Commit graph

1982 commits

Author SHA1 Message Date
Richard Henderson 2ab4b8fa4d
tcg/i386: Extend TARGET_PAGE_MASK to the proper type
TARGET_PAGE_MASK, as defined, has type "int". We need to extend
that to the proper target width before oring in an "unsigned".

Backports commit ebb90a005da67147245cd38fb04a965a87a961b7 from qemu
2018-02-26 03:32:38 -05:00
Pranith Kumar 16d71f0f10
tcg: Optimize fence instructions
This commit optimizes fence instructions. Two optimizations are
currently implemented: (1) unnecessary duplicate fence instructions,
and (2) merging weaker fences into a stronger fence.

[rth: Merge tcg_optimize_mb back into tcg_optimize, so that we only
loop over the opcode stream once. Merge "unrelated" weaker barriers
into one stronger barrier.]

Backports commit 34f939218ce78163171addd63750e1e0300376ab from qemu
2018-02-26 03:29:59 -05:00
Pranith Kumar 533e083495
target-i386: Generate fences for x86
Backports commit cc19e497a047193db5083425957d7292c8dd3226 from qemu
2018-02-26 03:28:31 -05:00
Pranith Kumar 32b7cee81e
target-aarch64: Generate fences for aarch64
Backports commit ce1bd93f94e8d4b7117744e49652d2f907bed99f from qemu
2018-02-26 03:26:35 -05:00
Pranith Kumar 7849f8d72a
target-arm: Generate fences in ARMv7 frontend
Backports commit 61e4c432ab26526bab0f3ef746c1861415b6da29 from qemu
2018-02-26 03:22:53 -05:00
Pranith Kumar 65a73763e3
tcg/sparc: Add support for fence
Backports commit f8f03b3707b49898052fb8cd75ee31d19c8161fc from qemu
2018-02-26 03:20:39 -05:00
Pranith Kumar a6fdc24e28
tcg/s390: Add support for fence
Backports commit c9314d610e0e5da4d2cd5a36f3563d102b3294e0 from qemu
2018-02-26 03:19:41 -05:00
Pranith Kumar bdd9cad15c
tcg/ppc: Add support for fence
Backports commit 7b4af5ee8a1336bc39714b6de47924ee71fba761 from qemu
2018-02-26 03:18:43 -05:00
Pranith Kumar 5f10101245
tcg/mips: Add support for fence
Backports commit 6f0b99104a396905870edc3049310ece29b6b8d6 from qemu
2018-02-26 03:17:34 -05:00
Pranith Kumar e29cbe9640
tcg/arm: Add support for fence
Backports commit 40f191ab8226fdada185efa49c44b60d8f494890 from qemu
2018-02-26 03:13:17 -05:00
Pranith Kumar 907060b865
tcg/aarch64: Add support for fence
Backports commit c7a59c2a92592e556b9361437c9c4229917bd1e3 from qemu
2018-02-26 03:11:03 -05:00
Pranith Kumar d49bd55f52
tcg/i386: Add support for fence
Generate a 'lock orl $0,0(%esp)' instruction for ordering instead of
mfence which has similar ordering semantics.

Backports commit a7d00d4effb58889ac6df64f98ac50c9d1594149 from qemu
2018-02-26 03:10:58 -05:00
Pranith Kumar 5e44ce9be8
Introduce TCGOpcode for memory barrier
This commit introduces the TCGOpcode for memory barrier instruction.

This opcode takes an argument which is the type of memory barrier
which should be generated.

Backports commit f65e19bc2c9e8358e634d309606144ac2a3c2936 from qemu
2018-02-26 03:02:41 -05:00
Richard Henderson 66d79ac959
tcg: Merge GETPC and GETRA
The return address argument to the softmmu template helpers was
confused. In the legacy case, we wanted to indicate that there
is no return address, and so passed in NULL. However, we then
immediately subtracted GETPC_ADJ from NULL, resulting in a non-zero
value, indicating the presence of an (invalid) return address.

Push the GETPC_ADJ subtraction down to the only point it's required:
immediately before use within cpu_restore_state_from_tb, after all
NULL pointer checks have been completed.

This makes GETPC and GETRA identical. Remove GETRA as the lesser
used macro, replacing all uses with GETPC.

Backports commit 01ecaf438b1eb46abe23392c8ce5b7628b0c8cf5 from qemu
2018-02-26 02:54:44 -05:00
Richard Henderson 91f5cf0417
tcg: Support arbitrary size + alignment
Previously we allowed fully unaligned operations, but not operations
that are aligned but with less alignment than the operation size.

In addition, arm32, ia64, mips, and sparc had been omitted from the
previous overalignment patch, which would have led to that alignment
being enforced.

Backports commit 85aa80813dd9f5c1f581c743e45678a3bee220f8 from qemu
2018-02-26 02:47:26 -05:00
Stanislav Shmarov 5f9552657e
target-i386: Fixed syscall posssible segfault
In user-mode emulation env->idt.base memory is
allocated in linux-user/main.c with
size 8*512 = 4096 (for 64-bit).
When fake interrupt EXCP_SYSCALL is thrown
do_interrupt_user checks destination privilege level
for this fake exception, and tries to read 4 bytes
at address base + (256 * 2^4)=4096, that causes
segfault.

Privlege level was checked only for int's, so lets
read dpl from memory only for this case.

Backports commit 885b7c44e4f8b7a012a92770a0dba8b238662caa from qemu
2018-02-26 02:36:09 -05:00
Paolo Bonzini d8d0d08262
target-i386: fix ordering of fields in CPUX86State
Make sure reset zeroes TSC_AUX, XCR0, PKRU. Move XSTATE_BV from the
"vmstate only" section to the "KVM only" section.

Backports commit 7616f1c2da1c0f336a474a56ad6d32e15ccd666e from qemu
2018-02-26 02:34:22 -05:00
Ladi Prosek 7acc14da16
Remove unused function declarations
Unused function declarations were found using a simple gcc plugin and
manually verified by grepping the sources.

