aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Henderson <richard.henderson@linaro.org>2024-05-29 08:38:20 -0700
committerRichard Henderson <richard.henderson@linaro.org>2024-05-29 08:38:20 -0700
commit3b2fe44bb7f605f179e5e7feb2c13c2eb3abbb80 (patch)
tree3889669db11710754fde6e50bce2b4aca196e355
parent79d7475f39f1b0f05fcb159f5cdcbf162340dc7e (diff)
parentb04091393e6a71065aee6c91b2566f2dec95a4c9 (diff)
Merge tag 'pull-request-2024-05-29' of https://gitlab.com/thuth/qemu into staging
* Fix and improve PER emulation on s390x * Fix problems of the build-oss-fuzz CI job * Fix broken update-linux-headers.sh script * Fixes for compiling with -fsanitize=undefined on latest Clang versions # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmZXCNURHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbU0SxAAnN1i7v/RPfxm1xNQurs+Wl+rS2gJyvGK # IJbEBAYufSQyY4yYrmZrmgNsa3CenPQpV7zWDvUV8BW8R3er8ZGLHmJ3cXQDaN5n # JiLy9rvEBmAVb0LLaQX1GY94jdPRV2mRS9Q7Rxa2XDhn0w+sRy/wNFYEO2nghPjs # zmhbDZrKm8os6imyp0DmDNWi8wLJJzpz8YsKlX60rPEFIynaNdp1ZuB6cXx+9pXH # KXqiY8k/3WCYVs60xB9TfXh2o/Vb29WWaD5IyobZzGEq9pFyQzQf3aqhrv/heRfS # B9537otkU9RIRf09p9f9/78JYHynb3SclM8UXHIGhYQl2S1C9T9gRePO9R+Rigq4 # 51UdsNvZV9WoacVk+L3c2MgIDAXsDOhTSpGKxgWZKgvxhczhr/iOEmWI+oyag7oD # JZfHzwgdwFywumgMrLUrvf6274cyoDNIjpSFnfw0h2Ynp3qkpyigVw5gtP5sfQgD # p/CoVUSRHxsajYQP3UmI70gG1fFbSz2ZWdnG+lC7kkCrD/xD4xLGP9DYK82d1/YS # PmBaVoBttylOtr/S/I8KgJSmaQG0V/Sui7/5iyouZ26VFqakPnNzbxSDlJOEZ7k7 # GigybdjLSy6OWg0IfTOpuxsB3Cw/P2VZrNoO9xUmrjXpdBA/8BCkhmTNYu3QRvS1 # Mwgdyxqdy8I= # =2/Y3 # -----END PGP SIGNATURE----- # gpg: Signature made Wed 29 May 2024 03:52:05 AM PDT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] * tag 'pull-request-2024-05-29' of https://gitlab.com/thuth/qemu: (22 commits) qapi: Do not cast function pointers lockable: Do not cast function pointers qemu-keymap: Make references to allocations static scripts/update-linux-headers.sh: Fix the path of setup_data.h scripts/update-linux-headers.sh: Remove temporary directory inbetween hw/s390x: Remove unused macro VMSTATE_ADAPTER_ROUTES fuzz: disable leak-detection for oss-fuzz builds fuzz: specify audiodev for usb-audio tests/tcg/s390x: Add per.S target/s390x: Adjust check of noreturn in translate_one target/s390x: Simplify per_ifetch, per_check_exception target/s390x: Fix helper_per_ifetch flags target/s390x: Raise exception from per_store_real target/s390x: Raise exception from helper_per_branch target/s390x: Split per_breaking_event from per_branch_* target/s390x: Simplify help_branch target/s390x: Introduce help_goto_indirect target/s390x: Disable conditional branch-to-next for PER target/s390x: Record separate PER bits in TB flags target/s390x: Update CR9 bits ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat
-rw-r--r--include/hw/s390x/s390_flic.h3
-rw-r--r--include/qapi/clone-visitor.h37
-rw-r--r--include/qemu/lockable.h23
-rw-r--r--qapi/qapi-clone-visitor.c30
-rw-r--r--qemu-keymap.c8
-rwxr-xr-xscripts/oss-fuzz/build.sh1
-rwxr-xr-xscripts/update-linux-headers.sh3
-rw-r--r--target/s390x/cpu.c36
-rw-r--r--target/s390x/cpu.h85
-rw-r--r--target/s390x/helper.h8
-rw-r--r--target/s390x/tcg/excp_helper.c2
-rw-r--r--target/s390x/tcg/misc_helper.c68
-rw-r--r--target/s390x/tcg/translate.c242
-rw-r--r--tests/qtest/fuzz/generic_fuzz_configs.h3
-rw-r--r--tests/tcg/s390x/Makefile.softmmu-target1
-rw-r--r--tests/tcg/s390x/per.S82
16 files changed, 355 insertions, 277 deletions
diff --git a/include/hw/s390x/s390_flic.h b/include/hw/s390x/s390_flic.h
index bcb081def5..382d9833f1 100644
--- a/include/hw/s390x/s390_flic.h
+++ b/include/hw/s390x/s390_flic.h
@@ -35,9 +35,6 @@ typedef struct AdapterRoutes {
extern const VMStateDescription vmstate_adapter_routes;
-#define VMSTATE_ADAPTER_ROUTES(_f, _s) \
- VMSTATE_STRUCT(_f, _s, 1, vmstate_adapter_routes, AdapterRoutes)
-
#define TYPE_S390_FLIC_COMMON "s390-flic"
OBJECT_DECLARE_TYPE(S390FLICState, S390FLICStateClass,
S390_FLIC_COMMON)
diff --git a/include/qapi/clone-visitor.h b/include/qapi/clone-visitor.h
index adf9a788e2..ebc182b034 100644
--- a/include/qapi/clone-visitor.h
+++ b/include/qapi/clone-visitor.h
@@ -11,6 +11,7 @@
#ifndef QAPI_CLONE_VISITOR_H
#define QAPI_CLONE_VISITOR_H
+#include "qapi/error.h"
#include "qapi/visitor.h"
/*
@@ -20,11 +21,8 @@
*/
typedef struct QapiCloneVisitor QapiCloneVisitor;
-void *qapi_clone(const void *src, bool (*visit_type)(Visitor *, const char *,
- void **, Error **));
-void qapi_clone_members(void *dst, const void *src, size_t sz,
- bool (*visit_type_members)(Visitor *, void *,
- Error **));
+Visitor *qapi_clone_visitor_new(void);
+Visitor *qapi_clone_members_visitor_new(void);
/*
* Deep-clone QAPI object @src of the given @type, and return the result.
