aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2022-04-01 16:01:10 +0100
committerPeter Maydell <peter.maydell@linaro.org>2022-04-01 16:01:10 +0100
commit697d18b1bd2667efa418cc7d7248d5450da547e7 (patch)
tree9aa43d4c4f0d5ffad5c73d4dcadafbbbfa607036
parent9b617b1bb4056e60b39be4c33be20c10928a6a5c (diff)
parent8ff8ac63298611c8373b294ec936475b1a33f63f (diff)
downloadqemu-697d18b1bd2667efa418cc7d7248d5450da547e7.zip
qemu-697d18b1bd2667efa418cc7d7248d5450da547e7.tar.gz
qemu-697d18b1bd2667efa418cc7d7248d5450da547e7.tar.bz2
Merge tag 'pull-riscv-to-apply-20220401' of github.com:alistair23/qemu into staging
Sixth RISC-V PR for QEMU 7.0 This is a last minute RISC-V PR for 7.0. It includes a fix to avoid leaking no translation TLB entries. This incorrectly cached uncachable baremetal entries. This would break Linux boot while single stepping. As the fix is pretty straight forward (flush the cache more often) it's being pulled in for 7.0. At the same time I have included a RISC-V vector extension fixup patch. # gpg: Signature made Fri 01 Apr 2022 00:33:58 BST # gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054 # gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full] # Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054 * tag 'pull-riscv-to-apply-20220401' of github.com:alistair23/qemu: target/riscv: rvv: Add missing early exit condition for whole register load/store target/riscv: Avoid leaking "no translation" TLB entries Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--target/riscv/csr.c14
-rw-r--r--target/riscv/insn_trans/trans_rvv.c.inc5
2 files changed, 13 insertions, 6 deletions
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 0606cd0..341c2e6 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1844,7 +1844,7 @@ static RISCVException read_satp(CPURISCVState *env, int csrno,
static RISCVException write_satp(CPURISCVState *env, int csrno,
target_ulong val)
{
- target_ulong vm, mask, asid;
+ target_ulong vm, mask;
if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
return RISCV_EXCP_NONE;
@@ -1853,20 +1853,22 @@ static RISCVException write_satp(CPURISCVState *env, int csrno,
if (riscv_cpu_mxl(env) == MXL_RV32) {
vm = validate_vm(env, get_field(val, SATP32_MODE));
mask = (val ^ env->satp) & (SATP32_MODE | SATP32_ASID | SATP32_PPN);
- asid = (val ^ env->satp) & SATP32_ASID;
} else {
vm = validate_vm(env, get_field(val, SATP64_MODE));
mask = (val ^ env->satp) & (SATP64_MODE | SATP64_ASID | SATP64_PPN);
- asid = (val ^ env->satp) & SATP64_ASID;
}
if (vm && mask) {
if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
return RISCV_EXCP_ILLEGAL_INST;
} else {
- if (asid) {
- tlb_flush(env_cpu(env));
- }
+ /*
+ * The ISA defines SATP.MODE=Bare as "no translation", but we still
+ * pass these through QEMU's TLB emulation as it improves
+ * performance. Flushing the TLB on SATP writes with paging
+ * enabled avoids leaking those invalid cached mappings.
+ */
+ tlb_flush(env_cpu(env));
env->satp = val;
}
}
diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc
index 275fded..4ea7e41 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -1121,6 +1121,10 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf,
gen_helper_ldst_whole *fn, DisasContext *s,
bool is_store)
{
+ uint32_t evl = (s->cfg_ptr->vlen / 8) * nf / (1 << s->sew);
+ TCGLabel *over = gen_new_label();
+ tcg_gen_brcondi_tl(TCG_COND_GEU, cpu_vstart, evl, over);
+
TCGv_ptr dest;
TCGv base;
TCGv_i32 desc;
@@ -1140,6 +1144,7 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf,
if (!is_store) {
mark_vs_dirty(s);
}
+ gen_set_label(over);
return true;
}