Backports commit d4b84d564ee3eb7a58e4585d671fb3c220b6c3b9 from qemu
2018-02-26 02:31:46 -05:00
Thomas Huth b581d4033f
tcg: Remove duplicate header includes
host-utils.h and timer.h are included twice in tcg.c.
One time should be enough.

Backports commit 347519eb9d68303a6c23a7663c0fa6c20a225191 from qemu
2018-02-26 02:29:38 -05:00
Lioncash 1ff9724b46
cutils: Remove unused vector ifdef block 2018-02-26 02:28:50 -05:00
Andrew Dutcher 26b36e5ff8
fpu: add mechanism to check for invalid long double formats
All operations that take a floatx80 as an operand need to have their
inputs checked for malformed encodings. In all of these cases, use the
function floatx80_invalid_encoding to perform the check. If an invalid
operand is found, raise an invalid operation exception, and then return
either NaN (for fp-typed results) or the integer indefinite value (the
minimum representable signed integer value, for int-typed results).

For the non-quiet comparison operations, this touches adjacent code in
order to pass style checks.

Backports cast correction portion of commit d1eb8f2acba579830cf3798c3c15ce51be852c56m from qemu
2018-02-26 02:27:40 -05:00
Pranith Kumar 9e6fec8741
atomics: Use __atomic_*_n() variant primitives
Use the __atomic_*_n() primitives which take the value as argument. It
is not necessary to store the value locally before calling the
primitive, hence saving us a stack store and load.

Backports commit 89943de17c4e276f2c47f05b4604e8816a6a636c from qemu
2018-02-26 02:16:48 -05:00
Fam Zheng 1a2c30abbf
rules.mak: Don't extract libs from .mo-libs in link command
For module build, .mo objects are passed to LINK and consumed in
process-archive-undefs. The reason behind that is documented in the
comment above process-archive-undefs.

Similarly, extract-libs should be called with .mo filtered out too.
Otherwise, the .mo-libs are added to the link command incorrectly,
spoiling the purpose of modularization.

Currently we don't have any .mo-libs usage, but it will be used soon
when we modularize more multi-source objects, like sdl and gtk.

Backports commit 5b1b6dbd94e2e2e98920f886cb32fcf4a1520b50 from qemu
2018-02-26 02:08:03 -05:00
Sergey Fedorov 58ff618708
tcg: rename tb_find_physical()
In fact, this function does not exactly perform a lookup by physical
address as it is descibed for comment on get_page_addr_code(). Thus
it may be a bit confusing to have "physical" in it's name. So rename it
to tb_htable_lookup() to better reflect its actual functionality.

Backports commit b34de45fc40d01c14b31d3a682e284180a2ed8c5 from qemu
2018-02-26 02:07:06 -05:00
Sergey Fedorov ab0c87bc6f
tcg: Merge tb_find_slow() and tb_find_fast()
These functions are not too big and can be merged together. This makes
locking scheme more clear and easier to follow.

Backports commit bd2710d5da06ad7706d4864f65b3f0c9f7cb4d7f from qemu
2018-02-26 02:05:19 -05:00
Sergey Fedorov 9b6f287488
tcg: Avoid bouncing tb_lock between tb_gen_code() and tb_add_jump()
Backports commit 74d356dd48b64eaa2a6104ac1493ca64cb31fa16 from qemu
2018-02-26 02:01:40 -05:00
Alex Bennée 09c3ef656e
tcg: cpu-exec: remove tb_lock from the hot-path
Lock contention in the hot path of moving between existing patched
TranslationBlocks is the main drag in multithreaded performance. This
patch pushes the tb_lock() usage down to the two places that really need
it:

- code generation (tb_gen_code)
- jump patching (tb_add_jump)

The rest of the code doesn't really need to hold a lock as it is either
using per-CPU structures, atomically updated or designed to be used in
concurrent read situations (qht_lookup).

To keep things simple I removed the #ifdef CONFIG_USER_ONLY stuff as the
locks become NOPs anyway until the MTTCG work is completed.

Backports commit 518615c6503ad78d3bb67ddf1cd848c4a41de02e from qemu
2018-02-26 01:58:33 -05:00
Alex Bennée 62aa0abd02
tcg: set up tb->page_addr before insertion
This ensures that if we find the TB on the slow path that tb->page_addr
is correctly set before being tested.

Backports commit 2e1ae44a4f4a6149fbb9dc812243522f07284700 from qemu
2018-02-26 01:50:04 -05:00
Paolo Bonzini 30845ae475
tcg: Prepare TB invalidation for lockless TB lookup
When invalidating a translation block, set an invalid flag into the
TranslationBlock structure first. It is also necessary to check whether
the target TB is still valid after acquiring 'tb_lock' but before calling
tb_add_jump() since TB lookup is to be performed out of 'tb_lock' in
future. Note that we don't have to check 'last_tb'; an already invalidated
TB will not be executed anyway and it is thus safe to patch it.

Backports commit 6d21e4208f382dd8ca1f7995a6dd9ea7ca281163 from qemu
2018-02-26 01:48:13 -05:00
Sergey Fedorov c0dda5fbe9
tcg: Prepare safe access to tb_flushed out of tb_lock
Ensure atomicity and ordering of CPU's 'tb_flushed' access for future
translation block lookup out of 'tb_lock'.

This field can only be touched from another thread by tb_flush() in user
mode emulation. So the only access to be sequential atomic is:
* a single write in tb_flush();
* reads/writes out of 'tb_lock'.

In future, before enabling MTTCG in system mode, tb_flush() must be safe
and this field becomes unnecessary.

Backports commit 118b07308a8cedc16ef63d7ab243a95f1701db40 from qemu
2018-02-25 23:33:58 -05:00
Sergey Fedorov 9eb02a540d
tcg: Prepare safe tb_jmp_cache lookup out of tb_lock
Ensure atomicity of CPU's 'tb_jmp_cache' access for future translation
block lookup out of 'tb_lock'.

Note that this patch does *not* make CPU's TLB invalidation safe if it
is done from some other thread while the CPU is in its execution loop.

