Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Build system and target/i386/translate.c cleanups
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmZRy1gUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMTtQf/ZQskuqZyTrDhB/uVUT8oT5JNKQNS
# GbFSgDK7jDdBeU3UmoYrlx9vfFR/mH5cA88MlusUy0SjQBNo4onD725o6Vvum/LW
# DPe5ZyE34wvOasM7KXqJsD+2SttjaVjCXN4ip+E9WL5By2TWJgrk6IgTtvAhT9cd
# LWb5OEIInaq7ZiWz3EpjmGvZd0M4mxqXi5OeDvmoFyf38xElfbWZWbfhJv+H5L1X
# stivPBtUbXOzh63NL491hUYQtiAWlow8Qcnn7CYRflb6Vdd4QPK+6W8FX5KyU2eC
# bXRXloW7wjEAC9pyiVky1SCvtNg7AVFL+9kxwiGreoZfo+/IMA+NP6pGOg==
# =hpWy
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 25 May 2024 04:28:24 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (24 commits)
migration: remove unnecessary zlib dependency
meson: do not query modules before they are processed
tcg: include dependencies in static_library()
meson: remove unnecessary dependency
meson: remove unnecessary reference to libm
target/i386: remove aflag argument of gen_lea_v_seg
target/i386: clean up repeated string operations
target/i386: introduce gen_lea_ss_ofs
target/i386: use mo_stacksize more
target/i386: inline gen_add_A0_ds_seg
target/i386: split gen_ldst_modrm for load and store
target/i386: reg in gen_ldst_modrm is always OR_TMP0
target/i386: raze the gen_eob* jungle
target/i386: assert that gen_update_eip_cur and gen_update_eip_next are the same in tb_stop
target/i386: avoid calling gen_eob_inhibit_irq before tb_stop
target/i386: avoid calling gen_eob_syscall before tb_stop
target/i386: document and group DISAS_* constants
target/i386: set CC_OP in helpers if they want CC_OP_EFLAGS
target/i386: cpu_load_eflags already sets cc_op
target/i386: remove unnecessary gen_update_cc_op before gen_eob*
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Paolo Bonzini [Fri, 24 May 2024 10:06:10 +0000 (12:06 +0200)]
meson: remove unnecessary dependency
The dbus_display1_dep is not really used since all occurrences also
request gio independently. Just list the generated sources and drop
dbus_display1_dep.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 24 Apr 2024 14:58:15 +0000 (16:58 +0200)]
target/i386: introduce gen_lea_ss_ofs
Generalize gen_stack_A0() to include an initial add and to use an arbitrary
destination. This is a common pattern and it is not a huge burden to
add the extra arguments to the only caller of gen_stack_A0().
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 16 May 2024 16:43:44 +0000 (18:43 +0200)]
target/i386: cleanup eob handling of RSM
gen_helper_rsm cannot generate an exception, and reloads the flags.
So there's no need to spill cc_op and update cpu_eip, but on the
other hand cc_op must be reset to CC_OP_EFLAGS before returning.
It all works by chance, because by spilling cc_op before the call
to the helper, it becomes non-dirty and gen_eob will not overwrite
the CC_OP_EFLAGS value that is placed there by the helper. But
let's clean it up.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Sat, 25 May 2024 08:03:22 +0000 (10:03 +0200)]
target/i386: no single-step exception after MOV or POP SS
Intel SDM 18.3.1.4 "If an occurrence of the MOV or POP instruction
loads the SS register executes with EFLAGS.TF = 1, no single-step debug
exception occurs following the MOV or POP instruction."
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 24 May 2024 15:17:47 +0000 (17:17 +0200)]
target/i386: disable jmp_opt if EFLAGS.RF is 1
If EFLAGS.RF is 1, special processing in gen_eob_worker() is needed and
therefore goto_tb cannot be used.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The point of CPU_CFLAGS is really just to select the appropriate multilib,
for example for library linking tests, and -mcx16 is not needed for
that purpose.
Furthermore, if -mcx16 is part of QEMU's choice of a basic x86_64
instruction set, it should be applied to cross-compiled x86_64 code too;
it is plausible that tests/tcg would want to cover cmpxchg16b as well,
for example. In the end this makes just as much sense as a per sub-build
tweak, so move the flag to meson.build and cross_cc_cflags_x86_64.
