From a6a33760a33e5f6b73b139e1e6c87fb6663c76ea Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:04 -0700 Subject: [PATCH 01/22] target/s390x: Do not use unwind for per_check_exception Using exception unwind via tcg_s390_program_interrupt, we discard the current value of psw.addr, which discards the result of a branch. Pass in the address of the next instruction, which may not be sequential. Pass in ilen, which we would have gotten from unwind and is passed to the exception handler. Sync cc_op before the call, which we would have gotten from unwind. Signed-off-by: Richard Henderson Reviewed-by: Ilya Leoshkevich Message-ID: <20240502054417.234340-2-richard.henderson@linaro.org> [thuth: Silence checkpatch.pl errors] Signed-off-by: Thomas Huth --- target/s390x/helper.h | 2 +- target/s390x/tcg/excp_helper.c | 2 +- target/s390x/tcg/misc_helper.c | 23 ++++++++++++++++++++--- target/s390x/tcg/translate.c | 13 +++++++------ 4 files changed, 29 insertions(+), 11 deletions(-) diff --git a/target/s390x/helper.h b/target/s390x/helper.h index cc1c20e9e3..96ab71e877 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -359,7 +359,7 @@ DEF_HELPER_FLAGS_4(ipte, TCG_CALL_NO_RWG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env) DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env) DEF_HELPER_3(lra, i64, env, i64, i64) -DEF_HELPER_1(per_check_exception, void, env) +DEF_HELPER_FLAGS_3(per_check_exception, TCG_CALL_NO_WG, void, env, i64, i32) DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_RWG, void, env, i64, i64) DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_RWG, void, env, i64) DEF_HELPER_FLAGS_1(per_store_real, TCG_CALL_NO_RWG, void, env) diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c index f1c33f7967..4c0b692c9e 100644 --- a/target/s390x/tcg/excp_helper.c +++ b/target/s390x/tcg/excp_helper.c @@ -209,7 +209,7 @@ static void do_program_interrupt(CPUS390XState *env) switch (env->int_pgm_code) { case PGM_PER: - advance = !(env->per_perc_atmid & PER_CODE_EVENT_NULLIFICATION); + /* advance already handled */ break; case PGM_ASCE_TYPE: case PGM_REG_FIRST_TRANS: diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c index 8764846ce8..7c94468392 100644 --- a/target/s390x/tcg/misc_helper.c +++ b/target/s390x/tcg/misc_helper.c @@ -20,6 +20,7 @@ #include "qemu/osdep.h" #include "qemu/cutils.h" +#include "qemu/log.h" #include "cpu.h" #include "s390x-internal.h" #include "qemu/host-utils.h" @@ -590,10 +591,26 @@ void HELPER(chsc)(CPUS390XState *env, uint64_t inst) #endif #ifndef CONFIG_USER_ONLY -void HELPER(per_check_exception)(CPUS390XState *env) +static G_NORETURN void per_raise_exception(CPUS390XState *env) { - if (env->per_perc_atmid) { - tcg_s390_program_interrupt(env, PGM_PER, GETPC()); + trigger_pgm_exception(env, PGM_PER); + cpu_loop_exit(env_cpu(env)); +} + +static G_NORETURN void per_raise_exception_log(CPUS390XState *env) +{ + qemu_log_mask(CPU_LOG_INT, "PER interrupt after 0x%" PRIx64 "\n", + env->per_address); + per_raise_exception(env); +} + +void HELPER(per_check_exception)(CPUS390XState *env, uint64_t next_pc, + uint32_t ilen) +{ + if (unlikely(env->per_perc_atmid)) { + env->psw.addr = next_pc; + env->int_pgm_ilen = ilen; + per_raise_exception_log(env); } } diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index ebd96abe6c..4c3ff1931b 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -6424,13 +6424,14 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s) #ifndef CONFIG_USER_ONLY if (s->base.tb->flags & FLAG_MASK_PER) { - /* An exception might be triggered, save PSW if not already done. */ - if (ret == DISAS_NEXT || ret == DISAS_TOO_MANY) { - tcg_gen_movi_i64(psw_addr, s->pc_tmp); - } + TCGv_i64 next_pc = psw_addr; - /* Call the helper to check for a possible PER exception. */ - gen_helper_per_check_exception(tcg_env); + if (ret == DISAS_NEXT || ret == DISAS_TOO_MANY) { + next_pc = tcg_constant_i64(s->pc_tmp); + } + update_cc_op(s); + gen_helper_per_check_exception(tcg_env, next_pc, + tcg_constant_i32(s->ilen)); } #endif From 36db37af3499589dace9edbf29e9000182efe808 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:05 -0700 Subject: [PATCH 02/22] target/s390x: Move cpu_get_tb_cpu_state out of line Signed-off-by: Richard Henderson Reviewed-by: Thomas Huth Reviewed-by: Ilya Leoshkevich Message-ID: <20240502054417.234340-3-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/cpu.c | 22 ++++++++++++++++++++++ target/s390x/cpu.h | 23 ++--------------------- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c index f7194534ae..a8428b5a1e 100644 --- a/target/s390x/cpu.c +++ b/target/s390x/cpu.c @@ -324,6 +324,28 @@ static void s390_cpu_reset_full(DeviceState *dev) #ifdef CONFIG_TCG #include "hw/core/tcg-cpu-ops.h" +void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc, + uint64_t *cs_base, uint32_t *flags) +{ + if (env->psw.addr & 1) { + /* + * Instructions must be at even addresses. + * This needs to be checked before address translation. + */ + env->int_pgm_ilen = 2; /* see s390_cpu_tlb_fill() */ + tcg_s390_program_interrupt(env, PGM_SPECIFICATION, 0); + } + *pc = env->psw.addr; + *cs_base = env->ex_value; + *flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW; + if (env->cregs[0] & CR0_AFP) { + *flags |= FLAG_MASK_AFP; + } + if (env->cregs[0] & CR0_VECTOR) { + *flags |= FLAG_MASK_VECTOR; + } +} + static const TCGCPUOps s390_tcg_ops = { .initialize = s390x_translate_init, .restore_state_to_opc = s390x_restore_state_to_opc, diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h index 414680eed1..950f84f316 100644 --- a/target/s390x/cpu.h +++ b/target/s390x/cpu.h @@ -413,27 +413,8 @@ static inline int s390x_env_mmu_index(CPUS390XState *env, bool ifetch) #include "tcg/tcg_s390x.h" -static inline void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc, - uint64_t *cs_base, uint32_t *flags) -{ - if (env->psw.addr & 1) { - /* - * Instructions must be at even addresses. - * This needs to be checked before address translation. - */ - env->int_pgm_ilen = 2; /* see s390_cpu_tlb_fill() */ - tcg_s390_program_interrupt(env, PGM_SPECIFICATION, 0); - } - *pc = env->psw.addr; - *cs_base = env->ex_value; - *flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW; - if (env->cregs[0] & CR0_AFP) { - *flags |= FLAG_MASK_AFP; - } - if (env->cregs[0] & CR0_VECTOR) { - *flags |= FLAG_MASK_VECTOR; - } -} +void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc, + uint64_t *cs_base, uint32_t *flags); #endif /* CONFIG_TCG */ From 51a1718b14a57c619d9897c25a59fab75cc980cc Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:06 -0700 Subject: [PATCH 03/22] target/s390x: Update CR9 bits Update from the PoO 14th edition. Signed-off-by: Richard Henderson Reviewed-by: Thomas Huth Reviewed-by: Ilya Leoshkevich Message-ID: <20240502054417.234340-4-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/cpu.h | 18 +++++++++++------- target/s390x/tcg/misc_helper.c | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h index 950f84f316..1bb723a9d3 100644 --- a/target/s390x/cpu.h +++ b/target/s390x/cpu.h @@ -419,13 +419,17 @@ void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc, #endif /* CONFIG_TCG */ /* PER bits from control register 9 */ -#define PER_CR9_EVENT_BRANCH 0x80000000 -#define PER_CR9_EVENT_IFETCH 0x40000000 -#define PER_CR9_EVENT_STORE 0x20000000 -#define PER_CR9_EVENT_STORE_REAL 0x08000000 -#define PER_CR9_EVENT_NULLIFICATION 0x01000000 -#define