This new argument will aid register allocation by indicating how
the temporary will be used in future. If the preference cannot
be satisfied, fall back to the constraints of the current insn.
Short circuit the preference when it cannot be satisfied or if
it does not further constrain the operation.
With an eye toward optimizing function call sequences, optimize
for the preferred_reg set containing a single register.
For the moment, all users pass 0 for preference.
Backports commit b016486e7baddb43cfc1e51909b05cde9cf82e0c from qemu
Delete trivially dead code that follows unconditional branches and
noreturn helpers. These can occur either via optimization or via
the structure of a target's translator following an exception.
Backports commit b4fc67c7afd2c338d6e7c73a7f428dfe05ae0603 from qemu
Previously, the low 4 bits were used for TCG_CALL_TYPE_MASK,
which was removed in 6a18ae2d2947532d5c26439548afa0481c4529f9.
Backports commit 3b50352b05eeafeb95cccd770f7aaba00bbdf6fe from qemu
Default branches variant should use the member conditional.
This fixes compilation with --disable-replication.
Fixes: 335d10cd8e2c3bb6067804b095aaf6371fc1983e
Backports commit ce1a1aec47877a281d69dbc2e65f86bfe8fea231 from qemu
Backporting 6fa2cef205a60b5c5c3b058f53852416b885c455 by Thomas Huth
started invoking assertions on clang. This means Unicorn is doing
something silly. This should be tracked down, but in the meantime,
restore behavior to allow tests to still be run.
Performance results for fp-bench:
Host: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
- before:
sqrt-single: 42.30 MFlops
sqrt-double: 22.97 MFlops
- after:
sqrt-single: 311.42 MFlops
sqrt-double: 311.08 MFlops
Here USE_FP makes a huge difference for f64's, with throughput
going from ~200 MFlops to ~300 MFlops.
Backports commit f131bae8a7b7ed1928cc94c69df291db609c316a from qemu
The appended paves the way for leveraging the host FPU for a subset
of guest FP operations. For most guest workloads (e.g. FP flags
aren't ever cleared, inexact occurs often and rounding is set to the
default [to nearest]) this will yield sizable performance speedups.
The approach followed here avoids checking the FP exception flags register.
See the added comment for details.
This assumes that QEMU is running on an IEEE754-compliant FPU and
that the rounding is set to the default (to nearest). The
implementation-dependent specifics of the FPU should not matter; things
like tininess detection and snan representation are still dealt with in
soft-fp. However, this approach will break on most hosts if we compile
QEMU with flags that break IEEE compatibility. There is no way to detect
all of these flags at compilation time, but at least we check for
-ffast-math (which defines __FAST_MATH__) and disable hardfloat
(plus emit a #warning) when it is set.
This patch just adds common code. Some operations will be migrated
to hardfloat in subsequent patches to ease bisection.
Note: some architectures (at least PPC, there might be others) clear
the status flags passed to softfloat before most FP operations. This
precludes the use of hardfloat, so to avoid introducing a performance
regression for those targets, we add a flag to disable hardfloat.
In the long run though it would be good to fix the targets so that
at least the inexact flag passed to softfloat is indeed sticky.
Backports commit a94b783952cc493cb241aabb1da8c7a830385baa from qemu
glibc >= 2.25 defines canonicalize in commit eaf5ad0
(Add canonicalize, canonicalizef, canonicalizel., 2016-10-26).
Given that we'll be including <math.h> soon, prepare
for this by prefixing our canonicalize() with sf_ to avoid
clashing with the libc's canonicalize().
Backports commit f9943c7f766678af36d31076b78e466256f4871b from qemu
Change the order in which we extract a/b and c/d to
match the output of the upstream xxhash32.
Tested with:
https://github.com/cota/xxhash/tree/qemu
Backports commit b7c2cd08a6f68010ad27c9c0bf2fde02fb743a0e from qemu
For now, defined universally as true, since we previously required
backends to implement swapped memory operations. Future patches
may now remove that support where it is onerous.
Backports commit e1dcf3529d0797b25bb49a20e94b62eb93e7276a from qemu
Somehow we forgot these operations, once upon a time.
This will allow immediate stores to have their bswap
optimized away.
