aboutsummaryrefslogtreecommitdiff
path: root/accel/tcg/cpu-exec.c
AgeCommit message (Collapse)Author
2023-03-01accel/tcg: Replace `tb_pc()` with `tb->pc`Anton Johansson
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230227135202.9710-13-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-03-01accel/tcg: Move jmp-cache `CF_PCREL` checks to callerAnton Johansson
tb-jmp-cache.h contains a few small functions that only exist to hide a CF_PCREL check, however the caller often already performs such a check. This patch moves CF_PCREL checks from the callee to the caller, and also removes these functions which now only hide an access of the jmp-cache. Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230227135202.9710-12-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-03-01accel/tcg: Replace `TARGET_TB_PCREL` with `CF_PCREL`Anton Johansson
Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230227135202.9710-5-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-02-27replay: Extract core API to 'exec/replay-core.h'Philippe Mathieu-Daudé
replay API is used deeply within TCG common code (common to user and system emulation). Unfortunately "sysemu/replay.h" requires some QAPI headers for few system-specific declarations, example: void replay_input_event(QemuConsole *src, InputEvent *evt); Since commit c2651c0eaa ("qapi/meson: Restrict UI module to system emulation and tools") the QAPI header defining the InputEvent is not generated anymore. To keep it simple, extract the 'core' replay prototypes to a new "exec/replay-core.h" header which we include in the TCG code that doesn't need the rest of the replay API. Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Message-Id: <20221219170806.60580-5-philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-02-27accel/tcg: Restrict 'qapi-commands-machine.h' to system emulationPhilippe Mathieu-Daudé
Since commit a0e61807a3 ("qapi: Remove QMP events and commands from user-mode builds") we don't generate the "qapi-commands-machine.h" header in a user-emulation-only build. Rename 'hmp.c' as 'monitor.c' and move the QMP functions from cpu-exec.c (which is always compiled) to monitor.c (which is only compiled when system-emulation is selected). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221219170806.60580-4-philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-02-27exec: Remove unused 'qemu/timer.h' timerPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221219170806.60580-2-philmd@linaro.org>
2023-02-08Don't include headers already included by qemu/osdep.hMarkus Armbruster
This commit was created with scripts/clean-includes. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20230202133830.2152150-19-armbru@redhat.com>
2023-02-02cpu-exec: assert that plugin_mem_cbs is NULL after executionEmilio Cota
Fixes: #1381 Signed-off-by: Emilio Cota <cota@braap.org> Message-Id: <20230108165107.62488-1-cota@braap.org> [AJB: manually applied follow-up fix] Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230124180127.1881110-35-alex.bennee@linaro.org>
2023-02-02cpu: free cpu->tb_jmp_cache with RCUEmilio Cota
Fixes the appended use-after-free. The root cause is that during tb invalidation we use CPU_FOREACH, and therefore to safely free a vCPU we must wait for an RCU grace period to elapse. $ x86_64-linux-user/qemu-x86_64 tests/tcg/x86_64-linux-user/munmap-pthread ================================================================= ==1800604==ERROR: AddressSanitizer: heap-use-after-free on address 0x62d0005f7418 at pc 0x5593da6704eb bp 0x7f4961a7ac70 sp 0x7f4961a7ac60 READ of size 8 at 0x62d0005f7418 thread T2 #0 0x5593da6704ea in tb_jmp_cache_inval_tb ../accel/tcg/tb-maint.c:244 #1 0x5593da6704ea in do_tb_phys_invalidate ../accel/tcg/tb-maint.c:290 #2 0x5593da670631 in tb_phys_invalidate__locked ../accel/tcg/tb-maint.c:306 #3 0x5593da670631 in tb_invalidate_phys_page_range__locked ../accel/tcg/tb-maint.c:542 #4 0x5593da67106d in tb_invalidate_phys_range ../accel/tcg/tb-maint.c:614 #5 0x5593da6a64d4 in target_munmap ../linux-user/mmap.c:766 #6 0x5593da6dba05 in do_syscall1 ../linux-user/syscall.c:10105 #7 0x5593da6f564c in do_syscall ../linux-user/syscall.c:13329 #8 0x5593da49e80c in cpu_loop ../linux-user/x86_64/../i386/cpu_loop.c:233 #9 0x5593da6be28c in clone_func ../linux-user/syscall.c:6633 #10 0x7f496231cb42 in start_thread nptl/pthread_create.c:442 #11 0x7f49623ae9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff) 0x62d0005f7418 is located 28696 bytes inside of 32768-byte region [0x62d0005f0400,0x62d0005f8400) freed by thread T148 here: #0 0x7f49627b6460 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52 #1 0x5593da5ac057 in cpu_exec_unrealizefn ../cpu.c:180 #2 0x5593da81f851 (/home/cota/src/qemu/build/qemu-x86_64+0x484851) Signed-off-by: Emilio Cota <cota@braap.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230111151628.320011-2-cota@braap.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20230124180127.1881110-27-alex.bennee@linaro.org>