Backports commit 89a16b1e4294e3664667a151c2f70c84dfac6fd9 from qemu
2018-02-25 23:29:18 -05:00
Sergey Fedorov 371101a184
tcg: Pass last_tb by value to tb_find_fast()
This is a small clean up. tb_find_fast() is a final consumer of this
variable so no need to pass it by reference. 'last_tb' is always updated
by subsequent cpu_loop_exec_tb() in cpu_exec().

This change also simplifies calling cpu_exec_nocache() in
cpu_handle_exception().

Backports commit 4b7e69509df2fcbfdab8c62c294dbfcfdab8a6e1 from qemu
2018-02-25 23:23:22 -05:00
Cao jin cc45b82472
timer/cpus: fix some typos and update some comments
Backports commit 3224e8786fcbe531746f1530c37210c425625213 from qemu
2018-02-25 23:21:57 -05:00
Paolo Bonzini 57fff7a94b
target-m68k: fix get_mac_extf helper
val is assigned twice; the second one should be combined with "|".
Reported by Coverity.

Backports commit 5ce747cfac697f61668ab4fa4a71c1dba15cc272 from qemu
2018-02-25 23:21:05 -05:00
Thomas Huth aed5df31b7
sparc: Use g_memdup() instead of g_new0() + memcpy()
There is no need to make sure that the memory is zeroed after the
allocation if we also immediatly fill the whole buffer afterwards
with memcpy(). Thus g_new0 should be g_new instead. But since we
are also doing a memcpy() here, we can also simply replace both
with g_memdup() instead.

Backports commit a337f295defad7eb977da4d6317cf70f7f2fa4b4 from qemu
2018-02-25 23:19:44 -05:00
Peter Maydell eb77f61bea
configure: Always compile with -fwrapv
QEMU's code relies on left shifts of signed integers always
being defined behaviour with the obvious 2s-complement
semantics. The only way to tell the compiler (and any
associated undefined-behaviour sanitizer) that we require a
C dialect with these semantics is to use the -fwrapv option.
This is a bit of a heavy hammer for the job as it also gives
us guaranteed semantics on integer arithmetic overflow which
in theory we don't require.

In an ideal world this would allow us to drop the warning
flag -Wno-shift-negative-value, but we must retain this to
avoid spurious warnings on clang versions predating the
fix to https://llvm.org/bugs/show_bug.cgi?id=25552.

Backports commit 2d31515bc0880a1cea86ce638d2a109f4f4e6f7d from qemu
2018-02-25 23:17:41 -05:00
Longpeng(Mike) 8b5400d675
target-i386: present virtual L3 cache info for vcpus
Some software algorithms are based on the hardware's cache info, for example,
for x86 linux kernel, when cpu1 want to wakeup a task on cpu2, cpu1 will trigger
a resched IPI and told cpu2 to do the wakeup if they don't share low level
cache. Oppositely, cpu1 will access cpu2's runqueue directly if they share llc.
The relevant linux-kernel code as bellow:

static void ttwu_queue(struct task_struct *p, int cpu)
{
struct rq *rq = cpu_rq(cpu);
......
if (... && !cpus_share_cache(smp_processor_id(), cpu)) {
......
ttwu_queue_remote(p, cpu); /* will trigger RES IPI */
return;
}
......
ttwu_do_activate(rq, p, 0); /* access target's rq directly */
......
}

In real hardware, the cpus on the same socket share L3 cache, so one won't
trigger a resched IPIs when wakeup a task on others. But QEMU doesn't present a
virtual L3 cache info for VM, then the linux guest will trigger lots of RES IPIs
under some workloads even if the virtual cpus belongs to the same virtual socket.

For KVM, there will be lots of vmexit due to guest send IPIs.
The workload is a SAP HANA's testsuite, we run it one round(about 40 minuates)
and observe the (Suse11sp3)Guest's amounts of RES IPIs which triggering during
the period:
No-L3 With-L3(applied this patch)
cpu0:	363890	44582
cpu1:	373405	43109
cpu2:	340783	43797
cpu3:	333854	43409
cpu4:	327170	40038
cpu5:	325491	39922
cpu6:	319129	42391
cpu7:	306480	41035
cpu8:	161139	32188
cpu9:	164649	31024
cpu10:	149823	30398
cpu11:	149823	32455
cpu12:	164830	35143
cpu13:	172269	35805
cpu14:	179979	33898
cpu15:	194505	32754
avg:	268963.6	40129.8

The VM's topology is "1*socket 8*cores 2*threads".
After present virtual L3 cache info for VM, the amounts of RES IPIs in guest
reduce 85%.

For KVM, vcpus send IPIs will cause vmexit which is expensive, so it can cause
severe performance degradation. We had tested the overall system performance if
vcpus actually run on sparate physical socket. With L3 cache, the performance
improves 7.2%~33.1%(avg:15.7%).

Backports commit 14c985cffa6cb177fc01a163d8bcf227c104718c from qemu
2018-02-25 23:16:14 -05:00
Lioncash 2d87095858
glib_compat: Amend header guard 2018-02-25 23:12:20 -05:00
Sergey Sorokin a882118050
target-arm: Fix lpae bit in FSR on an alignment fault
If an alignment fault occurred and target EL is using AArch32,
then DFSR/IFSR bit LPAE[9] must be set correctly.

Backports commit e0fe723c24562c8f909bb40f131bfdbe75650677 from qemu
2018-02-25 23:10:29 -05:00
Luwei Kang af7b3995dd
target-i386: Add more Intel AVX-512 instructions support
Add more AVX512 feature bits, include AVX512DQ, AVX512IFMA,
AVX512BW, AVX512VL, AVX512VBMI. Its spec can be found at:
https://software.intel.com/sites/default/files/managed/b4/3a/319433-024.pdf

Backports commit cc728d1493eee3e20c1547191862e43d3f55e714 from qemu
2018-02-25 23:09:18 -05:00
Alex Williamson fe66c2e088
memory: Don't use memcpy for ram_device regions
With a vfio assigned device we lay down a base MemoryRegion registered
as an IO region, giving us read & write accessors. If the region
supports mmap, we lay down a higher priority sub-region MemoryRegion
on top of the base layer initialized as a RAM device pointer to the
mmap. Finally, if we have any quirks for the device (ie. address
ranges that need additional virtualization support), we put another IO
sub-region on top of the mmap MemoryRegion. When this is flattened,
we now potentially have sub-page mmap MemoryRegions exposed which
cannot be directly mapped through KVM.