Backports commit 6498594c8eda83c5f5915afc34bd03396f8de6df from qemu
Based on the only current user, Sparc:
New code uses 2 constants that take 2 insns to load from constant pool,
plus 13. Old code used 6 constants that took 1 or 2 insns to create,
plus 21. The result is a new total of 17 vs an old total of 29.
Backports commit 9e821eab0ab708add35fa0446d880086e845ee3e from qemu
Based on the only current user, Sparc:
New code uses 1 constant that takes 2 insns to create, plus 8.
Old code used 2 constants that took 2 insns to create, plus 9.
The result is a new total of 10 vs an old total of 13.
Backports commit a686dc71d89b1d7934becd95c843aa1375cdb7e7 from qemu
We now have an invariant that all TCG_TYPE_I32 values are
zero-extended, which means that we do not need to extend
them again during qemu_ld/st, either explicitly via a separate
tcg_out_ext32u or implicitly via P_ADDR32.
Backports commit 4810d96f03be4d3820563e3c6bf13dfc0627f205 from qemu
This preserves the invariant that all TCG_TYPE_I32 values are
zero-extended in the 64-bit host register.
Backports commit 75478279a0c1eafc7b69d5382356da138f58f1bd from qemu
This helps preserve the invariant that all TCG_TYPE_I32 values
are stored zero-extended in the 64-bit host registers.
Backports commit 3dbc8c61de4e0d0a2afe0897cda7ab28cd37a164 from qemu
This helps preserve the invariant that all TCG_TYPE_I32 values
are stored zero-extended in the 64-bit host registers.
Backports commit 1d21d95b6101786d44d3b4a12400eb80a1ecc647 from qemu
This does require an extra two checks within the slow paths
to replace the assert that we're moving. Also add two checks
within existing functions that lacked any kind of assert for
out of range branch.
Backports commit 55dfd8fedceb1311d9cdded1a0f94b2da91a387d from qemu
The reloc_pc{14,24}_val routines retain their asserts.
Use these directly within the slow paths.
Backports commit d5132903518fadad579ef2de9e45fce98eefaa63 from qemu
This does require an extra two checks within the slow paths
to replace the assert that we're moving.
Backports commit 43fabd30e2f411e8d70ff347902a7c8ed308233e from qemu
This does require an extra two checks within the slow paths
to replace the assert that we're moving.
Backports commit 214bfe83d5a5af70bac2b8d0bd649b018c33c03b from qemu
This will move the assert for success from within (subroutines of)
patch_reloc into the callers. It will also let new code do something
different when a relocation is out of range.
For the moment, all backends are trivially converted to return true.
Backports commit 6ac1778676f4259c10b0629ccd9df319a5d1baeb from qemu
There is no longer a need for preserving branch offset operands,
as we no longer re-translate.
Backports commit 8c1b079279fadaee10dc39ca9a58c4c91c7a1854 from qemu
There is no longer a need for preserving branch offset operands,
as we no longer re-translate.
Backports commit 791645f0227c9d52ce5fe1ad6e1cda55a9bfe633 from qemu
There is no longer a need for preserving branch offset operands,
as we no longer re-translate.
Backports commit 3661612fc3e4b65be03482bf6bafd116101881e1 from qemu
There is no longer a need for preserving branch offset operands,
as we no longer re-translate.
Backports commit f9c7246faa279237200a2a53beacaa8100ea1900 from qemu
There are one use apiece for these. There is no longer a need for
preserving branch offset operands, as we no longer re-translate.
Backports commit 37ee93a974c49ab9edfcd1db0aad3838b0395b14 from qemu
There are one use apiece for these. There is no longer a need for
preserving branch offset operands, as we no longer re-translate.
Backports commit 733589b3382afcb0ae9f43e72e083a5ddd38abd5 from qemu
For x86_64, this can remove a REX prefix resulting in smaller code
when manipulating globals of type i32, as we move them between backing
store via cpu_env, aka TCG_AREG0.
Backports commit 5740d9f714835964873325d1210b26811252843f from qemu
Partially reverts ab20bdc1162. The 14-bit displacement that we
allowed to reach the constant pool is not always sufficient.
Retain the tb-relative addressing, as that is how most return
values from the tb are computed.
