From patchwork Thu May 13 14:16:46 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Kiszka <jan.kiszka@web.de>
X-Patchwork-Id: 52484
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 27404B7E2D
	for <incoming@patchwork.ozlabs.org>;
	Fri, 14 May 2010 00:18:22 +1000 (EST)
Received: from localhost ([127.0.0.1]:59446 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OCZEx-0004jT-7R
	for incoming@patchwork.ozlabs.org; Thu, 13 May 2010 10:18:19 -0400
Received: from [140.186.70.92] (port=48753 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OCZDf-0004hs-SO
	for qemu-devel@nongnu.org; Thu, 13 May 2010 10:17:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <jan.kiszka@web.de>) id 1OCZDb-0005Wu-0l
	for qemu-devel@nongnu.org; Thu, 13 May 2010 10:16:59 -0400
Received: from fmmailgate01.web.de ([217.72.192.221]:46790)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <jan.kiszka@web.de>) id 1OCZDa-0005W2-Kc
	for qemu-devel@nongnu.org; Thu, 13 May 2010 10:16:54 -0400
Received: from smtp06.web.de  ( [172.20.5.172])
	by fmmailgate01.web.de (Postfix) with ESMTP id 934361598139B;
	Thu, 13 May 2010 16:16:53 +0200 (CEST)
Received: from [88.64.22.236] (helo=localhost.localdomain)
	by smtp06.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.110 #4)
	id 1OCZDZ-0005eQ-02; Thu, 13 May 2010 16:16:53 +0200
From: Jan Kiszka <jan.kiszka@web.de>
To: qemu-devel@nongnu.org
Date: Thu, 13 May 2010 16:16:46 +0200
Message-Id: 
 <5b7efeb30fe6f93a369b6a9f964a2cb7c0519222.1273760202.git.jan.kiszka@web.de>
X-Mailer: git-send-email 1.6.0.2
In-Reply-To: <cover.1273760202.git.jan.kiszka@web.de>
References: <cover.1273760202.git.jan.kiszka@web.de>
In-Reply-To: <cover.1273760202.git.jan.kiszka@web.de>
References: <cover.1273760202.git.jan.kiszka@web.de>
X-Sender: jan.kiszka@web.de
X-Provags-ID: V01U2FsdGVkX1+4vhojXXqxJU/FbR18CHu5AuEcy0SM4E3Hh+ho
	W8L9A1tjtV6WWpgNfFDnfPEm+AFiSlTKaewx5QpVW9I2zB4MUU 8Vew0bgrM=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4-2.6
Cc: Michael Walle <michael@walle.cc>
Subject: [Qemu-devel] [PATCH 2/4] Add support for execution from ROMs in IO
	device mode
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

While IO_MEM_ROMD marks an I/O memory region as "read/execute from RAM,
but write to I/O handler", there is no flag indicating that an I/O
region which is fully managed by I/O handlers can still be hosting
executable code. One use case for this are flash device models that
switch to I/O mode during reprogramming. Not all reprogramming states
modify to read data, thus practically allow to continue execution.
Moreover, we need to avoid switching the modes too frequently for
performance reasons which requires fetching opcodes while still in I/O
device mode.

So this patch introduces the IO_MEM_EXEC flag. Flash devices need to set
it independent of their access mode. The flag is propagated from
PhysPageDesc into the TLB, and get_page_addr_code is evaluating it
instead of IO_MEM_ROMD. Testing for the latter was so far a nop anyway
as this flag never made it into the TLB.

Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
---
 cpu-common.h |    2 ++
 exec-all.h   |    2 +-
 exec.c       |    2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/cpu-common.h b/cpu-common.h
index b24cecc..e106e33 100644
--- a/cpu-common.h
+++ b/cpu-common.h
@@ -125,6 +125,8 @@ void cpu_physical_memory_write_rom(target_phys_addr_t addr,
 /* Acts like a ROM when read and like a device when written.  */
 #define IO_MEM_ROMD        (1)
 #define IO_MEM_SUBPAGE     (2)
+/* Can run code from memory-mapped device */
+#define IO_MEM_EXEC        (4)
 
 #endif
 
diff --git a/exec-all.h b/exec-all.h
index 1016de2..7bc2b5b 100644
--- a/exec-all.h
+++ b/exec-all.h
@@ -331,7 +331,7 @@ static inline tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong add
         ldub_code(addr);
     }
     pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
-    if (pd > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
+    if (pd > IO_MEM_ROM && !(pd & IO_MEM_EXEC)) {
 #if defined(TARGET_SPARC) || defined(TARGET_MIPS)
         do_unassigned_access(addr, 0, 1, 0, 4);
 #else
diff --git a/exec.c b/exec.c
index 3416aed..14c1770 100644
--- a/exec.c
+++ b/exec.c
@@ -2227,7 +2227,7 @@ void tlb_set_page(CPUState *env, target_ulong vaddr,
     }
 
     if (prot & PAGE_EXEC) {
-        te->addr_code = code_address;
+        te->addr_code = code_address | (pd & IO_MEM_EXEC);
     } else {
         te->addr_code = -1;
     }