This is as expected, but a subtle detail of this is that we end up
with two different access mechanisms through QEMU. If we disable the
mmap MemoryRegion, we make use of the IO MemoryRegion and service
accesses using pread and pwrite to the vfio device file descriptor.
If the mmap MemoryRegion is enabled and results in one of these
sub-page gaps, QEMU handles the access as RAM, using memcpy to the
mmap. Using either pread/pwrite or the mmap directly should be
correct, but using memcpy causes us problems. I expect that not only
does memcpy not necessarily honor the original width and alignment in
performing a copy, but it potentially also uses processor instructions
not intended for MMIO spaces. It turns out that this has been a
problem for Realtek NIC assignment, which has such a quirk that
creates a sub-page mmap MemoryRegion access.

To resolve this, we disable memory_access_is_direct() for ram_device
regions since QEMU assumes that it can use memcpy for those regions.
Instead we access through MemoryRegionOps, which replaces the memcpy
with simple de-references of standard sizes to the host memory.

With this patch we attempt to provide unrestricted access to the RAM
device, allowing byte through qword access as well as unaligned
access. The assumption here is that accesses initiated by the VM are
driven by a device specific driver, which knows the device
capabilities. If unaligned accesses are not supported by the device,
we don't want them to work in a VM by performing multiple aligned
accesses to compose the unaligned access. A down-side of this
philosophy is that the xp command from the monitor attempts to use
the largest available access weidth, unaware of the underlying
device. Using memcpy had this same restriction, but at least now an
operator can dump individual registers, even if blocks of device
memory may result in access widths beyond the capabilities of a
given device (RTL NICs only support up to dword).

Backports commit 1b16ded6a512809f99c133a97f19026fe612b2de from qemu
2018-02-25 23:06:36 -05:00
Alex Williamson 5db45219c9
memory: Replace skip_dump flag with ram_device
Setting skip_dump on a MemoryRegion allows us to modify one specific
code path, but the restriction we're trying to address encompasses
more than that. If we have a RAM MemoryRegion backed by a physical
device, it not only restricts our ability to dump that region, but
also affects how we should manipulate it. Here we recognize that
MemoryRegions do not change to sometimes allow dumps and other times
not, so we replace setting the skip_dump flag with a new initializer
so that we know exactly the type of region to which we're applying
this behavior.

Backports commit ca83f87a66d19fdaabf23d4f5ebb49396fe232c1 from qemu
2018-02-25 23:00:45 -05:00
Pranith Kumar 1b19fe260a
softfloat: Fix warn about implicit conversion from int to int8_t
Change the flag type to 'uint8_t' to fix the implicit conversion error.

Backports commit dfd607671037ff46d5b16ade10e10efdf0d260be from qemu
2018-02-25 22:54:39 -05:00
Pranith Kumar 4c880fba9d
target-arm: Fix warn about implicit conversion
Clang warns about an implicit conversion as follows:

/mnt/devops/code/qemu/target-arm/neon_helper.c:1075:1: warning: implicit conversion from 'int' to 'int8_t' (aka 'signed char') changes value from 128 to -128 [-Wconstant-conversion]
NEON_VOP_ENV(qrshl_s8, neon_s8, 4)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/mnt/devops/code/qemu/target-arm/neon_helper.c:116:83: note: expanded from macro 'NEON_VOP_ENV'
uint32_t HELPER(glue(neon_,name))(CPUARMState *env, uint32_t arg1, uint32_t arg2) \
^
/mnt/devops/code/qemu/target-arm/neon_helper.c:106:5: note: expanded from macro '\
NEON_VOP_BODY'
NEON_DO##n; \
^~~~~~~~~~
<scratch space>:21:1: note: expanded from here
NEON_DO4
^~~~~~~~
/mnt/devops/code/qemu/target-arm/neon_helper.c:93:5: note: expanded from macro 'NEON_DO4'
NEON_FN(vdest.v1, vsrc1.v1, vsrc2.v1); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/mnt/devops/code/qemu/target-arm/neon_helper.c:1054:23: note: expanded from macro 'NEON_FN'
dest = (1 << (sizeof(src1) * 8 - 1)); \
~ ~~^~~~~~~~~~~~~~~~~~~~~~~~~

Fix it by casting to appropriate type.

Backports commit 6bbbb0ac136102098a70b97ab0c07bc7bf53131c from qemu
2018-02-25 22:44:43 -05:00
Richard Henderson ede1cae3dc
tcg: Lower indirect registers in a separate pass
Rather than rely on recursion during the middle of register allocation,
lower indirect registers to loads and stores off the indirect base into
plain temps.

For an x86_64 host, with sufficient registers, this results in identical
code, modulo the actual register assignments.

For an i686 host, with insufficient registers, this means that temps can
be (temporarily) spilled to the stack in order to satisfy an allocation.
This as opposed to the possibility of not being able to spill, to allocate
a register for the indirect base, in order to perform a spill.

Backports commit 5a18407f55ade924aa6397c9a043a9ffd59645fe from qemu
2018-02-25 22:32:28 -05:00
Richard Henderson 8a012ff6d3
tcg: Require liveness analysis
Backports commit c0ef05b5e62ab0c291a94022f14104e61e306f03 from qemu
2018-02-25 22:20:42 -05:00
Lioncash 541601edc4
util: Move qemu-log to utils 2018-02-25 22:17:44 -05:00
Richard Henderson 2aa46dd9a1
tcg: Include liveness info in the dumps
Backports commit bdfb460ef77500f7b186759b585f06ff2120929d from qemu
2018-02-25 22:13:08 -05:00
Richard Henderson e973e89a57
tcg: Compress dead_temps and mem_temps into a single array
We only need two bits per temporary. Fold the two bytes into one,
and reduce the memory and cachelines required during compilation.

