Currently we use DISAS_WFE for both WFE and YIELD instructions.
This is functionally correct because at the moment both of them
are implemented as "yield this CPU back to the top level loop so
another CPU has a chance to run". However it's rather confusing
that YIELD ends up calling HELPER(wfe), and if we ever want to
implement real behaviour for WFE and SEV it's likely to trip us up.
Split out the yield codepath to use DISAS_YIELD and a new
HELPER(yield) function, and have HELPER(wfe) call HELPER(yield).
Backports commit 049e24a191c212d9468db84169197887f2c91586 from qemu
ERETNC is identical to ERET except that an ERETNC will not clear the LLbit
that is set by execution of an LL instruction, and thus when placed between
an LL and SC sequence, will never cause the SC to fail.
Presence of ERETNC is denoted by the Config5.LLB.
Backports commit ce9782f40ac16660ea9437bfaa2c9c34d5ed8110 from qemu
MIPS SIMD Architecture vector loads and stores require misalignment support.
MSA Memory access should work as an atomic operation. Therefore, it has to
check validity of all addresses for a vector store access if it is spanning
into two pages.
Separating helper functions for each data format as format is known in
translation.
To use mmu_idx from cpu_mmu_index() instead of calculating it from hflag.
Removing save_cpu_state() call in translation because it is able to use
cpu_restore_state() on fault as GETRA() is passed.
Backports commit adc370a48fd26b92188fa4848dfb088578b1936c from qemu
These include page table walks, SVM accesses and SMM state save accesses.
The bulk of the patch is obtained with
sed -i 's/\(\<[a-z_]*_phys\(_notdirty\)\?\>(cs\)->as,/x86_\1,/'
Backports commit b216aa6c0fcbaa8ff4128969c14594896a5485a4 from qemu
The cpu_physical_memory_reset_dirty() function is sometimes used
together with cpu_physical_memory_get_dirty(). This is not atomic since
two separate accesses to the dirty memory bitmap are made.
Turn cpu_physical_memory_reset_dirty() and
cpu_physical_memory_clear_dirty_range_type() into the atomic
cpu_physical_memory_test_and_clear_dirty().
Backports commit 03eebc9e3246b9b3f5925aa41f7dfd7c1e467875 from qemu
While it is obvious that cpu_physical_memory_get_dirty returns true even if
a single page is dirty, the same is not true for cpu_physical_memory_get_clean;
one would expect that it returns true only if all the pages are clean, but
it actually looks for even one clean page. (By contrast, the caller of that
function, cpu_physical_memory_range_includes_clean, has a good name).
To clarify, rename the function to cpu_physical_memory_all_dirty and return
true if _all_ the pages are dirty. This is the opposite of the previous
meaning, because "all are 1" is the same as "not (any is 0)", so we have to
modify cpu_physical_memory_range_includes_clean as well
Backports commit 72b47e79cef36ed6ffc718f10e21001d7ec2a66f from qemu
These days modification of the TLB is done in notdirty_mem_write,
so the virtual address and env pointer as unnecessary.
The new name of the function, tlb_unprotect_code, is consistent with
tlb_protect_code.
Backports commit 9564f52da7eb061326956ed9a468935e3352512d from qemu
For now memory regions only track DIRTY_MEMORY_VGA individually, but
this will change soon. To support this, split memory_region_is_logging
in two functions: one that returns a given bit from dirty_log_mask,
and one that returns the entire mask. memory_region_is_logging gets an
extra parameter so that the compiler flags misuse.
While VGA-specific users (including the Xen listener!) will want to keep
checking that bit, KVM and vhost check for "any bit except migration"
(because migration is handled via the global start/stop listener
callbacks).
Backports commit 2d1a35bef0ed96b3f23535e459c552414ccdbafd from qemu
Updated the interrupt handling to utilize and report through the target EL
exception field. This includes consolidating and cleaning up code where
needed. Target EL is now calculated once in arm_cpu_exec_interrupt() and
do_interrupt was updated to use the target_el exception field. The
necessary code from arm_excp_target_el() was merged in where needed and the
function removed.
Backports commit 012a906b19e99b126403ff4a257617dab9b34163 from qemu
Move the code which sets exception information out of
arm_cpu_handle_mmu_fault and into tlb_fill. tlb_fill
is the only caller which wants to raise_exception()
so it makes more sense for it to handle the whole of
the exception setup.
As part of this cleanup, move the user-mode-only
implementation function for the handle_mmu_fault CPU
method into cpu.c so we don't need to make it globally
visible, and rename the softmmu-only utility function
arm_cpu_handle_mmu_fault to arm_tlb_fill so it's clear
that it's not the same thing.
Backports commit 8c6084bf10fe721929ca94cf16acd6687e61d3ec from qemu
Add new address_space_ld*/st* functions which allow transaction
attributes and error reporting for basic load and stores. These
are named to be in line with the address_space_read/write/rw
buffer operations.
The existing ld/st*_phys functions are now wrappers around
the new functions.