Backports commit f6823cbe3787aa47db62deede6683077e3da9a2c from qemu
When we add a new entry to the ARMCPRegInfo hash table in
add_cpreg_to_hashtable(), we allocate memory for tehe
ARMCPRegInfo struct itself, and we also g_strdup() the
name string. So the hashtable's value destructor function
must free the name string as well as the struct.
Spotted by clang's leak sanitizer. The leak here is a
small one-off leak at startup, because we don't support
CPU hotplug, and so the only time when we destroy
hash table entries is for the case where ARM_CP_OVERRIDE
means we register a wildcard entry and then override it later.
Backports commit ac87e5072e2cbfcf8e80caac7ef43ceb6914c7af from qemu
The generated C enumeration types explicitly set the enumeration
constants to 0, 1, 2, ... That's exactly what you get when you don't
supply values.
Drop the explicit values. No change now, but it will avoid gaps in
the values when we later add support for 'if' conditions. Avoiding
such gaps will save us the trouble of changing the ENUM_lookup[]
tables to work without a sentinel.
We'll have to take care to ensure the headers required by the 'if'
conditions get always included before the generated QAPI code.
Fortunately, our convention to include "qemu/osdep.h" first in any .c
ensures that's the case for our CONFIG_FOO macros
Backports commit 9c2f56e9f9d5a1f9ddac77dda35f997738e85d11 from qemu
Rename QAPISchemaEnumType.values and related variables to members.
Makes sense ever since commit 93bda4dd4 changed .values from list of
string to list of QAPISchemaMember. Obvious no-op.
Backports commit 57516863644817ca59fab023e0c68d139929f3e0 from qemu
The input visitor has some problems right now, especially
- unsigned type "Range" is used to process signed ranges, resulting in
inconsistent behavior and ugly/magical code
- uint64_t are parsed like int64_t, so big uint64_t values are not
supported and error messages are misleading
- lists/ranges of int64_t are accepted although no list is parsed and
we should rather report an error
- lists/ranges are preparsed using int64_t, making it hard to
implement uint64_t values or uint64_t lists
- types that don't support lists don't bail out
- visiting beyond the end of a list is not handled properly
- we don't actually parse lists, we parse *sets*: members are sorted,
and duplicates eliminated
So let's rewrite it by getting rid of usage of the type "Range" and
properly supporting lists of int64_t and uint64_t (including ranges of
both types), fixing the above mentioned issues.
Lists of other types are not supported and will properly report an
error. Virtual walks are now supported.
Tests have to be fixed up:
- Two BUGs were hardcoded that are fixed now
- The string-input-visitor now actually returns a parsed list and not
an ordered set.
Please note that no users/callers have to be fixed up. Candidates using
visit_type_uint16List() and friends are:
- backends/hostmem.c:host_memory_backend_set_host_nodes()
-- Code can deal with duplicates/unsorted lists
- numa.c::query_memdev()
-- via object_property_get_uint16List(), the list will still be sorted
and without duplicates (via host_memory_backend_get_host_nodes())
- qapi-visit.c::visit_type_Memdev_members()
- qapi-visit.c::visit_type_NumaNodeOptions_members()
- qapi-visit.c::visit_type_RockerOfDpaGroup_members
- qapi-visit.c::visit_type_RxFilterInfo_members()
-- Not used with string-input-visitor.
Backports commit c9fba9de89db51a07689e2cba4865a1e564b8f0f from qemu
The string-input-visitor happily accepts NaN and infinities when parsing
numbers (doubles). They shouldn't. Fix that.
Also, add two test cases, testing if "NaN" and "inf" is properly
rejected.
Backports commit 4b69d4c3d7c133ebc9393ef3f86ce38831921cb6 from qemu
qemu_strtosz() & friends reject NaNs, but happily accept infinities.
They shouldn't. Fix that.
The fix makes use of qemu_strtod_finite(). To avoid ugly casts,
change the @end parameter of qemu_strtosz() & friends from char **
to const char **.
Also, add two test cases, testing that "inf" and "NaN" are properly
rejected. While at it, also fixup the function documentation.
Backports commit af02f4c5179675ad4e26b17ba26694a8fcde17fa from qemu
Provide a trivial implementation with zero limited ordering regions,
which causes the LDLAR and STLLR instructions to devolve into the
LDAR and STLR instructions from the base ARMv8.0 instruction set.
