summary refs log tree commit diff stats
path: root/include/exec (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* cpu: Replace target_ulong with hwaddr in tb_invalidate_phys_addr()Anton Johansson2023-06-261-1/+1
| | | | | | | Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230621135633.1649-13-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Replace target_ulong with vaddr in translator_*()Anton Johansson2023-06-261-3/+3
| | | | | | | | | | Use vaddr for guest virtual address in translator_use_goto_tb() and translator_loop(). Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230621135633.1649-11-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel: Replace target_ulong with vaddr in probe_*()Anton Johansson2023-06-261-7/+7
| | | | | | | | | | | Functions for probing memory accesses (and functions that call these) are updated to take a vaddr for guest virtual addresses over target_ulong. Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230621135633.1649-9-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg/cputlb.c: Widen CPUTLBEntry access functionsAnton Johansson2023-06-261-5/+5
| | | | | | | Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230621135633.1649-5-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel: Replace target_ulong in tlb_*()Anton Johansson2023-06-262-42/+41
| | | | | | | | | | Replaces target_ulong with vaddr for guest virtual addresses in tlb_*() functions and auxilliary structs. Signed-off-by: Anton Johansson <anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230621135633.1649-2-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu ↵Richard Henderson2023-06-261-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging virtio,pc,pci: fixes, features, cleanups asymmetric crypto support for cryptodev-vhost-user rom migration when rom size changes poison get, inject, clear; mock cxl events and irq support for cxl shadow virtqueue offload support for vhost-vdpa vdpa now maps shadow vrings with MAP_SHARED max_cpus went up to 1024 and we default to smbios 3.0 for pc Fixes, cleanups all over the place. In particular hw/acpi: Fix PM control register access works around a very long standing bug in memory core. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmSZl5EPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRph+8H/RZodqCadmQ1evpeWs7RBSvJeZgbJTVl/9/h # +ObvEmVz2+X4D+O1Kxh54vDV0SNVq3XjyrFy3Ur57MAR6r2ZWwB6HySaeFdi4zIm # N0SMkfUylDnf7ulyjzJoXDzHOoFnqAM6fU/jcoQXBIdUeeqwPrzLOZHrGrwevPWK # iH5JP66suOVlBuKLJjlUKI3/4vK3oTod5Xa3Oz2Cw1oODtbIa97N8ZAdBgZd3ah9 # 7mjZjcH54kFRwfidz/rkpY5NMru8BlD54MyEOWofvTL2w7aoWmVO99qHEK+SjLkG # x4Mx3aYlnOEvkJ+5yBHvtXS4Gc5T9ltY84AvcwPNuz4RKCORi1s= # =Do8p # -----END PGP SIGNATURE----- # gpg: Signature made Mon 26 Jun 2023 03:50:09 PM CEST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (53 commits) vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present vhost_net: add an assertion for TAP client backends intel_iommu: Fix address space unmap intel_iommu: Fix flag check in replay intel_iommu: Fix a potential issue in VFIO dirty page sync vhost-user: fully use new backend/frontend naming virtio-scsi: avoid dangling host notifier in ->ioeventfd_stop() hw/i386/pc: Clean up pc_machine_initfn vdpa: fix not using CVQ buffer in case of error vdpa: mask _F_CTRL_GUEST_OFFLOADS for vhost vdpa devices vhost: fix vhost_dev_enable_notifiers() error case vdpa: Allow VIRTIO_NET_F_CTRL_GUEST_OFFLOADS in SVQ vdpa: Add vhost_vdpa_net_load_offloads() virtio-net: expose virtio_net_supported_guest_offloads() hw/net/virtio-net: make some VirtIONet const vdpa: reuse virtio_vdev_has_feature() include/hw/virtio: make some VirtIODevice const vdpa: map shadow vrings with MAP_SHARED vdpa: reorder vhost_vdpa_net_cvq_cmd_page_len function vdpa: do not block migration if device has cvq and x-svq=on ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
| * softmmu: Introduce qemu_target_page_mask() helperPhilippe Mathieu-Daudé2023-06-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Since TARGET_PAGE_MASK is poisoned in target-agnostic code, introduce the qemu_target_page_mask() helper to get this value from target-agnostic code at runtime. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230524093744.88442-2-philmd@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
* | include/exec/memattrs: Add two bits of space to MemTxAttrsRichard Henderson2023-06-231-1/+8
|/ | | | | | | | | | | | | | We will need 2 bits to represent ARMSecurityState. Do not attempt to replace or widen secure, even though it logically overlaps the new field -- there are uses within e.g. hw/block/pflash_cfi01.c, which don't know anything specific about ARM. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230620124418.805717-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* exec/cpu-defs: Check for SOFTMMU instead of !USER_ONLYPhilippe Mathieu-Daudé2023-06-201-6/+6
