diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2022-04-01 16:01:10 +0100 |
---|---|---|
committer | Peter Maydell <peter.maydell@linaro.org> | 2022-04-01 16:01:10 +0100 |
commit | 697d18b1bd2667efa418cc7d7248d5450da547e7 (patch) | |
tree | 9aa43d4c4f0d5ffad5c73d4dcadafbbbfa607036 /target | |
parent | 9b617b1bb4056e60b39be4c33be20c10928a6a5c (diff) | |
parent | 8ff8ac63298611c8373b294ec936475b1a33f63f (diff) | |
download | qemu-697d18b1bd2667efa418cc7d7248d5450da547e7.zip qemu-697d18b1bd2667efa418cc7d7248d5450da547e7.tar.gz qemu-697d18b1bd2667efa418cc7d7248d5450da547e7.tar.bz2 |
Merge tag 'pull-riscv-to-apply-20220401' of github.com:alistair23/qemu into staging
Sixth RISC-V PR for QEMU 7.0
This is a last minute RISC-V PR for 7.0.
It includes a fix to avoid leaking no translation TLB entries. This
incorrectly cached uncachable baremetal entries. This would break Linux
boot while single stepping. As the fix is pretty straight forward (flush
the cache more often) it's being pulled in for 7.0.
At the same time I have included a RISC-V vector extension fixup patch.
# gpg: Signature made Fri 01 Apr 2022 00:33:58 BST
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* tag 'pull-riscv-to-apply-20220401' of github.com:alistair23/qemu:
target/riscv: rvv: Add missing early exit condition for whole register load/store
target/riscv: Avoid leaking "no translation" TLB entries
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target')
-rw-r--r-- | target/riscv/csr.c | 14 | ||||
-rw-r--r-- | target/riscv/insn_trans/trans_rvv.c.inc | 5 |
2 files changed, 13 insertions, 6 deletions
diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 0606cd0..341c2e6 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -1844,7 +1844,7 @@ static RISCVException read_satp(CPURISCVState *env, int csrno, static RISCVException write_satp(CPURISCVState *env, int csrno, target_ulong val) { - target_ulong vm, mask, asid; + target_ulong vm, mask; if (!riscv_feature(env, RISCV_FEATURE_MMU)) { return RISCV_EXCP_NONE; @@ -1853,20 +1853,22 @@ static RISCVException write_satp(CPURISCVState *env, int csrno, if (riscv_cpu_mxl(env) == MXL_RV32) { vm = validate_vm(env, get_field(val, SATP32_MODE)); mask = (val ^ env->satp) & (SATP32_MODE | SATP32_ASID | SATP32_PPN); - asid = (val ^ env->satp) & SATP32_ASID; } else { vm = validate_vm(env, get_field(val, SATP64_MODE)); mask = (val ^ env->satp) & (SATP64_MODE | SATP64_ASID | SATP64_PPN); - asid = (val ^ env->satp) & SATP64_ASID; } if (vm && mask) { if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) { return RISCV_EXCP_ILLEGAL_INST; } else { - if (asid) { - tlb_flush(env_cpu(env)); - } + /* + * The ISA defines SATP.MODE=Bare as "no translation", but we still + * pass these through QEMU's TLB emulation as it improves + * performance. Flushing the TLB on SATP writes with paging + * enabled avoids leaking those invalid cached mappings. + */ + tlb_flush(env_cpu(env)); env->satp = val; } } diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc index 275fded..4ea7e41 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -1121,6 +1121,10 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf, gen_helper_ldst_whole *fn, DisasContext *s, bool is_store) { + uint32_t evl = (s->cfg_ptr->vlen / 8) * nf / (1 << s->sew); + TCGLabel *over = gen_new_label(); + tcg_gen_brcondi_tl(TCG_COND_GEU, cpu_vstart, evl, over); + TCGv_ptr dest; TCGv base; TCGv_i32 desc; @@ -1140,6 +1144,7 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf, if (!is_store) { mark_vs_dirty(s); } + gen_set_label(over); return true; } |