Backports commit 2d7137c10fafefe40a0a049ff8a7bd78b66e661f from qemu
Since arm_hcr_el2_eff includes a check against
arm_is_secure_below_el3, we can often remove a
nearby check against secure state.
In some cases, sort the call to arm_hcr_el2_eff
to the end of a short-circuit logical sequence.
Backports commit 7c208e0f4171c9e2cc35efc12e1bf264a45c229f from qemu
Replace arm_hcr_el2_{fmo,imo,amo} with a more general routine
that also takes SCR_EL3.NS (aka arm_is_secure_below_el3) into
account, as documented for the plethora of bits in HCR_EL2.
Backports commit f77784446045231f7dfa46c9b872091241fa1557 from qemu
The bulk of the work here, beyond base HPD, is defining the
TTBCR2 register. In addition we must check TTBCR.T2E, which
is not present (RES0) for AArch64.
Backports commit ab638a328fd099ba0b23c8c818eb39f2c35414f3 from qemu
Since the TCR_*.HPD bits were RES0 in ARMv8.0, we can simply
interpret the bits as if ARMv8.1-HPD is present without checking.
We will need a slightly different check for hpd for aarch32.
Backports commit 037c13c5904f5fc67bb0ab7dd91ae07347aedee9 from qemu
Because EL3 has a fixed execution mode, we can properly decide
which of the bits are RES{0,1}.
Backports commit ea22747c63c9a894777aa41a7af85c3d08e39f81 from qemu
The enable for TGE has already occurred within arm_hcr_el2_amo
and friends. Moreover, when E2H is also set, the sense is
supposed to be reversed, which has also already occurred within
the helpers.
Backports commit 619959c3583dad325c36f09ce670e7d091382cae from qemu
At the same time, define the fields for these registers,
and use those defines in arm_pamax().
Backports commit 3dc91ddbc68391f934bf6945853e99cf6810fc00 from qemu
The code that used it has already been removed a while ago with commit
dc41aa7d34989b552ef ("tcg: Remove GET_TCGV_* and MAKE_TCGV_*").
Backports commit 78751ea855f89b5a352ccc332162fed3ad4c9496 from qemu
Since we require GCC version 4.8 or newer now, we can be sure that
the builtin functions are always available on GCC. And for Clang,
we can check the availablility with __has_builtin instead.
Backports commit f773b423cc61f3ca18af5337101c158a52aaae2c from qemu
Both GCC v4.8 and Clang v3.4 (our minimum versions) support
__builtin_unreachable(), so we can remove the version check here now.
Backports commit 6fa2cef205a60b5c5c3b058f53852416b885c455 from qemu
Now that we require at least GCC 4.8, we don't need this als workaround
for 4.6 and 4.7 anymore.
Backports commit d376e9de07e9541a040609d30b73403c33b6afe0 from qemu
Since we have got a check for Clang >= 3.4 now, we do not need to
check for older Clang versions in the configure test for 128-bit ints
anymore.
Backports commit 40f87e2680a3fda6117a08db9106a01345806a66 from qemu
So far we only had implicit requirements for the minimum compiler version,
e.g. we require at least GCC 4.1 for the support of atomics. However,
such old compiler versions are not tested anymore by the developers, so
they are not really supported anymore. Since we recently declared explicitly
what platforms we intend to support, we can also get more explicit on the
compiler version now. The supported distributions use the following version
of GCC:
RHEL-7: 4.8.5
Debian (Stretch): 6.3.0
Debian (Jessie): 4.8.4
OpenBSD (ports): 4.9.4
FreeBSD (ports): 8.2.0
OpenSUSE Leap 15: 7.3.1
Ubuntu (Xenial): 5.3.1
macOS (Homebrew): 8.2.0
So we can safely assume GCC 4.8 these days. For Clang, the situation is
a little bit more ambiguous, since it is sometimes not available in the
main distros but rather third party repositories. At least Debian Jessie
uses version 3.5, and EPEL7 for RHEL7 uses 3.4, so let's use 3.4 as
minimum Clang version now - we still can adjust this later if necessary.
Unfortunately Apple uses different version numbers for the Clang that is
included in their Xcode suite, so we need to check the version numbers
for Xcode separately. Xcode 5.1 seems to be the first one that has been
shipped with LLVM 3.4, so use this version as the minimum there.