| | | | | | | | | | | We want to check the softmmu tlb availability, not if we are targetting system emulation. Besides, this code could be used by user emulation in the future. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230605230216.17202-1-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* exec/memory: Introduce RAM_NAMED_FILE flagSteve Sistare2023-06-132-0/+4
| | | | | | | | | | | | | | | migrate_ignore_shared() is an optimization that avoids copying memory that is visible and can be mapped on the target. However, a memory-backend-ram or a memory-backend-memfd block with the RAM_SHARED flag set is not migrated when migrate_ignore_shared() is true. This is wrong, because the block has no named backing store, and its contents will be lost. To fix, ignore shared memory iff it is a named file. Define a new flag RAM_NAMED_FILE to distinguish this case. Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Reviewed-by: Peter Xu <peterx@redhat.com> Message-Id: <1686151116-253260-1-git-send-email-steven.sistare@oracle.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
* exec/ram_addr: Return number of dirty pages in ↵Joao Martins2023-06-131-6/+22
| | | | | | | | | | | | | | | | | | | cpu_physical_memory_set_dirty_lebitmap() In preparation for including the number of dirty pages in the vfio_get_dirty_bitmap() tracepoint, return the number of dirty pages in cpu_physical_memory_set_dirty_lebitmap() similar to cpu_physical_memory_sync_dirty_bitmap(). To avoid counting twice when GLOBAL_DIRTY_RATE is enabled, stash the number of bits set per bitmap quad in a variable (@nbits) and reuse it there. Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230530180556.24441-2-joao.m.martins@oracle.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
* exec/poison: Do not poison CONFIG_SOFTMMURichard Henderson2023-06-051-1/+0
| | | | | | | | If CONFIG_USER_ONLY is ok generically, so is CONFIG_SOFTMMU, because they are exactly opposite. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* plugins: Drop unused headers from exec/plugin-gen.hRichard Henderson2023-06-051-2/+0
| | | | | | | | Two headers are not required for the rest of the contents of plugin-gen.h. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* plugins: Move plugin_insn_append to translator.cRichard Henderson2023-06-051-22/+0
| | | | | | | | This function is only used in translator.c, and uses a target-specific typedef: abi_ptr. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Move env defines out of NEED_CPU_H in helper-head.hRichard Henderson2023-06-051-3/+3
| | | | | | | | Since the change to CPUArchState, we have a common typedef that can always be used. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Tidy includes for translator.[ch]Richard Henderson2023-06-051-5/+1
| | | | | | | | | | Reduce the header to only bswap.h and cpu_ldst.h. Move exec/translate-all.h to translator.c. Reduce tcg.h and tcg-op.h to tcg-op-common.h. Remove otherwise unused headers. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Move translator_fake_ldb out of lineRichard Henderson2023-06-051-7/+1
| | | | | | | | | This is used by exactly one host in extraordinary circumstances. This means that translator.h need not include plugin-gen.h; translator.c already includes plugin-gen.h. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Introduce translator_io_startRichard Henderson2023-06-052-6/+10
| | | | | | | | | New wrapper around gen_io_start which takes care of the USE_ICOUNT check, as well as marking the DisasContext to end the TB. Remove exec/gen-icount.h. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Move most of gen-icount.h into translator.cRichard Henderson2023-06-051-78/+1
| | | | | | | | | | | | The only usage of gen_tb_start and gen_tb_end are here. Move the static icount_start_insn variable into a local within translator_loop. Simplify the two subroutines by passing in the existing local cflags variable. Leave only the declaration of gen_io_start in gen-icount.h. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* include/exec: Remove CODE_GEN_AVG_BLOCK_SIZERichard Henderson2023-06-051-10/+0
| | | | | | | | The last use was removed with 2ac01d6dafab. Fixes: 2ac01d6dafab ("translate-all: use a binary search tree to track TBs in TBContext") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Spit out exec/translation-block.hRichard Henderson2023-06-052-131/+150