PER_CR9_CONTROL_BRANCH_ADDRESS 0x00800000 -#define PER_CR9_CONTROL_ALTERATION 0x00200000 +#define PER_CR9_EVENT_BRANCH 0x80000000 +#define PER_CR9_EVENT_IFETCH 0x40000000 +#define PER_CR9_EVENT_STORE 0x20000000 +#define PER_CR9_EVENT_STORAGE_KEY_ALTERATION 0x10000000 +#define PER_CR9_EVENT_STORE_REAL 0x08000000 +#define PER_CR9_EVENT_ZERO_ADDRESS_DETECTION 0x04000000 +#define PER_CR9_EVENT_TRANSACTION_END 0x02000000 +#define PER_CR9_EVENT_IFETCH_NULLIFICATION 0x01000000 +#define PER_CR9_CONTROL_BRANCH_ADDRESS 0x00800000 +#define PER_CR9_CONTROL_TRANSACTION_SUPRESS 0x00400000 +#define PER_CR9_CONTROL_STORAGE_ALTERATION 0x00200000 /* PER bits from the PER CODE/ATMID/AI in lowcore */ #define PER_CODE_EVENT_BRANCH 0x8000 diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c index 7c94468392..0482442458 100644 --- a/target/s390x/tcg/misc_helper.c +++ b/target/s390x/tcg/misc_helper.c @@ -644,7 +644,7 @@ void HELPER(per_ifetch)(CPUS390XState *env, uint64_t addr) /* If the instruction has to be nullified, trigger the exception immediately. */ - if (env->cregs[9] & PER_CR9_EVENT_NULLIFICATION) { + if (env->cregs[9] & PER_CR9_EVENT_IFETCH_NULLIFICATION) { CPUState *cs = env_cpu(env); env->per_perc_atmid |= PER_CODE_EVENT_NULLIFICATION; From 62613ca07382cb7a2d5f442d8a21e340c384a392 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:07 -0700 Subject: [PATCH 04/22] target/s390x: Record separate PER bits in TB flags Record successful-branching, instruction-fetching, and store-using-real-address. The other PER bits are not used during translation. Having checked these at translation time, we can remove runtime tests from the helpers. Signed-off-by: Richard Henderson Reviewed-by: Ilya Leoshkevich Message-ID: <20240502054417.234340-5-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/cpu.c | 22 ++++++++++++++---- target/s390x/cpu.h | 42 ++++++++++++++++++++++++---------- target/s390x/tcg/misc_helper.c | 21 +++++++---------- target/s390x/tcg/translate.c | 10 ++++---- 4 files changed, 61 insertions(+), 34 deletions(-) diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c index a8428b5a1e..2bbeaca36e 100644 --- a/target/s390x/cpu.c +++ b/target/s390x/cpu.c @@ -325,8 +325,10 @@ static void s390_cpu_reset_full(DeviceState *dev) #include "hw/core/tcg-cpu-ops.h" void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc, - uint64_t *cs_base, uint32_t *flags) + uint64_t *cs_base, uint32_t *pflags) { + uint32_t flags; + if (env->psw.addr & 1) { /* * Instructions must be at even addresses. @@ -335,15 +337,27 @@ void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc, env->int_pgm_ilen = 2; /* see s390_cpu_tlb_fill() */ tcg_s390_program_interrupt(env, PGM_SPECIFICATION, 0); } + *pc = env->psw.addr; *cs_base = env->ex_value; - *flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW; + + flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW; + if (env->psw.mask & PSW_MASK_PER) { + flags |= env->cregs[9] & (FLAG_MASK_PER_BRANCH | + FLAG_MASK_PER_IFETCH | + FLAG_MASK_PER_IFETCH_NULLIFY); + if ((env->cregs[9] & PER_CR9_EVENT_STORE) && + (env->cregs[9] & PER_CR9_EVENT_STORE_REAL)) { + flags |= FLAG_MASK_PER_STORE_REAL; + } + } if (env->cregs[0] & CR0_AFP) { - *flags |= FLAG_MASK_AFP; + flags |= FLAG_MASK_AFP; } if (env->cregs[0] & CR0_VECTOR) { - *flags |= FLAG_MASK_VECTOR; + flags |= FLAG_MASK_VECTOR; } + *pflags = flags; } static const TCGCPUOps s390_tcg_ops = { diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h index 1bb723a9d3..d6b75ad0e0 100644 --- a/target/s390x/cpu.h +++ b/target/s390x/cpu.h @@ -342,19 +342,32 @@ extern const VMStateDescription vmstate_s390_cpu; /* tb flags */ -#define FLAG_MASK_PSW_SHIFT 31 -#define FLAG_MASK_PER (PSW_MASK_PER >> FLAG_MASK_PSW_SHIFT) -#define FLAG_MASK_DAT (PSW_MASK_DAT >> FLAG_MASK_PSW_SHIFT) -#define FLAG_MASK_PSTATE (PSW_MASK_PSTATE >> FLAG_MASK_PSW_SHIFT) -#define FLAG_MASK_ASC (PSW_MASK_ASC >> FLAG_MASK_PSW_SHIFT) -#define FLAG_MASK_64 (PSW_MASK_64 >> FLAG_MASK_PSW_SHIFT) -#define FLAG_MASK_32 (PSW_MASK_32 >> FLAG_MASK_PSW_SHIFT) -#define FLAG_MASK_PSW (FLAG_MASK_PER | FLAG_MASK_DAT | FLAG_MASK_PSTATE \ - | FLAG_MASK_ASC | FLAG_MASK_64 | FLAG_MASK_32) +#define FLAG_MASK_PSW_SHIFT 31 +#define FLAG_MASK_32 0x00000001u +#define FLAG_MASK_64 0x00000002u +#define FLAG_MASK_AFP 0x00000004u +#define FLAG_MASK_VECTOR 0x00000008u +#define FLAG_MASK_ASC 0x00018000u +#define FLAG_MASK_PSTATE 0x00020000u +#define FLAG_MASK_PER_IFETCH_NULLIFY 0x01000000u +#define FLAG_MASK_DAT 0x08000000u +#define FLAG_MASK_PER_STORE_REAL 0x20000000u +#define FLAG_MASK_PER_IFETCH 0x40000000u +#define FLAG_MASK_PER_BRANCH 0x80000000u -/* we'll use some unused PSW positions to store CR flags in tb flags */ -#define FLAG_MASK_AFP (PSW_MASK_UNUSED_2 >> FLAG_MASK_PSW_SHIFT) -#define FLAG_MASK_VECTOR (PSW_MASK_UNUSED_3 >> FLAG_MASK_PSW_SHIFT) +QEMU_BUILD_BUG_ON(FLAG_MASK_32 != PSW_MASK_32 >> FLAG_MASK_PSW_SHIFT); +QEMU_BUILD_BUG_ON(FLAG_MASK_64 != PSW_MASK_64 >> FLAG_MASK_PSW_SHIFT); +QEMU_BUILD_BUG_ON(FLAG_MASK_ASC != PSW_MASK_ASC >> FLAG_MASK_PSW_SHIFT); +QEMU_BUILD_BUG_ON(FLAG_MASK_PSTATE != PSW_MASK_PSTATE >> FLAG_MASK_PSW_SHIFT); +QEMU_BUILD_BUG_ON(FLAG_MASK_DAT != PSW_MASK_DAT >> FLAG_MASK_PSW_SHIFT); + +#define FLAG_MASK_PSW (FLAG_MASK_DAT | FLAG_MASK_PSTATE | \ + FLAG_MASK_ASC | FLAG_MASK_64 | FLAG_MASK_32) +#define FLAG_MASK_CR9 (FLAG_MASK_PER_BRANCH | FLAG_MASK_PER_IFETCH) +#define FLAG_MASK_PER (FLAG_MASK_PER_BRANCH | \ + FLAG_MASK_PER_IFETCH | \ + FLAG_MASK_PER_IFETCH_NULLIFY | \ + FLAG_MASK_PER_STORE_REAL) /* Control register 0 bits */ #define CR0_LOWPROT 0x0000000010000000ULL @@ -431,6 +444,11 @@ void cpu_get_tb_cpu_state(CPUS390XState *env, vaddr *pc, #define PER_CR9_CONTROL_TRANSACTION_SUPRESS 0x00400000 #define PER_CR9_CONTROL_STORAGE_ALTERATION 0x00200000 +QEMU_BUILD_BUG_ON(FLAG_MASK_PER_BRANCH != PER_CR9_EVENT_BRANCH); +QEMU_BUILD_BUG_ON(FLAG_MASK_PER_IFETCH != PER_CR9_EVENT_IFETCH); +QEMU_BUILD_BUG_ON(FLAG_MASK_PER_IFETCH_NULLIFY != + PER_CR9_EVENT_IFETCH_NULLIFICATION); + /* PER bits from the PER CODE/ATMID/AI in lowcore */ #define PER_CODE_EVENT_BRANCH 0x8000 #define PER_CODE_EVENT_IFETCH 0x4000 diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c index 0482442458..3f94f71437 100644 --- a/target/s390x/tcg/misc_helper.c +++ b/target/s390x/tcg/misc_helper.c @@ -627,18 +627,16 @@ static inline bool get_per_in_range(CPUS390XState *env, uint64_t addr) void HELPER(per_branch)(CPUS390XState *env, uint64_t from, uint64_t to) { - if ((env->cregs[9] & PER_CR9_EVENT_BRANCH)) { - if (!(env->cregs[9] & PER_CR9_CONTROL_BRANCH_ADDRESS) - || get_per_in_range(env, to)) { - env->per_address = from; - env->per_perc_atmid = PER_CODE_EVENT_BRANCH | get_per_atmid(env); - } + if (!