@@ -32,10 +30,18 @@ void qapi_clone_members(void *dst, const void *src, size_t sz,
* Not usable on QAPI scalars (integers, strings, enums), nor on a
* QAPI object that references the 'any' type. Safe when @src is NULL.
*/
-#define QAPI_CLONE(type, src) \
- ((type *)qapi_clone(src, \
- (bool (*)(Visitor *, const char *, void **, \
- Error **))visit_type_ ## type))
+#define QAPI_CLONE(type, src) \
+ ({ \
+ Visitor *v_; \
+ type *dst_ = (type *) (src); /* Cast away const */ \
+ \
+ if (dst_) { \
+ v_ = qapi_clone_visitor_new(); \
+ visit_type_ ## type(v_, NULL, &dst_, &error_abort); \
+ visit_free(v_); \
+ } \
+ dst_; \
+ })
/*
* Copy deep clones of @type members from @src to @dst.
@@ -43,9 +49,14 @@ void qapi_clone_members(void *dst, const void *src, size_t sz,
* Not usable on QAPI scalars (integers, strings, enums), nor on a
* QAPI object that references the 'any' type.
*/
-#define QAPI_CLONE_MEMBERS(type, dst, src) \
- qapi_clone_members(dst, src, sizeof(type), \
- (bool (*)(Visitor *, void *, \
- Error **))visit_type_ ## type ## _members)
+#define QAPI_CLONE_MEMBERS(type, dst, src) \
+ ({ \
+ Visitor *v_; \
+ \
+ v_ = qapi_clone_members_visitor_new(); \
+ *(type *)(dst) = *(src); \
+ visit_type_ ## type ## _members(v_, (type *)(dst), &error_abort); \
+ visit_free(v_); \
+ })
#endif
diff --git a/include/qemu/lockable.h b/include/qemu/lockable.h
index 62110d2eb7..66713bd429 100644
--- a/include/qemu/lockable.h
+++ b/include/qemu/lockable.h
@@ -43,15 +43,30 @@ qemu_null_lockable(void *x)
return NULL;
}
+#define QML_FUNC_(name) \
+ static inline void qemu_lockable_ ## name ## _lock(void *x) \
+ { \
+ qemu_ ## name ## _lock(x); \
+ } \
+ static inline void qemu_lockable_ ## name ## _unlock(void *x) \
+ { \
+ qemu_ ## name ## _unlock(x); \
+ }
+
+QML_FUNC_(mutex)
+QML_FUNC_(rec_mutex)
+QML_FUNC_(co_mutex)
+QML_FUNC_(spin)
+
/*
* In C, compound literals have the lifetime of an automatic variable.
* In C++ it would be different, but then C++ wouldn't need QemuLockable
* either...
*/
-#define QML_OBJ_(x, name) (&(QemuLockable) { \
- .object = (x), \
- .lock = (QemuLockUnlockFunc *) qemu_ ## name ## _lock, \
- .unlock = (QemuLockUnlockFunc *) qemu_ ## name ## _unlock \
+#define QML_OBJ_(x, name) (&(QemuLockable) { \
+ .object = (x), \
+ .lock = qemu_lockable_ ## name ## _lock, \
+ .unlock = qemu_lockable_ ## name ## _unlock \
})
/**
diff --git a/qapi/qapi-clone-visitor.c b/qapi/qapi-clone-visitor.c
index c45c5caa3b..bbf953698f 100644
--- a/qapi/qapi-clone-visitor.c
+++ b/qapi/qapi-clone-visitor.c
@@ -149,7 +149,7 @@ static void qapi_clone_free(Visitor *v)
g_free(v);
}
-static Visitor *qapi_clone_visitor_new(void)
+Visitor *qapi_clone_visitor_new(void)
{
QapiCloneVisitor *v;
@@ -174,31 +174,9 @@ static Visitor *qapi_clone_visitor_new(void)
return &v->visitor;
}
-void *qapi_clone(const void *src, bool (*visit_type)(Visitor *, const char *,
- void **, Error **))
+Visitor *qapi_clone_members_visitor_new(void)
{
- Visitor *v;
- void *dst = (void *) src; /* Cast away const */
-
- if (!src) {
- return NULL;
- }
-
- v = qapi_clone_visitor_new();
- visit_type(v, NULL, &dst, &error_abort);
- visit_free(v);
- return dst;
-}
-
-void qapi_clone_members(void *dst, const void *src, size_t sz,
- bool (*visit_type_members)(Visitor *, void *,
- Error **))
-{
- Visitor *v;
-
- v = qapi_clone_visitor_new();
- memcpy(dst, src, sz);
+ Visitor *v = qapi_clone_visitor_new();
to_qcv(v)->depth++;
- visit_type_members(v, dst, &error_abort);
- visit_free(v);
+ return v;
}
diff --git a/qemu-keymap.c b/qemu-keymap.c
index 8c80f7a4ed..701e4332af 100644
--- a/qemu-keymap.c
+++ b/qemu-keymap.c
@@ -154,9 +154,9 @@ static xkb_mod_mask_t get_mod(struct xkb_keymap *map, const char *name)
int main(int argc, char *argv[])
{
- struct xkb_context *ctx;
- struct xkb_keymap *map;
- struct xkb_state *state;
+ static struct xkb_context *ctx;
+ static struct xkb_keymap *map;
+ static struct xkb_state *state;
xkb_mod_index_t mod, mods;
int rc;
@@ -234,8 +234,6 @@ int main(int argc, char *argv[])
