Commit graph

208 commits

Author SHA1 Message Date
Peter Maydell 8840d8370d
target-arm: Split DISAS_YIELD from DISAS_WFE
Currently we use DISAS_WFE for both WFE and YIELD instructions.
This is functionally correct because at the moment both of them
are implemented as "yield this CPU back to the top level loop so
another CPU has a chance to run". However it's rather confusing
that YIELD ends up calling HELPER(wfe), and if we ever want to
implement real behaviour for WFE and SEV it's likely to trip us up.

Split out the yield codepath to use DISAS_YIELD and a new
HELPER(yield) function, and have HELPER(wfe) call HELPER(yield).

Backports commit 049e24a191c212d9468db84169197887f2c91586 from qemu
2018-02-17 15:23:14 -05:00
Leon Alrae 57f57a9de4
target-mips: add ERETNC instruction and Config5.LLB bit
ERETNC is identical to ERET except that an ERETNC will not clear the LLbit
that is set by execution of an LL instruction, and thus when placed between
an LL and SC sequence, will never cause the SC to fail.

Presence of ERETNC is denoted by the Config5.LLB.

Backports commit ce9782f40ac16660ea9437bfaa2c9c34d5ed8110 from qemu
2018-02-13 13:33:37 -05:00
Yongbok Kim 922d30c448
target-mips: Misaligned memory accesses for MSA
MIPS SIMD Architecture vector loads and stores require misalignment support.
MSA Memory access should work as an atomic operation. Therefore, it has to
check validity of all addresses for a vector store access if it is spanning
into two pages.

Separating helper functions for each data format as format is known in
translation.
To use mmu_idx from cpu_mmu_index() instead of calculating it from hflag.
Removing save_cpu_state() call in translation because it is able to use
cpu_restore_state() on fault as GETRA() is passed.

Backports commit adc370a48fd26b92188fa4848dfb088578b1936c from qemu
2018-02-13 13:27:31 -05:00
Lioncash 25a58231fc
target-i386: Use correct memory attributes for memory accesses
These include page table walks, SVM accesses and SMM state save accesses.

The bulk of the patch is obtained with

sed -i 's/\(\<[a-z_]*_phys\(_notdirty\)\?\>(cs\)->as,/x86_\1,/'

Backports commit b216aa6c0fcbaa8ff4128969c14594896a5485a4 from qemu
2018-02-13 11:54:12 -05:00
Stefan Hajnoczi fc7b95d06a
memory: replace cpu_physical_memory_reset_dirty() with test-and-clear
The cpu_physical_memory_reset_dirty() function is sometimes used
together with cpu_physical_memory_get_dirty(). This is not atomic since
two separate accesses to the dirty memory bitmap are made.

Turn cpu_physical_memory_reset_dirty() and
cpu_physical_memory_clear_dirty_range_type() into the atomic
cpu_physical_memory_test_and_clear_dirty().

Backports commit 03eebc9e3246b9b3f5925aa41f7dfd7c1e467875 from qemu
2018-02-13 11:25:45 -05:00
Paolo Bonzini 1b1f82cef7
exec: invert return value of cpu_physical_memory_get_clean, rename
While it is obvious that cpu_physical_memory_get_dirty returns true even if
a single page is dirty, the same is not true for cpu_physical_memory_get_clean;
one would expect that it returns true only if all the pages are clean, but
it actually looks for even one clean page. (By contrast, the caller of that
function, cpu_physical_memory_range_includes_clean, has a good name).

To clarify, rename the function to cpu_physical_memory_all_dirty and return
true if _all_ the pages are dirty. This is the opposite of the previous
meaning, because "all are 1" is the same as "not (any is 0)", so we have to
modify cpu_physical_memory_range_includes_clean as well

Backports commit 72b47e79cef36ed6ffc718f10e21001d7ec2a66f from qemu
2018-02-13 09:54:12 -05:00
Paolo Bonzini f578c89e8b
cputlb: remove useless arguments to tlb_unprotect_code_phys, rename
These days modification of the TLB is done in notdirty_mem_write,
so the virtual address and env pointer as unnecessary.

The new name of the function, tlb_unprotect_code, is consistent with
tlb_protect_code.

Backports commit 9564f52da7eb061326956ed9a468935e3352512d from qemu
2018-02-13 09:07:41 -05:00
Paolo Bonzini 1551573acc
memory: differentiate memory_region_is_logging and memory_region_get_dirty_log_mask
For now memory regions only track DIRTY_MEMORY_VGA individually, but
this will change soon. To support this, split memory_region_is_logging
in two functions: one that returns a given bit from dirty_log_mask,
and one that returns the entire mask. memory_region_is_logging gets an
extra parameter so that the compiler flags misuse.