(env->cregs[9] & PER_CR9_CONTROL_BRANCH_ADDRESS) + || get_per_in_range(env, to)) { + env->per_address = from; + env->per_perc_atmid = PER_CODE_EVENT_BRANCH | get_per_atmid(env); } } void HELPER(per_ifetch)(CPUS390XState *env, uint64_t addr) { - if ((env->cregs[9] & PER_CR9_EVENT_IFETCH) && get_per_in_range(env, addr)) { + if (get_per_in_range(env, addr)) { env->per_address = addr; env->per_perc_atmid = PER_CODE_EVENT_IFETCH | get_per_atmid(env); @@ -659,12 +657,9 @@ void HELPER(per_ifetch)(CPUS390XState *env, uint64_t addr) void HELPER(per_store_real)(CPUS390XState *env) { - if ((env->cregs[9] & PER_CR9_EVENT_STORE) && - (env->cregs[9] & PER_CR9_EVENT_STORE_REAL)) { - /* PSW is saved just before calling the helper. */ - env->per_address = env->psw.addr; - env->per_perc_atmid = PER_CODE_EVENT_STORE_REAL | get_per_atmid(env); - } + /* PSW is saved just before calling the helper. */ + env->per_address = env->psw.addr; + env->per_perc_atmid = PER_CODE_EVENT_STORE_REAL | get_per_atmid(env); } #endif diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 4c3ff1931b..de98115c4d 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -346,7 +346,7 @@ static void per_branch(DisasContext *s, bool to_next) #ifndef CONFIG_USER_ONLY tcg_gen_movi_i64(gbea, s->base.pc_next); - if (s->base.tb->flags & FLAG_MASK_PER) { + if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) { TCGv_i64 next_pc = to_next ? tcg_constant_i64(s->pc_tmp) : psw_addr; gen_helper_per_branch(tcg_env, gbea, next_pc); } @@ -357,7 +357,7 @@ static void per_branch_cond(DisasContext *s, TCGCond cond, TCGv_i64 arg1, TCGv_i64 arg2) { #ifndef CONFIG_USER_ONLY - if (s->base.tb->flags & FLAG_MASK_PER) { + if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) { TCGLabel *lab = gen_new_label(); tcg_gen_brcond_i64(tcg_invert_cond(cond), arg1, arg2, lab); @@ -656,7 +656,7 @@ static void gen_op_calc_cc(DisasContext *s) static bool use_goto_tb(DisasContext *s, uint64_t dest) { - if (unlikely(s->base.tb->flags & FLAG_MASK_PER)) { + if (unlikely(s->base.tb->flags & FLAG_MASK_PER_BRANCH)) { return false; } return translator_use_goto_tb(&s->base, dest); @@ -4409,7 +4409,7 @@ static DisasJumpType op_stura(DisasContext *s, DisasOps *o) { tcg_gen_qemu_st_tl(o->in1, o->in2, MMU_REAL_IDX, s->insn->data); - if (s->base.tb->flags & FLAG_MASK_PER) { + if (s->base.tb->flags & FLAG_MASK_PER_STORE_REAL) { update_psw_addr(s); gen_helper_per_store_real(tcg_env); } @@ -6323,7 +6323,7 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s) } #ifndef CONFIG_USER_ONLY - if (s->base.tb->flags & FLAG_MASK_PER) { + if (s->base.tb->flags & FLAG_MASK_PER_IFETCH) { TCGv_i64 addr = tcg_constant_i64(s->base.pc_next); gen_helper_per_ifetch(tcg_env, addr); } From a90e319569547ac7477606301b93491f3b886569 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:08 -0700 Subject: [PATCH 05/22] target/s390x: Disable conditional branch-to-next for PER For PER, we require a conditional call to helper_per_branch for the conditional branch. Fold the remaining optimization into a call to helper_goto_direct, which will take care of the remaining gbea adjustment. Reviewed-by: Ilya Leoshkevich Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-6-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/tcg/translate.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index de98115c4d..07620948ae 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -1131,13 +1131,13 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, goto egress; } if (is_imm) { - if (dest == s->pc_tmp) { - /* Branch to next. */ - per_branch(s, true); - ret = DISAS_NEXT; - goto egress; - } - if (c->cond == TCG_COND_ALWAYS) { + /* + * Do not optimize a conditional branch if PER enabled, because we + * still need a conditional call to helper_per_branch. + */ + if (c->cond == TCG_COND_ALWAYS + || (dest == s->pc_tmp && + !(s->base.tb->flags & FLAG_MASK_PER_BRANCH))) { ret = help_goto_direct(s, dest); goto egress; } From 9bbbcf5ddb5ae6e006ca394a9ec01492ac6d8122 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:09 -0700 Subject: [PATCH 06/22] target/s390x: Introduce help_goto_indirect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a small helper to handle unconditional indirect jumps. Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Ilya Leoshkevich Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-7-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/tcg/translate.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 07620948ae..7ae928c3b0 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -1118,6 +1118,13 @@ static DisasJumpType help_goto_direct(DisasContext *s, uint64_t dest) } } +static DisasJumpType help_goto_indirect(DisasContext *s, TCGv_i64 dest) +{ + tcg_gen_mov_i64(psw_addr, dest); + per_branch(s, false); + return DISAS_PC_UPDATED; +} + static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, bool is_imm, int imm, TCGv_i64 cdest) { @@ -1148,9 +1155,7 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, goto egress; } if (c->cond == TCG_COND_ALWAYS) { - tcg_gen_mov_i64(psw_addr, cdest); - per_branch(s, false); - ret = DISAS_PC_UPDATED; + ret = help_goto_indirect(s, cdest); goto egress; } } @@ -1463,9 +1468,7 @@ static DisasJumpType op_bas(DisasContext *s, DisasOps *o) { pc_to_link_info(o->out, s, s->pc_tmp); if (o->in2) { - tcg_gen_mov_i64(psw_addr, o->in2); - per_branch(s, false); - return DISAS_PC_UPDATED; + return help_goto_indirect(s, o->in2); } else { return DISAS_NEXT; } @@ -1495,9 +1498,7 @@ static DisasJumpType op_bal(DisasContext *s, DisasOps *o) { save_link_info(s, o); if (o->in2) { - tcg_gen_mov_i64(psw_addr, o->in2); - per_branch(s, false); - return DISAS_PC_UPDATED; + return help_goto_indirect(s, o->in2); } else { return DISAS_NEXT; } From e64054552385aced493969af6f8341d944e150a8 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:10 -0700 Subject: [PATCH 07/22] target/s390x: Simplify help_branch Always use a tcg branch, instead of movcond. The movcond was not a bad idea before PER was added, but since then we have either 2 or 3 actions to perform on each leg of the branch, and multiple movcond is inefficient. Reorder the taken branch to be fallthrough of the tcg branch. Reviewed-by: Ilya Leoshkevich Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-8-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/tcg/translate.c | 164 ++++++++++++----------------------- 1 file changed, 56 insertions(+), 108 deletions(-) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 7ae928c3b0..78066aaf84 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -353,25 +353,6 @@ static void per_branch(DisasContext *s, bool to_next) #endif } -static void per_branch_cond(DisasContext *s, TCGCond cond, - TCGv_i64 arg1, TCGv_i64 arg2) -{ -#ifndef CONFIG_USER_ONLY - if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) { - TCGLabel *lab = gen_new_label(); - tcg_gen_brcond_i64(tcg_invert_cond(cond), arg1, arg2, lab); - - tcg_gen_movi_i64(gbea, s->base.pc_next); - gen_helper_per_branch(tcg_env, gbea, psw_addr); - - gen_set_label(lab); - } else { - TCGv_i64 pc = tcg_constant_i64(s->base.pc_next); - tcg_gen_movcond_i64(cond, gbea, arg1, arg2, gbea, pc); - } -#endif -} - static void per_breaking_event(DisasContext *s) { tcg_gen_movi_i64(gbea, s->base.pc_next); @@ -1128,14 +1109,12 @@ static DisasJumpType help_goto_indirect(DisasContext *s, TCGv_i64 dest) static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, bool is_imm, int imm, TCGv_i64 cdest) { - DisasJumpType ret; uint64_t dest = s->base.pc_next + (int64_t)imm * 2; - TCGLabel *lab; + TCGLabel *lab, *over; /* Take care of the special cases first. */ if (c->cond == TCG_COND_NEVER) { - ret = DISAS_NEXT; - goto egress; + return DISAS_NEXT; } if (is_imm) { /* @@ -1145,104 +1124,73 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, if (c->cond == TCG_COND_ALWAYS || (dest == s->pc_tmp && !