state = xkb_state_new(map);
xkb_keymap_key_for_each(map, walk_map, state);
- xkb_state_unref(state);
- state = NULL;
/* add quirks */
fprintf(outfile,
diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh
index 5238f83343..7398298173 100755
--- a/scripts/oss-fuzz/build.sh
+++ b/scripts/oss-fuzz/build.sh
@@ -92,6 +92,7 @@ make install DESTDIR=$DEST_DIR/qemu-bundle
rm -rf $DEST_DIR/qemu-bundle/opt/qemu-oss-fuzz/bin
rm -rf $DEST_DIR/qemu-bundle/opt/qemu-oss-fuzz/libexec
+export ASAN_OPTIONS=detect_leaks=0
targets=$(./qemu-fuzz-i386 | grep generic-fuzz | awk '$1 ~ /\*/ {print $2}')
base_copy="$DEST_DIR/qemu-fuzz-i386-target-$(echo "$targets" | head -n 1)"
diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 8963c39189..23afe8c08a 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linux-headers.sh
@@ -112,6 +112,7 @@ for arch in $ARCHLIST; do
arch_var=ARCH
fi
+ rm -rf "$hdrdir"
make -C "$linux" O="$blddir" INSTALL_HDR_PATH="$hdrdir" $arch_var=$arch headers_install
rm -rf "$output/linux-headers/asm-$arch"
@@ -158,7 +159,7 @@ for arch in $ARCHLIST; do
cp_portable "$hdrdir/bootparam.h" \
"$output/include/standard-headers/asm-$arch"
cp_portable "$hdrdir/include/asm/setup_data.h" \
- "$output/standard-headers/asm-x86"
+ "$output/include/standard-headers/asm-x86"
fi
if [ $arch = riscv ]; then
cp "$hdrdir/include/asm/ptrace.h" "$output/linux-headers/asm-riscv/"
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index f7194534ae..2bbeaca36e 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -324,6 +324,42 @@ static void s390_cpu_reset_full(DeviceState *dev)
#ifdef CONFIG_TCG
#include "hw/core/tcg-cpu-ops.h"
+void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc,
+ uint64_t *cs_base, uint32_t *pflags)
+{
+ uint32_t flags;
+
+ if (env->psw.addr & 1) {
+ /*
+ * Instructions must be at even addresses.
+ * This needs to be checked before address translation.
+ */
+ env->int_pgm_ilen = 2; /* see s390_cpu_tlb_fill() */
+ tcg_s390_program_interrupt(env, PGM_SPECIFICATION, 0);
+ }
+
+ *pc = env->psw.addr;
+ *cs_base = env->ex_value;
+
+ flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW;
+ if (env->psw.mask & PSW_MASK_PER) {
+ flags |= env->cregs[9] & (FLAG_MASK_PER_BRANCH |
+ FLAG_MASK_PER_IFETCH |
+ FLAG_MASK_PER_IFETCH_NULLIFY);
+ if ((env->cregs[9] & PER_CR9_EVENT_STORE) &&
+ (env->cregs[9] & PER_CR9_EVENT_STORE_REAL)) {
+ flags |= FLAG_MASK_PER_STORE_REAL;
+ }
+ }
+ if (env->cregs[0] & CR0_AFP) {
+ flags |= FLAG_MASK_AFP;
+ }
+ if (env->cregs[0] & CR0_VECTOR) {
+ flags |= FLAG_MASK_VECTOR;
+ }
+ *pflags = flags;
+}
+
static const TCGCPUOps s390_tcg_ops = {
.initialize = s390x_translate_init,
.restore_state_to_opc = s390x_restore_state_to_opc,
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 414680eed1..d6b75ad0e0 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -342,19 +342,32 @@ extern const VMStateDescription vmstate_s390_cpu;
/* tb flags */
-#define FLAG_MASK_PSW_SHIFT 31
-#define FLAG_MASK_PER (PSW_MASK_PER >> FLAG_MASK_PSW_SHIFT)
-#define FLAG_MASK_DAT (PSW_MASK_DAT >> FLAG_MASK_PSW_SHIFT)
-#define FLAG_MASK_PSTATE (PSW_MASK_PSTATE >> FLAG_MASK_PSW_SHIFT)
-#define FLAG_MASK_ASC (PSW_MASK_ASC >> FLAG_MASK_PSW_SHIFT)
-#define FLAG_MASK_64 (PSW_MASK_64 >> FLAG_MASK_PSW_SHIFT)
-#define FLAG_MASK_32 (PSW_MASK_32 >> FLAG_MASK_PSW_SHIFT)
-#define FLAG_MASK_PSW (FLAG_MASK_PER | FLAG_MASK_DAT | FLAG_MASK_PSTATE \
- | FLAG_MASK_ASC | FLAG_MASK_64 | FLAG_MASK_32)
-
-/* we'll use some unused PSW positions to store CR flags in tb flags */
-#define FLAG_MASK_AFP (PSW_MASK_UNUSED_2 >> FLAG_MASK_PSW_SHIFT)
-#define FLAG_MASK_VECTOR (PSW_MASK_UNUSED_3 >> FLAG_MASK_PSW_SHIFT)
+#define FLAG_MASK_PSW_SHIFT 31
+#define FLAG_MASK_32 0x00000001u
+#define FLAG_MASK_64 0x00000002u
+#define FLAG_MASK_AFP 0x00000004u
+#define FLAG_MASK_VECTOR 0x00000008u
+#define FLAG_MASK_ASC 0x00018000u
+#define FLAG_MASK_PSTATE 0x00020000u
+#define FLAG_MASK_PER_IFETCH_NULLIFY 0x01000000u
+#define FLAG_MASK_DAT 0x08000000u
+#define FLAG_MASK_PER_STORE_REAL 0x20000000u
