From patchwork Tue Jul 10 16:00:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 942084 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41Q6f32nZGz9s00 for ; Wed, 11 Jul 2018 02:11:55 +1000 (AEST) Received: from localhost ([::1]:48701 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvF3-00041t-1n for incoming@patchwork.ozlabs.org; Tue, 10 Jul 2018 12:11:53 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49088) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcv42-0003Uk-Bz for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcv41-0002Jk-57 for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:30 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43370) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fcv3x-0002Aw-KZ; Tue, 10 Jul 2018 12:00:25 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fcv3n-0001og-RB; Tue, 10 Jul 2018 17:00:15 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Tue, 10 Jul 2018 17:00:08 +0100 Message-Id: <20180710160013.26559-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180710160013.26559-1-peter.maydell@linaro.org> References: <20180710160013.26559-1-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 1/6] accel/tcg: Pass read access type through to io_readx() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: patches@linaro.org, KONRAD Frederic , "Emilio G . Cota" , =?utf-8?q?C=C3=A9dric_Le_Goater?= , "Edgar E. Iglesias" , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The io_readx() function needs to know whether the load it is doing is an MMU_DATA_LOAD or an MMU_INST_FETCH, so that it can pass the right value to the cpu_transaction_failed() function. Plumb this information through from the softmmu code. This is currently not often going to give the wrong answer, because usually instruction fetches go via get_page_addr_code(). However once we switch over to handling execution from non-RAM by creating single-insn TBs, the path for an insn fetch to generate a bus error will be through cpu_ld*_code() and io_readx(), so without this change we will generate a d-side fault when we should generate an i-side fault. We also have to pass the access type via a CPU struct global down to unassigned_mem_read(), for the benefit of the targets which still use the cpu_unassigned_access() hook (m68k, mips, sparc, xtensa). Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé --- accel/tcg/softmmu_template.h | 11 +++++++---- include/qom/cpu.h | 6 ++++++ accel/tcg/cputlb.c | 5 +++-- memory.c | 3 ++- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/accel/tcg/softmmu_template.h b/accel/tcg/softmmu_template.h index badbf148803..f060a693d41 100644 --- a/accel/tcg/softmmu_template.h +++ b/accel/tcg/softmmu_template.h @@ -99,11 +99,12 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env, size_t mmu_idx, size_t index, target_ulong addr, uintptr_t retaddr, - bool recheck) + bool recheck, + MMUAccessType access_type) { CPUIOTLBEntry *iotlbentry = &env->iotlb[mmu_idx][index]; return io_readx(env, iotlbentry, mmu_idx, addr, retaddr, recheck, - DATA_SIZE); + access_type, DATA_SIZE); } #endif @@ -140,7 +141,8 @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr, /* ??? Note that the io helpers always read data in the target byte ordering. We should push the LE/BE request down into io. */ res = glue(io_read, SUFFIX)(env, mmu_idx, index, addr, retaddr, - tlb_addr & TLB_RECHECK); + tlb_addr & TLB_RECHECK, + READ_ACCESS_TYPE); res = TGT_LE(res); return res; } @@ -207,7 +209,8 @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr, /* ??? Note that the io helpers always read data in the target byte ordering. We should push the LE/BE request down into io. */ res = glue(io_read, SUFFIX)(env, mmu_idx, index, addr, retaddr, - tlb_addr & TLB_RECHECK); + tlb_addr & TLB_RECHECK, + READ_ACCESS_TYPE); res = TGT_BE(res); return res; } diff --git a/include/qom/cpu.h b/include/qom/cpu.h index bd796579ee4..ecf6ed556a9 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -386,6 +386,12 @@ struct CPUState { */ uintptr_t mem_io_pc; vaddr mem_io_vaddr; + /* + * This is only needed for the legacy cpu_unassigned_access() hook; + * when all targets using it have been converted to use + * cpu_transaction_failed() instead it can be removed. + */ + MMUAccessType mem_io_access_type; int kvm_fd; struct KVMState *kvm_state; diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 20c147d6554..c491703f15f 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -789,7 +789,7 @@ static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr) static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry, int mmu_idx, target_ulong addr, uintptr_t retaddr, - bool recheck, int size) + bool recheck, MMUAccessType access_type, int size) { CPUState *cpu = ENV_GET_CPU(env); hwaddr mr_offset; @@ -831,6 +831,7 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry, } cpu->mem_io_vaddr = addr; + cpu->mem_io_access_type = access_type; if (mr->global_locking && !qemu_mutex_iothread_locked()) { qemu_mutex_lock_iothread(); @@ -843,7 +844,7 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry, section->offset_within_address_space - section->offset_within_region; - cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_LOAD, + cpu_transaction_failed(cpu, physaddr, addr, size, access_type, mmu_idx, iotlbentry->attrs, r, retaddr); } if (locked) { diff --git a/memory.c b/memory.c index e9cd4469688..2ea16e7bfb0 100644 --- a/memory.c +++ b/memory.c @@ -1249,7 +1249,8 @@ static uint64_t unassigned_mem_read(void *opaque, hwaddr addr, printf("Unassigned mem read " TARGET_FMT_plx "\n", addr); #endif if (current_cpu != NULL) { - cpu_unassigned_access(current_cpu, addr, false, false, 0, size); + bool is_exec = current_cpu->mem_io_access_type == MMU_INST_FETCH; + cpu_unassigned_access(current_cpu, addr, false, is_exec, 0, size); } return 0; } From patchwork Tue Jul 10 16:00:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 942081 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41Q6Zk4cglz9s00 for ; Wed, 11 Jul 2018 02:09:02 +1000 (AEST) Received: from localhost ([::1]:48662 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvCD-0001GR-Lp for incoming@patchwork.ozlabs.org; Tue, 10 Jul 2018 12:08:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49076) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcv41-0003UD-Tp for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcv41-0002JS-1j for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:30 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43370) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fcv3y-0002Aw-QG; Tue, 10 Jul 2018 12:00:26 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fcv3o-0001ot-Hx; Tue, 10 Jul 2018 17:00:16 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Tue, 10 Jul 2018 17:00:09 +0100 Message-Id: <20180710160013.26559-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180710160013.26559-1-peter.maydell@linaro.org> References: <20180710160013.26559-1-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 2/6] accel/tcg: Handle get_page_addr_code() returning -1 in hashtable lookups X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: patches@linaro.org, KONRAD Frederic , "Emilio G . Cota" , =?utf-8?q?C=C3=A9dric_Le_Goater?= , "Edgar E. Iglesias" , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" When we support execution from non-RAM MMIO regions, get_page_addr_code() will return -1 to indicate that there is no RAM at the requested address. Handle this in the cpu-exec TB hashtable lookup code, treating it as "no match found". Note that the call to get_page_addr_code() in tb_lookup_cmp() needs no changes -- a return of -1 will already correctly result in the function returning false. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Emilio G. Cota --- accel/tcg/cpu-exec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index c738b7f7d6e..6bcb6d99bd7 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -332,6 +332,9 @@ TranslationBlock *tb_htable_lookup(CPUState *cpu, target_ulong pc, desc.trace_vcpu_dstate = *cpu->trace_dstate; desc.pc = pc; phys_pc = get_page_addr_code(desc.env, pc); + if (phys_pc == -1) { + return NULL; + } desc.phys_page1 = phys_pc & TARGET_PAGE_MASK; h = tb_hash_func(phys_pc, pc, flags, cf_mask, *cpu->trace_dstate); return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp); From patchwork Tue Jul 10 16:00:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 942085 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41Q6fP6kQwz9s00 for ; Wed, 11 Jul 2018 02:12:13 +1000 (AEST) Received: from localhost ([::1]:48704 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvFL-0004IZ-HO for incoming@patchwork.ozlabs.org; Tue, 10 Jul 2018 12:12:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49132) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcv45-0003Xn-EZ for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcv44-0002OR-IG for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:33 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43370) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fcv41-0002Aw-RG; Tue, 10 Jul 2018 12:00:30 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fcv3p-0001p6-AH; Tue, 10 Jul 2018 17:00:17 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Tue, 10 Jul 2018 17:00:10 +0100 Message-Id: <20180710160013.26559-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180710160013.26559-1-peter.maydell@linaro.org> References: <20180710160013.26559-1-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 3/6] accel/tcg: Handle get_page_addr_code() returning -1 in tb_check_watchpoint() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: patches@linaro.org, KONRAD Frederic , "Emilio G . Cota" , =?utf-8?q?C=C3=A9dric_Le_Goater?