(s->base.tb->flags & FLAG_MASK_PER_BRANCH))) { - ret = help_goto_direct(s, dest); - goto egress; + return help_goto_direct(s, dest); } } else { if (!cdest) { /* E.g. bcr %r0 -> no branch. */ - ret = DISAS_NEXT; - goto egress; + return DISAS_NEXT; } if (c->cond == TCG_COND_ALWAYS) { - ret = help_goto_indirect(s, cdest); - goto egress; + return help_goto_indirect(s, cdest); } } - if (use_goto_tb(s, s->pc_tmp)) { - if (is_imm && use_goto_tb(s, dest)) { - /* Both exits can use goto_tb. */ - update_cc_op(s); + update_cc_op(s); - lab = gen_new_label(); - if (c->is_64) { - tcg_gen_brcond_i64(c->cond, c->u.s64.a, c->u.s64.b, lab); - } else { - tcg_gen_brcond_i32(c->cond, c->u.s32.a, c->u.s32.b, lab); - } - - /* Branch not taken. */ - tcg_gen_goto_tb(0); - tcg_gen_movi_i64(psw_addr, s->pc_tmp); - tcg_gen_exit_tb(s->base.tb, 0); - - /* Branch taken. */ - gen_set_label(lab); - per_breaking_event(s); - tcg_gen_goto_tb(1); - tcg_gen_movi_i64(psw_addr, dest); - tcg_gen_exit_tb(s->base.tb, 1); - - ret = DISAS_NORETURN; - } else { - /* Fallthru can use goto_tb, but taken branch cannot. */ - /* Store taken branch destination before the brcond. This - avoids having to allocate a new local temp to hold it. - We'll overwrite this in the not taken case anyway. */ - if (!is_imm) { - tcg_gen_mov_i64(psw_addr, cdest); - } - - lab = gen_new_label(); - if (c->is_64) { - tcg_gen_brcond_i64(c->cond, c->u.s64.a, c->u.s64.b, lab); - } else { - tcg_gen_brcond_i32(c->cond, c->u.s32.a, c->u.s32.b, lab); - } - - /* Branch not taken. */ - update_cc_op(s); - tcg_gen_goto_tb(0); - tcg_gen_movi_i64(psw_addr, s->pc_tmp); - tcg_gen_exit_tb(s->base.tb, 0); - - gen_set_label(lab); - if (is_imm) { - tcg_gen_movi_i64(psw_addr, dest); - } - per_breaking_event(s); - ret = DISAS_PC_UPDATED; - } + /* + * Ensure the taken branch is fall-through of the tcg branch. + * This keeps @cdest usage within the extended basic block, + * which avoids an otherwise unnecessary spill to the stack. + */ + lab = gen_new_label(); + if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) { + over = gen_new_label(); } else { - /* Fallthru cannot use goto_tb. This by itself is vanishingly rare. - Most commonly we're single-stepping or some other condition that - disables all use of goto_tb. Just update the PC and exit. */ - - TCGv_i64 next = tcg_constant_i64(s->pc_tmp); - if (is_imm) { - cdest = tcg_constant_i64(dest); - } - - if (c->is_64) { - tcg_gen_movcond_i64(c->cond, psw_addr, c->u.s64.a, c->u.s64.b, - cdest, next); - per_branch_cond(s, c->cond, c->u.s64.a, c->u.s64.b); - } else { - TCGv_i32 t0 = tcg_temp_new_i32(); - TCGv_i64 t1 = tcg_temp_new_i64(); - TCGv_i64 z = tcg_constant_i64(0); - tcg_gen_setcond_i32(c->cond, t0, c->u.s32.a, c->u.s32.b); - tcg_gen_extu_i32_i64(t1, t0); - tcg_gen_movcond_i64(TCG_COND_NE, psw_addr, t1, z, cdest, next); - per_branch_cond(s, TCG_COND_NE, t1, z); - } - - ret = DISAS_PC_UPDATED; + over = NULL; } - egress: - return ret; + if (c->is_64) { + tcg_gen_brcond_i64(tcg_invert_cond(c->cond), + c->u.s64.a, c->u.s64.b, lab); + } else { + tcg_gen_brcond_i32(tcg_invert_cond(c->cond), + c->u.s32.a, c->u.s32.b, lab); + } + + /* Branch taken. */ + if (is_imm) { + tcg_gen_movi_i64(psw_addr, dest); + } else { + tcg_gen_mov_i64(psw_addr, cdest); + } + per_branch(s, false); + + if (is_imm && use_goto_tb(s, dest)) { + tcg_gen_goto_tb(0); + tcg_gen_exit_tb(s->base.tb, 0); + } else if (over) { + tcg_gen_br(over); + } else { + tcg_gen_lookup_and_goto_ptr(); + } + + gen_set_label(lab); + + /* Branch not taken. */ + tcg_gen_movi_i64(psw_addr, s->pc_tmp); + if (use_goto_tb(s, s->pc_tmp)) { + tcg_gen_goto_tb(1); + tcg_gen_exit_tb(s->base.tb, 1); + } + + if (over) { + gen_set_label(over); + return DISAS_PC_UPDATED; + } + + tcg_gen_lookup_and_goto_ptr(); + return DISAS_NORETURN; } /* ====================================================================== */ From 619f6891ffb252ae1a4ca0e13a630bd3c13d198c Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:11 -0700 Subject: [PATCH 08/22] target/s390x: Split per_breaking_event from per_branch_* The breaking-event-address register is updated regardless of PER being enabled. Reviewed-by: Ilya Leoshkevich Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-9-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/tcg/translate.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 78066aaf84..10d5e87bb4 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -344,8 +344,6 @@ static void update_psw_addr(DisasContext *s) static void per_branch(DisasContext *s, bool to_next) { #ifndef CONFIG_USER_ONLY - tcg_gen_movi_i64(gbea, s->base.pc_next); - if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) { TCGv_i64 next_pc = to_next ? tcg_constant_i64(s->pc_tmp) : psw_addr; gen_helper_per_branch(tcg_env, gbea, next_pc); @@ -1081,13 +1079,13 @@ struct DisasInsn { static DisasJumpType help_goto_direct(DisasContext *s, uint64_t dest) { + per_breaking_event(s); if (dest == s->pc_tmp) { per_branch(s, true); return DISAS_NEXT; } if (use_goto_tb(s, dest)) { update_cc_op(s); - per_breaking_event(s); tcg_gen_goto_tb(0); tcg_gen_movi_i64(psw_addr, dest); tcg_gen_exit_tb(s->base.tb, 0); @@ -1101,6 +1099,7 @@ static DisasJumpType help_goto_direct(DisasContext *s, uint64_t dest) static DisasJumpType help_goto_indirect(DisasContext *s, TCGv_i64 dest) { + per_breaking_event(s); tcg_gen_mov_i64(psw_addr, dest); per_branch(s, false); return DISAS_PC_UPDATED; @@ -1159,6 +1158,7 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, } /* Branch taken. */ + per_breaking_event(s); if (is_imm) { tcg_gen_movi_i64(psw_addr, dest); } else { From 5331339651dbf081cb78c219f000dab243022de9 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:12 -0700 Subject: [PATCH 09/22] target/s390x: Raise exception from helper_per_branch Drop from argument, since gbea has always been updated with this address. Add ilen argument for setting int_pgm_ilen. Use update_cc_op before calling per_branch. By raising the exception here, we need not call per_check_exception later, which means we can clean up the normal non-exception branch path. Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-10-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/helper.h | 2 +- target/s390x/tcg/misc_helper.c | 15 +++++++---- target/s390x/tcg/translate.c | 48 ++++++++++++---------------------- 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/target/s390x/helper.h b/target/s390x/helper.h index 96ab71e877..061b379065 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -360,7 +360,7 @@ DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env) DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env) DEF_HELPER_3(lra, i64, env, i64, i64) DEF_HELPER_FLAGS_3(per_check_exception, TCG_CALL_NO_WG, void, env, i64, i32) -DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_RWG, void, env, i64, i64) +DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_WG, void, env, i64, i32) DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_RWG, void, env, i64) DEF_HELPER_FLAGS_1(per_store_real, TCG_CALL_NO_RWG, void, env) DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env) diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c index 3f94f71437..974d14703c 100644 --- a/target/s390x/tcg/misc_helper.c +++ b/target/s390x/tcg/misc_helper.c @@ -625,13 +625,18 @@ static inline bool get_per_in_range(CPUS390XState *env, uint64_t addr) } } -void HELPER(per_branch)(CPUS390XState *env, uint64_t from, uint64_t to) +void HELPER(per_branch)(CPUS390XState *env, uint64_t dest, uint32_t ilen) { - if (!