2023-01-17tcg: Remove TCG_TARGET_HAS_direct_jumpRichard Henderson
We now have the option to generate direct or indirect goto_tb depending on the dynamic displacement, thus the define is no longer necessary or completely accurate. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-01-17tcg: Change tb_target_set_jmp_target argumentsRichard Henderson
Replace 'tc_ptr' and 'addr' with 'tb' and 'n'. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-01-17tcg: Add TranslationBlock.jmp_insn_offsetRichard Henderson
Stop overloading jmp_target_arg for both offset and address, depending on TCG_TARGET_HAS_direct_jump. Instead, add a new field to hold the jump insn offset and always set the target address in jmp_target_addr[]. This will allow a tcg backend to use either direct or indirect depending on displacement. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-01-16accel/tcg: Split out cpu_exec_{setjmp,loop}Richard Henderson
Recently the g_assert(cpu == current_cpu) test has been intermittently failing with gcc. Reorg the code around the setjmp to minimize the lifetime of the cpu variable affected by the setjmp. This appears to fix the existing issue with clang as well. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1147 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-01accel/tcg: Complete cpu initialization before registrationRichard Henderson
Delay cpu_list_add until realize is complete, so that cross-cpu interaction does not happen with incomplete cpu state. For this, we must delay plugin initialization out of tcg_exec_realizefn, because no cpu_index has been assigned. Fixes a problem with cross-cpu jump cache flushing, when the jump cache has not yet been allocated. Fixes: a976a99a2975 ("include/hw/core: Create struct CPUJumpCache") Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Reported-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-26accel/tcg: Introduce tb_{set_}page_addr{0,1}Richard Henderson
This data structure will be replaced for user-only: add accessors. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-26accel/tcg: Add a quicker check for breakpointsLeandro Lupori
Profiling QEMU during Fedora 35 for PPC64 boot revealed that a considerable amount of time was being spent in check_for_breakpoints() (0.61% of total time on PPC64 and 2.19% on amd64), even though it was just checking that its queue was empty and returning, when no breakpoints were set. It turns out this function is not inlined by the compiler and it's always called by helper_lookup_tb_ptr(), one of the most called functions. By leaving only the check for empty queue in check_for_breakpoints() and moving the remaining code to check_for_breakpoints_slow(), called only when the queue is not empty, it's possible to avoid the call overhead. An improvement of about 3% in total time was measured on POWER9. Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221025202424.195984-2-leandro.lupori@eldorado.org.br> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-04accel/tcg: Introduce TARGET_TB_PCRELRichard Henderson
Prepare for targets to be able to produce TBs that can run in more than one virtual context. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-04accel/tcg: Introduce tb_pc and log_pcRichard Henderson
The availability of tb->pc will shortly be conditional. Introduce accessor functions to minimize ifdefs. Pass around a known pc to places like tcg_gen_code, where the caller must already have the value. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-04include/hw/core: Create struct CPUJumpCacheRichard Henderson
Wrap the bare TranslationBlock pointer into a structure. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-10-04accel/tcg: Do not align tb->page_addr[0]Richard Henderson
Let tb->page_addr[0] contain the address of the first byte of the translated block, rather than the address of the page containing the start of the translated block. We need to recover this value anyway at various points, and it is easier to discard a page offset when it is not needed, which happens naturally via the existing find_page shift. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-06accel/tcg: Document the faulting lookup in tb_lookup_cmpRichard Henderson
It was non-obvious to me why we can raise an exception in the middle of a comparison function, but it works. While nearby, use TARGET_PAGE_ALIGN instead of open-coding. Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-06accel/tcg: Make tb_htable_lookup staticRichard Henderson