+#define FLAG_MASK_PER_IFETCH 0x40000000u
+#define FLAG_MASK_PER_BRANCH 0x80000000u
+
+QEMU_BUILD_BUG_ON(FLAG_MASK_32 != PSW_MASK_32 >> FLAG_MASK_PSW_SHIFT);
+QEMU_BUILD_BUG_ON(FLAG_MASK_64 != PSW_MASK_64 >> FLAG_MASK_PSW_SHIFT);
+QEMU_BUILD_BUG_ON(FLAG_MASK_ASC != PSW_MASK_ASC >> FLAG_MASK_PSW_SHIFT);
+QEMU_BUILD_BUG_ON(FLAG_MASK_PSTATE != PSW_MASK_PSTATE >> FLAG_MASK_PSW_SHIFT);
+QEMU_BUILD_BUG_ON(FLAG_MASK_DAT != PSW_MASK_DAT >> FLAG_MASK_PSW_SHIFT);
+
+#define FLAG_MASK_PSW (FLAG_MASK_DAT | FLAG_MASK_PSTATE | \
+ FLAG_MASK_ASC | FLAG_MASK_64 | FLAG_MASK_32)
+#define FLAG_MASK_CR9 (FLAG_MASK_PER_BRANCH | FLAG_MASK_PER_IFETCH)
+#define FLAG_MASK_PER (FLAG_MASK_PER_BRANCH | \
+ FLAG_MASK_PER_IFETCH | \
+ FLAG_MASK_PER_IFETCH_NULLIFY | \
+ FLAG_MASK_PER_STORE_REAL)
/* Control register 0 bits */
#define CR0_LOWPROT 0x0000000010000000ULL
@@ -413,38 +426,28 @@ static inline int s390x_env_mmu_index(CPUS390XState *env, bool ifetch)
#include "tcg/tcg_s390x.h"
-static inline void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc,
- uint64_t *cs_base, uint32_t *flags)
-{
- if (env->psw.addr & 1) {
- /*
- * Instructions must be at even addresses.
- * This needs to be checked before address translation.
- */
- env->int_pgm_ilen = 2; /* see s390_cpu_tlb_fill() */
- tcg_s390_program_interrupt(env, PGM_SPECIFICATION, 0);
- }
- *pc = env->psw.addr;
- *cs_base = env->ex_value;
- *flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW;
- if (env->cregs[0] & CR0_AFP) {
- *flags |= FLAG_MASK_AFP;
- }
- if (env->cregs[0] & CR0_VECTOR) {
- *flags |= FLAG_MASK_VECTOR;
- }
-}
+void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc,
+ uint64_t *cs_base, uint32_t *flags);
#endif /* CONFIG_TCG */
/* PER bits from control register 9 */
-#define PER_CR9_EVENT_BRANCH 0x80000000
-#define PER_CR9_EVENT_IFETCH 0x40000000
-#define PER_CR9_EVENT_STORE 0x20000000
-#define PER_CR9_EVENT_STORE_REAL 0x08000000
-#define PER_CR9_EVENT_NULLIFICATION 0x01000000
-#define PER_CR9_CONTROL_BRANCH_ADDRESS 0x00800000
-#define PER_CR9_CONTROL_ALTERATION 0x00200000
+#define PER_CR9_EVENT_BRANCH 0x80000000
+#define PER_CR9_EVENT_IFETCH 0x40000000
+#define PER_CR9_EVENT_STORE 0x20000000
+#define PER_CR9_EVENT_STORAGE_KEY_ALTERATION 0x10000000
+#define PER_CR9_EVENT_STORE_REAL 0x08000000
+#define PER_CR9_EVENT_ZERO_ADDRESS_DETECTION 0x04000000
+#define PER_CR9_EVENT_TRANSACTION_END 0x02000000
+#define PER_CR9_EVENT_IFETCH_NULLIFICATION 0x01000000
+#define PER_CR9_CONTROL_BRANCH_ADDRESS 0x00800000
+#define PER_CR9_CONTROL_TRANSACTION_SUPRESS 0x00400000
+#define PER_CR9_CONTROL_STORAGE_ALTERATION 0x00200000
+
+QEMU_BUILD_BUG_ON(FLAG_MASK_PER_BRANCH != PER_CR9_EVENT_BRANCH);
+QEMU_BUILD_BUG_ON(FLAG_MASK_PER_IFETCH != PER_CR9_EVENT_IFETCH);
+QEMU_BUILD_BUG_ON(FLAG_MASK_PER_IFETCH_NULLIFY !=
+ PER_CR9_EVENT_IFETCH_NULLIFICATION);
/* PER bits from the PER CODE/ATMID/AI in lowcore */
#define PER_CODE_EVENT_BRANCH 0x8000
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index cc1c20e9e3..1a8a76abb9 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -359,10 +359,10 @@ DEF_HELPER_FLAGS_4(ipte, TCG_CALL_NO_RWG, void, env, i64, i64, i32)
DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env)
DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env)
DEF_HELPER_3(lra, i64, env, i64, i64)
-DEF_HELPER_1(per_check_exception, void, env)
-DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_RWG, void, env, i64, i64)
-DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_RWG, void, env, i64)
-DEF_HELPER_FLAGS_1(per_store_real, TCG_CALL_NO_RWG, void, env)
+DEF_HELPER_FLAGS_1(per_check_exception, TCG_CALL_NO_WG, void, env)
+DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_WG, void, env, i64, i32)
+DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_WG, void, env, i32)
+DEF_HELPER_FLAGS_2(per_store_real, TCG_CALL_NO_WG, noreturn, env, i32)
DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env)
DEF_HELPER_2(xsch, void, env, i64)
diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
index f1c33f7967..4c0b692c9e 100644
--- a/target/s390x/tcg/excp_helper.c
+++ b/target/s390x/tcg/excp_helper.c
@@ -209,7 +209,7 @@ static void do_program_interrupt(CPUS390XState *env)
switch (env->int_pgm_code) {
case PGM_PER:
- advance = !(env->per_perc_atmid & PER_CODE_EVENT_NULLIFICATION);
+ /* advance already handled */
break;
case PGM_ASCE_TYPE:
case PGM_REG_FIRST_TRANS:
diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c
index 8764846ce8..303f86d363 100644
--- a/target/s390x/tcg/misc_helper.c
+++ b/target/s390x/tcg/misc_helper.c
@@ -20,6 +20,7 @@
#include "qemu/osdep.h"
#include "qemu/cutils.h"
+#include "qemu/log.h"
#include "cpu.h"
#include "s390x-internal.h"
#include "qemu/host-utils.h"
@@ -590,10 +591,24 @@ void HELPER(chsc)(CPUS390XState *env, uint64_t inst)
#endif
#ifndef CONFIG_USER_ONLY
+static G_NORETURN void per_raise_exception(CPUS390XState *env)
+{
+ trigger_pgm_exception(env, PGM_PER);
+ cpu_loop_exit(env_cpu(env));
+}
+
+static G_NORETURN void per_raise_exception_log(CPUS390XState *env)
+{
+ qemu_log_mask(CPU_LOG_INT, "PER interrupt after 0x%" PRIx64 "\n",
+ env->per_address);
+ per_raise_exception(env);
+}
+
void HELPER(per_check_exception)(CPUS390XState *env)
{
- if (env->per_perc_atmid) {
- tcg_s390_program_interrupt(env, PGM_PER, GETPC());
+ /* psw_addr, per_address and int_pgm_ilen are already set. */
+ if (unlikely(env->per_perc_atmid)) {
+ per_raise_exception_log(env);
}
}
@@ -608,46 +623,45 @@ static inline bool get_per_in_range(CPUS390XState *env, uint64_t addr)
}
}
-void HELPER(per_branch)(CPUS390XState *env, uint64_t from, uint64_t to)
+void HELPER(per_branch)(CPUS390XState *env, uint64_t dest, uint32_t ilen)
{
- if ((env->cregs[9] & PER_CR9_EVENT_BRANCH)) {
- if (!(env->cregs[9] & PER_CR9_CONTROL_BRANCH_ADDRESS)
- || get_per_in_range(env, to)) {
- env->per_address = from;
- env->per_perc_atmid = PER_CODE_EVENT_BRANCH | get_per_atmid(env);
- }
+ if ((env->cregs[9] & PER_CR9_CONTROL_BRANCH_ADDRESS)
+ && !get_per_in_range(env, dest)) {
+ return;
}
+
+ env->psw.addr = dest;
+ env->int_pgm_ilen = ilen;
+ env->per_address = env->gbea;
+ env->per_perc_atmid = PER_CODE_EVENT_BRANCH | get_per_atmid(env);
+ per_raise_exception_log(env);
}
-void HELPER(per_ifetch)(CPUS390XState *env, uint64_t addr)
+void HELPER(per_ifetch)(CPUS390XState *env, uint32_t ilen)
{
- if ((env->cregs[9] & PER_CR9_EVENT_IFETCH) && get_per_in_range(env, addr)) {
- env->per_address = addr;
+ if (get_per_in_range(env, env->psw.addr)) {
+ env->per_address = env->psw.addr;
+ env->int_pgm_ilen = ilen;
env->per_perc_atmid = PER_CODE_EVENT_IFETCH | get_per_atmid(env);
/* If the instruction has to be nullified, trigger the
exception immediately. */
- if (env->cregs[9] & PER_CR9_EVENT_NULLIFICATION) {
- CPUState *cs = env_cpu(env);
-
+ if (env->cregs[9] & PER_CR9_EVENT_IFETCH_NULLIFICATION) {
env->per_perc_atmid |= PER_CODE_EVENT_NULLIFICATION;
- env->int_pgm_code = PGM_PER;
- env->int_pgm_ilen = get_ilen(cpu_ldub_code(env, addr));
-
- cs->exception_index = EXCP_PGM;
- cpu_loop_exit(cs);
+ qemu_log_mask(CPU_LOG_INT, "PER interrupt before 0x%" PRIx64 "\n",
+ env->per_address);
+ per_raise_exception(env);
}
}
}
-void HELPER(per_store_real)(CPUS390XState *env)
+void HELPER(per_store_real)(CPUS390XState *env, uint32_t ilen)
{
- if ((env->cregs[9] & PER_CR9_EVENT_STORE) &&
- (env->cregs[9] & PER_CR9_EVENT_STORE_REAL)) {
- /* PSW is saved just before calling the helper. */
- env->per_address = env->psw.addr;
- env->per_perc_atmid = PER_CODE_EVENT_STORE_REAL | get_per_atmid(env);
- }
+ /* PSW is saved just before calling the helper. */
+ env->per_address = env->psw.addr;
+ env->int_pgm_ilen = ilen;
+ env->per_perc_atmid = PER_CODE_EVENT_STORE_REAL | get_per_atmid(env);
+ per_raise_exception_log(env);
}
#endif
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index ebd96abe6c..c81e035dea 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -341,33 +341,11 @@ static void update_psw_addr(DisasContext *s)