(env->cregs[9] & PER_CR9_CONTROL_BRANCH_ADDRESS) - || get_per_in_range(env, to)) { - env->per_address = from; - env->per_perc_atmid = PER_CODE_EVENT_BRANCH | get_per_atmid(env); + if ((env->cregs[9] & PER_CR9_CONTROL_BRANCH_ADDRESS) + && !get_per_in_range(env, dest)) { + return; } + + env->psw.addr = dest; + env->int_pgm_ilen = ilen; + env->per_address = env->gbea; + env->per_perc_atmid = PER_CODE_EVENT_BRANCH | get_per_atmid(env); + per_raise_exception_log(env); } void HELPER(per_ifetch)(CPUS390XState *env, uint64_t addr) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 10d5e87bb4..de029185e0 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -341,12 +341,11 @@ static void update_psw_addr(DisasContext *s) tcg_gen_movi_i64(psw_addr, s->base.pc_next); } -static void per_branch(DisasContext *s, bool to_next) +static void per_branch(DisasContext *s, TCGv_i64 dest) { #ifndef CONFIG_USER_ONLY if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) { - TCGv_i64 next_pc = to_next ? tcg_constant_i64(s->pc_tmp) : psw_addr; - gen_helper_per_branch(tcg_env, gbea, next_pc); + gen_helper_per_branch(tcg_env, dest, tcg_constant_i32(s->ilen)); } #endif } @@ -635,9 +634,6 @@ static void gen_op_calc_cc(DisasContext *s) static bool use_goto_tb(DisasContext *s, uint64_t dest) { - if (unlikely(s->base.tb->flags & FLAG_MASK_PER_BRANCH)) { - return false; - } return translator_use_goto_tb(&s->base, dest); } @@ -1079,37 +1075,38 @@ struct DisasInsn { static DisasJumpType help_goto_direct(DisasContext *s, uint64_t dest) { + update_cc_op(s); per_breaking_event(s); + per_branch(s, tcg_constant_i64(dest)); + if (dest == s->pc_tmp) { - per_branch(s, true); return DISAS_NEXT; } if (use_goto_tb(s, dest)) { - update_cc_op(s); tcg_gen_goto_tb(0); tcg_gen_movi_i64(psw_addr, dest); tcg_gen_exit_tb(s->base.tb, 0); return DISAS_NORETURN; } else { tcg_gen_movi_i64(psw_addr, dest); - per_branch(s, false); - return DISAS_PC_UPDATED; + return DISAS_PC_CC_UPDATED; } } static DisasJumpType help_goto_indirect(DisasContext *s, TCGv_i64 dest) { + update_cc_op(s); per_breaking_event(s); tcg_gen_mov_i64(psw_addr, dest); - per_branch(s, false); - return DISAS_PC_UPDATED; + per_branch(s, psw_addr); + return DISAS_PC_CC_UPDATED; } static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, bool is_imm, int imm, TCGv_i64 cdest) { uint64_t dest = s->base.pc_next + (int64_t)imm * 2; - TCGLabel *lab, *over; + TCGLabel *lab; /* Take care of the special cases first. */ if (c->cond == TCG_COND_NEVER) { @@ -1143,12 +1140,6 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, * which avoids an otherwise unnecessary spill to the stack. */ lab = gen_new_label(); - if (s->base.tb->flags & FLAG_MASK_PER_BRANCH) { - over = gen_new_label(); - } else { - over = NULL; - } - if (c->is_64) { tcg_gen_brcond_i64(tcg_invert_cond(c->cond), c->u.s64.a, c->u.s64.b, lab); @@ -1164,13 +1155,11 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, } else { tcg_gen_mov_i64(psw_addr, cdest); } - per_branch(s, false); + per_branch(s, psw_addr); if (is_imm && use_goto_tb(s, dest)) { tcg_gen_goto_tb(0); tcg_gen_exit_tb(s->base.tb, 0); - } else if (over) { - tcg_gen_br(over); } else { tcg_gen_lookup_and_goto_ptr(); } @@ -1182,15 +1171,9 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c, if (use_goto_tb(s, s->pc_tmp)) { tcg_gen_goto_tb(1); tcg_gen_exit_tb(s->base.tb, 1); + return DISAS_NORETURN; } - - if (over) { - gen_set_label(over); - return DISAS_PC_UPDATED; - } - - tcg_gen_lookup_and_goto_ptr(); - return DISAS_NORETURN; + return DISAS_PC_CC_UPDATED; } /* ====================================================================== */ @@ -6372,7 +6355,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s) } #ifndef CONFIG_USER_ONLY - if (s->base.tb->flags & FLAG_MASK_PER) { + if (s->base.tb->flags & (FLAG_MASK_PER_STORE_REAL | + FLAG_MASK_PER_IFETCH)) { TCGv_i64 next_pc = psw_addr; if (ret == DISAS_NEXT || ret == DISAS_TOO_MANY) { @@ -6402,7 +6386,7 @@ static void s390x_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) dc->cc_op = CC_OP_DYNAMIC; dc->ex_value = dc->base.tb->cs_base; - dc->exit_to_mainloop = (dc->base.tb->flags & FLAG_MASK_PER) || dc->ex_value; + dc->exit_to_mainloop = dc->ex_value; } static void s390x_tr_tb_start(DisasContextBase *db, CPUState *cs) From 31b2d4a1b3136f727866326b2cee5e993ea36e8a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:13 -0700 Subject: [PATCH 10/22] target/s390x: Raise exception from per_store_real At this point the instruction is complete and there's nothing left to do but raise the exception. With this change we need not make two helper calls for this event. Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-11-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/helper.h | 2 +- target/s390x/tcg/misc_helper.c | 4 +++- target/s390x/tcg/translate.c | 7 ++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/target/s390x/helper.h b/target/s390x/helper.h index 061b379065..5611155ba1 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -362,7 +362,7 @@ DEF_HELPER_3(lra, i64, env, i64, i64) DEF_HELPER_FLAGS_3(per_check_exception, TCG_CALL_NO_WG, void, env, i64, i32) DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_WG, void, env, i64, i32) DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_RWG, void, env, i64) -DEF_HELPER_FLAGS_1(per_store_real, TCG_CALL_NO_RWG, void, env) +DEF_HELPER_FLAGS_2(per_store_real, TCG_CALL_NO_WG, noreturn, env, i32) DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env) DEF_HELPER_2(xsch, void, env, i64) diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c index 974d14703c..43cacc448f 100644 --- a/target/s390x/tcg/misc_helper.c +++ b/target/s390x/tcg/misc_helper.c @@ -660,11 +660,13 @@ void HELPER(per_ifetch)(CPUS390XState *env, uint64_t addr) } } -void HELPER(per_store_real)(CPUS390XState *env) +void HELPER(per_store_real)(CPUS390XState *env, uint32_t ilen) { /* PSW is saved just before calling the helper. */ env->per_address = env->psw.addr; + env->int_pgm_ilen = ilen; env->per_perc_atmid = PER_CODE_EVENT_STORE_REAL | get_per_atmid(env); + per_raise_exception_log(env); } #endif diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index de029185e0..5bb15a46e0 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -4342,8 +4342,10 @@ static DisasJumpType op_stura(DisasContext *s, DisasOps *o) tcg_gen_qemu_st_tl(o->in1, o->in2, MMU_REAL_IDX, s->insn->data); if (s->base.tb->flags & FLAG_MASK_PER_STORE_REAL) { + update_cc_op(s); update_psw_addr(s); - gen_helper_per_store_real(tcg_env); + gen_helper_per_store_real(tcg_env, tcg_constant_i32(s->ilen)); + return DISAS_NORETURN; } return DISAS_NEXT; } @@ -6355,8 +6357,7 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s) } #ifndef CONFIG_USER_ONLY - if (s->base.tb->flags & (FLAG_MASK_PER_STORE_REAL | - FLAG_MASK_PER_IFETCH)) { + if (s->base.tb->flags & FLAG_MASK_PER_IFETCH) { TCGv_i64 next_pc = psw_addr; if (ret == DISAS_NEXT || ret == DISAS_TOO_MANY) { From 67b765d3f3f1430abfc97915063740d12f2f7dba Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:14 -0700 Subject: [PATCH 11/22] target/s390x: Fix helper_per_ifetch flags CPU state is read on the exception path. Fixes: 83bb161299c ("target-s390x: PER instruction-fetch nullification event support") Signed-off-by: Richard Henderson Reviewed-by: David Hildenbrand Message-ID: <20240502054417.234340-12-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/helper.