| | | | | | | This is all that is required by tcg/ from exec-all.h. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* exec-all: Widen TranslationBlock pc and cs_base to 64-bitsRichard Henderson2023-06-051-2/+2
| | | | | | | | | This makes TranslationBlock agnostic to the address size of the guest. Use vaddr for pc, since that's always a virtual address. Use uint64_t for cs_base, since usage varies between guests. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* exec-all: Widen tb_page_addr_t for user-onlyRichard Henderson2023-06-051-2/+2
| | | | | | | | This is a step toward making TranslationBlock agnostic to the address size of the guest. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Move TLB_FLAGS_MASK check out of get_alignment_bitsRichard Henderson2023-06-051-0/+3
| | | | | | | | | | The replacement isn't ideal, as the raw count of bits is not easily synced with exec/cpu-all.h, but it does remove from tcg.h the target dependency on TARGET_PAGE_BITS_MIN which is built into TLB_FLAGS_MASK. Reviewed-by: Anton Johansson <anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Split helper-proto.hRichard Henderson2023-06-053-64/+95
| | | | | | | | | | Create helper-proto-common.h without the target specific portion. Use that in tcg-op-common.h. Include helper-proto.h in target/arm and target/hexagon before helper-info.c.inc; all other targets are already correct in this regard. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Split helper-gen.hRichard Henderson2023-06-053-97/+124
| | | | | | | | | | Create helper-gen-common.h without the target specific portion. Use that in tcg-op-common.h. Reorg headers in target/arm to ensure that helper-gen.h is included before helper-info.c.inc. All other targets are already correct in this regard. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Split tcg_gen_callNRichard Henderson2023-06-051-20/+20
| | | | | | | | | | | | | | | | | Make tcg_gen_callN a static function. Create tcg_gen_call[0-7] functions for use by helper-gen.h.inc. Removes a multiplicty of calls to __stack_chk_fail, saving up to 143kiB of .text space as measured on an x86_64 host. Old New Less %Change 8888680 8741816 146864 1.65% qemu-system-aarch64 5911832 5856152 55680 0.94% qemu-system-riscv64 5816728 5767512 49216 0.85% qemu-system-mips64 6707832 6659144 48688 0.73% qemu-system-ppc64 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Pass TCGHelperInfo to tcg_gen_callNRichard Henderson2023-06-053-101/+136
| | | | | | | | | | | | | | In preparation for compiling tcg/ only once, eliminate the all_helpers array. Instantiate the info structs for the generic helpers in accel/tcg/, and the structs for the target-specific helpers in each translate.c. Since we don't see all of the info structs at startup, initialize at first use, using g_once_init_* to make sure we don't race while doing so. Reviewed-by: Anton Johansson <anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Remove outdated comments in helper-head.hRichard Henderson2023-06-051-15/+3
| | | | | Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Split out tcg/oversized-guest.hRichard Henderson2023-06-051-2/+1
| | | | | | | | Move a use of TARGET_LONG_BITS out of tcg/tcg.h. Include the new file only where required. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Add tlb_fast_offset to TCGContextRichard Henderson2023-06-052-38/+57
| | | | | | | | Disconnect the layout of ArchCPU from TCG compilation. Pass the relative offset of 'env' and 'neg.tlb.f' as a parameter. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Widen CPUTLBEntry comparators to 64-bitsRichard Henderson2023-06-052-30/+26
| | | | | | | | | | | | | | | | | | | | | | This makes CPUTLBEntry agnostic to the address size of the guest. When 32-bit addresses are in effect, we can simply read the low 32 bits of the 64-bit field. Similarly when we need to update the field for setting TLB_NOTDIRTY. For TCG backends that could in theory be big-endian, but in practice are not (arm, loongarch, riscv), use QEMU_BUILD_BUG_ON to document and ensure this is not accidentally missed. For s390x, which is always big-endian, use HOST_BIG_ENDIAN anyway, to document the reason for the adjustment. For sparc64 and ppc64, always perform a 64-bit load, and rely on the following 32-bit comparison to ignore the high bits. Rearrange mips and ppc if ladders for clarity. Reviewed-by: Anton Johansson <anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: remove the final vestiges of dstateAlex Bennée2023-06-011-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now we no longer have dynamic state affecting things we can remove the additional