= , "Edgar E. Iglesias" , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" When we support execution from non-RAM MMIO regions, get_page_addr_code() will return -1 to indicate that there is no RAM at the requested address. Handle this in tb_check_watchpoint() -- if the exception happened for a PC which doesn't correspond to RAM then there is no need to invalidate any TBs, because the one-instruction TB will not have been cached. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- accel/tcg/translate-all.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index 49d77fad44e..d18018fa99d 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -2121,7 +2121,9 @@ void tb_check_watchpoint(CPUState *cpu) cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags); addr = get_page_addr_code(env, pc); - tb_invalidate_phys_range(addr, addr + 1); + if (addr != -1) { + tb_invalidate_phys_range(addr, addr + 1); + } } } From patchwork Tue Jul 10 16:00:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 942087 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41Q6j23fPSz9s00 for ; Wed, 11 Jul 2018 02:14:30 +1000 (AEST) Received: from localhost ([::1]:48720 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvHY-0006Hq-5x for incoming@patchwork.ozlabs.org; Tue, 10 Jul 2018 12:14:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49143) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcv47-0003ZU-8Q for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcv43-0002N3-5j for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:00:35 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43370) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fcv3z-0002Aw-Op; Tue, 10 Jul 2018 12:00:27 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fcv3q-0001pJ-2O; Tue, 10 Jul 2018 17:00:18 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Tue, 10 Jul 2018 17:00:11 +0100 Message-Id: <20180710160013.26559-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180710160013.26559-1-peter.maydell@linaro.org> References: <20180710160013.26559-1-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 4/6] accel/tcg: tb_gen_code(): Create single-insn TB for execution from non-RAM X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: patches@linaro.org, KONRAD Frederic , "Emilio G . Cota" , =?utf-8?q?C=C3=A9dric_Le_Goater?= , "Edgar E. Iglesias" , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" If get_page_addr_code() returns -1, this indicates that there is no RAM page we can read a full TB from. Instead we must create a TB which contains a single instruction and which we do not cache, so it is executed only once. Since this means we can now have TBs which are not in any page list, we also need to make tb_phys_invalidate() handle them (by not trying to remove them from a nonexistent page list). Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Emilio G. Cota --- accel/tcg/translate-all.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index d18018fa99d..4c12d94dd13 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -1493,7 +1493,7 @@ static void tb_phys_invalidate__locked(TranslationBlock *tb) */ void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr) { - if (page_addr == -1) { + if (page_addr == -1 && tb->page_addr[0] != -1) { page_lock_tb(tb); do_tb_phys_invalidate(tb, true); page_unlock_tb(tb); @@ -1608,6 +1608,17 @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc, assert_memory_lock(); + if (phys_pc == -1) { + /* + * If the TB is not associated with a physical RAM page then + * it must be a temporary one-insn TB, and we have nothing to do + * except fill in the page_addr[] fields. + */ + assert(tb->cflags & CF_NOCACHE); + tb->page_addr[0] = tb->page_addr[1] = -1; + return tb; + } + /* * Add the TB to the page list, acquiring first the pages's locks. * We keep the locks held until after inserting the TB in the hash table, @@ -1677,6 +1688,12 @@ TranslationBlock *tb_gen_code(CPUState *cpu, phys_pc = get_page_addr_code(env, pc); + if (phys_pc == -1) { + /* Generate a temporary TB with 1 insn in it */ + cflags &= ~CF_COUNT_MASK; + cflags |= CF_NOCACHE | 1; + } + buffer_overflow: tb = tb_alloc(pc); if (unlikely(!tb)) { From patchwork Tue Jul 10 16:00:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 942095 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41Q6xp0Yw2z9s00 for ; Wed, 11 Jul 2018 02:25:32 +1000 (AEST) Received: from localhost ([::1]:48800 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvSC-0005Pf-Tw for incoming@patchwork.ozlabs.org; Tue, 10 Jul 2018 12:25:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57392) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvRh-0005N9-O2 for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:24:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcvRg-0006Zk-FP