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/s390x/helper.h b/target/s390x/helper.h index 5611155ba1..31bd193322 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -361,7 +361,7 @@ DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env) DEF_HELPER_3(lra, i64, env, i64, i64) DEF_HELPER_FLAGS_3(per_check_exception, TCG_CALL_NO_WG, void, env, i64, i32) DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_WG, void, env, i64, i32) -DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_RWG, void, env, i64) +DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_WG, void, env, i64) DEF_HELPER_FLAGS_2(per_store_real, TCG_CALL_NO_WG, noreturn, env, i32) DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env) From a47d08ee0d45f98284806b2ddeda83bb33a2b351 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:15 -0700 Subject: [PATCH 12/22] target/s390x: Simplify per_ifetch, per_check_exception Set per_address and ilen in per_ifetch; this is valid for all PER exceptions and will last until the end of the instruction. Therefore we don't need to give the same data to per_check_exception. Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-13-richard.henderson@linaro.org> [thuth: Silence checkpatch.pl errors] Signed-off-by: Thomas Huth --- target/s390x/helper.h | 4 ++-- target/s390x/tcg/misc_helper.c | 23 +++++++++-------------- target/s390x/tcg/translate.c | 20 ++++++++++++-------- 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/target/s390x/helper.h b/target/s390x/helper.h index 31bd193322..1a8a76abb9 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -359,9 +359,9 @@ DEF_HELPER_FLAGS_4(ipte, TCG_CALL_NO_RWG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env) DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env) DEF_HELPER_3(lra, i64, env, i64, i64) -DEF_HELPER_FLAGS_3(per_check_exception, TCG_CALL_NO_WG, void, env, i64, i32) +DEF_HELPER_FLAGS_1(per_check_exception, TCG_CALL_NO_WG, void, env) DEF_HELPER_FLAGS_3(per_branch, TCG_CALL_NO_WG, void, env, i64, i32) -DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_WG, void, env, i64) +DEF_HELPER_FLAGS_2(per_ifetch, TCG_CALL_NO_WG, void, env, i32) DEF_HELPER_FLAGS_2(per_store_real, TCG_CALL_NO_WG, noreturn, env, i32) DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env) diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c index 43cacc448f..303f86d363 100644 --- a/target/s390x/tcg/misc_helper.c +++ b/target/s390x/tcg/misc_helper.c @@ -604,12 +604,10 @@ static G_NORETURN void per_raise_exception_log(CPUS390XState *env) per_raise_exception(env); } -void HELPER(per_check_exception)(CPUS390XState *env, uint64_t next_pc, - uint32_t ilen) +void HELPER(per_check_exception)(CPUS390XState *env) { + /* psw_addr, per_address and int_pgm_ilen are already set. */ if (unlikely(env->per_perc_atmid)) { - env->psw.addr = next_pc; - env->int_pgm_ilen = ilen; per_raise_exception_log(env); } } @@ -639,23 +637,20 @@ void HELPER(per_branch)(CPUS390XState *env, uint64_t dest, uint32_t ilen) per_raise_exception_log(env); } -void HELPER(per_ifetch)(CPUS390XState *env, uint64_t addr) +void HELPER(per_ifetch)(CPUS390XState *env, uint32_t ilen) { - if (get_per_in_range(env, addr)) { - env->per_address = addr; + if (get_per_in_range(env, env->psw.addr)) { + env->per_address = env->psw.addr; + env->int_pgm_ilen = ilen; env->per_perc_atmid = PER_CODE_EVENT_IFETCH | get_per_atmid(env); /* If the instruction has to be nullified, trigger the exception immediately. */ if (env->cregs[9] & PER_CR9_EVENT_IFETCH_NULLIFICATION) { - CPUState *cs = env_cpu(env); - env->per_perc_atmid |= PER_CODE_EVENT_NULLIFICATION; - env->int_pgm_code = PGM_PER; - env->int_pgm_ilen = get_ilen(cpu_ldub_code(env, addr)); - - cs->exception_index = EXCP_PGM; - cpu_loop_exit(cs); + qemu_log_mask(CPU_LOG_INT, "PER interrupt before 0x%" PRIx64 "\n", + env->per_address); + per_raise_exception(env); } } } diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index 5bb15a46e0..c9a5a1687e 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -6258,8 +6258,8 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s) #ifndef CONFIG_USER_ONLY if (s->base.tb->flags & FLAG_MASK_PER_IFETCH) { - TCGv_i64 addr = tcg_constant_i64(s->base.pc_next); - gen_helper_per_ifetch(tcg_env, addr); + /* With ifetch set, psw_addr and cc_op are always up-to-date. */ + gen_helper_per_ifetch(tcg_env, tcg_constant_i32(s->ilen)); } #endif @@ -6358,14 +6358,18 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s) #ifndef CONFIG_USER_ONLY if (s->base.tb->flags & FLAG_MASK_PER_IFETCH) { - TCGv_i64 next_pc = psw_addr; - - if (ret == DISAS_NEXT || ret == DISAS_TOO_MANY) { - next_pc = tcg_constant_i64(s->pc_tmp); + switch (ret) { + case DISAS_TOO_MANY: + s->base.is_jmp = DISAS_PC_CC_UPDATED; + /* fall through */ + case DISAS_NEXT: + tcg_gen_movi_i64(psw_addr, s->pc_tmp); + break; + default: + break; } update_cc_op(s); - gen_helper_per_check_exception(tcg_env, next_pc, - tcg_constant_i32(s->ilen)); + gen_helper_per_check_exception(tcg_env); } #endif From be0fcbc462bb97605cc5d37b5f13a3a28c1417ac Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:16 -0700 Subject: [PATCH 13/22] target/s390x: Adjust check of noreturn in translate_one If help_op is not set, ret == DISAS_NEXT. Shift the test up from surrounding help_wout, help_cout to skipping to out, as we do elsewhere in the function. Signed-off-by: Richard Henderson Message-ID: <20240502054417.234340-14-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- target/s390x/tcg/translate.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c index c9a5a1687e..c81e035dea 100644 --- a/target/s390x/tcg/translate.c +++ b/target/s390x/tcg/translate.c @@ -6341,14 +6341,15 @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s) } if (insn->help_op) { ret = insn->help_op(s, &o); + if (ret == DISAS_NORETURN) { + goto out; + } } - if (ret != DISAS_NORETURN) { - if (insn->help_wout) { - insn->help_wout(s, &o); - } - if (insn->help_cout) { - insn->help_cout(s, &o); - } + if (insn->help_wout) { + insn->help_wout(s, &o); + } + if (insn->help_cout) { + insn->help_cout(s, &o); } /* io should be the last instruction in tb when icount is enabled */ From fa8718c76681105b55895aa189e3f6f6e0358b2a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 1 May 2024 22:44:17 -0700 Subject: [PATCH 14/22] tests/tcg/s390x: Add per.S Add a small test to avoid regressions. Signed-off-by: Richard Henderson Acked-by: Ilya Leoshkevich Tested-by: Ilya Leoshkevich Message-ID: <20240502054417.234340-15-richard.henderson@linaro.org> Signed-off-by: Thomas Huth --- tests/tcg/s390x/Makefile.softmmu-target | 1 + tests/tcg/s390x/per.S | 82 +++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 tests/tcg/s390x/per.S diff --git a/tests/tcg/s390x/Makefile.softmmu-target b/tests/tcg/s390x/Makefile.softmmu-target index 1a1f088b28..80159cccf5 100644 --- a/tests/tcg/s390x/Makefile.softmmu-target +++ b/tests/tcg/s390x/Makefile.softmmu-target @@ -25,6 +25,7 @@ ASM_TESTS = \ lpswe-early \ lra \ mc \ + per \ precise-smc-softmmu \ ssm-early \ stosm-early \ diff --git a/tests/tcg/s390x/per.S b/tests/tcg/s390x/per.S new file mode 100644 index 0000000000..79e704a6ff --- /dev/null +++ b/tests/tcg/s390x/per.S @@ -0,0 +1,82 @@ + .org 0x8d +ilc: + .org 0x8e +program_interruption_code: + .org 0x96 +per_code: + .org 0x98 +per_address: + .org 0x150 +program_old_psw: + .org 0x1d0 +program_new_psw: + .quad 0, pgm_handler + + .org 0x200 /* exit lowcore */ + +per_on_psw: + .quad 0x4000000000000000, start_per +per_on_regs: + .quad 0x80000000, 0, -1 /* successful-branching