Backports commit c70fbf0a9938baf3b4f843355a77c17a7e945b98 from qemu
2018-02-25 22:07:08 -05:00
Richard Henderson 690985a582
tcg: Fold life data into TCGOp
Reduce the size of other bitfields to make room.
This reduces the cache footprint of compilation.

Backports commit bee158cb4dde35c41632a3a129c869f14a32f8f0 from qemu
2018-02-25 21:49:42 -05:00
Lioncash b5e765d562
target-mips: Silence unused function warning 2018-02-25 21:47:22 -05:00
Richard Henderson 1547048a22
tcg: Reorg TCGOp chaining
Instead of using -1 as end of chain, use 0, and link through the 0
entry as a fully circular double-linked list.

Backports commit dcb8e75870e2de199db853697f8839cb603beefe from qemu
2018-02-25 21:44:50 -05:00
Richard Henderson b2e6e351c2
tcg: Compress liveness data to 16 bits
This reduces both memory usage and per-insn cacheline usage
during code generation.

Backports commit a1b3c48d2b23d6eaeb4529d3e1183d2648731bf8 from qemu
2018-02-25 21:27:24 -05:00
Eric Blake 30cbcafc05
osdep: Document differences in rounding macros
Make it obvious which macros are safe in which situations.

Useful since QEMU_ALIGN_UP and ROUND_UP both purport to do
the same thing, but differ on whether the alignment must be
a power of 2.
2018-02-25 21:05:21 -05:00
Leon Alrae bc434da124
target-mips: fix EntryHi.EHINV being cleared on TLB exception
While implementing TLB invalidation feature we forgot to modify
part of code responsible for updating EntryHi during TLB exception.
Consequently EntryHi.EHINV is unexpectedly cleared on the exception.

Backports commit 701074a6fc7470d0ed54e4a4bcd4d491ad8da22e from qemu
2018-02-25 21:02:31 -05:00
Igor Mammedov 943b9fc261
qdev: Fix object reference leak in case device.realize() fails
If device doesn't have parent assined before its realize
is called, device_set_realized() will implicitly set parent
to '/machine/unattached'.

However device_set_realized() may fail after that point at
several other points leaving not realized object dangling
in '/machine/unattached' and as result caller of

obj = object_new()
obj->ref == 1
object_property_set_bool(obj,..., true, "realized",...)
obj->ref == 2
if (fail)
object_unref(obj);
obj->ref == 1

will get object leak instead of expected object destruction.

Fix it by making device_set_realized() to cleanup after itself
in case of failure.

Backports commit 69382d8b3e8600b349c191394d761dcb480502cf from qemu
2018-02-25 21:00:26 -05:00
Igor Mammedov 62c89b9cd4
exec: Reduce CONFIG_USER_ONLY ifdeffenery
Backports commit 1bc7e522d9cf1b58f2de9c8f1737be0bb5129c35 from qemu
2018-02-25 20:57:48 -05:00
Igor Mammedov d30410dc9a
target-i386: Add x86_cpu_unrealizefn()
First remove VCPU from exec loop and only then remove lapic.

Backports commit c884776e9dc947105827bd6c22192863f97267d2 from qemu
2018-02-25 20:54:13 -05:00
Igor Mammedov 298b0e6529
target-i386: Fix apic object leak when CPU is deleted
Backports commit 67e55caa6dcb91c80428cee6fe463f8dd8a755ab from qemu
2018-02-25 20:48:40 -05:00
Igor Mammedov e15fb246ab
target-i386: cpu: Do not ignore error and fix apic parent
object_property_add_child() silently fails with error that it can't
create duplicate propery 'apic' as we already have 'apic' property
registered for 'apic' feature. As result generic device_realize puts
apic into unattached container.

As it's programming error, abort if name collision happens in future
and fix property name for apic_state to 'lapic', this way apic is
a child of cpu instance.

Backports commit 6816b1b3811e839540df22855d975b6d76ae438b from qemu
2018-02-25 20:47:46 -05:00
Paolo Bonzini 403021183d
target-i386: Add support for UMIP and RDPID CPUID bits
These are both stored in CPUID[EAX=7,EBX=0].ECX. KVM is going to
be able to emulate both (albeit with a performance loss in the case
of RDPID, which therefore will be in KVM_GET_EMULATED_CPUID rather
than KVM_GET_SUPPORTED_CPUID).

It's also possible to implement both in TCG, but this is for 2.8.

Backports commit c2f193b538032accb9db504998bf2ea7c0ef65af from qemu
2018-02-25 20:46:40 -05:00
Igor Mammedov 6714284211
target-i386: Add socket/core/thread properties to X86CPU
These properties will be used by as address where to plug
CPU with help -device/device_add commands.

Backports commit d89c2b8b98e097b9cad5104b0f178bde1cfa011b from qemu
2018-02-25 20:45:35 -05:00
Igor Mammedov 2ac9df3633
target-i386: Replace custom apic-id setter/getter with static property
Custom apic-id setter/getter doesn't do any property specific
checks anymore, so clean it up and use more compact static
property DEFINE_PROP_UINT32 instead.

Backports commit 2da00e3176abac34ca7a6aab1f5bbb94a0d03fc5 from qemu
2018-02-25 20:44:18 -05:00
Igor Mammedov 0525a9c9fa
pc: cpu: Consolidate apic-id validity checks in pc_cpu_pre_plug()
Machine code knows about all possible APIC IDs so use that
instead of hack which does O(n^2) complexity duplicate
checks, interating over global CPUs list.
As result duplicate check is done only once with O(log n) complexity.

Backports commit 4ec60c76d5ab513e375f17b043d2b9cb849adf6c from qemu
2018-02-25 20:38:43 -05:00
Dr. David Alan Gilbert 9ee1a82185
target-i386: Set physical address bits based on host
Add the host-phys-bits boolean property, if true, take phys-bits
from the hosts physical bits value, overriding either the default
or the user specified value.

We can also use the value we read from the host to check the users
explicitly set value and warn them if it doesn't match.