Backports commit 500131154d677930fce35ec3a6f0b5a26bcd2973 from qemu
Add a MemTxAttrs field to the IOTLB, and allow target-specific
code to set it via a new tlb_set_page_with_attrs() function;
pass the attributes through to the device when making IO accesses.
Backports commit fadc1cbe85c6b032d5842ec0d19d209f50fcb375 from qemu
Rather than retaining io_mem_read/write as simple wrappers around
the memory_region_dispatch_read/write functions, make the latter
public and change all the callers to use them, since we need to
touch all the callsites anyway to add MemTxAttrs and MemTxResult
support. Delete io_mem_read and io_mem_write entirely.
(All the callers currently pass MEMTXATTRS_UNSPECIFIED
and convert the return value back to bool or ignore it.)
Backports commit 3b6434953934e6d4a776ed426d8c6d6badee176f from qemu
This for now is a simple TLB flush. This can change later for two
reasons:
1) an AddressSpaceDispatch will be cached in the CPUState object
2) it will not be possible to do tlb_flush once the TCG-generated code
runs outside the BQL.
Backports commit 76e5c76f2e2e0d20bab2cd5c7a87452f711654fb from qemu
Add AArch32 to AArch64 register sychronization functions.
Replace manual register synchronization with new functions in
aarch64_cpu_do_interrupt() and HELPER(exception_return)().
Backports commit ce02049dbf1828b4bc77d921b108a9d84246e5aa from qemu
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
PAR has a secure and a non-secure instance.
Backports commit 01c097f7960b330c4bf038d34bae17ad6c1ba499 from qemu
Adds a dedicated function and a lookup table for determining the target
exception level of IRQ and FIQ exceptions. The lookup table is taken from the
ARMv7 and ARMv8 specification exception routing tables.
Backports commit 0eeb17d618361a0f4faddc160e33598b23da6dd5 from qemu
Fix CP0.Config3.ISAOnExc write accesses on microMIPS processors. This
bit is mandatory for any processor that implements the microMIPS
instruction set. This bit is r/w for processors that implement both the
standard MIPS and the microMIPS instruction set. This bit is r/o and
hardwired to 1 if only the microMIPS instruction set is implemented.
There is no other bit ever writable in CP0.Config3 so defining a
corresponding `CP0_Config3_rw_bitmask' member in `CPUMIPSState' is I
think an overkill. Therefore make the ability to write the bit rely on
the presence of ASE_MICROMIPS set in the instruction flags.
The read-only case of the microMIPS instruction set being implemented
only can be added when we add support for such a configuration. We do
not currently have such support, we have no instruction flag that would
control the presence of the standard MIPS instruction set nor any
associated code in instruction decoding.
This change is needed to boot a microMIPS Linux kernel successfully,
otherwise it hangs early on as interrupts are enabled and then the
exception handler invoked loops as its first instruction is interpreted
in the wrong execution mode and triggers another exception right away.
And then over and over again.
We already check the current setting of the CP0.Config3.ISAOnExc in
`set_hflags_for_handler' to set the ISA bit correctly on the exception
handler entry so it is the ability to set it that is missing only.
Backports commit 90f12d735d66ac1196d9a2bced039a432eefc03d from qemu
Split arm_gen_test_cc into 3 functions, so that it can be reused
for non-branch TCG comparisons.
Backports commit 6c2c63d3a02c79e9035ca0370cc549d0f938a4dd from qemu
Rather than allow arbitrary shift+trunc, only concern ourselves
with low and high parts. This is all that was being used anyway.
Backports commit 609ad70562793937257c89d07bf7c1370b9fc9aa from qemu
Rather reserving space in the op stream for optimization,
let the optimizer add ops as necessary.
Backports commit a4ce099a7a4b4734c372f6bf28f3362e370f23c1 from qemu
With the linked list scheme we need not leave nops in the stream
that we need to process later.
Backports commit 0c627cdca20155753a536c51385abb73941a59a0 from qemu
Some of these functions are really quite large. We have a number of
things that ought to be circularly dependent, but we duplicated code
to break that chain for the inlines.
This saved 25% of the code size of one of the translators I examined.
This commit fixes the following issues:
- Any unmapped/free'd memory regions (MemoryRegion instances) are not
removed from the object property linked list of its owner (which is
always qdev_get_machine(uc)). This issue makes adding new memory
mapping by calling mem_map() or mem_map_ptr() slower as more and more
memory pages are mapped and unmapped - yes, even if those memory pages
are unmapped, they still impact the speed of future memory page
mappings due to this issue.
- FlatView is not reconstructed after a memory region is freed during
unmapping, which leads to a use-after-free the next time a new memory
region is mapped in address_space_update_topology().
ARM and probably the rest of the arches have significant memory leaks as
they have no release interface.
Additionally, DrMemory does not have 64-bit support and thus I can't
test the 64-bit version under Windows. Under Linux valgrind supports
both 32-bit and 64-bit but there are different macros and code for Linux
and Windows.