tcg_gen_movi_i64(psw_addr, s->base.pc_next);
}
-static void per_branch(DisasContext *s, bool to_next)
+static void per_branch(DisasContext *s, TCGv_i64 dest)
{
#ifndef CONFIG_USER_ONLY
- tcg_gen_movi_i64(gbea, s->base.pc_next);
-
- if (s->base.tb->flags & FLAG_MASK_PER) {
- TCGv_i64 next_pc = to_next ? tcg_constant_i64(s->pc_tmp) : psw_addr;
- gen_helper_per_branch(tcg_env, gbea, next_pc);
- }
-#endif
-}
-
-static void per_branch_cond(DisasContext *s, TCGCond cond,
- TCGv_i64 arg1, TCGv_i64 arg2)
-{
-#ifndef CONFIG_USER_ONLY
- if (s->base.tb->flags & FLAG_MASK_PER) {
- TCGLabel *lab = gen_new_label();
- tcg_gen_brcond_i64(tcg_invert_cond(cond), arg1, arg2, lab);
-
- tcg_gen_movi_i64(gbea, s->base.pc_next);
- gen_helper_per_branch(tcg_env, gbea, psw_addr);
-
- gen_set_label(lab);
- } else {
- TCGv_i64 pc = tcg_constant_i64(s->base.pc_next);
- tcg_gen_movcond_i64(cond, gbea, arg1, arg2, gbea, pc);
+ if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) {
+ gen_helper_per_branch(tcg_env, dest, tcg_constant_i32(s->ilen));
}
#endif
}
@@ -656,9 +634,6 @@ static void gen_op_calc_cc(DisasContext *s)
static bool use_goto_tb(DisasContext *s, uint64_t dest)
{
- if (unlikely(s->base.tb->flags & FLAG_MASK_PER)) {
- return false;
- }
return translator_use_goto_tb(&s->base, dest);
}
@@ -1100,144 +1075,105 @@ struct DisasInsn {
static DisasJumpType help_goto_direct(DisasContext *s, uint64_t dest)
{
+ update_cc_op(s);
+ per_breaking_event(s);
+ per_branch(s, tcg_constant_i64(dest));
+
if (dest == s->pc_tmp) {
- per_branch(s, true);
return DISAS_NEXT;
}
if (use_goto_tb(s, dest)) {
- update_cc_op(s);
- per_breaking_event(s);
tcg_gen_goto_tb(0);
tcg_gen_movi_i64(psw_addr, dest);
tcg_gen_exit_tb(s->base.tb, 0);
return DISAS_NORETURN;
} else {
tcg_gen_movi_i64(psw_addr, dest);
- per_branch(s, false);
- return DISAS_PC_UPDATED;
+ return DISAS_PC_CC_UPDATED;
}
}
+static DisasJumpType help_goto_indirect(DisasContext *s, TCGv_i64 dest)
+{
+ update_cc_op(s);
+ per_breaking_event(s);
+ tcg_gen_mov_i64(psw_addr, dest);
+ per_branch(s, psw_addr);
+ return DISAS_PC_CC_UPDATED;
+}
+
static DisasJumpType help_branch(DisasContext *s, DisasCompare *c,
bool is_imm, int imm, TCGv_i64 cdest)
{
- DisasJumpType ret;
uint64_t dest = s->base.pc_next + (int64_t)imm * 2;
TCGLabel *lab;
/* Take care of the special cases first. */
if (c->cond == TCG_COND_NEVER) {
- ret = DISAS_NEXT;
- goto egress;
+ return DISAS_NEXT;
}
if (is_imm) {
- if (dest == s->pc_tmp) {
- /* Branch to next. */
- per_branch(s, true);
- ret = DISAS_NEXT;
- goto egress;
- }
- if (c->cond == TCG_COND_ALWAYS) {
- ret = help_goto_direct(s, dest);
- goto egress;
+ /*
+ * Do not optimize a conditional branch if PER enabled, because we
+ * still need a conditional call to helper_per_branch.
+ */
+ if (c->cond == TCG_COND_ALWAYS
+ || (dest == s->pc_tmp &&
+ !(s->base.tb->flags & FLAG_MASK_PER_BRANCH))) {
+ return help_goto_direct(s, dest);
}
} else {
if (!cdest) {
/* E.g. bcr %r0 -> no branch. */
- ret = DISAS_NEXT;
- goto egress;
+ return DISAS_NEXT;
}
if (c->cond == TCG_COND_ALWAYS) {
- tcg_gen_mov_i64(psw_addr, cdest);
- per_branch(s, false);
- ret = DISAS_PC_UPDATED;
- goto egress;
+ return help_goto_indirect(s, cdest);
}
}
- if (use_goto_tb(s, s->pc_tmp)) {
- if (is_imm && use_goto_tb(s, dest)) {
- /* Both exits can use goto_tb. */
- update_cc_op(s);
-
- lab = gen_new_label();
- if (c->is_64) {
- tcg_gen_brcond_i64(c->cond, c->u.s64.a, c->u.s64.b, lab);
- } else {
- tcg_gen_brcond_i32(c->cond, c->u.s32.a, c->u.s32.b, lab);
- }
-
- /* Branch not taken. */
- tcg_gen_goto_tb(0);
- tcg_gen_movi_i64(psw_addr, s->pc_tmp);
- tcg_gen_exit_tb(s->base.tb, 0);
-
- /* Branch taken. */
- gen_set_label(lab);
- per_breaking_event(s);
- tcg_gen_goto_tb(1);
- tcg_gen_movi_i64(psw_addr, dest);
- tcg_gen_exit_tb(s->base.tb, 1);
-
- ret = DISAS_NORETURN;
- } else {
- /* Fallthru can use goto_tb, but taken branch cannot. */
- /* Store taken branch destination before the brcond. This
- avoids having to allocate a new local temp to hold it.