This leaves out contrib/plugins, which would fail when attempting to use
__sync_val_compare_and_swap_16 (note it does not do yet); while minor,
this *is* a disadvantage of this change. But building contrib/plugins
with a Makefile instead of meson.build is something self-inflicted just
for the sake of showing that it can be done, and if this kind of papercut
started becoming a problem we could make the directory part of the meson
build. Until then, we can live with the limitation.
Signed-off-by: Artyom Kunakovsky <artyomkunakovsky@gmail.com>
Message-ID: <20240523051118.29367-1-artyomkunakovsky@gmail.com>
[rewrite commit message, remove from configure. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Merge tag 'pull-ppc-for-9.1-1-20240524-1' of https://gitlab.com/npiggin/qemu into staging
*** NOTE ***
This replaces the previous PR for tags/pull-ppc-for-9.1-1-20240524
* Fix an interesting TLB invalidate race
* Implement more instructions with decodetree
* Add the POWER8/9/10 BHRB facility
* Add missing instructions, registers, SMT support
* First round of a big MMU xlate cleanup
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEETkN92lZhb0MpsKeVZ7MCdqhiHK4FAmZP1bsACgkQZ7MCdqhi
# HK7TuQ/7BQugpF2yOYroQmo0Yl4RPfFp6ACqfYQgehcGegg3SWpEselTeOJla3G9
# UyVd0mlWf7DciYi61qit/WyLOeuRXMtRjrnFLV2wz9o7D/Ey5/aLQfUL4oCDt/i2
# hmmq3ZAcr7WWxaz338pLJx9gIVjaNiqSoRz9HgHNkQq0pxkbEo1eSjZ6QLSvqYC2
# dwtJHywFrHNo14aq1Nc7PZ5MFxNN6t7hm7KRHKFrt8Obar15n64MSHyRvMzHI9EO
# RgNzz9/qe5yvJ4kmaNiZjntxojXCBUhhlCTtaDIG1LDBc2yNG5VWQUnwThvyNxxX
# h+Ia4Pv7blXikQ6RuqsvFyrLCgUvwXwBiQwiQCJyITk0asLyJVwhkUpiI/jJvOun
# AujSA/6e2pbSe4RUZytkzygx2KVODrVtcSoOvo8kRw+2aTOWMv7DbfBalmWJQWgx
# 0xSeuUz22eNKEL2XbZWNM5v0OgXUXIs9BVeCqn7RB4lC2RNi72v111UPuKYq6Ijx
# SHWQMGPGu9FNBsIdriclRWXVXHpVHz/s/l8AJT8ad6E57UHVk5zCPrbFZFImvQkL
# E7xlctijeST8V5qGyBPG3M4aPoER9+6J32ORSx7KwDwr+fzkbNUXC8UUC4OjAZ+d
# 2vhie9Vs5xWq/E8gGovTymeQ4yHArobDz/j7+rrr0qeppnKLWjM=
# =jHL7
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 May 2024 04:48:11 PM PDT
# gpg: using RSA key 4E437DDA56616F4329B0A79567B30276A8621CAE
# gpg: Good signature from "Nicholas Piggin <npiggin@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4E43 7DDA 5661 6F43 29B0 A795 67B3 0276 A862 1CAE
* tag 'pull-ppc-for-9.1-1-20240524-1' of https://gitlab.com/npiggin/qemu: (72 commits)
target/ppc: Remove pp_check() and reuse ppc_hash32_pp_prot()
target/ppc: Move out BookE and related MMU functions from mmu_common.c
target/ppc: Add a function to check for page protection bit
target/ppc/mmu-radix64.c: Drop a local variable
target/ppc/mmu-hash32.c: Drop a local variable
target/ppc: Split off common embedded TLB init
target/ppc: Remove id_tlbs flag from CPU env
target/ppc: Move mmu_ctx_t type to mmu_common.c
target/ppc: Transform ppc_jumbo_xlate() into ppc_6xx_xlate()
target/ppc: Split off 40x cases from ppc_jumbo_xlate()
target/ppc: Split off real mode handling from get_physical_address_wtlb()
target/ppc: Simplify ppc_booke_xlate() part 2
target/ppc: Simplify ppc_booke_xlate() part 1
target/ppc: Split off BookE handling from ppc_jumbo_xlate()
target/ppc: Remove BookE from direct store handling
target/ppc: Don't use mmu_ctx_t in mmubooke206_get_physical_address()
target/ppc: Don't use mmu_ctx_t in mmubooke_get_physical_address()
target/ppc: Don't use mmu_ctx_t for mmu40x_get_physical_address()
target/ppc: Replace hard coded constants in ppc_jumbo_xlate()
target/ppc: Deindent ppc_jumbo_xlate()
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
BALATON Zoltan [Sun, 12 May 2024 23:28:09 +0000 (01:28 +0200)]
target/ppc: Remove pp_check() and reuse ppc_hash32_pp_prot()
The ppc_hash32_pp_prot() function in mmu-hash32.c is the same as
pp_check() in mmu_common.c, merge these to remove duplicated code.
