Revision tags: v9.1.0 |
|
#
2730df91 |
| 09-Jul-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Use set/clear_helper_retaddr in mem_helper.c
Avoid a race condition with munmap in another thread. For access_memset and access_memmove, manage the value within the helper. For uses o
target/s390x: Use set/clear_helper_retaddr in mem_helper.c
Avoid a race condition with munmap in another thread. For access_memset and access_memmove, manage the value within the helper. For uses of access_{get,set}_byte, manage the value across the for loops.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
573b7783 |
| 09-Jul-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Use user_or_likely in access_memmove
Invert the conditional, indent the block, and use the macro that expands to true for user-only.
Reviewed-by: Peter Maydell <peter.maydell@linaro.o
target/s390x: Use user_or_likely in access_memmove
Invert the conditional, indent the block, and use the macro that expands to true for user-only.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
814e4659 |
| 09-Jul-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Use user_or_likely in do_access_memset
Eliminate the ifdef by using a predicate that is always true with CONFIG_USER_ONLY.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed
target/s390x: Use user_or_likely in do_access_memset
Eliminate the ifdef by using a predicate that is always true with CONFIG_USER_ONLY.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
4860af2c |
| 13-Jun-2024 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
target/s390x: Use s390_skeys_get|set() helper
Commit c9274b6bf0 ("target/s390x: start moving TCG-only code to tcg/") moved mem_helper.c, but the trace-events file is still in the parent directory, s
target/s390x: Use s390_skeys_get|set() helper
Commit c9274b6bf0 ("target/s390x: start moving TCG-only code to tcg/") moved mem_helper.c, but the trace-events file is still in the parent directory, so is the generated trace.h.
Call the s390_skeys_get|set() helper, removing the need for the trace event shared with the tcg/ sub-directory, fixing the following build failure:
In file included from ../target/s390x/tcg/mem_helper.c:33: ../target/s390x/tcg/trace.h:1:10: fatal error: 'trace/trace-target_s390x_tcg.h' file not found #include "trace/trace-target_s390x_tcg.h"
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20240613104415.9643-3-philmd@linaro.org>
show more ...
|
#
74781c08 |
| 06-Dec-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
exec/cpu: Extract page-protection definitions to page-protection.h
Extract page-protection definitions from "exec/cpu-all.h" to "exec/page-protection.h".
The list of files requiring the new header
exec/cpu: Extract page-protection definitions to page-protection.h
Extract page-protection definitions from "exec/cpu-all.h" to "exec/page-protection.h".
The list of files requiring the new header was generated using:
$ git grep -wE \ 'PAGE_(READ|WRITE|EXEC|RWX|VALID|ANON|RESERVED|TARGET_.|PASSTHROUGH)'
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Nicholas Piggin <npiggin@gmail.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240427155714.53669-3-philmd@linaro.org>
show more ...
|
#
90b7022e |
| 28-Jan-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Split out s390x_env_mmu_index
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
#
4b6e4c0b |
| 24-Jul-2023 |
Ilya Leoshkevich <iii@linux.ibm.com> |
target/s390x: Fix CLM with M3=0
When the mask is zero, access exceptions should still be recognized for 1 byte at the second-operand address. CC should be set to 0.
Cc: qemu-stable@nongnu.org Fixes
target/s390x: Fix CLM with M3=0
When the mask is zero, access exceptions should still be recognized for 1 byte at the second-operand address. CC should be set to 0.
Cc: qemu-stable@nongnu.org Fixes: defb0e3157af ("s390x: Implement opcode helpers") Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Message-Id: <20230724082032.66864-3-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
6da311a6 |
| 04-Jul-2023 |
Ilya Leoshkevich <iii@linux.ibm.com> |
target/s390x: Fix LRA overwriting the top 32 bits on DAT error
When a DAT error occurs, LRA is supposed to write the error information to the bottom 32 bits of R1, and leave the top 32 bits of R1 al
target/s390x: Fix LRA overwriting the top 32 bits on DAT error
When a DAT error occurs, LRA is supposed to write the error information to the bottom 32 bits of R1, and leave the top 32 bits of R1 alone.
Fix by passing the original value of R1 into helper and copying the top 32 bits to the return value.
Fixes: d8fe4a9c284f ("target-s390: Convert LRA") Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Cc: qemu-stable@nongnu.org Message-Id: <20230704081506.276055-6-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
92a57534 |
| 04-Jul-2023 |
Ilya Leoshkevich <iii@linux.ibm.com> |
target/s390x: Fix MVCRL with a large value in R0
Using a large R0 causes an assertion error:
qemu-s390x: target/s390x/tcg/mem_helper.c:183: access_prepare_nf: Assertion `size > 0 && size <= 409
target/s390x: Fix MVCRL with a large value in R0
Using a large R0 causes an assertion error:
qemu-s390x: target/s390x/tcg/mem_helper.c:183: access_prepare_nf: Assertion `size > 0 && size <= 4096' failed.