- We'll overwrite this in the not taken case anyway. */
- if (!is_imm) {
- tcg_gen_mov_i64(psw_addr, cdest);
- }
-
- lab = gen_new_label();
- if (c->is_64) {
- tcg_gen_brcond_i64(c->cond, c->u.s64.a, c->u.s64.b, lab);
- } else {
- tcg_gen_brcond_i32(c->cond, c->u.s32.a, c->u.s32.b, lab);
- }
+ update_cc_op(s);
- /* Branch not taken. */
- update_cc_op(s);
- tcg_gen_goto_tb(0);
- tcg_gen_movi_i64(psw_addr, s->pc_tmp);
- tcg_gen_exit_tb(s->base.tb, 0);
+ /*
+ * Ensure the taken branch is fall-through of the tcg branch.
+ * This keeps @cdest usage within the extended basic block,
+ * which avoids an otherwise unnecessary spill to the stack.
+ */
+ lab = gen_new_label();
+ if (c->is_64) {
+ tcg_gen_brcond_i64(tcg_invert_cond(c->cond),
+ c->u.s64.a, c->u.s64.b, lab);
+ } else {
+ tcg_gen_brcond_i32(tcg_invert_cond(c->cond),
+ c->u.s32.a, c->u.s32.b, lab);
+ }
- gen_set_label(lab);
- if (is_imm) {
- tcg_gen_movi_i64(psw_addr, dest);
- }
- per_breaking_event(s);
- ret = DISAS_PC_UPDATED;
- }
+ /* Branch taken. */
+ per_breaking_event(s);
+ if (is_imm) {
+ tcg_gen_movi_i64(psw_addr, dest);
} else {
- /* Fallthru cannot use goto_tb. This by itself is vanishingly rare.
- Most commonly we're single-stepping or some other condition that
- disables all use of goto_tb. Just update the PC and exit. */
+ tcg_gen_mov_i64(psw_addr, cdest);
+ }
+ per_branch(s, psw_addr);
- TCGv_i64 next = tcg_constant_i64(s->pc_tmp);
- if (is_imm) {
- cdest = tcg_constant_i64(dest);
- }
+ if (is_imm && use_goto_tb(s, dest)) {
+ tcg_gen_goto_tb(0);
+ tcg_gen_exit_tb(s->base.tb, 0);
+ } else {
+ tcg_gen_lookup_and_goto_ptr();
+ }
- if (c->is_64) {
- tcg_gen_movcond_i64(c->cond, psw_addr, c->u.s64.a, c->u.s64.b,
- cdest, next);
- per_branch_cond(s, c->cond, c->u.s64.a, c->u.s64.b);
- } else {
- TCGv_i32 t0 = tcg_temp_new_i32();
- TCGv_i64 t1 = tcg_temp_new_i64();
- TCGv_i64 z = tcg_constant_i64(0);
- tcg_gen_setcond_i32(c->cond, t0, c->u.s32.a, c->u.s32.b);
- tcg_gen_extu_i32_i64(t1, t0);
- tcg_gen_movcond_i64(TCG_COND_NE, psw_addr, t1, z, cdest, next);
- per_branch_cond(s, TCG_COND_NE, t1, z);
- }
+ gen_set_label(lab);
- ret = DISAS_PC_UPDATED;
+ /* Branch not taken. */
+ tcg_gen_movi_i64(psw_addr, s->pc_tmp);
+ if (use_goto_tb(s, s->pc_tmp)) {
+ tcg_gen_goto_tb(1);
+ tcg_gen_exit_tb(s->base.tb, 1);
+ return DISAS_NORETURN;
}
-
- egress:
- return ret;
+ return DISAS_PC_CC_UPDATED;
}
/* ====================================================================== */
@@ -1463,9 +1399,7 @@ static DisasJumpType op_bas(DisasContext *s, DisasOps *o)
{
pc_to_link_info(o->out, s, s->pc_tmp);
if (o->in2) {
- tcg_gen_mov_i64(psw_addr, o->in2);
- per_branch(s, false);
- return DISAS_PC_UPDATED;
+ return help_goto_indirect(s, o->in2);
} else {
return DISAS_NEXT;
}
@@ -1495,9 +1429,7 @@ static DisasJumpType op_bal(DisasContext *s, DisasOps *o)
{
save_link_info(s, o);
if (o->in2) {
- tcg_gen_mov_i64(psw_addr, o->in2);
- per_branch(s, false);
- return DISAS_PC_UPDATED;
+ return help_goto_indirect(s, o->in2);
} else {
return DISAS_NEXT;
}
@@ -4409,9 +4341,11 @@ static DisasJumpType op_stura(DisasContext *s, DisasOps *o)
{
tcg_gen_qemu_st_tl(o->in1, o->in2, MMU_REAL_IDX, s->insn->data);
- if (s->base.tb->flags & FLAG_MASK_PER) {
+ if (s->base.tb->flags & FLAG_MASK_PER_STORE_REAL) {
+ update_cc_op(s);
update_psw_addr(s);
- gen_helper_per_store_real(tcg_env);
+ gen_helper_per_store_real(tcg_env, tcg_constant_i32(s->ilen));
+ return DISAS_NORETURN;
}
return DISAS_NEXT;
}
@@ -6323,9 +6257,9 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
}
#ifndef CONFIG_USER_ONLY
- if (s->base.tb->flags & FLAG_MASK_PER) {
- TCGv_i64 addr = tcg_constant_i64(s->base.pc_next);
- gen_helper_per_ifetch(tcg_env, addr);
+ if (s->base.tb->flags & FLAG_MASK_PER_IFETCH) {
+ /* With ifetch set, psw_addr and cc_op are always up-to-date. */
+ gen_helper_per_ifetch(tcg_env, tcg_constant_i32(s->ilen));
}
#endif
@@ -6407,15 +6341,16 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
}
if (insn->help_op) {
ret = insn->help_op(s, &o);
- }
- if (ret != DISAS_NORETURN) {
- if (insn->help_wout) {
- insn->help_wout(s, &o);
- }