Define the common function as static lnline otherwise exporting the
function from mmu-hash32.c would stop the compiler inlining it which
results in slightly lower performance.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
[np: move ppc_hash32_pp_prot inline without changing it] Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:28:07 +0000 (01:28 +0200)]
target/ppc: Add a function to check for page protection bit
Checking if a page protection bit is set for a given access type is a
common operation. Add a function to avoid repeating the same check at
multiple places. As this relies on access type and page protection bit
values having certain relation also add an assert to ensure that this
assumption holds.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:28:05 +0000 (01:28 +0200)]
target/ppc/mmu-hash32.c: Drop a local variable
In ppc_hash32_xlate() the value of need_prop is checked in two places
but precalculating it does not help because when we reach the first
check we always return and not reach the second place so the value
will only be used once. We can drop the local variable and calculate
it when needed, which makes these checks using it similar to other
places with such checks.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:28:03 +0000 (01:28 +0200)]
target/ppc: Split off common embedded TLB init
Several 4xx CPUs and e200 share the same TLB settings enclosed in an
ifdef. Split it off in a common function to reduce code duplication
and the number of ifdefs.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:55 +0000 (01:27 +0200)]
target/ppc: Simplify ppc_booke_xlate() part 1
Move setting error_code that appears in every case out in front and
hoist the common fall through case for BOOKE206 as well which allows
removing the nested switches.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:49 +0000 (01:27 +0200)]
target/ppc: Replace hard coded constants in ppc_jumbo_xlate()
The "2" in booke206_update_mas_tlb_miss() call corresponds to
MMU_INST_FETCH which is the value of access_type in this branch;
mmubooke206_esr() only checks for MMU_DATA_STORE and it's called from
code access so using MMU_DATA_LOAD here seems wrong so replace it with
access_type here as well that yields the same result. This also makes
these calls the same as the data access branch further down.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:44 +0000 (01:27 +0200)]
target/ppc: Split off real mode cases in get_physical_address_wtlb()
The real mode handling is identical in the remaining switch cases.
Split off these common real mode cases into a separate conditional to
leave only the else branches in the switch that are different.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:40 +0000 (01:27 +0200)]
target/ppc: Move else branch to avoid large if block in mmu6xx_get_physical_address()
In mmu6xx_get_physical_address() we have a large if block with a two
line else branch that effectively returns. Invert the condition and
move the else there to allow deindenting the large if block to make
the flow easier to follow.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Repurpose get_segment_6xx_tlb() to do the whole address translation
for POWERPC_MMU_SOFT_6xx MMU model by moving the BAT check there and
renaming it to match other similar functions. These are only called
once together so no need to keep these separate functions and
combining them simplifies the caller allowing further restructuring.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:38 +0000 (01:27 +0200)]
target/ppc: Drop cases for unimplemented MPC8xx MMU
Drop MPC8xx cases from get_physical_address_wtlb() and ppc_jumbo_xlate().