Note:
a) We only read the hosts value in KVM mode (because on non-x86
we get an abort if we try)
b) We don't warn about trying to use host-phys-bits in TCG mode,
we just fall back to the TCG default. This allows the machine
type to set the host-phys-bits flag if it wants and then to
work in both TCG and KVM.

Backports commit 11f6fee576680a2d482123535da920f8ceb33eb5 from qemu
2018-02-25 20:36:12 -05:00
Igor Mammedov 95cced34fb
pc: Add x86_topo_ids_from_apicid()
It's reverse of apicid_from_topo_ids() and will be used in follow up
patches to fill in data structures for query-hotpluggable-cpus and
for user friendly error reporting.

Backports commit 9f3aab58539b4cc716e42e772be8116dc2e7d159 from qemu
2018-02-25 20:31:36 -05:00
Igor Mammedov bc8dbd862d
target-i386: Use uint32_t for X86CPU.apic_id
Redo 9886e834 (target-i386: Require APIC ID to be explicitly set before
CPU realize) in another way that doesn't use int64_t to detect
if apic-id property has been set.

Use the fact that 0xFFFFFFFF is the broadcast
value that a CPU can't have and set default
uint32_t apic_id to it instead of using int64_t.

Later uint32_t apic_id will be used to drop custom
property setter/getter in favor of static property.

Backports commit d9c84f196970f78d4b55ab87e03cbcad7c65f86f from qemu
2018-02-25 20:30:31 -05:00
Dr. David Alan Gilbert 54851f7d74
target-i386: Fill high bits of mtrr mask
Fill the bits between 51..number-of-physical-address-bits in the
MTRR_PHYSMASKn variable range mtrr masks so that they're consistent
in the migration stream irrespective of the physical address space
of the source VM in a migration.

Backports commit fcc35e7ccaed771790940524f3b0eef7aebfc9b1 from qemu
2018-02-25 20:29:20 -05:00
Dr. David Alan Gilbert 78254267ff
target-i386: Allow physical address bits to be set
Currently QEMU sets the x86 number of physical address bits to the
magic number 40. This is only correct on some small AMD systems;
Intel systems tend to have 36, 39, 46 bits, and large AMD systems
tend to have 48.

Having the value different from your actual hardware is detectable
by the guest and in principal can cause problems;
The current limit of 40 stops TB VMs being created by those lucky
enough to have that much.

This patch lets you set the physical bits by a cpu property but
defaults to the same 40bits which matches TCGs setup.

I've removed the ancient warning about the 42 bit limit in exec.c;
I can't find that limit in there and no one else seems to know where
it is.

We use a magic value of 0 as the property default so that we can
later distinguish between the default and a user set value.

Backports commit af45907a132857cfd47acc998bf5f7c26cd13071 from qemu
2018-02-25 20:28:38 -05:00
Dr. David Alan Gilbert 7cb359cc19
target-i386: Provide TCG_PHYS_ADDR_BITS
Provide a constant for the number of address bits supported under TCG.

Backports commit 709787ee997f0a0ccab78e0edaf10d48929151ee from qemu
2018-02-25 20:23:25 -05:00
Eric Blake 23ab6d81f9
qapi: Implement boxed types for commands/events
Turn on the ability to pass command and event arguments in
a single boxed parameter, which must name a non-empty type
(although the type can be a struct with all optional members).
For structs, it makes it possible to pass a single qapi type
instead of a breakout of all struct members (useful if the
arguments are already in a struct or if the number of members
is large); for other complex types, it is now possible to use
a union or alternate as the data for a command or event.

The empty type may be technically feasible if needed down the
road, but it's easier to forbid it now and relax things to allow
it later, than it is to allow it now and have to special case
how the generated 'q_empty' type is handled (see commit 7ce106a9
for reasons why nothing is generated for the empty type). An
alternate type is never considered empty, but now that a boxed
type can be either an object or an alternate, we have to provide
a trivial QAPISchemaAlternateType.is_empty(). The new call to
arg_type.is_empty() during QAPISchemaCommand.check() requires
that we first check the type in question; but there is no chance
of introducing a cycle since objects do not refer back to commands.

We still have a split in syntax checking between ad-hoc parsing
up front (merely validates that 'boxed' has a sane value) and
during .check() methods (if 'boxed' is set, then 'data' must name
a non-empty user-defined type).

Generated code is unchanged, as long as no client uses the
new feature.

Backports commit c818408e449ea55371253bd4def1c1dc87b7bb03 from qemu
2018-02-25 20:22:03 -05:00
Eric Blake c65f056fbe
qapi: Plumb in 'boxed' to qapi generator lower levels
The next patch will add support for passing a qapi union type
as the 'data' of a command. But to do that, the user function
for implementing the command, as called by the generated
marshal command, must take the corresponding C struct as a
single boxed pointer, rather than a breakdown into one
parameter per member. Even without a union, being able to use
a C struct rather than a list of parameters can make it much
easier to handle coding with QAPI.

This patch adds the internal plumbing of a 'boxed' flag
associated with each command and event. In several cases,
this means adding indentation, with one new dead branch and
the remaining branch being the original code more deeply
nested; this was done so that the new implementation in the
next patch is easier to review without also being mixed with
indentation changes.

For this patch, no behavior or generated output changes, other
than the testsuite outputting the value of the new flag
(always False for now).

Backports commit 48825ca419fd9c8140d4fecb24e982d68ebca74f from qemu
2018-02-25 20:17:01 -05:00
Eric Blake 6ff318b839
qapi-event: Simplify visit of non-implicit data
Commit 7ce106a9 documented why we don't generated a visit_type_FOO()
for implicit types; and therefore events with an anonymous type for
'data' have to open-code a visit. Note that the open-coded visit in
qapi-event.c is slightly different from what is done in
qapi-visit.c for normal types, in part because we don't have to
check for *obj being NULL or free things on error. But where the
type is not implicit, it is nicer to reuse the normal visit instead
of open-coding a duplicate.