The function is not used outside of cpu-exec.c. Move it and its subroutines up in the file, before the first use. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-09-06accel/tcg: Unlock mmap_lock after longjmpRichard Henderson
The mmap_lock is held around tb_gen_code. While the comment is correct that the lock is dropped when tb_gen_code runs out of memory, the lock is *not* dropped when an exception is raised reading code for translation. Acked-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-06-11accel/tcg: Inline dump_opcount_info() and remove itBernhard Beschow
dump_opcount_info() is a one-line wrapper around tcg_dump_op_count() which is also exported. So use the latter directly. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20220520180109.8224-10-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-06-11accel/tcg/cpu-exec: Unexport dump_drift_info()Bernhard Beschow
Commit 3a841ab53f165910224dc4bebabf1a8f1d04200c 'qapi: introduce x-query-jit QMP command' basically moved the only function using dump_drift_info() to cpu-exec.c. Therefore, dump_drift_info() doesn't need to be exported any longer. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20220520180109.8224-9-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-04-20accel/tcg: Use cpu_dump_state between qemu_log_trylock/unlockRichard Henderson
Inside log_cpu_state, we perform qemu_log_trylock/unlock, which need not be done if we have already performed the lock beforehand. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-15-richard.henderson@linaro.org>
2022-04-20*: Use fprintf between qemu_log_trylock/unlockRichard Henderson
Inside qemu_log, we perform qemu_log_trylock/unlock, which need not be done if we have already performed the lock beforehand. Always check the result of qemu_log_trylock -- only checking qemu_loglevel_mask races with the acquisition of the lock on the logfile. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-10-richard.henderson@linaro.org>
2022-04-20util/log: Rename qemu_log_lock to qemu_log_trylockRichard Henderson
This function can fail, which makes it more like ftrylockfile or pthread_mutex_trylock than flockfile or pthread_mutex_lock, so rename it. To closer match the other trylock functions, release rcu_read_lock along the failure path, so that qemu_log_unlock need not be called on failure. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-8-richard.henderson@linaro.org>
2022-04-06Remove qemu-common.h include from most unitsMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-06accel/tcg: Remove pointless CPUArchState castsPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220305233415.64627-2-philippe.mathieu.daude@gmail.com>
2022-02-28accel/tcg/cpu-exec: Fix precise single-stepping after interruptLuc Michel
In some cases, cpu->exit_request can be false after handling the interrupt, leading to another TB being executed instead of returning to the main loop. Fix this by returning true unconditionally when in single-step mode. Fixes: ba3c35d9c402 ("tcg/cpu-exec: precise single-stepping after an interrupt") Signed-off-by: Luc Michel <lmichel@kalray.eu> Message-Id: <20220214132656.11397-1-lmichel@kalray.eu> [rth: Unlock iothread mutex; simplify indentation] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-02-09replay: use CF_NOIRQ for special exception-replaying TBPavel Dovgalyuk
Commit aff0e204cb1f1c036a496c94c15f5dfafcd9b4b4 introduced CF_NOIRQ usage, but one case was forgotten. Record/replay uses one special TB which is not really executed, but used to cause a correct exception in replay mode. This patch adds CF_NOIRQ flag for such block. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <164362834054.1754532.7678416881159817273.stgit@pasha-ThinkPad-X280> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-01-18monitor: move x-query-profile into accel/tcg to fix buildAlex Bennée
As --enable-profiler isn't defended in CI we missed this breakage. Move the qmp handler into accel/tcg so we have access to the helpers we need. While we are at it ensure we gate the feature on CONFIG_TCG. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Fixes: 37087fde0e ("qapi: introduce x-query-profile QMP command") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/773 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220105135009.1584676-23-alex.bennee@linaro.org>
2021-11-29accel/tcg: suppress IRQ check for special TBsAlex Bennée