The default case would still catch this and abort the same way and
there is still a warning about it in ppc_tlb_invalidate_all() which is
called in ppc_cpu_reset_hold() so likely we never get here but to make
sure add a case to ppc_xlate() to the same effect.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:37 +0000 (01:27 +0200)]
target/ppc: Simplify checking for real mode in get_physical_address_wtlb()
In get_physical_address_wtlb() the real_mode flag depends on either
the MSR[IR] or MSR[DR] bit depending on access_type. Extract just the
needed bit in a more straight forward way instead of doing unnecessary
computation.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:36 +0000 (01:27 +0200)]
target/ppc: Remove unneeded local variable from booke tlb checks
In mmubooke_check_tlb() and mmubooke206_check_tlb() we can assign the
value of prot2 directly to the destination, no need to have a separate
local variable for it.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
BALATON Zoltan [Sun, 12 May 2024 23:27:35 +0000 (01:27 +0200)]
target/ppc: Move calculation of a value closer to its usage in booke tlb checks
In mmubooke_check_tlb() and mmubooke206_check_tlb() prot2 is
calculated first but only used after an unrelated check that can
return before tha value is used. Move the calculation after the check,
closer to where it is used, to keep them together and avoid computing
it when not needed.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
I think it's use was removed by
Commit 5883d8b296 ("mmu-hash*: Don't use full ppc_hash{32,
64}_translate() path for get_phys_page_debug()")
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Dr. David Alan Gilbert <dave@treblig.org> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Mon, 5 Jun 2023 10:05:36 +0000 (20:05 +1000)]
target/ppc: add SMT support to msgsnd broadcast
msgsnd has a broadcast mode that sends hypervisor doorbells to all
threads belonging to the same core as the target. A "subcore" mode
sends to all or one thread depending on 1LPAR mode.
Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Sun, 18 Jun 2023 09:37:07 +0000 (19:37 +1000)]
target/ppc: Implement SPRC/SPRD SPRs
This implements the POWER SPRC/SPRD SPRs, and SCRATCH0-7 registers that
can be accessed via these indirect SPRs.
SCRATCH registers only provide storage, but they are used by firmware
for low level crash and progress data, so this implementation logs
writes to the registers to help with analysis.
Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Sun, 18 Jun 2023 09:39:13 +0000 (19:39 +1000)]
target/ppc: Implement attn instruction on BookS 64-bit processors
attn is an implementation-specific instruction that on POWER (and G5/
970) can be enabled with a HID bit (disabled = illegal), and executing
it causes the host processor to stop and the service processor to be
notified. Generally used for debugging.
Implement attn and make it checkstop the system, which should be good
enough for QEMU debugging.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Mon, 11 Mar 2024 18:33:18 +0000 (04:33 +1000)]
target/ppc: improve checkstop logging
Change the logging not to print to stderr as well, because a
checkstop is a guest error (or perhaps a simulated machine error)
rather than a QEMU error, so send it to the log.
Update the checkstop message, and log CPU registers too.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Sun, 11 Jun 2023 17:02:15 +0000 (03:02 +1000)]
target/ppc: Make checkstop actually stop the system
checkstop state does not halt the system, interrupts continue to be
serviced, and other CPUs run. Make it stop the machine with
qemu_system_guest_panicked.
Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Mon, 5 Jun 2023 00:56:50 +0000 (10:56 +1000)]
target/ppc: larx/stcx generation need only apply DEF_MEMOP() once
Use DEF_MEMOP() consistently in larx and stcx. generation, and apply it
once when it's used rather than where the macros are expanded, to reduce
typing.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Glenn Miles [Thu, 28 Mar 2024 10:41:37 +0000 (20:41 +1000)]
target/ppc: Add migration support for BHRB
Adds migration support for Branch History Rolling
Buffer (BHRB) internal state.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Glenn Miles [Thu, 28 Mar 2024 10:41:35 +0000 (20:41 +1000)]
target/ppc: Add clrbhrb and mfbhrbe instructions
Add support for the clrbhrb and mfbhrbe instructions.
Since neither instruction is believed to be critical to
performance, both instructions were implemented using helper
functions.
Access to both instructions is controlled by bits in the
HFSCR (for privileged state) and MMCR0 (for problem state).
A new function, helper_mmcr0_facility_check, was added for
checking MMCR0[BHRBA] and raising a facility_unavailable exception
if required.