Backports commit efc6c070acabd92283f8786cc835684d09def12f from qemu
The STIBP flag may be supported by the host KVM module, so QEMU
can allow it to be configured manually, and it can be exposed to
guests when using "-cpu host".
No additional migration code is required because the whole
contents of spec_ctrl is already migrated in the "cpu/spec_ctrl"
section.
Backports commit 0e8916582991b9fd0b94850a8444b8b80d0a0955 from qemu
MOVDIR64B moves 64-bytes as direct-store with 64-bytes write atomicity.
Direct store is implemented by using write combining (WC) for writing
data directly into memory without caching the data.
The bit definition:
CPUID.(EAX=7,ECX=0):ECX[bit 28] MOVDIR64B
The release document ref below link:
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf
Backports commit 1c65775ffc2dbd276a8bffe592feba0e186a151c from qemu
MOVDIRI moves doubleword or quadword from register to memory through
direct store which is implemented by using write combining (WC) for
writing data directly into memory without caching the data.
The bit definition:
CPUID.(EAX=7,ECX=0):ECX[bit 27] MOVDIRI
The release document ref below link:
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf
Backports commit 24261de4916596d8ab5f5fee67e9e7a19e8325a5 from qemu
Fixes a TCG crash due to attempting the atomic operation without
having set up the address first. This does not attempt to fix
all of the other missing checks for LOCK.
Fixes: a7cee522f35
Fixes: https://bugs.launchpad.net/qemu/+bug/1803160
Backports commit e84fcd7f662a0d8198703f6f89416d7ac2c32767 from qemu
This commit fixes a case where the CPU would try to go to EL3 when
executing an smc instruction, even though ARM_FEATURE_EL3 is false. This
case is raised when the PSCI conduit is set to smc, but the smc
instruction does not lead to a valid PSCI call.
QEMU crashes with an assertion failure latter on because of incoherent
mmu_idx.
This commit refactors the pre_smc helper by enumerating all the possible
way of handling an scm instruction, and covering the previously missing
case leading to the crash.
The following minimal test would crash before this commit:
.global _start
.text
_start:
ldr x0, =0xdeadbeef ; invalid PSCI call
smc #0
run with the following command line:
aarch64-linux-gnu-gcc -nostdinc -nostdlib -Wl,-Ttext=40000000 \
-o test test.s
qemu-system-aarch64 -M virt,virtualization=on,secure=off \
-cpu cortex-a57 -kernel test
Backports commit 7760da729ac88f112f98f36395ac3b55fc9e4211 from qemu
Disable R5900 support. There are some outstanding issues related
to ABI support and emulation accuracy, that were not understood
well during review process. Disable to avoid backward compatibility
issues.
Reverts commit ed4f49ba9bb56ebca6987b1083255daf6c89b5de.
Backports commit 823f2897bdd78185f3ba33292a25105ba8bad1b5 from qemu
Explicitely mark handling of PREF instruction for R5900 as
treating the same as NOP.
Backports commit 992e8176d36882983bb04f0259f7151a36d003a1 from qemu
Avoid using check_opc_user_only() as a decision making code wrt
various architectures. Use ctx->insn_flags checks instead.
Backports commit 55fc7a69aa38f5ec726e862caf4e4394caca04a8 from qemu
MOVN, MOVZ, MFHI, MFLO, MTHI, MTLO, MULT, MULTU, DIV, DIVU, DMULT,
DMULTU, DDIV, DDIVU and JR are decoded in decode_opc_special_tx79
instead of the generic decode_opc_special_legacy.
Backports commit 9dc324ce66807cc231fe890d4031de595ad1cf72 from qemu
MFLO1, MFHI1, MTLO1 and MTHI1 are generated in gen_HILO1_tx79 instead of
the generic gen_HILO.
Backports commit 86efbfb619a42061ac6439c074cfbf52df2ef2c2 from qemu
The Cortex-A15 and Cortex-A7 both have EL2; now we've implemented
it properly we can enable the feature bit.
Backports commit 436c0cbbeb38dd97c02fe921a7cb253a18afdd86 from qemu
Hyp mode is an exception to the general rule that each AArch32
mode has its own r13, r14 and SPSR -- it has a banked r13 and
SPSR but shares its r14 with User and System mode. We were
incorrectly implementing it as banked, which meant that on
entry to Hyp mode r14 was 0 rather than the USR/SYS r14.
