Sixth RISC-V PR for QEMU 7.0

This is a last minute RISC-V PR for 7.0.
 
 It includes a fix to avoid leaking no translation TLB entries. This
 incorrectly cached uncachable baremetal entries. This would break Linux
 boot while single stepping. As the fix is pretty straight forward (flush
 the cache more often) it's being pulled in for 7.0.
 
 At the same time I have included a RISC-V vector extension fixup patch.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmJGOmYACgkQIeENKd+X
 cFS88wf6Aqu4QEXmmpv8F8b5rO9q3PRNb7wCKIBMaIJBSPV0YGF0YeVL6dKQ95qN
 HUU40qbmM/TC5PTHLaMkDWNWx3eOAkazRjic7v09ySUdEf8O0rYcP+89lkZfLbP2
 re9MhFlNM3Olg4V0pnszPkKVTKJxQoIv298uWNfrzZYBLI9+G6XNiVlruzW46WzO
 qUrweFRkiWla1XxjmwawdTUG+jY+xL6EVYsAPiFsV46JBFb4glAGlJNv8j4tDqkT
 ft4ipqQ9TYNAOQ/c2+X46brVyB/2q6WnfX0e55lW9LfxZSBLaGNSFKt+hBqj1CiA
 smv9kQYPlcSMVfOw7/DtPoS+whGgGA==
 =r96A
 -----END PGP SIGNATURE-----

Merge tag 'pull-riscv-to-apply-20220401' of github.com:alistair23/qemu into staging

Sixth RISC-V PR for QEMU 7.0

This is a last minute RISC-V PR for 7.0.

It includes a fix to avoid leaking no translation TLB entries. This
incorrectly cached uncachable baremetal entries. This would break Linux
boot while single stepping. As the fix is pretty straight forward (flush
the cache more often) it's being pulled in for 7.0.

At the same time I have included a RISC-V vector extension fixup patch.

# gpg: Signature made Fri 01 Apr 2022 00:33:58 BST
# gpg:                using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8  CE8F 21E1 0D29 DF97 7054

* tag 'pull-riscv-to-apply-20220401' of github.com:alistair23/qemu:
  target/riscv: rvv: Add missing early exit condition for whole register load/store
  target/riscv: Avoid leaking "no translation" TLB entries

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/riscv/csr.c

@@ -1844,7 +1844,7 @@ static RISCVException read_satp(CPURISCVState *env, int csrno,
 static RISCVException write_satp(CPURISCVState *env, int csrno,
                                  target_ulong val)
 {
-    target_ulong vm, mask, asid;
+    target_ulong vm, mask;
 
     if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
         return RISCV_EXCP_NONE;
@@ -1853,20 +1853,22 @@ static RISCVException write_satp(CPURISCVState *env, int csrno,
     if (riscv_cpu_mxl(env) == MXL_RV32) {
         vm = validate_vm(env, get_field(val, SATP32_MODE));
         mask = (val ^ env->satp) & (SATP32_MODE | SATP32_ASID | SATP32_PPN);
-        asid = (val ^ env->satp) & SATP32_ASID;
     } else {
         vm = validate_vm(env, get_field(val, SATP64_MODE));
         mask = (val ^ env->satp) & (SATP64_MODE | SATP64_ASID | SATP64_PPN);
-        asid = (val ^ env->satp) & SATP64_ASID;
     }
 
     if (vm && mask) {
         if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
             return RISCV_EXCP_ILLEGAL_INST;
         } else {
-            if (asid) {
-                tlb_flush(env_cpu(env));
-            }
+            /*
+             * The ISA defines SATP.MODE=Bare as "no translation", but we still
+             * pass these through QEMU's TLB emulation as it improves
+             * performance.  Flushing the TLB on SATP writes with paging
+             * enabled avoids leaking those invalid cached mappings.
+             */
+            tlb_flush(env_cpu(env));
             env->satp = val;
         }
     }

target/riscv/insn_trans/trans_rvv.c.inc

@@ -1121,6 +1121,10 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf,
                              gen_helper_ldst_whole *fn, DisasContext *s,
                              bool is_store)
 {
+    uint32_t evl = (s->cfg_ptr->vlen / 8) * nf / (1 << s->sew);
+    TCGLabel *over = gen_new_label();
+    tcg_gen_brcondi_tl(TCG_COND_GEU, cpu_vstart, evl, over);
+
     TCGv_ptr dest;
     TCGv base;
     TCGv_i32 desc;
@@ -1140,6 +1144,7 @@ static bool ldst_whole_trans(uint32_t vd, uint32_t rs1, uint32_t nf,
     if (!is_store) {
         mark_vs_dirty(s);
     }
+    gen_set_label(over);
 
     return true;
 }