Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200626' into staging

target-arm queue: * hw/arm/aspeed: improve QOM usage * hw/misc/pca9552: trace GPIO change events * target/arm: Implement ARMv8.5-MemTag for system emulation # gpg: Signature made Fri 26 Jun 2020 16:13:27 BST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200626: (57 commits) target/arm: Enable MTE target/arm: Add allocation tag storage for system mode target/arm: Create tagged ram when MTE is enabled target/arm: Cache the Tagged bit for a page in MemTxAttrs target/arm: Always pass cacheattr to get_phys_addr target/arm: Set PSTATE.TCO on exception entry target/arm: Implement data cache set allocation tags target/arm: Complete TBI clearing for user-only for SVE target/arm: Add mte helpers for sve scatter/gather memory ops target/arm: Handle TBI for sve scalar + int memory ops target/arm: Add mte helpers for sve scalar + int ff/nf loads target/arm: Add mte helpers for sve scalar + int stores target/arm: Add mte helpers for sve scalar + int loads target/arm: Add arm_tlb_bti_gp target/arm: Tidy trans_LD1R_zpri target/arm: Use mte_check1 for sve LD1R target/arm: Use mte_checkN for sve unpredicated stores target/arm: Use mte_checkN for sve unpredicated loads target/arm: Add helper_mte_check_zva target/arm: Implement helper_mte_checkN ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
author: Peter Maydell <peter.maydell@linaro.org> 2020-06-26 18:22:36 +0100
committer: Peter Maydell <peter.maydell@linaro.org> 2020-06-26 18:22:36 +0100
commit: 553cf5d7c47bee05a3dec9461c1f8430316d516b (patch)
tree: c39e6a48d2746e4bf9d79cda6e3fa23a1c9d9b6d /target/arm/helper-a64.c
parent: 3591ddd39987cbdaa0cfa344a262f315abd97582 (diff)
parent: c7459633baa71d1781fde4a245d6ec9ce2f008cf (diff)
download: focaccia-qemu-553cf5d7c47bee05a3dec9461c1f8430316d516b.tar.gz
focaccia-qemu-553cf5d7c47bee05a3dec9461c1f8430316d516b.zip
1 files changed, 26 insertions, 70 deletions
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index bc0649a44a..8682630ff6 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -1119,85 +1119,41 @@ void HELPER(dc_zva)(CPUARMState *env, uint64_t vaddr_in)
      * (which matches the usual QEMU behaviour of not implementing either
      * alignment faults or any memory attribute handling).
      */
-
-    ARMCPU *cpu = env_archcpu(env);
-    uint64_t blocklen = 4 << cpu->dcz_blocksize;
+    int blocklen = 4 << env_archcpu(env)->dcz_blocksize;
     uint64_t vaddr = vaddr_in & ~(blocklen - 1);
+    int mmu_idx = cpu_mmu_index(env, false);
+    void *mem;
+
+    /*
+     * Trapless lookup.  In addition to actual invalid page, may
+     * return NULL for I/O, watchpoints, clean pages, etc.
+     */
+    mem = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
 
 #ifndef CONFIG_USER_ONLY
-    {
+    if (unlikely(!mem)) {
+        uintptr_t ra = GETPC();
+
         /*
-         * Slightly awkwardly, QEMU's TARGET_PAGE_SIZE may be less than
-         * the block size so we might have to do more than one TLB lookup.
-         * We know that in fact for any v8 CPU the page size is at least 4K
-         * and the block size must be 2K or less, but TARGET_PAGE_SIZE is only
-         * 1K as an artefact of legacy v5 subpage support being present in the
-         * same QEMU executable. So in practice the hostaddr[] array has
-         * two entries, given the current setting of TARGET_PAGE_BITS_MIN.
+         * Trap if accessing an invalid page.  DC_ZVA requires that we supply
+         * the original pointer for an invalid page.  But watchpoints require
+         * that we probe the actual space.  So do both.