NOTE: For P8 and P9, due to a performance issue, branch history will
not be kept, but the instructions will be allowed to execute
as normal with the exception that the mfbhrbe instruction will
always return a zero value.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Glenn Miles [Thu, 28 Mar 2024 10:41:33 +0000 (20:41 +1000)]
target/ppc: Add recording of taken branches to BHRB
This commit continues adding support for the Branch History
Rolling Buffer (BHRB) as is provided starting with the P8
processor and continuing with its successors. This commit
is limited to the recording and filtering of taken branches.
The following changes were made:
- Enabled functionality on P10 processors only due to
performance impact seen with P8 and P9 where it is not
disabled for non problem state branches.
- Added a BHRB buffer for storing branch instruction and
target addresses for taken branches
- Renamed gen_update_cfar to gen_update_branch_history and
added a 'target' parameter to hold the branch target
address and 'inst_type' parameter to use for filtering
- Added TCG code to gen_update_branch_history that stores
data to the BHRB and updates the BHRB offset.
- Added BHRB resource initialization and reset functions
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Glenn Miles [Thu, 28 Mar 2024 10:41:29 +0000 (20:41 +1000)]
target/ppc: Add new hflags to support BHRB
This commit is preparatory to the addition of Branch History
Rolling Buffer (BHRB) functionality, which is being provided
today starting with the P8 processor.
BHRB uses several SPR register fields to control whether or not
a branch instruction's address (and sometimes target address)
should be recorded. Checking each of these fields with each
branch instruction using jitted code would lead to a significant
decrease in performance.
Therefore, it was decided that BHRB configuration bits that are
not expected to change frequently should have their state summarized
in an hflag so that the amount of checking done by jitted code can
be reduced.
This commit contains the changes for summarizing the state of the
following register fields in the HFLAGS_BHRB_ENABLE hflag:
MMCR0[FCP] - Determines if BHRB recording is frozen in the
problem state
MMCR0[FCPC] - A modifier for MMCR0[FCP]
MMCRA[BHRBRD] - Disables all BHRB recording for a thread
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
target/ppc: Move VMX integer max/min instructions to decodetree.
Moving the following instructions to decodetree specification :
v{max, min}{u, s}{b, h, w, d} : VX-form
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op' flag.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
The changes were verified by validating that the tcp ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op' flag.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured using the '-d in_asm,op' flag.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
With this patch, all the fixed-point logical instructions have been
moved to decodetree.
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op' flag.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com>
[np: 32-bit compile fix] Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured using the '-d in_asm,op' flag.
Also for CMPRB, following review comments :
Replaced repetition of arithmetic right shifting (tcg_gen_shri_i32) followed
by extraction of last 8 bits (tcg_gen_ext8u_i32) with extraction of the required
bits using offsets (tcg_gen_extract_i32).
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com>
[np: 32-bit compile fix] Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
target/ppc: Move div/mod fixed-point insns (64 bits operands) to decodetree.
Moving the below instructions to decodetree specification :
divd[u, e, eu][o][.] : XO-form
mod{sd, ud} : X-form
With this patch, all the fixed-point arithmetic instructions have been
moved to decodetree.
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured using the '-d in_asm,op' flag.
Also, remaned do_divwe method in fixedpoint-impl.c.inc to do_dive because it is
now used to divide doubleword operands as well, and not just words.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com>
[np: 32-bit compile fix] Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op'
flag.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com>
[np: 32-bit compile fix] Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
target/ppc: Move neg, darn, mod{sw, uw} to decodetree.
Moving the below instructions to decodetree specification :
neg[o][.] : XO-form
mod{sw, uw}, darn : X-form
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op' flag.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com>
[np: 32-bit compile fix] Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
target/ppc: Move divw[u, e, eu] instructions to decodetree.
Moving the following instructions to decodetree specification :
divw[u, e, eu][o][.] : XO-form
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op' flag.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
target/ppc: Make divw[u] handler method decodetree compatible.
The handler methods for divw[u] instructions internally use Rc(ctx->opcode),
for extraction of Rc field of instructions, which poses a problem if we move
the above said instructions to decodetree, as the ctx->opcode field is not
popluated in decodetree. Hence, making it decodetree compatible, so that the
mentioned insns can be safely move to decodetree specs.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
target/ppc: Move mul{li, lw, lwo, hw, hwu} instructions to decodetree.