While VGA-specific users (including the Xen listener!) will want to keep
checking that bit, KVM and vhost check for "any bit except migration"
(because migration is handled via the global start/stop listener
callbacks).

Backports commit 2d1a35bef0ed96b3f23535e459c552414ccdbafd from qemu
2018-02-13 08:41:44 -05:00
Greg Bellows 5ad81f095a
target-arm: Update interrupt handling to use target EL
Updated the interrupt handling to utilize and report through the target EL
exception field. This includes consolidating and cleaning up code where
needed. Target EL is now calculated once in arm_cpu_exec_interrupt() and
do_interrupt was updated to use the target_el exception field. The
necessary code from arm_excp_target_el() was merged in where needed and the
function removed.

Backports commit 012a906b19e99b126403ff4a257617dab9b34163 from qemu
2018-02-12 22:42:37 -05:00
Peter Maydell 171bf0fc3e
target-arm: Move setting of exception info into tlb_fill
Move the code which sets exception information out of
arm_cpu_handle_mmu_fault and into tlb_fill. tlb_fill
is the only caller which wants to raise_exception()
so it makes more sense for it to handle the whole of
the exception setup.

As part of this cleanup, move the user-mode-only
implementation function for the handle_mmu_fault CPU
method into cpu.c so we don't need to make it globally
visible, and rename the softmmu-only utility function
arm_cpu_handle_mmu_fault to arm_tlb_fill so it's clear
that it's not the same thing.

Backports commit 8c6084bf10fe721929ca94cf16acd6687e61d3ec from qemu
2018-02-12 22:28:34 -05:00
Peter Maydell df0fac6b6a
exec.c: Add new address_space_ld*/st* functions
Add new address_space_ld*/st* functions which allow transaction
attributes and error reporting for basic load and stores. These
are named to be in line with the address_space_read/write/rw
buffer operations.

The existing ld/st*_phys functions are now wrappers around
the new functions.

Backports commit 500131154d677930fce35ec3a6f0b5a26bcd2973 from qemu
2018-02-12 19:22:47 -05:00
Peter Maydell 933e3bd8d1
Add MemTxAttrs to the IOTLB
Add a MemTxAttrs field to the IOTLB, and allow target-specific
code to set it via a new tlb_set_page_with_attrs() function;
pass the attributes through to the device when making IO accesses.

Backports commit fadc1cbe85c6b032d5842ec0d19d209f50fcb375 from qemu
2018-02-12 18:38:38 -05:00
Peter Maydell 825e74410f
memory: Replace io_mem_read/write with memory_region_dispatch_read/write
Rather than retaining io_mem_read/write as simple wrappers around
the memory_region_dispatch_read/write functions, make the latter
public and change all the callers to use them, since we need to
touch all the callsites anyway to add MemTxAttrs and MemTxResult
support. Delete io_mem_read and io_mem_write entirely.

(All the callers currently pass MEMTXATTRS_UNSPECIFIED
and convert the return value back to bool or ignore it.)

Backports commit 3b6434953934e6d4a776ed426d8c6d6badee176f from qemu
2018-02-12 17:26:52 -05:00
Paolo Bonzini 3fbda890df
exec: introduce cpu_reload_memory_map
This for now is a simple TLB flush. This can change later for two
reasons:

1) an AddressSpaceDispatch will be cached in the CPUState object

2) it will not be possible to do tlb_flush once the TCG-generated code
runs outside the BQL.

Backports commit 76e5c76f2e2e0d20bab2cd5c7a87452f711654fb from qemu
2018-02-12 15:09:49 -05:00
Greg Bellows 8612f1d3e7
target-arm: Add 32/64-bit register sync
Add AArch32 to AArch64 register sychronization functions.
Replace manual register synchronization with new functions in
aarch64_cpu_do_interrupt() and HELPER(exception_return)().

Backports commit ce02049dbf1828b4bc77d921b108a9d84246e5aa from qemu
2018-02-12 14:57:20 -05:00
Fabian Aggeler ccccef3d41
target-arm: make PAR banked
When EL3 is running in AArch32 (or ARMv7 with Security Extensions)
PAR has a secure and a non-secure instance.

Backports commit 01c097f7960b330c4bf038d34bae17ad6c1ba499 from qemu
2018-02-12 10:40:51 -05:00
Greg Bellows 67d68df401
target-arm: add async excp target_el function
Adds a dedicated function and a lookup table for determining the target
exception level of IRQ and FIQ exceptions. The lookup table is taken from the
ARMv7 and ARMv8 specification exception routing tables.