When we set cpu->cflags_next_tb it is because we want to carefully control the execution of the next TB. Currently there is a race that causes the second stage of watchpoint handling to get ignored if an IRQ is processed before we finish executing the instruction that triggers the watchpoint. Use the new CF_NOIRQ facility to avoid the race. We also suppress IRQs when handling precise self modifying code to avoid unnecessary bouncing. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/245 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211129140932.4115115-3-alex.bennee@linaro.org>
2021-11-03Merge remote-tracking branch ↵Richard Henderson
'remotes/berrange/tags/hmp-x-qmp-620-pull-request' into staging Initial conversion of HMP debugging commands to QMP This introduces a new policy that all HMP commands will be converted to have QMP equivalents, marked unstable if no formal QAPI modelling is intended to be done. New unstable commands are added as follows: - HMP "info roms" => QMP "x-query-roms" - HMP "info profile" => QMP "x-query-profile" - HMP "info numa" => QMP "x-query-numa" - HMP "info usb" => QMP "x-query-usb" - HMP "info rdma" => QMP "x-query-rdma" - HMP "info ramblock" => QMP "x-query-ramblock" - HMP "info irq" => QMP "x-query-irq" - HMP "info jit" => QMP "x-query-jit" - HMP "info opcount" => QMP "x-query-opcount" # gpg: Signature made Tue 02 Nov 2021 01:54:28 PM EDT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] * remotes/berrange/tags/hmp-x-qmp-620-pull-request: qapi: introduce x-query-opcount QMP command qapi: introduce x-query-jit QMP command qapi: introduce x-query-irq QMP command qapi: introduce x-query-ramblock QMP command qapi: introduce x-query-rdma QMP command qapi: introduce x-query-usb QMP command qapi: introduce x-query-numa QMP command qapi: introduce x-query-profile QMP command qapi: introduce x-query-roms QMP command docs/devel: document expectations for HMP commands in the future docs/devel: add example of command returning unstructured text docs/devel: document expectations for QAPI data modelling for QMP monitor: introduce HumanReadableText and HMP support docs/devel: update error handling guidance for HMP commands docs/devel: tweak headings in monitor command docs docs/devel: rename file for writing monitor commands monitor: make hmp_handle_error return a boolean monitor: remove 'info ioapic' HMP command Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02qapi: introduce x-query-opcount QMP commandDaniel P. Berrangé
This is a counterpart to the HMP "info opcount" command. It is being added with an "x-" prefix because this QMP command is intended as an ad hoc debugging tool and will thus not be modelled in QAPI as fully structured data, nor will it have long term guaranteed stability. The existing HMP command is rewritten to call the QMP command. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02qapi: introduce x-query-jit QMP commandDaniel P. Berrangé
This is a counterpart to the HMP "info jit" command. It is being added with an "x-" prefix because this QMP command is intended as an ad hoc debugging tool and will thus not be modelled in QAPI as fully structured data, nor will it have long term guaranteed stability. The existing HMP command is rewritten to call the QMP command. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-10-30accel/tcg: Move clear_helper_retaddr to cpu loopRichard Henderson
Currently there are only two places that require we reset this value before exiting to the main loop, but that will change. Reviewed-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-15accel/tcg: Handle gdb singlestep in cpu_tb_execRichard Henderson
Currently the change in cpu_tb_exec is masked by the debug exception being raised by the translators. But this allows us to remove that code. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-09-21accel/tcg: Restrict cpu_handle_halt() to sysemuPhilippe Mathieu-Daudé
Commit 372579427a5 ("tcg: enable thread-per-vCPU") added the following comment describing EXCP_HALTED in qemu_tcg_cpu_thread_fn(): case EXCP_HALTED: /* during start-up the vCPU is reset and the thread is * kicked several times. If we don't ensure we go back * to sleep in the halted state we won't cleanly * start-up when the vCPU is enabled. * * cpu->halted should ensure we sleep in wait_io_event */ g_assert(cpu->halted); break; qemu_wait_io_event() is sysemu-specific, so we can restrict the cpu_handle_halt() call in cpu_exec() to system emulation. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210912172731.789788-2-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-09-14accel/tcg: Restrict TCGCPUOps::cpu_exec_interrupt() to sysemuPhilippe Mathieu-Daudé