for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:24:57 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43454) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fcvRd-0006Tu-E1; Tue, 10 Jul 2018 12:24:53 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fcv3q-0001po-QQ; Tue, 10 Jul 2018 17:00:18 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Tue, 10 Jul 2018 17:00:12 +0100 Message-Id: <20180710160013.26559-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180710160013.26559-1-peter.maydell@linaro.org> References: <20180710160013.26559-1-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 5/6] accel/tcg: Return -1 for execution from MMIO regions in get_page_addr_code() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: patches@linaro.org, KONRAD Frederic , "Emilio G . Cota" , =?utf-8?q?C=C3=A9dric_Le_Goater?= , "Edgar E. Iglesias" , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Now that all the callers can handle get_page_addr_code() returning -1, remove all the code which tries to handle execution from MMIO regions or small-MMU-region RAM areas. This will mean that we can correctly execute from these areas, rather than ending up either aborting QEMU or delivering an incorrect guest exception. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé --- accel/tcg/cputlb.c | 95 +++++----------------------------------------- 1 file changed, 10 insertions(+), 85 deletions(-) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index c491703f15f..abb0225dc79 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -741,39 +741,6 @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr, prot, mmu_idx, size); } -static void report_bad_exec(CPUState *cpu, target_ulong addr) -{ - /* Accidentally executing outside RAM or ROM is quite common for - * several user-error situations, so report it in a way that - * makes it clear that this isn't a QEMU bug and provide suggestions - * about what a user could do to fix things. - */ - error_report("Trying to execute code outside RAM or ROM at 0x" - TARGET_FMT_lx, addr); - error_printf("This usually means one of the following happened:\n\n" - "(1) You told QEMU to execute a kernel for the wrong machine " - "type, and it crashed on startup (eg trying to run a " - "raspberry pi kernel on a versatilepb QEMU machine)\n" - "(2) You didn't give QEMU a kernel or BIOS filename at all, " - "and QEMU executed a ROM full of no-op instructions until " - "it fell off the end\n" - "(3) Your guest kernel has a bug and crashed by jumping " - "off into nowhere\n\n" - "This is almost always one of the first two, so check your " - "command line and that you are using the right type of kernel " - "for this machine.\n" - "If you think option (3) is likely then you can try debugging " - "your guest with the -d debug options; in particular " - "-d guest_errors will cause the log to include a dump of the " - "guest register state at this point.\n\n" - "Execution cannot continue; stopping here.\n\n"); - - /* Report also to the logs, with more detail including register dump */ - qemu_log_mask(LOG_GUEST_ERROR, "qemu: fatal: Trying to execute code " - "outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr); - log_cpu_state_mask(LOG_GUEST_ERROR, cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP); -} - static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr) { ram_addr_t ram_addr; @@ -963,7 +930,6 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr) MemoryRegionSection *section; CPUState *cpu = ENV_GET_CPU(env); CPUIOTLBEntry *iotlbentry; - hwaddr physaddr, mr_offset; index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); mmu_idx = cpu_mmu_index(env, true); @@ -977,65 +943,24 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr) (TLB_RECHECK | TLB_INVALID_MASK)) == TLB_RECHECK)) { /* * This is a TLB_RECHECK access, where the MMU protection - * covers a smaller range than a target page, and we must - * repeat the MMU check here. This tlb_fill() call might - * longjump out if this access should cause a guest exception. - */ - int index; - target_ulong tlb_addr; - - tlb_fill(cpu, addr, 0, MMU_INST_FETCH, mmu_idx, 0); - - index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); - tlb_addr = env->tlb_table[mmu_idx][index].addr_code; - if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) { - /* RAM access. We can't handle this, so for now just stop */ - cpu_abort(cpu, "Unable to handle guest executing from RAM within " - "a small MPU region at 0x" TARGET_FMT_lx, addr); - } - /* - * Fall through to handle IO accesses (which will almost certainly - * also result in failure) + * covers a smaller range than a target page. Return -1 to + * indicate that we cannot simply execute from RAM here; + * we will perform the necessary repeat of the MMU check + * when the "execute a single