everywhere */ +per_off_regs: + .quad 0, 0 ,0 +success_psw: + .quad 0x2000000000000, 0xfff /* see is_special_wait_psw() */ +failure_psw: + .quad 0x2000000000000, 0 /* disabled wait */ + + .org 0x2000 /* exit lowcore pages */ + + .globl _start +_start: + lpswe per_on_psw +start_per: + lctlg %c9, %c11, per_on_regs + +/* Test unconditional relative branch. */ + larl %r0, j1 + larl %r1, d1 + lhi %r2, 0 +j1: j d1 + lpswe failure_psw +d1: + +/* Test unconditional indirect branch. */ + larl %r0, j2 + larl %r1, d2 +j2: br %r1 + lpswe failure_psw +d2: + +/* Test conditional relative branch. */ + larl %r0, j3 + larl %r1, d3 + clr %r1, %r2 /* d3 != 0 */ +j3: jne d3 + lpswe failure_psw +d3: + +/* Test conditional register branch. */ + larl %r0, j4 + larl %r1, d4 + clr %r1, %r2 /* d4 != 0 */ +j4: bner %r1 + lpswe failure_psw +d4: + +/* Success! */ + nop + lpswe success_psw + +pgm_handler: + chhsi program_interruption_code, 0x80 /* PER event? */ + jne fail + cli per_code, 0x80 /* successful-branching event? */ + jne fail + clg %r0, per_address /* per_address == jump insn? */ + jne fail + clg %r1, program_old_psw+8 /* psw.addr updated to dest? */ + jne fail + lpswe program_old_psw +fail: + lpswe failure_psw From e7fca81e170530104c36bd8f3e1d7e7c11011481 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Mon, 27 May 2024 00:07:05 -0400 Subject: [PATCH 15/22] fuzz: specify audiodev for usb-audio Fixes test-failure on Fedora 40 CI. Reported-by: Thomas Huth Signed-off-by: Alexander Bulekov Reviewed-by: Thomas Huth Message-ID: <20240527040711.311865-1-alxndr@bu.edu> Signed-off-by: Thomas Huth --- tests/qtest/fuzz/generic_fuzz_configs.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h b/tests/qtest/fuzz/generic_fuzz_configs.h index 4d7c8ca4ec..ef0ad95712 100644 --- a/tests/qtest/fuzz/generic_fuzz_configs.h +++ b/tests/qtest/fuzz/generic_fuzz_configs.h @@ -150,7 +150,8 @@ const generic_fuzz_config predefined_configs[] = { "-chardev null,id=cd0 -chardev null,id=cd1 " "-device usb-braille,chardev=cd0 -device usb-ccid -device usb-ccid " "-device usb-kbd -device usb-mouse -device usb-serial,chardev=cd1 " - "-device usb-tablet -device usb-wacom-tablet -device usb-audio", + "-device usb-tablet -device usb-wacom-tablet " + "-device usb-audio,audiodev=snd0 -audiodev none,id=snd0", .objects = "*usb* *uhci* *xhci*", },{ .name = "pc-i440fx", From 3e964275d65b92075249201c49b39dfb06d08ad4 Mon Sep 17 00:00:00 2001 From: Alexander Bulekov Date: Mon, 27 May 2024 10:59:58 -0400 Subject: [PATCH 16/22] fuzz: disable leak-detection for oss-fuzz builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When we are building for OSS-Fuzz, we want to ensure that the fuzzer targets are actually created, regardless of leaks. Leaks will be detected by the subsequent tests of the individual fuzz-targets. Signed-off-by: Alexander Bulekov Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240527150001.325565-1-alxndr@bu.edu> Signed-off-by: Thomas Huth --- scripts/oss-fuzz/build.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh index 5238f83343..7398298173 100755 --- a/scripts/oss-fuzz/build.sh +++ b/scripts/oss-fuzz/build.sh @@ -92,6 +92,7 @@ make install DESTDIR=$DEST_DIR/qemu-bundle rm -rf $DEST_DIR/qemu-bundle/opt/qemu-oss-fuzz/bin rm -rf $DEST_DIR/qemu-bundle/opt/qemu-oss-fuzz/libexec +export ASAN_OPTIONS=detect_leaks=0 targets=$(./qemu-fuzz-i386 | grep generic-fuzz | awk '$1 ~ /\*/ {print $2}') base_copy="$DEST_DIR/qemu-fuzz-i386-target-$(echo "$targets" | head -n 1)" From 84aacddd808b87824bca68006da0f73a1d0905f1 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 27 May 2024 14:13:51 +0200 Subject: [PATCH 17/22] hw/s390x: Remove unused macro VMSTATE_ADAPTER_ROUTES MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's not used anywhere, so let's simply remove it. Message-ID: <20240527121351.211266-1-thuth@redhat.com> Reviewed-by: Cédric Le Goater Reviewed-by: Eric Farman Signed-off-by: Thomas Huth --- include/hw/s390x/s390_flic.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/hw/s390x/s390_flic.h b/include/hw/s390x/s390_flic.h index bcb081def5..382d9833f1 100644 --- a/include/hw/s390x/s390_flic.h +++ b/include/hw/s390x/s390_flic.h @@ -35,9 +35,6 @@ typedef struct AdapterRoutes { extern const VMStateDescription vmstate_adapter_routes; -#define VMSTATE_ADAPTER_ROUTES(_f, _s) \ - VMSTATE_STRUCT(_f, _s, 1, vmstate_adapter_routes, AdapterRoutes) - #define TYPE_S390_FLIC_COMMON "s390-flic" OBJECT_DECLARE_TYPE(S390FLICState, S390FLICStateClass, S390_FLIC_COMMON) From 3efc75ad9d9317e5709861bbebb2c29390f8e7a2 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 27 May 2024 08:02:43 +0200 Subject: [PATCH 18/22] scripts/update-linux-headers.sh: Remove temporary directory inbetween We are reusing the same temporary directory for installing the headers of all targets, so there could be stale files here when switching from one target to another. Make sure to delete the folder before installing a new set of target headers into it. Message-ID: <20240527060243.12647-1-thuth@redhat.com> Reviewed-by: Michael S. Tsirkin Acked-by: Cornelia Huck Signed-off-by: Thomas Huth --- scripts/update-linux-headers.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index 8963c39189..fbf7e119bc 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -112,6 +112,7 @@ for arch in $ARCHLIST; do arch_var=ARCH fi + rm -rf "$hdrdir" make -C "$linux" O="$blddir" INSTALL_HDR_PATH="$hdrdir" $arch_var=$arch headers_install rm -rf "$output/linux-headers/asm-$arch" From bde26d90ae9f7551cac90e117fc7216c807a3bfe Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 27 May 2024 08:01:26 +0200 Subject: [PATCH 19/22] scripts/update-linux-headers.sh: Fix the path of setup_data.h When running the update-linx-headers.sh script, it currently fails with: scripts/update-linux-headers.sh: line 73: .../qemu/standard-headers/asm-x86/setup_data.h: No such file or directory The "include" folder is obviously missing here - no clue how this could have worked before? Fixes: 66210a1a30 ("scripts/update-linux-headers: Add setup_data.h to import list") Message-ID: <20240527060126.12578-1-thuth@redhat.com> Reviewed-by: Cornelia Huck Signed-off-by: Thomas Huth --- scripts/update-linux-headers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index fbf7e119bc..23afe8c08a 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -159,7 +159,7 @@ for arch in $ARCHLIST; do cp_portable "$hdrdir/bootparam.h" \ "$output/include/standard-headers/asm-$arch" cp_portable "$hdrdir/include/asm/setup_data.h" \ - "$output/standard-headers/asm-x86" + "$output/include/standard-headers/asm-x86" fi if [ $arch = riscv ]; then cp "$hdrdir/include/asm/ptrace.h" "$output/linux-headers/asm-riscv/" From 2523baf7fb4ddca900647be7ac39bce31eae2d42 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 24 May 2024 14:35:47 +0900 Subject: [PATCH 20/22] qemu-keymap: Make references to allocations static MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit LeakSanitizer complains about allocations whose references are held only by automatic variables. It is possible to free them to suppress the complaints, but it is a chore to make sure they are freed in all exit paths so make them static instead. Signed-off-by: Akihiko Odaki Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240524-xkb-v4-1-2de564e5c859@daynix.com> Signed-off-by: Thomas Huth --- qemu-keymap.