From 4e116893c6079b51efdc9e226be3f1a530f47f5e Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Mon, 9 Aug 2021 12:32:59 -1000 Subject: accel/tcg: Add DisasContextBase argument to translator_ld* Signed-off-by: Ilya Leoshkevich [rth: Split out of a larger patch.] Signed-off-by: Richard Henderson --- include/exec/translator.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/exec/translator.h b/include/exec/translator.h index d318803..6c054e8 100644 --- a/include/exec/translator.h +++ b/include/exec/translator.h @@ -157,7 +157,8 @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest); #define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn) \ static inline type \ - fullname ## _swap(CPUArchState *env, abi_ptr pc, bool do_swap) \ + fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \ + abi_ptr pc, bool do_swap) \ { \ type ret = load_fn(env, pc); \ if (do_swap) { \ @@ -166,10 +167,10 @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest); plugin_insn_append(&ret, sizeof(ret)); \ return ret; \ } \ - \ - static inline type fullname(CPUArchState *env, abi_ptr pc) \ + static inline type fullname(CPUArchState *env, \ + DisasContextBase *dcbase, abi_ptr pc) \ { \ - return fullname ## _swap(env, pc, false); \ + return fullname ## _swap(env, dcbase, pc, false); \ } GEN_TRANSLATOR_LD(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */) -- cgit v1.1 From f025692c992c1ed6cc54ac2802cff14e9052c0d3 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Thu, 5 Aug 2021 22:48:35 +0200 Subject: accel/tcg: Clear PAGE_WRITE before translation translate_insn() implementations fetch instruction bytes piecemeal, which can cause qemu-user to generate inconsistent translations if another thread modifies them concurrently [1]. Fix by making pages containing translated instruction non-writable right before loading instruction bytes from them. [1] https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg00644.html Signed-off-by: Ilya Leoshkevich Message-Id: <20210805204835.158918-1-iii@linux.ibm.com> Signed-off-by: Richard Henderson --- include/exec/translate-all.h | 1 + include/exec/translator.h | 39 +++++++++++++++++++++++---------------- 2 files changed, 24 insertions(+), 16 deletions(-) (limited to 'include') diff --git a/include/exec/translate-all.h b/include/exec/translate-all.h index a557b4e..9f64638 100644 --- a/include/exec/translate-all.h +++ b/include/exec/translate-all.h @@ -33,6 +33,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end); void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr); #ifdef CONFIG_USER_ONLY +void page_protect(tb_page_addr_t page_addr); int page_unprotect(target_ulong address, uintptr_t pc); #endif diff --git a/include/exec/translator.h b/include/exec/translator.h index 6c054e8..9bc46ed 100644 --- a/include/exec/translator.h +++ b/include/exec/translator.h @@ -23,6 +23,7 @@ #include "exec/exec-all.h" #include "exec/cpu_ldst.h" #include "exec/plugin-gen.h" +#include "exec/translate-all.h" #include "tcg/tcg.h" @@ -74,6 +75,17 @@ typedef struct DisasContextBase { int num_insns; int max_insns; bool singlestep_enabled; +#ifdef CONFIG_USER_ONLY + /* + * Guest address of the last byte of the last protected page. + * + * Pages containing the translated instructions are made non-writable in + * order to achieve consistency in case another thread is modifying the + * code while translate_insn() fetches the instruction bytes piecemeal. + * Such writer threads are blocked on mmap_lock() in page_unprotect(). + */ + target_ulong page_protect_end; +#endif } DisasContextBase; /** @@ -156,28 +168,23 @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest); */ #define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn) \ - static inline type \ - fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \ - abi_ptr pc, bool do_swap) \ - { \ - type ret = load_fn(env, pc); \ - if (do_swap) { \ - ret = swap_fn(ret); \ - } \ - plugin_insn_append(&ret, sizeof(ret)); \ - return ret; \ - } \ + type fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \ + abi_ptr pc, bool do_swap); \ static inline type fullname(CPUArchState *env, \ DisasContextBase *dcbase, abi_ptr pc) \ { \ return fullname ## _swap(env, dcbase, pc, false); \ } -GEN_TRANSLATOR_LD(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */) -GEN_TRANSLATOR_LD(translator_ldsw, int16_t, cpu_ldsw_code, bswap16) -GEN_TRANSLATOR_LD(translator_lduw, uint16_t, cpu_lduw_code, bswap16) -GEN_TRANSLATOR_LD(translator_ldl, uint32_t, cpu_ldl_code, bswap32) -GEN_TRANSLATOR_LD(translator_ldq, uint64_t, cpu_ldq_code, bswap64) +#define FOR_EACH_TRANSLATOR_LD(F) \ + F(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */) \ + F(translator_ldsw, int16_t, cpu_ldsw_code, bswap16) \ + F(translator_lduw, uint16_t, cpu_lduw_code, bswap16) \ + F(translator_ldl, uint32_t, cpu_ldl_code, bswap32) \ + F(translator_ldq, uint64_t, cpu_ldq_code, bswap64) + +FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD) + #undef GEN_TRANSLATOR_LD #endif /* EXEC__TRANSLATOR_H */ -- cgit v1.1 From 57d4941602b89fba1c4170692f110b168bc1695e Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Mon, 16 Aug 2021 22:35:07 +0800 Subject: tcg: Remove tcg_global_reg_new defines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since commit 1c2adb958fc0 ("tcg: Initialize cpu_env generically"), these tcg_global_reg_new_ macros are not used anywhere. Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210816143507.11200-1-bmeng.cn@gmail.com> Signed-off-by: Richard Henderson --- include/tcg/tcg-op.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'include') diff --git a/include/tcg/tcg-op.h b/include/tcg/tcg-op.h index 2a654f3..0545a62 100644 --- a/include/tcg/tcg-op.h +++ b/include/tcg/tcg-op.h @@ -843,7 +843,6 @@ static inline void tcg_gen_plugin_cb_end(void) #if TARGET_LONG_BITS == 32 #define tcg_temp_new() tcg_temp_new_i32() -#define tcg_global_reg_new tcg_global_reg_new_i32 #define tcg_global_mem_new tcg_global_mem_new_i32 #define tcg_temp_local_new() tcg_temp_local_new_i32() #define tcg_temp_free tcg_temp_free_i32 @@ -851,7 +850,6 @@ static inline void tcg_gen_plugin_cb_end(void) #define tcg_gen_qemu_st_tl tcg_gen_qemu_st_i32 #else #define tcg_temp_new() tcg_temp_new_i64() -#define tcg_global_reg_new tcg_global_reg_new_i64 #define tcg_global_mem_new tcg_global_mem_new_i64 #define tcg_temp_local_new() tcg_temp_local_new_i64() #define tcg_temp_free tcg_temp_free_i64 -- cgit v1.1 From 120964219d7cb6c72ae629a7a71ff9c45a9c8a9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Sat, 11 Sep 2021 18:54:15 +0200 Subject: accel/tcg: Rename user-mode do_interrupt hack as fake_user_interrupt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit do_interrupt() is sysemu specific. However due to some X86 specific hack, it is also used in user-mode emulation, which is why it couldn't be restricted to CONFIG_SOFTMMU (see the comment around added in commit 78271684719: "cpu: tcg_ops: move to tcg-cpu-ops.h, keep a pointer in CPUClass"). Keep the hack but rename the handler as fake_user_interrupt() and restrict do_interrupt() to sysemu. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Warner Losh Reviewed-by: Richard Henderson Message-Id: <20210911165434.531552-6-f4bug@amsat.org> Signed-off-by: Richard Henderson --- include/hw/core/tcg-cpu-ops.h | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h index eab27d0..6c7ab96 100644 --- a/include/hw/core/tcg-cpu-ops.h +++ b/include/hw/core/tcg-cpu-ops.h @@ -38,14 +38,6 @@ struct TCGCPUOps { /** @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec */ bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request); /** - * @do_interrupt: Callback for interrupt handling. - * - * note that this is in general SOFTMMU only, but it actually isn't - * because of an x86 hack (accel/tcg/cpu-exec.c), so we cannot put it - * in the SOFTMMU section in general. - */ - void (*do_interrupt)(CPUState *cpu); - /** * @tlb_fill: Handle a softmmu tlb miss or user-only address fault * * For system mode, if the access is valid, call tlb_set_page @@ -61,6 +53,20 @@ struct TCGCPUOps { void (*debug_excp_handler)(CPUState *cpu); #ifdef NEED_CPU_H +#if defined(CONFIG_USER_ONLY) && defined(TARGET_I386) + /** + * @fake_user_interrupt: Callback for 'fake exception' handling. + * + * Simulate 'fake exception' which will be handled outside the + * cpu execution loop (hack for x86 user mode). + */ + void (*fake_user_interrupt)(CPUState *cpu); +#else + /** + * @do_interrupt: Callback for interrupt handling. + */ + void (*do_interrupt)(CPUState *cpu); +#endif /* !CONFIG_USER_ONLY || !TARGET_I386 */ #ifdef CONFIG_SOFTMMU /** * @do_transaction_failed: Callback for handling failed memory transactions -- cgit v1.1 From 77c0fc4e55cd7edf2f109fd5dca2395a1c91e9e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Sat, 11 Sep 2021 18:54:33 +0200 Subject: accel/tcg: Restrict TCGCPUOps::cpu_exec_interrupt() to sysemu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All targets call TCGCPUOps::cpu_exec_interrupt() from sysemu code. Move its declaration to restrict it to system emulation. Extend the code guarded. Restrict the static inlined need_replay_interrupt() method to avoid a "defined but not used" warning. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Message-Id: <20210911165434.531552-24-f4bug@amsat.org> Signed-off-by: Richard Henderson --- include/hw/core/tcg-cpu-ops.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h index 6c7ab96..55123cb 100644 --- a/include/hw/core/tcg-cpu-ops.h +++ b/include/hw/core/tcg-cpu-ops.h @@ -35,8 +35,6 @@ struct TCGCPUOps { void (*cpu_exec_enter)(CPUState *cpu); /** @cpu_exec_exit: Callback for cpu_exec cleanup */ void (*cpu_exec_exit)(CPUState *cpu); - /** @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec */ - bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request); /** * @tlb_fill: Handle a softmmu tlb miss or user-only address fault * @@ -68,6 +66,8 @@ struct TCGCPUOps { void (*do_interrupt)(CPUState *cpu); #endif /* !CONFIG_USER_ONLY || !TARGET_I386 */ #ifdef CONFIG_SOFTMMU + /** @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec */ + bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request); /** * @do_transaction_failed: Callback for handling failed memory transactions * (ie bus faults or external aborts; not MMU faults) -- cgit v1.1