Even though PoP explicitly advises against using more than 8 bits for the size, an emulator crash is never a good thing.
Fix by truncating the size to 8 bits.
Fixes: ea0a1053e276 ("s390x/tcg: Implement Miscellaneous-Instruction-Extensions Facility 3 for the s390x") Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Cc: qemu-stable@nongnu.org Message-Id: <20230704081506.276055-5-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
21c38f31 |
| 19-May-2023 |
Richard Henderson <richard.henderson@linaro.org> |
qemu/atomic128: Split atomic16_read
Create both atomic16_read_ro and atomic16_read_rw. Previously we pretended that we had atomic16_read in system mode, because we "know" that all ram is always writ
qemu/atomic128: Split atomic16_read
Create both atomic16_read_ro and atomic16_read_rw. Previously we pretended that we had atomic16_read in system mode, because we "know" that all ram is always writable to the host. Now, expose read-only and read-write versions all of the time.
For aarch64, do not fall back to __atomic_read_16 even if supported by the compiler, to work around a clang bug.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
47ae3e40 |
| 19-May-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Always use cpu_atomic_cmpxchgl_be_mmu in do_csst
Eliminate the CONFIG_USER_ONLY specialization.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: David Hildenbrand <david
target/s390x: Always use cpu_atomic_cmpxchgl_be_mmu in do_csst
Eliminate the CONFIG_USER_ONLY specialization.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
ddc0ab5a |
| 19-May-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Use cpu_{ld,st}*_mmu in do_csst
Use cpu_ld16_mmu and cpu_st16_mmu to eliminate the special case, and change all of the *_data_ra functions to match.
Note that we check the alignment o
target/s390x: Use cpu_{ld,st}*_mmu in do_csst
Use cpu_ld16_mmu and cpu_st16_mmu to eliminate the special case, and change all of the *_data_ra functions to match.
Note that we check the alignment of both compare and store pointers at the top of the function, so MO_ALIGN* may be safely removed from the individual memory operations.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
d54a20b9 |
| 19-May-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Use tcg_gen_qemu_{ld,st}_i128 for LPQ, STPQ
No need to roll our own, as this is now provided by tcg. This was the last use of retxl, so remove that too.
Reviewed-by: Alex Bennée <alex
target/s390x: Use tcg_gen_qemu_{ld,st}_i128 for LPQ, STPQ
No need to roll our own, as this is now provided by tcg. This was the last use of retxl, so remove that too.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
Revision tags: v8.0.0 |
|
#
6eece7f5 |
| 28-Mar-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
softmmu: Restrict cpu_check_watchpoint / address_matches to TCG accel
Both cpu_check_watchpoint() and cpu_watchpoint_address_matches() are specific to TCG system emulation. Declare them in "tcg-cpu-
softmmu: Restrict cpu_check_watchpoint / address_matches to TCG accel
Both cpu_check_watchpoint() and cpu_watchpoint_address_matches() are specific to TCG system emulation. Declare them in "tcg-cpu-ops.h" to be sure accessing them from non-TCG code is a compilation error.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230328173117.15226-2-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
5b7b2a1c |
| 17-Mar-2023 |
Thomas Huth <thuth@redhat.com> |
target/s390x/tcg/mem_helper: Remove bad assert() statement
The "assert(!nonfault)" statement can be triggered by running the "mvpg" s390x kvm-unit-test with TCG. According to Richard: "... the asser
target/s390x/tcg/mem_helper: Remove bad assert() statement
The "assert(!nonfault)" statement can be triggered by running the "mvpg" s390x kvm-unit-test with TCG. According to Richard: "... the assert looks backward. We should only arrive there if nonfault was true for the probe (otherwise the probe would have raised the exception directly). I would think we could just remove the assert."
Fixes: 4049431478 ("target/s390x: Fix s390_probe_access for user-only") Suggested-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230317135737.597570-1-thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
ce7ca269 |
| 16-Mar-2023 |
Ilya Leoshkevich <iii@linux.ibm.com> |
target/s390x: Handle EXECUTE of odd addresses
Generate a specification exception in the helper before trying to fetch the instruction.
Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com> Signe
target/s390x: Handle EXECUTE of odd addresses
Generate a specification exception in the helper before trying to fetch the instruction.
Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230316164428.275147-3-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
703d03a4 |
| 16-Mar-2023 |
Ilya Leoshkevich <iii@linux.ibm.com> |
target/s390x: Fix EXECUTE of relative long instructions
The code uses the wrong base for relative addressing: it should use the target instruction address and not the EXECUTE's address.
Fix by stor
target/s390x: Fix EXECUTE of relative long instructions
The code uses the wrong base for relative addressing: it should use the target instruction address and not the EXECUTE's address.
Fix by storing the target instruction address in the new CPUS390XState member and loading it from the code generated by gen_ri2().
Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20230316210751.302423-2-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
1770b2f2 |
| 23-Feb-2023 |
Daniel Henrique Barboza <dbarboza@ventanamicro.com> |
accel/tcg: Add 'size' param to probe_access_flags()
probe_access_flags() as it is today uses probe_access_full(), which in turn uses probe_access_internal() with size = 0. probe_access_internal() th
accel/tcg: Add 'size' param to probe_access_flags()
probe_access_flags() as it is today uses probe_access_full(), which in turn uses probe_access_internal() with size = 0. probe_access_internal() then uses the size to call the tlb_fill() callback for the given CPU. This size param ('fault_size' as probe_access_internal() calls it) is ignored by most existing .tlb_fill callback implementations, e.g. arm_cpu_tlb_fill(), ppc_cpu_tlb_fill(), x86_cpu_tlb_fill() and mips_cpu_tlb_fill() to name a few.
But RISC-V riscv_cpu_tlb_fill() actually uses it. The 'size' parameter is used to check for PMP (Physical Memory Protection) access. This is necessary because PMP does not make any guarantees about all the bytes of the same page having the same permissions, i.e. the same page can have different PMP properties, so we're forced to make sub-page range checks. To allow RISC-V emulation to do a probe_acess_flags() that covers PMP, we need to either add a 'size' param to the existing probe_acess_flags() or create a new interface (e.g. probe_access_range_flags).
There are quite a few probe_* APIs already, so let's add a 'size' param to probe_access_flags() and re-use this API. This is done by open coding what probe_access_full() does inside probe_acess_flags() and passing the 'size' param to probe_acess_internal(). Existing probe_access_flags() callers use size = 0 to not change their current API usage. 'size' is asserted to enforce single page access like probe_access() already does.
No behavioral changes intended.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-Id: <20230223234427.521114-2-dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
e73a0f40 |
| 09-Jan-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Hoist some computation in access_memmove
Ensure that the total length is in a local variable across the byte loop. Compute size1 difference once.
Signed-off-by: Richard Henderson <ri
target/s390x: Hoist some computation in access_memmove
Ensure that the total length is in a local variable across the byte loop. Compute size1 difference once.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20230109201856.3916639-8-richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
61dee10f |
| 09-Jan-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Inline do_access_{get,set}_byte
Inline into the parent functions with a simple test to select the page, and a new define to remove ifdefs.
Signed-off-by: Richard Henderson <richard.he
target/s390x: Inline do_access_{get,set}_byte
Inline into the parent functions with a simple test to select the page, and a new define to remove ifdefs.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20230109201856.3916639-7-richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
96b1416f |
| 09-Jan-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Remove TLB_NOTDIRTY workarounds
When this code was written, it was using tlb_vaddr_to_host, which does not handle TLB_DIRTY. Since then, it has been converted to probe_access_flags, w
target/s390x: Remove TLB_NOTDIRTY workarounds
When this code was written, it was using tlb_vaddr_to_host, which does not handle TLB_DIRTY. Since then, it has been converted to probe_access_flags, which does.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: David Hildenbrand <david@redhat.com> Message-Id: <20230109201856.3916639-6-richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
fb391b0b |
| 09-Jan-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Tidy access_prepare_nf
Assign to access struct immediately, rather than waiting until the end of the function. This means we can pass address of haddr struct members instead of alloca
target/s390x: Tidy access_prepare_nf
Assign to access struct immediately, rather than waiting until the end of the function. This means we can pass address of haddr struct members instead of allocating extra space on the local stack.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20230109201856.3916639-5-richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
bebc8ade |
| 09-Jan-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Use void* for haddr in S390Access
The interface from probe_access_flags is void*, and matching that will be helpful. We already rely on the gcc extension for byte arithmetic on void*.
target/s390x: Use void* for haddr in S390Access
The interface from probe_access_flags is void*, and matching that will be helpful. We already rely on the gcc extension for byte arithmetic on void*.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20230109201856.3916639-4-richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
7ba5da81 |
| 09-Jan-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Pass S390Access pointer into access_prepare
Passing a pointer from the caller down to access_prepare_nf eliminates a structure copy.
Signed-off-by: Richard Henderson <richard.henderso
target/s390x: Pass S390Access pointer into access_prepare
Passing a pointer from the caller down to access_prepare_nf eliminates a structure copy.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20230109201856.3916639-3-richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
#
40494314 |
| 09-Jan-2023 |
Richard Henderson <richard.henderson@linaro.org> |
target/s390x: Fix s390_probe_access for user-only
In db9aab5783a2 we broke the contract of s390_probe_access, in that it no longer returned an exception code, nor set __excp_addr. Fix both.
Report
target/s390x: Fix s390_probe_access for user-only
In db9aab5783a2 we broke the contract of s390_probe_access, in that it no longer returned an exception code, nor set __excp_addr. Fix both.
Reported-by: David Hildenbrand <david@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20230109201856.3916639-2-richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|