At the moment, the only event with a non-implicit 'data' is in the
testsuite, where test-qapi-event.c changes as follows:

|@@ -155,6 +155,7 @@ void qapi_event_send___org_qemu_x_event(
| __org_qemu_x_Struct param = {
| __org_qemu_x_member1, (char *)__org_qemu_x_member2, has_q_wchar_t, q_wchar_t
| };
|+ __org_qemu_x_Struct *arg = &param;
|
| emit = qmp_event_get_func_emit();
| if (!emit) {
|@@ -164,16 +165,7 @@ void qapi_event_send___org_qemu_x_event(
| qmp = qmp_event_build_dict("__ORG.QEMU_X-EVENT");
|
| v = qmp_output_visitor_new(&obj);
|-
|- visit_start_struct(v, "__ORG.QEMU_X-EVENT", NULL, 0, &err);
|- if (err) {
|- goto out;
|- }
|- visit_type___org_qemu_x_Struct_members(v, &param, &err);
|- if (!err) {
|- if (!err) {
|- visit_check_struct(v, &err);
|- }
|- visit_end_struct(v, NULL);
|+ visit_type___org_qemu_x_Struct(v, "__ORG.QEMU_X-EVENT", &arg, &err);
| if (err) {
| goto out;
| }

Backports commit 4d0b268fdb17a1fed10fe980e77fd388e5427bfd from qemu
2018-02-25 20:12:34 -05:00
Eric Blake b5220a6867
qapi: Drop useless gen_err_check()
Ever since commit 12f254f removed the last parameterization
of gen_err_check(), it no longer makes sense to hide the three
lines of generated C code behind a macro call. Just inline it
into the remaining users.

No change to generated code.

Backports commit fa274ed6fb788866ed3a2cfd54a2ddf78f04f2c0 from qemu
2018-02-25 20:10:45 -05:00
Eric Blake d7014c66df
qapi: Add type.is_empty() helper
In the near future, we want to lift our artificial restriction of
no variants at the top level of an event, at which point the
currently open-coded check for empty members will become
insufficient. Factor it out into a new helper method is_empty()
now, and future-proof it by checking variants, too, along with an
assert that it is not used prior to the completion of .check().
Update places that were checking for (non-)empty .members to use
the new helper.

All of the current callers assert that there are no variants (either
directly, or by qapi.py asserting that base types have no variants),
so this is not a semantic change.

No change to generated code.

Backports commit b6167706829c6e0d3572daa2b6769594ced276f7 from qemu
2018-02-25 20:07:43 -05:00
Eric Blake 4b39eaae33
qapi: Hide tag_name data member of variants
Clean up the only remaining external use of the tag_name field of
QAPISchemaObjectTypeVariants, by explicitly listing the generated
'type' tag for all variants in the testsuite (you can still tell
simple unions by the -wrapper types). Then we can mark the
tag_name field as private by adding a leading underscore to prevent
any further use.

Backports commit da9cb19385fc66b2cb2584bbbbcbf50246d057e2 from qemu
2018-02-25 20:06:15 -05:00
Eric Blake febeea5f4b
qapi: Special case c_name() for empty type
Commit 7ce106a rendered QAPISchemaObjectType.c_name() redundant,
since it now does nothing more than delegate to its superclass.
However, rather than deleting it, we can restore part of the
assertion that was removed in that commit, to prove that we never
emit the empty type directly in generated code, but rather
special-case it as a built-in that makes other aspects of code
generation easier to reason about.

Backports commit cd50a2564560986e865ff64fa73b59d2564076f0 from qemu
2018-02-25 20:05:16 -05:00
Eric Blake 8ccfff95fe
qapi: Require all branches of flat union enum to be covered
We were previously enforcing that all flat union branches were
found in the corresponding enum, but not that all enum values
were covered by branches. The resulting generated code would
abort() if the user passes the uncovered enum value.

We don't automatically treat non-present branches in a flat
union as empty types, for symmetry with simple unions (there,
the enum type is generated from the list of all branches, so
there is no way to omit a branch but still have it be part of
the union).

A later patch will add shorthand so that branches that are empty
in flat unions can be declared as 'branch':{} instead of
'branch':'Empty', to avoid the need for an otherwise useless
explicit empty type. [Such shorthand for simple unions is a bit
harder to justify, since we would still have to generate a
wrapper type that parses 'data':{}, rather than truly being an
empty branch with no additional siblings to the 'type' member.]

Backports commit d0b182392d0281ef780e3effcb82677a004f1f97 from qemu
2018-02-25 20:04:18 -05:00
Paolo Bonzini 674805745b
qapi: change QmpInputVisitor to QSLIST
This saves a lot of memory compared to a statically-sized array,
or at least 24kb could be considered a lot on an Atari ST.
It also makes the code more similar to QmpOutputVisitor.

This removes the limit on the depth of a QObject that can be processed
into a QAPI tree. This is not a problem because QObjects can be
considered trusted; the text received on the QMP wire is untrusted
input, but the JSON parser already takes pains to limit the QObject tree
it creates. We don't need the QMP input visitor to limit it again.

Backports commit 3d344c2aabb7bc9b414321e3c52872901edebdda from qemu
2018-02-25 20:02:09 -05:00
Paolo Bonzini b14f1d7a80
qapi: change QmpOutputVisitor to QSLIST
This saves a little memory compared to the doubly-linked QTAILQ.

Backports commit fc76ae8b38783e82c109834573ba5d6f080440b5 from qemu
2018-02-25 19:59:16 -05:00
Sergey Fedorov e39b9d0391
target-i386: Remove redundant HF_SOFTMMU_MASK
'HF_SOFTMMU_MASK' is only set when 'CONFIG_SOFTMMU' is defined. So
there's no need in this flag: test 'CONFIG_SOFTMMU' instead.

Backports commit da6d48e3348bbc266896cf8adf0c33f1eaf5b31f from qemu
2018-02-25 19:59:15 -05:00
Sergey Sorokin 4a904baaf5
target-arm: Add missed AArch32 TLBI sytem registers
Some PL2 related TLBI system registers are missed in AArch32
implementation. The patch fixes it.