All targets call TCGCPUOps::cpu_exec_interrupt() from sysemu code. Move its declaration to restrict it to system emulation. Extend the code guarded. Restrict the static inlined need_replay_interrupt() method to avoid a "defined but not used" warning. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210911165434.531552-24-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-09-14accel/tcg: Rename user-mode do_interrupt hack as fake_user_interruptPhilippe Mathieu-Daudé
do_interrupt() is sysemu specific. However due to some X86 specific hack, it is also used in user-mode emulation, which is why it couldn't be restricted to CONFIG_SOFTMMU (see the comment around added in commit 78271684719: "cpu: tcg_ops: move to tcg-cpu-ops.h, keep a pointer in CPUClass"). Keep the hack but rename the handler as fake_user_interrupt() and restrict do_interrupt() to sysemu. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210911165434.531552-6-f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-26accel/tcg: Remove unused variable in cpu_execRichard Henderson
From clang-13: accel/tcg/cpu-exec.c:783:15: error: variable 'cc' set but not used \ [-Werror,-Wunused-but-set-variable] Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-26accel/tcg: Remove unnecessary check on icount_extra in cpu_loop_exec_tb()Peter Maydell
In cpu_loop_exec_tb(), we decide whether to look for a TB with exactly insns_left instructions in it using the condition (!cpu->icount_extra && insns_left > 0 && insns_left < tb->icount) The check for icount_extra == 0 is unnecessary, because we just set insns_left = MIN(0xffff, cpu->icount_budget); icount_extra = icount_budget - insns_left; and so icount_extra can only be non-zero if icount_budget > 0xffff and insns_left == 0xffff. But in that case insns_left >= tb->icount because 0xffff is much larger than TCG_MAX_INSNS, so the condition will be false anyway. Remove the unnecessary check, and instead assert: * that we are only going to execute a partial TB here if the icount budget has run out (ie icount_extra == 0) * that the number of insns we're going to execute does fit into the CF_COUNT_MASK Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210725174405.24568-3-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-26accel/tcg: Don't use CF_COUNT_MASK as the max value of icount_decr.u16.lowPeter Maydell
In cpu_loop_exec_tb() we were bounding the number of insns we might try to execute in a TB using CF_COUNT_MASK. This is incorrect, because we can validly put up to 0xffff into icount_decr.u16.low. In particular, since commit 78ff82bb1b67c0d7 reduced CF_COUNT_MASK to 511 this meant that we would incorrectly only try to execute 511 instructions in a 512-instruction TB, which could result in QEMU hanging when in icount mode. Use the actual maximum value, which is 0xffff. (This brings this code in to line with the similar logic in icount_prepare_for_run() in tcg-accel-ops-icount.c.) Fixes: 78ff82bb1b67c0d7 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/499 Message-Id: <20210725174405.24568-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21accel/tcg: Record singlestep_enabled in tb->cflagsRichard Henderson
Set CF_SINGLE_STEP when single-stepping is enabled. This avoids the need to flush all tb's when turning single-stepping on or off. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21accel/tcg: Move breakpoint recognition outside translationRichard Henderson
Trigger breakpoints before beginning translation of a TB that would begin with a BP. Thus we never generate code for the BP at all. Single-step instructions within a page containing a BP so that we are sure to check each insn for the BP as above. We no longer need to flush any TBs when changing BPs. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/286 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/404 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/489 Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21accel/tcg: Merge tb_find into its only callerRichard Henderson
We are going to want two things: (1) check for breakpoints will want to break out of the loop here, (2) cflags can only be calculated with pc in hand. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21accel/tcg: Use CF_NO_GOTO_{TB, PTR} in cpu_exec_step_atomicRichard Henderson
Request that the one TB returns immediately, so that we release the exclusive lock as soon as possible. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210717221851.2124573-7-richard.henderson@linaro.org>
2021-07-21accel/tcg: Handle -singlestep in curr_cflagsRichard Henderson
Exchange the test in translator_use_goto_tb for CF_NO_GOTO_TB, and the test in tb_gen_code for setting CF_COUNT_MASK to 1. Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210717221851.2124573-6-richard.henderson@linaro.org>