fields in cpu.h and simplify the TB hash calculation. For the benchmark: hyperfine -w 2 -m 20 \ "./arm-softmmu/qemu-system-arm -cpu cortex-a15 \ -machine type=virt,highmem=off \ -display none -m 2048 \ -serial mon:stdio \ -netdev user,id=unet,hostfwd=tcp::2222-:22 \ -device virtio-net-pci,netdev=unet \ -device virtio-scsi-pci \ -blockdev driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf \ -device scsi-hd,drive=hd -smp 4 \ -kernel /home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage \ -append 'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' \ -snapshot" It has a marginal effect on runtime, before: Time (mean ± σ): 26.279 s ± 2.438 s [User: 41.113 s, System: 1.843 s] Range (min … max): 24.420 s … 32.565 s 20 runs after: Time (mean ± σ): 24.440 s ± 2.885 s [User: 34.474 s, System: 2.028 s] Range (min … max): 21.663 s … 29.937 s 20 runs Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1358 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20230526165401.574474-10-alex.bennee@linaro.org Message-Id: <20230524133952.3971948-9-alex.bennee@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tcg: Remove DEBUG_DISASRichard Henderson2023-05-231-3/+0
| | | | | | | | This had been set since the beginning, is never undefined, and it would seem to be harmful to debugging to do so. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Remove cpu_atomic_{ld,st}o_*_mmuRichard Henderson2023-05-231-9/+0
| | | | | | | | Atomic load/store of 128-byte quantities is now handled by cpu_{ld,st}16_mmu. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Unify cpu_{ld,st}*_{be,le}_mmuRichard Henderson2023-05-231-46/+12
| | | | | | | | | | | | | | With the current structure of cputlb.c, there is no difference between the little-endian and big-endian entry points, aside from the assert. Unify the pairs of functions. The only use of the functions with explicit endianness was in target/sparc64, and that was only to satisfy the assert: the correct endianness is already built into memop. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* hostmem-file: add offset optionAlexander Graf2023-05-233-1/+5
| | | | | | | | | | | | | | | | | | | Add an option for hostmem-file to start the memory object at an offset into the target file. This is useful if multiple memory objects reside inside the same target file, such as a device node. In particular, it's useful to map guest memory directly into /dev/mem for experimentation. To make this work consistently, also fix up all places in QEMU that expect fd offsets to be 0. Signed-off-by: Alexander Graf <graf@amazon.com> Message-Id: <20230403221421.60877-1-graf@amazon.com> Acked-by: Markus Armbruster <armbru@redhat.com> Acked-by: Peter Xu <peterx@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
* migration: Add last stage indicator to global dirty logGavin Shan2023-05-181-2/+7
| | | | | | | | | | | | | | | | | | | | | | The global dirty log synchronization is used when KVM and dirty ring are enabled. There is a particularity for ARM64 where the backup bitmap is used to track dirty pages in non-running-vcpu situations. It means the dirty ring works with the combination of ring buffer and backup bitmap. The dirty bits in the backup bitmap needs to collected in the last stage of live migration. In order to identify the last stage of live migration and pass it down, an extra parameter is added to the relevant functions and callbacks. This last stage indicator isn't used until the dirty ring is enabled in the subsequent patches. No functional change intended. Signed-off-by: Gavin Shan <gshan@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Tested-by: Zhenyu Zhang <zhenyzha@redhat.com> Message-Id: <20230509022122.20888-2-gshan@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* tcg: Split out exec/user/guest-base.hRichard Henderson2023-05-162-4/+13
| | | | | | | | TCG will need this declaration, without all of the other bits that come with cpu-all.h. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Widen plugin_gen_empty_mem_callback to i64Richard Henderson2023-05-161-2/+2
| | | | | | | | Since we do this inside gen_empty_mem_cb anyway, let's do this earlier inside tcg expansion. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* include/exec/memop: Add MO_ATOM_*Richard Henderson2023-05-161-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | This field may be used to describe the precise atomicity requirements of the guest, which may then be used to constrain the methods by which it may be emulated by the host. For instance, the AArch64 LDP (32-bit) instruction changes semantics with ARMv8.4 LSE2, from MO_64 | MO_ATOM_IFALIGN_PAIR (64-bits, single-copy atomic only on 4 byte units, nonatomic if not aligned by 4), to MO_64 | MO_ATOM_WITHIN16 (64-bits, single-copy atomic within a 16 byte block) The former may be implemented with two 4 byte loads, or a single 8 byte load if that happens to be efficient on the host. The latter may not be implemented with two 4 byte loads and may also require a helper when misaligned. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* softmmu: Create qemu_target_pages_to_MiB()Juan Quintela2023-05-151-0/+1