Backports commit 541ef8c2e73fb99d173b125bef7c262fdd2fe33c from qemu
2018-02-25 19:59:15 -05:00
Peter Lieven 799bf1c3a5
exec: avoid realloc in phys_map_node_reserve
this is the first step in reducing the brk heap fragmentation
created by the map->nodes memory allocation. Since the introduction
of RCU the freeing of the PhysPageMaps is delayed so that sometimes
several hundred are allocated at the same time.

Even worse the memory for map->nodes is allocated and shortly
afterwards reallocated. Since the number of nodes it grows
to in the end is the same for all PhysPageMaps remember this value
and at least avoid the reallocation.

The large number of simultaneous allocations (about 450 x 70kB in
my configuration) has to be addressed later.

Backports commit 101420b886eec36990419bc9ed5b503622af8a0d from qemu
2018-02-25 19:32:40 -05:00
Paolo Bonzini a47c68164d
compiler: never omit assertions if using a static analysis tool
Assertions help both Coverity and the clang static analyzer avoid
false positives, but on the other hand both are confused when
the condition is compiled as (void)(x != FOO). Always expand
assertion macros when using Coverity or clang, through a new
QEMU_STATIC_ANALYSIS preprocessor symbol.

This fixes a couple false positives in TCG.

Backports commit 8bff06a0bbf257a2083223534c1607bf87d913e6 from qemu
2018-02-25 19:19:28 -05:00
Vijay 5608b53b6f
target-arm: Use Neon for zero checking
Use Neon instructions to perform zero checking of
buffer. This is helps in reducing total migration time.

Use case: Idle VM live migration with 4 VCPUS and 8GB ram
running CentOS 7.

Without Neon, the Total migration time is 3.5 Sec

Migration status: completed
total time: 3560 milliseconds
downtime: 33 milliseconds
setup: 5 milliseconds
transferred ram: 297907 kbytes
throughput: 685.76 mbps
remaining ram: 0 kbytes
total ram: 8519872 kbytes
duplicate: 2062760 pages
skipped: 0 pages
normal: 69808 pages
normal bytes: 279232 kbytes
dirty sync count: 3

With Neon, the total migration time is 2.9 Sec

Migration status: completed
total time: 2960 milliseconds
downtime: 65 milliseconds
setup: 4 milliseconds
transferred ram: 299869 kbytes
throughput: 830.19 mbps
remaining ram: 0 kbytes
total ram: 8519872 kbytes
duplicate: 2064313 pages
skipped: 0 pages
normal: 70294 pages
normal bytes: 281176 kbytes
dirty sync count: 3

Backports commit 7069532e3b944c25707d4f69998e68a739eabff9 from qemu
2018-02-25 19:17:38 -05:00
Richard Henderson d17dc29d2e
target-sparc: Elide duplicate updates to fprs
Backports commit f9c816c00cf4242542472ae6b2a579b11b7e86f1 from qemu
2018-02-25 19:14:59 -05:00
Richard Henderson 2215ef7e21
target-sparc: Use cpu_loop_exit_restore from helper_check_ieee_exceptions
This avoids needing to save state before every FP operation.

Backports commit 02c79d78853f07d519b3272d06e43041eb4a4105 from qemu
2018-02-25 19:12:36 -05:00
Richard Henderson 524e4af5ca
target-sparc: Use cpu_fsr in stfsr
Backports commit ba2397d1ca6546e8cf5bd9e2939923546ac3091a from qemu
2018-02-25 19:10:27 -05:00
Lioncash 17c54e2702
header_gen: alphabetize general symbols 2018-02-25 19:07:20 -05:00
Lioncash 4b8cae3f61
header_gen: alphabetize ARM symbols 2018-02-25 19:00:31 -05:00
Lioncash fa10382007
header_gen: alphabetize aarch64 symbols 2018-02-25 19:00:01 -05:00
Lioncash 3f8802fcf5
header_gen: alphabetize MIPS symbols 2018-02-25 18:59:49 -05:00
Richard Henderson 12eecc4939
target-sparc: Use explicit writes to cpu_fsr
By arranging for explicit writes to cpu_fsr after floating point
operations, we are able to mark the helpers as not writing to
tcg globals, which means that we don't need to invalidate the
integer register set across said calls.

Backports commit 7385aed20db5d83979f683b9d0048674411e963c from qemu
2018-02-25 18:55:07 -05:00
Richard Henderson 2e24c09db3
target-sparc: Remove helper_ldf_asi, helper_stf_asi
We've now implemented all fp asis inline, except for the no-fault
memory reads. The latter can be passed directly to helper_ld_asi.

Backports commit f2fe396f0fae6b389169f65abf294df9ae6cfee5 from qemu
2018-02-25 18:32:35 -05:00
Richard Henderson a921273a6c
target-sparc: Directly implement block and short ldf/stf asis
Backports commit ca5ce5723fb1ee3445f690004f63c209c15fb813 from qemu
2018-02-25 18:27:52 -05:00
Richard Henderson 333d88c9e6
target-sparc: Directly implement easy ldf/stf asis
Backports commit 7705091ca4a20c8c2d20e2af5d0a1bcb17296657 from qemu
2018-02-25 18:23:45 -05:00
Richard Henderson 9d47cda44c
target-sparc: Pass TCGMemOp constants to helper_ld/st_asi
Reduces the argument count for helper_ld_asi; do helper_st_asi
for consistency.

Backports commit 6850811e7c56403b0d225a1bffd096abf2ff06f9 from qemu
2018-02-25 18:19:42 -05:00
Richard Henderson 950aa89c7a
target-sparc: Fix obvious error in ASI_M_BFILL
Backports commit c095b83f9836cef80f64b32603fea240762a824b from qemu
2018-02-25 18:08:40 -05:00
Richard Henderson eb285aa281
target-sparc: Directly implement easy ldd/std asis
Backports commit e4dc0052a40d3e7b00ca0b008f345e2ed644aa20 from qemu
2018-02-25 18:07:51 -05:00
Richard Henderson 1ed7df7720
target-sparc: Introduce gen_check_align
Backports commit 35e94905ce4b39b358a673995f9bee11f46ec8be from qemu
2018-02-25 17:59:47 -05:00