Moving the following instructions to decodetree specification :
mulli : D-form
mul{lw, lwo, hw, hwu}[.] : XO-form
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op' flag.
Also cleaned up code for mullw[o][.] as per review comments while
keeping the logic of the tcg ops generated semantically same.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
With this patch, all the floating-point arithmetic instructions have been
moved to decodetree.
The changes were verified by validating that the tcg ops generated by those
instructions remain the same, which were captured with the '-d in_asm,op' flag.
Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Wed, 1 May 2024 13:04:33 +0000 (23:04 +1000)]
target/ppc: Fix embedded memory barriers
Memory barriers are supposed to do something on BookE systems, these
were probably just missed during MTTCG enablement, maybe no targets
support SMP. Either way, add proper BookE implementations.
Reviewed-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Wed, 1 May 2024 13:04:32 +0000 (23:04 +1000)]
target/ppc: Move sync instructions to decodetree
This tries to faithfully reproduce the odd BookE logic. Note the
e206 check in gen_msync_4xx() is always false, so not carried over.
It does change the handling of non-zero reserved bits outside the
defined fields from being illegal to being ignored, which the
architecture specifies ot help with backward compatibility of new
fields. The existing behaviour causes illegal instruction exceptions
when using new POWER10 sync variants that add new fields, after this
the instructions are accepted and are implemented as supersets of
the new behaviour, as intended.
Reviewed-by: Chinmay Rath <rathc@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Tue, 26 Mar 2024 14:18:14 +0000 (00:18 +1000)]
tcg/cputlb: remove other-cpu capability from TLB flushing
Some TLB flush operations can flush other CPUs. The problem with this
is they used non-synced variants of flushes (i.e., that return
before the destination has completed the flush). Since all TLB flush
users need the _synced variants, and that last user (ppc) of the
non-synced flush was buggy, this is a footgun waiting to go off. There
do not seem to be any callers that flush other CPUs, so remove the
capability.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Tue, 26 Mar 2024 14:04:20 +0000 (00:04 +1000)]
tcg/cputlb: Remove non-synced variants of global TLB flushes
These are no longer used.
tlb_flush_all_cpus: removed by previous commit.
tlb_flush_page_all_cpus: removed by previous commit.
tlb_flush_page_bits_by_mmuidx_all_cpus: never used.
tlb_flush_page_by_mmuidx_all_cpus: never used.
tlb_flush_page_bits_by_mmuidx_all_cpus: never used, thus:
tlb_flush_range_by_mmuidx_all_cpus: never used.
tlb_flush_by_mmuidx_all_cpus: never used.
Nicholas Piggin [Tue, 26 Mar 2024 13:20:43 +0000 (23:20 +1000)]
target/ppc: Fix broadcast tlbie synchronisation
With mttcg, broadcast tlbie instructions do not wait until other vCPUs
have been kicked out of TCG execution before they complete (including
necessary subsequent tlbsync, etc., instructions). This is contrary to
the ISA, and it permits other vCPUs to use translations after the TLB
flush. For example:
CPU0
// *memP is initially 0, memV maps to memP with *pte
*pte = 0;
ptesync ; tlbie ; eieio ; tlbsync ; ptesync
*memP = 1;
CPU1
assert(*memV == 0);
It is possible for the assertion to fail because CPU1 translates memV
using the TLB after CPU0 has stored 1 to the underlying memory. This
race was observed with a careful test case where CPU1 checks run in a
very large expensive TB so it can run for the entire CPU0 period between
clearing the pte and storing the memory, but host vCPU thread preemption
could cause the race to hit anywhere.
As explained in commit 4ddc104689b ("target/ppc: Fix tlbie"), it is not
enough to just use tlb_flush_all_cpus_synced(), because that does not
execute until the calling CPU has finished its TB. It is also required
that the TB is ended at the point where the TLB flush must subsequently
take effect.