- if (insn->help_cout) {
- insn->help_cout(s, &o);
+ if (ret == DISAS_NORETURN) {
+ goto out;
}
}
+ if (insn->help_wout) {
+ insn->help_wout(s, &o);
+ }
+ if (insn->help_cout) {
+ insn->help_cout(s, &o);
+ }
/* io should be the last instruction in tb when icount is enabled */
if (unlikely(icount && ret == DISAS_NEXT)) {
@@ -6423,13 +6358,18 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
}
#ifndef CONFIG_USER_ONLY
- if (s->base.tb->flags & FLAG_MASK_PER) {
- /* An exception might be triggered, save PSW if not already done. */
- if (ret == DISAS_NEXT || ret == DISAS_TOO_MANY) {
+ if (s->base.tb->flags & FLAG_MASK_PER_IFETCH) {
+ switch (ret) {
+ case DISAS_TOO_MANY:
+ s->base.is_jmp = DISAS_PC_CC_UPDATED;
+ /* fall through */
+ case DISAS_NEXT:
tcg_gen_movi_i64(psw_addr, s->pc_tmp);
+ break;
+ default:
+ break;
}
-
- /* Call the helper to check for a possible PER exception. */
+ update_cc_op(s);
gen_helper_per_check_exception(tcg_env);
}
#endif
@@ -6452,7 +6392,7 @@ static void s390x_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
dc->cc_op = CC_OP_DYNAMIC;
dc->ex_value = dc->base.tb->cs_base;
- dc->exit_to_mainloop = (dc->base.tb->flags & FLAG_MASK_PER) || dc->ex_value;
+ dc->exit_to_mainloop = dc->ex_value;
}
static void s390x_tr_tb_start(DisasContextBase *db, CPUState *cs)
diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h
index 4d7c8ca4ec..ef0ad95712 100644
--- a/tests/qtest/fuzz/generic_fuzz_configs.h
+++ b/tests/qtest/fuzz/generic_fuzz_configs.h
@@ -150,7 +150,8 @@ const generic_fuzz_config predefined_configs[] = {
"-chardev null,id=cd0 -chardev null,id=cd1 "
"-device usb-braille,chardev=cd0 -device usb-ccid -device usb-ccid "
"-device usb-kbd -device usb-mouse -device usb-serial,chardev=cd1 "
- "-device usb-tablet -device usb-wacom-tablet -device usb-audio",
+ "-device usb-tablet -device usb-wacom-tablet "
+ "-device usb-audio,audiodev=snd0 -audiodev none,id=snd0",
.objects = "*usb* *uhci* *xhci*",
},{
.name = "pc-i440fx",
diff --git a/tests/tcg/s390x/Makefile.softmmu-target b/tests/tcg/s390x/Makefile.softmmu-target
index 1a1f088b28..80159cccf5 100644
--- a/tests/tcg/s390x/Makefile.softmmu-target
+++ b/tests/tcg/s390x/Makefile.softmmu-target
@@ -25,6 +25,7 @@ ASM_TESTS = \
lpswe-early \
lra \
mc \
+ per \
precise-smc-softmmu \
ssm-early \
stosm-early \
diff --git a/tests/tcg/s390x/per.S b/tests/tcg/s390x/per.S
new file mode 100644
index 0000000000..79e704a6ff
--- /dev/null
+++ b/tests/tcg/s390x/per.S
@@ -0,0 +1,82 @@
+ .org 0x8d
+ilc:
+ .org 0x8e
+program_interruption_code:
+ .org 0x96
+per_code:
+ .org 0x98
+per_address:
+ .org 0x150
+program_old_psw:
+ .org 0x1d0
+program_new_psw:
+ .quad 0, pgm_handler
+
+ .org 0x200 /* exit lowcore */
+
+per_on_psw:
+ .quad 0x4000000000000000, start_per
+per_on_regs:
+ .quad 0x80000000, 0, -1 /* successful-branching everywhere */
+per_off_regs:
+ .quad 0, 0 ,0
+success_psw:
+ .quad 0x2000000000000, 0xfff /* see is_special_wait_psw() */
+failure_psw:
+ .quad 0x2000000000000, 0 /* disabled wait */
+
+ .org 0x2000 /* exit lowcore pages */
+
+ .globl _start
+_start:
+ lpswe per_on_psw
+start_per:
+ lctlg %c9, %c11, per_on_regs
+
+/* Test unconditional relative branch. */
+ larl %r0, j1
+ larl %r1, d1
+ lhi %r2, 0
+j1: j d1
+ lpswe failure_psw
+d1:
+
+/* Test unconditional indirect branch. */
+ larl %r0, j2
+ larl %r1, d2
+j2: br %r1
+ lpswe failure_psw
+d2:
+
+/* Test conditional relative branch. */
+ larl %r0, j3
+ larl %r1, d3
+ clr %r1, %r2 /* d3 != 0 */
+j3: jne d3
+ lpswe failure_psw
+d3:
+
+/* Test conditional register branch. */
+ larl %r0, j4
+ larl %r1, d4
+ clr %r1, %r2 /* d4 != 0 */
+j4: bner %r1
+ lpswe failure_psw
+d4:
+
+/* Success! */
+ nop
+ lpswe success_psw
+
+pgm_handler:
+ chhsi program_interruption_code, 0x80 /* PER event? */
+ jne fail
+ cli per_code, 0x80 /* successful-branching event? */
+ jne fail
+ clg %r0, per_address /* per_address == jump insn? */
+ jne fail
+ clg %r1, program_old_psw+8 /* psw.addr updated to dest? */
+ jne fail
+ lpswe program_old_psw
+fail:
+ lpswe failure_psw
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-29 13:44:55 +0000