_option_list_aarch64

qemu/aarch64eb.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_aarch64eb
 #define io_writeq io_writeq_aarch64eb
 #define io_writew io_writew_aarch64eb
-#define iotlb_to_region iotlb_to_region_aarch64eb
+#define iotlb_to_section iotlb_to_section_aarch64eb
 #define is_a64 is_a64_aarch64eb
 #define is_help_option is_help_option_aarch64eb
 #define is_valid_option_list is_valid_option_list_aarch64eb

qemu/accel/tcg/cputlb.c

@@ -290,13 +290,14 @@ static ram_addr_t qemu_ram_addr_from_host_nofail(struct uc_struct *uc, void *ptr
  */
 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
 {
-    int mmu_idx, index, pd;
+    int mmu_idx, index;
     void *p;
     MemoryRegion *mr;
+    MemoryRegionSection *section;
     ram_addr_t  ram_addr;
     CPUState *cpu = ENV_GET_CPU(env);
     CPUIOTLBEntry *iotlbentry;
-    hwaddr physaddr;
+    hwaddr physaddr, mr_offset;
 
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = cpu_mmu_index(env, true);
@@ -309,8 +310,8 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
         }
     }
     iotlbentry = &env->iotlb[mmu_idx][index];
-    pd = iotlbentry->addr & ~TARGET_PAGE_MASK;
-    mr = iotlb_to_region(cpu, pd, iotlbentry->attrs);
+    section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
+    mr = section->mr;
     if (memory_region_is_unassigned(cpu->uc, mr)) {
         /* Give the new-style cpu_transaction_failed() hook first chance
          * to handle this.
@@ -321,7 +322,10 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
          * and use the MemTXResult it produced). However it is the
          * simplest place we have currently available for the check.
          */
-        physaddr = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+        mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
+        physaddr = mr_offset +
+            section->offset_within_address_space -
+            section->offset_within_region;
         cpu_transaction_failed(cpu, physaddr, addr, 0, MMU_INST_FETCH, mmu_idx,
                                iotlbentry->attrs, MEMTX_DECODE_ERROR, 0);
 
@@ -455,21 +459,28 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
                          target_ulong addr, uintptr_t retaddr, int size)
 {
     CPUState *cpu = ENV_GET_CPU(env);
-    hwaddr physaddr = iotlbentry->addr;
-    MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs);
+    hwaddr mr_offset;
+    MemoryRegionSection *section;
+    MemoryRegion *mr;
     uint64_t val;
     MemTxResult r;
 
-    physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
+    section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
+    mr = section->mr;
+    mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
     cpu->mem_io_pc = retaddr;
     if (mr != &cpu->uc->io_mem_rom && mr != &cpu->uc->io_mem_notdirty && !cpu->can_do_io) {
         cpu_io_recompile(cpu, retaddr);
     }
 
     cpu->mem_io_vaddr = addr;
-    r = memory_region_dispatch_read(mr, physaddr,
+    r = memory_region_dispatch_read(mr, mr_offset,
                                     &val, size, iotlbentry->attrs);
     if (r != MEMTX_OK) {
+        hwaddr physaddr = mr_offset +
+            section->offset_within_address_space -
+            section->offset_within_region;
+
         cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_LOAD,
                                mmu_idx, iotlbentry->attrs, r, retaddr);
     }
@@ -482,20 +493,27 @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
                       uintptr_t retaddr, int size)
 {
     CPUState *cpu = ENV_GET_CPU(env);
-    hwaddr physaddr = iotlbentry->addr;
-    MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs);
+    hwaddr mr_offset;
+    MemoryRegionSection *section;
+    MemoryRegion *mr;
     MemTxResult r;
 
-    physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
+    section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
+    mr = section->mr;
+    mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
     if (mr != &cpu->uc->io_mem_rom && mr != &cpu->uc->io_mem_notdirty && !cpu->can_do_io) {
         cpu_io_recompile(cpu, retaddr);
     }
 
     cpu->mem_io_vaddr = addr;
     cpu->mem_io_pc = retaddr;
-    r = memory_region_dispatch_write(mr, physaddr,
+    r = memory_region_dispatch_write(mr, mr_offset,
                                      val, size, iotlbentry->attrs);
     if (r != MEMTX_OK) {
+        hwaddr physaddr = mr_offset +
+            section->offset_within_address_space -
+            section->offset_within_region;
+
         cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_STORE,
                                mmu_idx, iotlbentry->attrs, r, retaddr);
     }

qemu/arm.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_arm
 #define io_writeq io_writeq_arm
 #define io_writew io_writew_arm
-#define iotlb_to_region iotlb_to_region_arm
+#define iotlb_to_section iotlb_to_section_arm
 #define is_a64 is_a64_arm
 #define is_help_option is_help_option_arm
 #define is_valid_option_list is_valid_option_list_arm

qemu/armeb.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_armeb
 #define io_writeq io_writeq_armeb
 #define io_writew io_writew_armeb
-#define iotlb_to_region iotlb_to_region_armeb
+#define iotlb_to_section iotlb_to_section_armeb
 #define is_a64 is_a64_armeb
 #define is_help_option is_help_option_armeb
 #define is_valid_option_list is_valid_option_list_armeb

qemu/exec.c

@@ -1804,7 +1804,9 @@ static uint16_t dummy_section(PhysPageMap *map, FlatView *fv, MemoryRegion *mr)
     return phys_section_add(map, &section);
 }
 
-MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
+MemoryRegionSection *iotlb_to_section(CPUState *cpu,
+                                      hwaddr index, MemTxAttrs attrs)
+
 {
     int asidx = cpu_asidx_from_attrs(cpu, attrs);
     CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
@@ -1812,7 +1814,7 @@ MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
     AddressSpaceDispatch *d = atomic_read(&cpuas->memory_dispatch);
     MemoryRegionSection *sections = d->map.sections;
 
-    return sections[index & ~TARGET_PAGE_MASK].mr;
+    return &sections[index & ~TARGET_PAGE_MASK];
 }
 
 AddressSpaceDispatch *address_space_dispatch_new(struct uc_struct *uc, FlatView *fv)

qemu/header_gen.py

@@ -1816,7 +1816,7 @@ symbols = (
     'io_writel',
     'io_writeq',
     'io_writew',
-    'iotlb_to_region',
+    'iotlb_to_section',
     'is_a64',
     'is_help_option',
     'is_valid_option_list',

qemu/include/exec/exec-all.h

@@ -319,8 +319,17 @@ extern uintptr_t tci_tb_ptr;
 
 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align));
 
-struct MemoryRegion *iotlb_to_region(CPUState *cpu,
-                                     hwaddr index, MemTxAttrs attrs);
+/**
+ * iotlb_to_section:
+ * @cpu: CPU performing the access
+ * @index: TCG CPU IOTLB entry
+ *
+ * Given a TCG CPU IOTLB entry, return the MemoryRegionSection that
+ * it refers to. @index will have been initially created and returned
+ * by memory_region_section_get_iotlb().
+ */
+struct MemoryRegionSection *iotlb_to_section(CPUState *cpu,
+                                             hwaddr index, MemTxAttrs attrs);
 
 void tlb_fill(CPUState *cpu, target_ulong addr, int size,
               MMUAccessType access_type, int mmu_idx, uintptr_t retaddr);

qemu/m68k.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_m68k
 #define io_writeq io_writeq_m68k
 #define io_writew io_writew_m68k
-#define iotlb_to_region iotlb_to_region_m68k
+#define iotlb_to_section iotlb_to_section_m68k
 #define is_a64 is_a64_m68k
 #define is_help_option is_help_option_m68k
 #define is_valid_option_list is_valid_option_list_m68k

qemu/mips.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_mips
 #define io_writeq io_writeq_mips
 #define io_writew io_writew_mips
-#define iotlb_to_region iotlb_to_region_mips
+#define iotlb_to_section iotlb_to_section_mips
 #define is_a64 is_a64_mips
 #define is_help_option is_help_option_mips
 #define is_valid_option_list is_valid_option_list_mips

qemu/mips64.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_mips64
 #define io_writeq io_writeq_mips64
 #define io_writew io_writew_mips64
-#define iotlb_to_region iotlb_to_region_mips64
+#define iotlb_to_section iotlb_to_section_mips64
 #define is_a64 is_a64_mips64
 #define is_help_option is_help_option_mips64
 #define is_valid_option_list is_valid_option_list_mips64

qemu/mips64el.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_mips64el
 #define io_writeq io_writeq_mips64el
 #define io_writew io_writew_mips64el
-#define iotlb_to_region iotlb_to_region_mips64el
+#define iotlb_to_section iotlb_to_section_mips64el
 #define is_a64 is_a64_mips64el
 #define is_help_option is_help_option_mips64el
 #define is_valid_option_list is_valid_option_list_mips64el

qemu/mipsel.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_mipsel
 #define io_writeq io_writeq_mipsel
 #define io_writew io_writew_mipsel
-#define iotlb_to_region iotlb_to_region_mipsel
+#define iotlb_to_section iotlb_to_section_mipsel
 #define is_a64 is_a64_mipsel
 #define is_help_option is_help_option_mipsel
 #define is_valid_option_list is_valid_option_list_mipsel

qemu/powerpc.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_powerpc
 #define io_writeq io_writeq_powerpc
 #define io_writew io_writew_powerpc
-#define iotlb_to_region iotlb_to_region_powerpc
+#define iotlb_to_section iotlb_to_section_powerpc
 #define is_a64 is_a64_powerpc
 #define is_help_option is_help_option_powerpc
 #define is_valid_option_list is_valid_option_list_powerpc

qemu/sparc.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_sparc
 #define io_writeq io_writeq_sparc
 #define io_writew io_writew_sparc
-#define iotlb_to_region iotlb_to_region_sparc
+#define iotlb_to_section iotlb_to_section_sparc
 #define is_a64 is_a64_sparc
 #define is_help_option is_help_option_sparc
 #define is_valid_option_list is_valid_option_list_sparc

qemu/sparc64.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_sparc64
 #define io_writeq io_writeq_sparc64
 #define io_writew io_writew_sparc64
-#define iotlb_to_region iotlb_to_region_sparc64
+#define iotlb_to_section iotlb_to_section_sparc64
 #define is_a64 is_a64_sparc64
 #define is_help_option is_help_option_sparc64
 #define is_valid_option_list is_valid_option_list_sparc64

qemu/x86_64.h

@@ -1810,7 +1810,7 @@
 #define io_writel io_writel_x86_64
 #define io_writeq io_writeq_x86_64
 #define io_writew io_writew_x86_64
-#define iotlb_to_region iotlb_to_region_x86_64
+#define iotlb_to_section iotlb_to_section_x86_64
 #define is_a64 is_a64_x86_64
 #define is_help_option is_help_option_x86_64
 #define is_valid_option_list is_valid_option_list_x86_64