We provide a new function r14_bank_number() which is like
the existing bank_number() but provides the index into
env->banked_r14[]; bank_number() provides the index to use
for env->banked_r13[] and env->banked_cpsr[].
All the points in the code that were using bank_number()
to index into env->banked_r14[] are updated for consintency:
* switch_mode() -- this is the only place where we fix
an actual bug
* aarch64_sync_32_to_64() and aarch64_sync_64_to_32():
no behavioural change as we already special-cased Hyp R14
* kvm32.c: no behavioural change since the guest can't ever
be in Hyp mode, but conceptually the right thing to do
* msr_banked()/mrs_banked(): we can never get to the case
that accesses banked_r14[] with tgtmode == ARM_CPU_MODE_HYP,
so no behavioural change
Backports commit 593cfa2b637b92d37eef949653840dc065cdb960 from qemu
In commit 8a0fc3a29fc2315325400 we tried to implement HCR_EL2.{VI,VF},
but we got it wrong and had to revert it.
In that commit we implemented them as simply tracking whether there
is a pending virtual IRQ or virtual FIQ. This is not correct -- these
bits cause a software-generated VIRQ/VFIQ, which is distinct from
whether there is a hardware-generated VIRQ/VFIQ caused by the
external interrupt controller. So we need to track separately
the HCR_EL2 bit state and the external virq/vfiq line state, and
OR the two together to get the actual pending VIRQ/VFIQ state.
Fixes: 8a0fc3a29fc2315325400c738f807d0d4ae0ab7f
Backports commit 89430fc6f80a5aef1d4cbd6fc26b40c30793786c from qemu
Currently we track the state of the four irq lines from the GIC
only via the cs->interrupt_request or KVM irq state. That means
that we assume that an interrupt is asserted if and only if the
external line is set. This assumption is incorrect for VIRQ
and VFIQ, because the HCR_EL2.{VI,VF} bits allow assertion
of VIRQ and VFIQ separately from the state of the external line.
To handle this, start tracking the state of the external lines
explicitly in a CPU state struct field, as is common practice
for devices.
The complicated part of this is dealing with inbound migration
from an older QEMU which didn't have this state. We assume in
that case that the older QEMU did not implement the HCR_EL2.{VI,VF}
bits as generating interrupts, and so the line state matches
the current state in cs->interrupt_request. (This is not quite
true between commit 8a0fc3a29fc2315325400c7 and its revert, but
that commit is broken and never made it into any released QEMU
version.)
Backports relevant parts of commit ed89f078ff3d6684ce3e538e4777a3bb4ec3e2b1 from qemu
This reverts commit 8a0fc3a29fc2315325400c738f807d0d4ae0ab7f.
The implementation of HCR.VI and VF in that commit is not
correct -- they do not track the overall "is there a pending
VIRQ or VFIQ" status, but whether there is a pending interrupt
due to "this mechanism", ie the hypervisor having set the VI/VF
bits. The overall pending state for VIRQ and VFIQ is effectively
the logical OR of the inbound lines from the GIC with the
VI and VF bits. Commit 8a0fc3a29fc231 would result in pending
VIRQ/VFIQ possibly being lost when the hypervisor wrote to HCR.
As a preliminary to implementing the HCR.VI/VF feature properly,
revert the broken one entirely.
Backports commit c624ea0fa7ffc9e2cc3e2b36c92b5c960954489f from qemu
The test was incomplete and incorrectly caused debug exceptions to be
generated when returning to EL2 after a failed attempt to single-step
an EL1 instruction. Fix this while cleaning up the function a little.
Backports commit 22af90255ec2100a44cbbb7f0460ba15eed79538 from qemu
Before we supported direct execution from MMIO regions, we
implemented workarounds in commit 720424359917887c926a33d2
which let us avoid doing so, even if the SAU or MPU region
was less than page-sized.
Once we implemented execute-from-MMIO, we removed part
of those workarounds in commit d4b6275df320cee76; but
we forgot the one in get_phys_addr_pmsav8() which
suppressed use of small SAU regions in executable regions.
Remove that workaround now.
Backports commit 521ed6b4015ba39a2e39c65a94643f3e6412edc4 from qemu