insn" code performs the + * load of the guest insn. */ + return -1; } iotlbentry = &env->iotlb[mmu_idx][index]; section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs); mr = section->mr; if (memory_region_is_unassigned(mr)) { - qemu_mutex_lock_iothread(); - if (memory_region_request_mmio_ptr(mr, addr)) { - qemu_mutex_unlock_iothread(); - /* A MemoryRegion is potentially added so re-run the - * get_page_addr_code. - */ - return get_page_addr_code(env, addr); - } - qemu_mutex_unlock_iothread(); - - /* Give the new-style cpu_transaction_failed() hook first chance - * to handle this. - * This is not the ideal place to detect and generate CPU - * exceptions for instruction fetch failure (for instance - * we don't know the length of the access that the CPU would - * use, and it would be better to go ahead and try the access - * and use the MemTXResult it produced). However it is the - * simplest place we have currently available for the check. + /* + * Not guest RAM, so there is no ram_addr_t for it. Return -1, + * and we will execute a single insn from this device. */ - mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr; - physaddr = mr_offset + - section->offset_within_address_space - - section->offset_within_region; - cpu_transaction_failed(cpu, physaddr, addr, 0, MMU_INST_FETCH, mmu_idx, - iotlbentry->attrs, MEMTX_DECODE_ERROR, 0); - - cpu_unassigned_access(cpu, addr, false, true, 0, 4); - /* The CPU's unassigned access hook might have longjumped out - * with an exception. If it didn't (or there was no hook) then - * we can't proceed further. - */ - report_bad_exec(cpu, addr); - exit(1); + return -1; } p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend); return qemu_ram_addr_from_host_nofail(p); From patchwork Tue Jul 10 16:00:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 942097 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41Q7213pDNz9s00 for ; Wed, 11 Jul 2018 02:29:13 +1000 (AEST) Received: from localhost ([::1]:48851 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvVn-00089E-91 for incoming@patchwork.ozlabs.org; Tue, 10 Jul 2018 12:29:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57371) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fcvRf-0005LJ-G1 for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:24:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fcvRe-0006YN-MW for qemu-devel@nongnu.org; Tue, 10 Jul 2018 12:24:55 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:43454) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fcvRc-0006Tu-Fv; Tue, 10 Jul 2018 12:24:52 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fcv3r-0001qD-JX; Tue, 10 Jul 2018 17:00:19 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Tue, 10 Jul 2018 17:00:13 +0100 Message-Id: <20180710160013.26559-7-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180710160013.26559-1-peter.maydell@linaro.org> References: <20180710160013.26559-1-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 6/6] target/arm: Allow execution from small regions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: patches@linaro.org, KONRAD Frederic , "Emilio G . Cota" , =?utf-8?q?C=C3=A9dric_Le_Goater?= , "Edgar E. Iglesias" , Paolo Bonzini , Richard Henderson Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Now that we have full support for small regions, including execution, we can remove the workarounds where we marked all small regions as non-executable for the M-profile MPU and SAU. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daudé --- target/arm/helper.c | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index a2ac96084e7..ed96e6c02fb 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -9784,17 +9784,6 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, uint32_t address, fi->type = ARMFault_Permission; fi->level = 1; - /* - * Core QEMU code can't handle execution from small pages yet, so - * don't try it. This way we'll get an MPU exception, rather than - * eventually causing QEMU to exit in get_page_addr_code(). - */ - if (*page_size < TARGET_PAGE_SIZE && (*prot & PAGE_EXEC)) { - qemu_log_mask(LOG_UNIMP, - "MPU: No support for execution from regions " - "smaller than 1K\n"); - *prot &= ~PAGE_EXEC; - } return !(*prot & (1 << access_type)); } @@ -10014,18 +10003,6 @@ static bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address, fi->type = ARMFault_Permission; fi->level = 1; - /* - * Core QEMU code can't handle execution from small pages yet, so - * don't try it. This means any attempted execution will generate - * an MPU exception, rather than eventually causing QEMU to exit in - * get_page_addr_code(). - */ - if (*is_subpage && (*prot & PAGE_EXEC)) { - qemu_log_mask(LOG_UNIMP, - "MPU: No support for execution from regions " - "smaller than 1K\n"); - *prot &= ~PAGE_EXEC; - } return !(*prot & (1 << access_type)); }