Backports commit 0eeb17d618361a0f4faddc160e33598b23da6dd5 from qemu
2018-02-11 17:45:09 -05:00
Maciej W. Rozycki a4c4834545
target-mips: Fix CP0.Config3.ISAOnExc write accesses
Fix CP0.Config3.ISAOnExc write accesses on microMIPS processors. This
bit is mandatory for any processor that implements the microMIPS
instruction set. This bit is r/w for processors that implement both the
standard MIPS and the microMIPS instruction set. This bit is r/o and
hardwired to 1 if only the microMIPS instruction set is implemented.

There is no other bit ever writable in CP0.Config3 so defining a
corresponding `CP0_Config3_rw_bitmask' member in `CPUMIPSState' is I
think an overkill. Therefore make the ability to write the bit rely on
the presence of ASE_MICROMIPS set in the instruction flags.

The read-only case of the microMIPS instruction set being implemented
only can be added when we add support for such a configuration. We do
not currently have such support, we have no instruction flag that would
control the presence of the standard MIPS instruction set nor any
associated code in instruction decoding.

This change is needed to boot a microMIPS Linux kernel successfully,
otherwise it hangs early on as interrupts are enabled and then the
exception handler invoked loops as its first instruction is interpreted
in the wrong execution mode and triggers another exception right away.
And then over and over again.

We already check the current setting of the CP0.Config3.ISAOnExc in
`set_hflags_for_handler' to set the ISA bit correctly on the exception
handler entry so it is the ability to set it that is missing only.

Backports commit 90f12d735d66ac1196d9a2bced039a432eefc03d from qemu
2018-02-11 16:24:19 -05:00
Lioncash b3f9ff667b
tcg: Rename debug_insn_start to insn_start
With an eye toward making it mandatory.

Backports commit 765b842adec4c5a359e69ca08785553599f71496 from qemu
2018-02-11 12:34:01 -05:00
Lioncash 94f1227f7a
target-arm: Introduce DisasCompare
Split arm_gen_test_cc into 3 functions, so that it can be reused
for non-branch TCG comparisons.

Backports commit 6c2c63d3a02c79e9035ca0370cc549d0f938a4dd from qemu
2018-02-10 23:45:47 -05:00
Lioncash f8388a6c03
header_gen: Fix mips platform 2018-02-10 23:21:41 -05:00
Richard Henderson 58e939b91f
tcg: Split trunc_shr_i32 opcode into extr[lh]_i64_i32
Rather than allow arbitrary shift+trunc, only concern ourselves
with low and high parts. This is all that was being used anyway.

Backports commit 609ad70562793937257c89d07bf7c1370b9fc9aa from qemu
2018-02-10 23:00:45 -05:00
Richard Henderson 70f28c8bd5
tcg: Implement insert_op_before
Rather reserving space in the op stream for optimization,
let the optimizer add ops as necessary.

Backports commit a4ce099a7a4b4734c372f6bf28f3362e370f23c1 from qemu
2018-02-09 13:11:50 -05:00
Richard Henderson 4fcaabf38c
tcg: Remove opcodes instead of noping them out
With the linked list scheme we need not leave nops in the stream
that we need to process later.

Backports commit 0c627cdca20155753a536c51385abb73941a59a0 from qemu
2018-02-09 13:03:58 -05:00
Richard Henderson 500c546444
tcg: Move some opcode generation functions out of line
Some of these functions are really quite large.  We have a number of
things that ought to be circularly dependent, but we duplicated code
to break that chain for the inlines.