Nicholas Piggin [Mon, 22 Jan 2024 06:21:15 +0000 (16:21 +1000)]
ppc/spapr: Add ibm,pi-features
The ibm,pi-features property has a bit to say whether or not
msgsndp should be used. Linux checks if it is being run under
KVM and avoids msgsndp anyway, but it would be preferable to
rely on this bit.
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Wed, 21 Feb 2024 10:08:31 +0000 (20:08 +1000)]
spapr: avoid overhead of finding vhyp class in critical operations
PPC_VIRTUAL_HYPERVISOR_GET_CLASS is used in critical operations like
interrupts and TLB misses and is quite costly. Running the
kvm-unit-tests sieve program with radix MMU enabled thrashes the TCG
TLB and spends a lot of time in TLB and page table walking code. The
test takes 67 seconds to complete with a lot of time being spent in
code related to finding the vhyp class:
Merge tag 'pull-tcg-20240523' of https://gitlab.com/rth7680/qemu into staging
tcg: Introduce TCG_TARGET_HAS_tst_vec
accel/tcg: Init tb size and icount before plugin_gen_tb_end
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmZPazYdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/hkwgAl/Qdaha8HNW+TkbL
# 3aQU914xSTbQVYKKCihe1R6tJ4jRw9zSj4Bf43f2GCNaz5GZyO2ek3DYHoYF4z/A
# OzNW1Vg2qQ+DS65EhTrvBWOko70zvTeh4eLyASxgEbCpWmsh1d2oLGO0mdjJkrfe
# UdcEXPZ+q0iXAWRFChRClYS5eeVnwYfIeOIzdeUgUezA6fD2zyBT5BgJAxgUTm9w
# jDXJqzcVypDFTSnrBxBVeV2SAVknVM6coc2BoJ/JiVSgupJZuNX7PSbwNI7GTfl/
# LfmiAQyhF78KQiK6TqrliK5mr9R0MSyLORcKQQJrh9G+lxxeO4Sd5qw7V21mVhbc
# YpLJaw==
# =SJem
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 May 2024 09:13:42 AM PDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20240523' of https://gitlab.com/rth7680/qemu:
accel/tcg: Init tb size and icount before plugin_gen_tb_end
tcg/arm: Support TCG_TARGET_HAS_tst_vec
tcg/aarch64: Support TCG_TARGET_HAS_tst_vec
tcg: Expand TCG_COND_TST* if not TCG_TARGET_HAS_tst_vec
tcg: Introduce TCG_TARGET_HAS_tst_vec
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* hw/i386/pc_sysfw: Alias rather than copy isa-bios region
* target/i386: add control bits support for LAM
* target/i386: tweaks to new translator
* target/i386: add support for LAM in CPUID enumeration
* hw/i386/pc: Support smp.modules for x86 PC machine
* target-i386: hyper-v: Correct kvm_hv_handle_exit return value
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (23 commits)
target-i386: hyper-v: Correct kvm_hv_handle_exit return value
i386/cpu: Use CPUCacheInfo.share_level to encode CPUID[0x8000001D].EAX[bits 25:14]
i386/cpu: Use CPUCacheInfo.share_level to encode CPUID[4]
i386: Add cache topology info in CPUCacheInfo
hw/i386/pc: Support smp.modules for x86 PC machine
tests: Add test case of APIC ID for module level parsing
i386/cpu: Introduce module-id to X86CPU
i386: Support module_id in X86CPUTopoIDs
i386: Expose module level in CPUID[0x1F]
i386: Support modules_per_die in X86CPUTopoInfo
i386: Introduce module level cpu topology to CPUX86State
i386/cpu: Decouple CPUID[0x1F] subleaf with specific topology level
i386: Split topology types of CPUID[0x1F] from the definitions of CPUID[0xB]
i386/cpu: Introduce bitmap to cache available CPU topology levels
i386/cpu: Consolidate the use of topo_info in cpu_x86_cpuid()
i386/cpu: Use APIC ID info get NumSharingCache for CPUID[0x8000001D].EAX[bits 25:14]
i386/cpu: Use APIC ID info to encode cache topo in CPUID[4]
i386/cpu: Fix i/d-cache topology to core level for Intel CPU
target/i386: add control bits support for LAM
target/i386: add support for LAM in CPUID enumeration
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
projects / thirdparty / qemu.git / log