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/qemu-keymap.c b/qemu-keymap.c index 8c80f7a4ed..701e4332af 100644 --- a/qemu-keymap.c +++ b/qemu-keymap.c @@ -154,9 +154,9 @@ static xkb_mod_mask_t get_mod(struct xkb_keymap *map, const char *name) int main(int argc, char *argv[]) { - struct xkb_context *ctx; - struct xkb_keymap *map; - struct xkb_state *state; + static struct xkb_context *ctx; + static struct xkb_keymap *map; + static struct xkb_state *state; xkb_mod_index_t mod, mods; int rc; @@ -234,8 +234,6 @@ int main(int argc, char *argv[]) state = xkb_state_new(map); xkb_keymap_key_for_each(map, walk_map, state); - xkb_state_unref(state); - state = NULL; /* add quirks */ fprintf(outfile, From a3b3ad72e81072321a7ea996d722c1eabaca7031 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 24 May 2024 14:35:48 +0900 Subject: [PATCH 21/22] lockable: Do not cast function pointers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -fsanitize=undefined complains if function pointers are casted. It also prevents enabling the strict mode of CFI which is currently disabled with -fsanitize-cfi-icall-generalize-pointers. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2345 Signed-off-by: Akihiko Odaki Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240524-xkb-v4-2-2de564e5c859@daynix.com> Signed-off-by: Thomas Huth --- include/qemu/lockable.h | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/include/qemu/lockable.h b/include/qemu/lockable.h index 62110d2eb7..66713bd429 100644 --- a/include/qemu/lockable.h +++ b/include/qemu/lockable.h @@ -43,15 +43,30 @@ qemu_null_lockable(void *x) return NULL; } +#define QML_FUNC_(name) \ + static inline void qemu_lockable_ ## name ## _lock(void *x) \ + { \ + qemu_ ## name ## _lock(x); \ + } \ + static inline void qemu_lockable_ ## name ## _unlock(void *x) \ + { \ + qemu_ ## name ## _unlock(x); \ + } + +QML_FUNC_(mutex) +QML_FUNC_(rec_mutex) +QML_FUNC_(co_mutex) +QML_FUNC_(spin) + /* * In C, compound literals have the lifetime of an automatic variable. * In C++ it would be different, but then C++ wouldn't need QemuLockable * either... */ -#define QML_OBJ_(x, name) (&(QemuLockable) { \ - .object = (x), \ - .lock = (QemuLockUnlockFunc *) qemu_ ## name ## _lock, \ - .unlock = (QemuLockUnlockFunc *) qemu_ ## name ## _unlock \ +#define QML_OBJ_(x, name) (&(QemuLockable) { \ + .object = (x), \ + .lock = qemu_lockable_ ## name ## _lock, \ + .unlock = qemu_lockable_ ## name ## _unlock \ }) /** From b04091393e6a71065aee6c91b2566f2dec95a4c9 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 24 May 2024 14:35:49 +0900 Subject: [PATCH 22/22] qapi: Do not cast function pointers Using -fsanitize=undefined with Clang v18 causes an error if function pointers are casted: qapi/qapi-clone-visitor.c:188:5: runtime error: call to function visit_type_SocketAddress through pointer to incorrect function type 'bool (*)(struct Visitor *, const char *, void **, struct Error **)' /tmp/qemu-ubsan/qapi/qapi-visit-sockets.c:487: note: visit_type_SocketAddress defined here #0 0x5642aa2f7f3b in qapi_clone qapi/qapi-clone-visitor.c:188:5 #1 0x5642aa2c8ce5 in qio_channel_socket_listen_async io/channel-socket.c:285:18 #2 0x5642aa2b8903 in test_io_channel_setup_async tests/unit/test-io-channel-socket.c:116:5 #3 0x5642aa2b8204 in test_io_channel tests/unit/test-io-channel-socket.c:179:9 #4 0x5642aa2b8129 in test_io_channel_ipv4 tests/unit/test-io-channel-socket.c:323:5 ... It also prevents enabling the strict mode of CFI which is currently disabled with -fsanitize-cfi-icall-generalize-pointers. The problematic casts are necessary to pass visit_type_T() and visit_type_T_members() as callbacks to qapi_clone() and qapi_clone_members(), respectively. Open-code these two functions to avoid the callbacks, and thus the type casts. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2346 Signed-off-by: Akihiko Odaki Reviewed-by: Markus Armbruster Message-ID: <20240524-xkb-v4-3-2de564e5c859@daynix.com> [thuth: Improve commit message according to Markus' suggestions] Signed-off-by: Thomas Huth --- include/qapi/clone-visitor.h | 37 +++++++++++++++++++++++------------- qapi/qapi-clone-visitor.c | 30 ++++------------------------- 2 files changed, 28 insertions(+), 39 deletions(-) diff --git a/include/qapi/clone-visitor.h b/include/qapi/clone-visitor.h index adf9a788e2..ebc182b034 100644 --- a/include/qapi/clone-visitor.h +++ b/include/qapi/clone-visitor.h @@ -11,6 +11,7 @@ #ifndef QAPI_CLONE_VISITOR_H #define QAPI_CLONE_VISITOR_H +#include "qapi/error.h" #include "qapi/visitor.h" /* @@ -20,11 +21,8 @@ */ typedef struct QapiCloneVisitor QapiCloneVisitor; -void *qapi_clone(const void *src, bool (*visit_type)(Visitor *, const char *, - void **, Error **)); -void qapi_clone_members(void *dst, const void *src, size_t sz, - bool (*visit_type_members)(Visitor *, void *, - Error **)); +Visitor *qapi_clone_visitor_new(void); +Visitor *qapi_clone_members_visitor_new(void); /* * Deep-clone QAPI object @src of the given @type, and return the result. @@ -32,10 +30,18 @@ void qapi_clone_members(void *dst, const void *src, size_t sz, * Not usable on QAPI scalars (integers, strings, enums), nor on a * QAPI object that references the 'any' type. Safe when @src is NULL. */ -#define QAPI_CLONE(type, src) \ - ((type *)qapi_clone(src, \ - (bool (*)(Visitor *, const char *, void **, \ - Error **))visit_type_ ## type)) +#define QAPI_CLONE(type, src) \ + ({ \ + Visitor *v_; \ + type *dst_ = (type *) (src); /* Cast away const */ \ + \ + if (dst_) { \ + v_ = qapi_clone_visitor_new(); \ + visit_type_ ## type(v_, NULL, &dst_, &error_abort); \ + visit_free(v_); \ + } \ + dst_; \ + }) /* * Copy deep clones of @type members from @src to @dst. @@ -43,9 +49,14 @@ void qapi_clone_members(void *dst, const void *src, size_t sz, * Not usable on QAPI scalars (integers, strings, enums), nor on a * QAPI object that references the 'any' type. */ -#define QAPI_CLONE_MEMBERS(type, dst, src) \ - qapi_clone_members(dst, src, sizeof(type), \ - (bool (*)(Visitor *, void *, \ - Error **))visit_type_ ## type ## _members) +#define QAPI_CLONE_MEMBERS(type, dst, src) \ + ({ \ + Visitor *v_; \ + \ + v_ = qapi_clone_members_visitor_new(); \ + *(type *)(dst) = *(src); \ + visit_type_ ## type ## _members(v_, (type *)(dst), &error_abort); \ + visit_free(v_); \ + }) #endif diff --git a/qapi/qapi-clone-visitor.c b/qapi/qapi-clone-visitor.c index c45c5caa3b..bbf953698f 100644 --- a/qapi/qapi-clone-visitor.c +++ b/qapi/qapi-clone-visitor.c @@ -149,7 +149,7 @@ static void qapi_clone_free(Visitor *v) g_free(v); } -static Visitor *qapi_clone_visitor_new(void) +Visitor *qapi_clone_visitor_new(void) { QapiCloneVisitor *v; @@ -174,31 +174,9 @@ static Visitor *qapi_clone_visitor_new(void) return &v->visitor; } -void *qapi_clone(const void *src, bool (*visit_type)(Visitor *, const char *, - void **, Error **)) +Visitor *qapi_clone_members_visitor_new(void) { - Visitor *v; - void *dst = (void *) src; /* Cast away const */ - - if (!src) { - return NULL; - } - - v = qapi_clone_visitor_new(); - visit_type(v, NULL, &dst, &error_abort); - visit_free(v); - return dst; -} - -void qapi_clone_members(void *dst, const void *src, size_t sz, - bool (*visit_type_members)(Visitor *, void *, - Error **)) -{ - Visitor *v; - - v = qapi_clone_visitor_new(); - memcpy(dst, src, sz); + Visitor *v = qapi_clone_visitor_new(); to_qcv(v)->depth++; - visit_type_members(v, dst, &error_abort); - visit_free(v); + return v; }