          */
-        int maxidx = DIV_ROUND_UP(blocklen, TARGET_PAGE_SIZE);
-        void *hostaddr[DIV_ROUND_UP(2 * KiB, 1 << TARGET_PAGE_BITS_MIN)];
-        int try, i;
-        unsigned mmu_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
-
-        assert(maxidx <= ARRAY_SIZE(hostaddr));
-
-        for (try = 0; try < 2; try++) {
-
-            for (i = 0; i < maxidx; i++) {
-                hostaddr[i] = tlb_vaddr_to_host(env,
-                                                vaddr + TARGET_PAGE_SIZE * i,
-                                                1, mmu_idx);
-                if (!hostaddr[i]) {
-                    break;
-                }
-            }
-            if (i == maxidx) {
-                /*
-                 * If it's all in the TLB it's fair game for just writing to;
-                 * we know we don't need to update dirty status, etc.
-                 */
-                for (i = 0; i < maxidx - 1; i++) {
-                    memset(hostaddr[i], 0, TARGET_PAGE_SIZE);
-                }
-                memset(hostaddr[i], 0, blocklen - (i * TARGET_PAGE_SIZE));
-                return;
-            }
+        (void) probe_write(env, vaddr_in, 1, mmu_idx, ra);
+        mem = probe_write(env, vaddr, blocklen, mmu_idx, ra);
+
+        if (unlikely(!mem)) {
             /*
-             * OK, try a store and see if we can populate the tlb. This
-             * might cause an exception if the memory isn't writable,
-             * in which case we will longjmp out of here. We must for
-             * this purpose use the actual register value passed to us
-             * so that we get the fault address right.
+             * The only remaining reason for mem == NULL is I/O.
+             * Just do a series of byte writes as the architecture demands.
              */
-            helper_ret_stb_mmu(env, vaddr_in, 0, oi, GETPC());
-            /* Now we can populate the other TLB entries, if any */
-            for (i = 0; i < maxidx; i++) {
-                uint64_t va = vaddr + TARGET_PAGE_SIZE * i;
-                if (va != (vaddr_in & TARGET_PAGE_MASK)) {
-                    helper_ret_stb_mmu(env, va, 0, oi, GETPC());
-                }
+            for (int i = 0; i < blocklen; i++) {
+                cpu_stb_mmuidx_ra(env, vaddr + i, 0, mmu_idx, ra);
             }
-        }
-
-        /*
-         * Slow path (probably attempt to do this to an I/O device or
-         * similar, or clearing of a block of code we have translations
-         * cached for). Just do a series of byte writes as the architecture
-         * demands. It's not worth trying to use a cpu_physical_memory_map(),
-         * memset(), unmap() sequence here because:
-         *  + we'd need to account for the blocksize being larger than a page
-         *  + the direct-RAM access case is almost always going to be dealt
-         *    with in the fastpath code above, so there's no speed benefit
-         *  + we would have to deal with the map returning NULL because the
-         *    bounce buffer was in use
-         */
-        for (i = 0; i < blocklen; i++) {
-            helper_ret_stb_mmu(env, vaddr + i, 0, oi, GETPC());
+            return;
         }
     }
-#else
-    memset(g2h(vaddr), 0, blocklen);
 #endif
+
+    memset(mem, 0, blocklen);
 }
author	Peter Maydell <peter.maydell@linaro.org>	2020-06-26 18:22:36 +0100
committer	Peter Maydell <peter.maydell@linaro.org>	2020-06-26 18:22:36 +0100
commit	553cf5d7c47bee05a3dec9461c1f8430316d516b (patch)
tree	c39e6a48d2746e4bf9d79cda6e3fa23a1c9d9b6d /target/arm/helper-a64.c
parent	3591ddd39987cbdaa0cfa344a262f315abd97582 (diff)
parent	c7459633baa71d1781fde4a245d6ec9ce2f008cf (diff)
download	focaccia-qemu-553cf5d7c47bee05a3dec9461c1f8430316d516b.tar.gz focaccia-qemu-553cf5d7c47bee05a3dec9461c1f8430316d516b.zip