| | | | | | | | | Function that convert a number of target_pages into its size in MiB. Suggested-by: Richard Henderson <richard.henderson@linaro.org> Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20230511141208.17779-2-quintela@redhat.com>
* accel/tcg: Introduce tlb_read_idxRichard Henderson2023-05-112-5/+24
| | | | | | | | | | | Instead of playing with offsetof in various places, use MMUAccessType to index an array. This is easily defined instead of the previous dummy padding array in the union. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tcg: Remove TARGET_ALIGNED_ONLYRichard Henderson2023-05-112-12/+2
| | | | | | | All uses have now been expunged. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* cpu: expose qemu_cpu_list_lock for lock-guard useJamie Iles2023-05-111-0/+1
| | | | | | | | | | | | Expose qemu_cpu_list_lock globally so that we can use WITH_QEMU_LOCK_GUARD and QEMU_LOCK_GUARD to simplify a few code paths now and in future. Signed-off-by: Jamie Iles <quic_jiles@quicinc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230427020925.51003-2-quic_jiles@quicinc.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel/tcg: Add cpu_ld*_code_mmuRichard Henderson2023-05-021-0/+9
| | | | | | | | | | | | | At least RISC-V has the need to be able to perform a read using execute permissions, outside of translation. Add helpers to facilitate this. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn> Tested-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-Id: <20230325105429.1142530-9-richard.henderson@linaro.org> Message-Id: <20230412114333.118895-9-richard.henderson@linaro.org>
* accel/tcg: Use one_insn_per_tb global instead of old singlestep globalPeter Maydell2023-05-021-2/+0
| | | | | | | | | | | | | | | | | | | The only place left that looks at the old 'singlestep' global variable is the TCG curr_cflags() function. Replace the old global with a new 'one_insn_per_tb' which is defined in tcg-all.c and declared in accel/tcg/internal.h. This keeps it restricted to the TCG code, unlike 'singlestep' which was available to every file in the system and defined in multiple different places for softmmu vs linux-user vs bsd-user. While we're making this change, use qatomic_read() and qatomic_set() on the accesses to the new global, because TCG will read it without holding a lock. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230417164041.684562-4-peter.maydell@linaro.org
* memory: prevent dma-reentracy issuesAlexander Bulekov2023-04-281-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA. This flag is set/checked prior to calling a device's MemoryRegion handlers, and set when device code initiates DMA. The purpose of this flag is to prevent two types of DMA-based reentrancy issues: 1.) mmio -> dma -> mmio case 2.) bh -> dma write -> mmio case These issues have led to problems such as stack-exhaustion and use-after-frees. Summary of the problem from Peter Maydell: https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282 Resolves: CVE-2023-0330 Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20230427211013.2994127-2-alxndr@bu.edu> [thuth: Replace warn_report() with warn_report_once()] Signed-off-by: Thomas Huth <thuth@redhat.com>
* cpu: Remove parameter of list_cpus()Thomas Huth2023-04-201-1/+1
| | | | | | | | | The "optarg" parameter is completely unused, so let's drop it. Message-Id: <20230419124831.678079-1-thuth@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
* include/exec: Provide the tswap() functions for target independent code, tooThomas Huth2023-04-202-63/+73
| | | | | | | | | | | | | | In some cases of target independent code, it would be useful to have access to the functions that swap endianess in case it differs between guest and host. Thus re-implement the tswapXX() functions in a new header that can be included separately. The check whether the swapping is needed continues to be done at compile-time for target specific code, while it is done at run-time in target-independent code. Message-Id: <20230411183418.1640500-3-thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Thomas Huth <thuth@redhat.com>