This saved 25% of the code size of one of the translators I examined.
2018-02-09 08:10:00 -05:00
zhangwm ccdb0ff523 armeb: rename arm's and mips's *REGS_STORAGE_SIZE to avoid big-endian and little-endian's duplicated definition. 2017-03-15 22:25:35 +08:00
Nguyen Anh Quynh a267af7d95 add arm_release to qemu/header_gen.py, and regenerate qemu/armeb.h 2017-03-14 23:41:31 +08:00
Nguyen Anh Quynh c3808179e1 another attempt to fix #766 2017-02-26 15:22:24 +08:00
Nguyen Anh Quynh 5de0785a1b cleanup qemu/memory.c 2017-01-22 23:07:17 +08:00
Nguyen Anh Quynh ac68745a9c we dont need to handle VGA & Migration memories 2017-01-20 17:03:39 +08:00
Nguyen Anh Quynh c6de7930c9 remove mutex code 2017-01-20 15:44:03 +08:00
Nguyen Anh Quynh 42771848d6 no more spinlock 2017-01-20 14:57:33 +08:00
Nguyen Anh Quynh a7fca49f7a delete qemu/include/qemu/notify.h 2017-01-20 14:47:41 +08:00
Nguyen Anh Quynh 8a5b12c6f9 more cleanup in qemu/include/hw/ 2017-01-19 15:20:06 +08:00
Nguyen Anh Quynh 0640b35943 mips: remove qemu/hw/mips/mips_int.c 2017-01-19 13:07:28 +08:00
Nguyen Anh Quynh c1f39c3db2 cleanup qemu/util code 2017-01-10 12:57:12 +08:00
Nguyen Anh Quynh af165d254c clean all qobject json code 2017-01-09 16:09:53 +08:00
Nguyen Anh Quynh 16894fdb6c cleanup some qemu/util code 2017-01-09 15:48:21 +08:00
Nguyen Anh Quynh d7ead1135d cleanup 2017-01-09 13:28:28 +08:00
Chris Eagle e46545f722 remove glib dependency by provide compatible replacements 2016-12-18 14:56:58 -08:00
Fish ad7ae63e92 Remove unmapped/freed memory regions from the object property list.
This commit fixes the following issues:
- Any unmapped/free'd memory regions (MemoryRegion instances) are not
  removed from the object property linked list of its owner (which is
  always qdev_get_machine(uc)). This issue makes adding new memory
  mapping by calling mem_map() or mem_map_ptr() slower as more and more
  memory pages are mapped and unmapped - yes, even if those memory pages
  are unmapped, they still impact the speed of future memory page
  mappings due to this issue.
- FlatView is not reconstructed after a memory region is freed during
  unmapping, which leads to a use-after-free the next time a new memory
  region is mapped in address_space_update_topology().
2016-10-20 03:48:58 -07:00
Hoang-Vu Dang b9a10152f1 memleak: code_gen_buffer using g_free for non-linux 2016-07-11 10:13:13 -05:00
danghvu 27e0699ef5 mips: Fix memleak 2016-07-09 20:16:00 -05:00
Nguyen Anh Quynh f4723916df remove qemu_cond_destroy from qemu/header_gen.py 2016-04-23 10:23:09 +08:00
Nguyen Anh Quynh 3a742fb6f6 fix conflicts when merging no-thread to master 2016-04-23 10:06:57 +08:00
Chris Eagle 9467254fc0 strip out per cpu thread code 2016-03-25 17:24:28 -07:00
Nguyen Anh Quynh 20b01a6933 fix merge conflict 2016-02-01 12:08:38 +08:00
Nguyen Anh Quynh 6490b4f2a9 arm64: fix the issue of multiple definition of aarch64_tb_set_jmp_target (issue #387) 2016-01-22 22:44:18 +08:00
Nguyen Anh Quynh 07bd81bda6 do not redefine tb_set_jmp_target1. this partly fixes issue #387 2016-01-22 11:29:22 +08:00
Nguyen Anh Quynh 3b52af4fbd avoid confusion between macro & variable use_idiv_instructions (ARM backend) 2016-01-18 23:53:50 +08:00
Nguyen Anh Quynh d9249b91c2 add some missing symbols for ARM backend 2016-01-18 20:42:45 +08:00
farmdve 036763d6ae Fix memory leaks as reported by DrMemory and Valgrind.
ARM and probably the rest of the arches have significant memory leaks as
they have no release interface.

Additionally, DrMemory does not have 64-bit support and thus I can't
test the 64-bit version under Windows. Under Linux valgrind supports
both 32-bit and 64-bit but there are different macros and code for Linux
and Windows.
2016-01-08 01:42:56 +02:00
Nguyen Anh Quynh e8a295991f update qemu/header_gen.py 2016-01-06 00:44:29 +07:00
JC Yang 8ef018a2cb Fix possible wrong conditional branch in generated host code by fixing
the tcg_liveness_analysis().
Refer to https://github.com/unicorn-engine/unicorn/issues/287 for further info.
2015-12-21 18:01:01 +08:00
Ryan Hileman 6d21ebabea implement host-controlled memory mapping for #261 2015-11-27 23:30:36 -08:00
Nguyen Anh Quynh 886946dcf4 do not use syscall to quit emulation. this can fix issues #147 & #148 2015-09-26 16:49:00 +08:00
Chris Eagle 6beb1b8a13 intermediate commit, working unmap of complete blocks, still need sub-blocks, and cross block 2015-08-29 21:17:30 -07:00
Nguyen Anh Quynh 344d016104 import 2015-08-21 15:04:50 +08:00