From d20bd43c4ce2dcdf7d6fa24eb8a29bcef29fb652 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 14 Jun 2017 19:24:16 -0700 Subject: [PATCH 01/15] target/s390x: Map existing FAC_* names to S390_FEAT_* names The FAC_ names were placeholders prior to the introduction of the current facility modeling. Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/translate.c | 59 ++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 640354271c..5a00279016 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -1180,39 +1180,10 @@ typedef enum { EXIT_NORETURN, } ExitStatus; -typedef enum DisasFacility { - FAC_Z, /* zarch (default) */ - FAC_CASS, /* compare and swap and store */ - FAC_CASS2, /* compare and swap and store 2*/ - FAC_DFP, /* decimal floating point */ - FAC_DFPR, /* decimal floating point rounding */ - FAC_DO, /* distinct operands */ - FAC_EE, /* execute extensions */ - FAC_EI, /* extended immediate */ - FAC_FPE, /* floating point extension */ - FAC_FPSSH, /* floating point support sign handling */ - FAC_FPRGR, /* FPR-GR transfer */ - FAC_GIE, /* general instructions extension */ - FAC_HFP_MA, /* HFP multiply-and-add/subtract */ - FAC_HW, /* high-word */ - FAC_IEEEE_SIM, /* IEEE exception sumilation */ - FAC_MIE, /* miscellaneous-instruction-extensions */ - FAC_LAT, /* load-and-trap */ - FAC_LOC, /* load/store on condition */ - FAC_LD, /* long displacement */ - FAC_PC, /* population count */ - FAC_SCF, /* store clock fast */ - FAC_SFLE, /* store facility list extended */ - FAC_ILA, /* interlocked access facility 1 */ - FAC_LPP, /* load-program-parameter */ - FAC_DAT_ENH, /* DAT-enhancement */ - FAC_E2, /* extended-translation facility 2 */ -} DisasFacility; - struct DisasInsn { unsigned opc:16; DisasFormat fmt:8; - DisasFacility fac:8; + unsigned fac:8; unsigned spec:8; const char *name; @@ -5418,6 +5389,34 @@ enum DisasInsnEnum { #define SPEC_prep_0 0 #define SPEC_wout_0 0 +/* Give smaller names to the various facilities. */ +#define FAC_Z S390_FEAT_ZARCH +#define FAC_CASS S390_FEAT_COMPARE_AND_SWAP_AND_STORE +#define FAC_CASS2 S390_FEAT_COMPARE_AND_SWAP_AND_STORE_2 +#define FAC_DFP S390_FEAT_DFP +#define FAC_DFPR S390_FEAT_FLOATING_POINT_SUPPPORT_ENH /* DFP-rounding */ +#define FAC_DO S390_FEAT_STFLE_45 /* distinct-operands */ +#define FAC_EE S390_FEAT_EXECUTE_EXT +#define FAC_EI S390_FEAT_EXTENDED_IMMEDIATE +#define FAC_FPE S390_FEAT_FLOATING_POINT_EXT +#define FAC_FPSSH S390_FEAT_FLOATING_POINT_SUPPPORT_ENH /* FPS-sign-handling */ +#define FAC_FPRGR S390_FEAT_FLOATING_POINT_SUPPPORT_ENH /* FPR-GR-transfer */ +#define FAC_GIE S390_FEAT_GENERAL_INSTRUCTIONS_EXT +#define FAC_HFP_MA S390_FEAT_HFP_MADDSUB +#define FAC_HW S390_FEAT_STFLE_45 /* high-word */ +#define FAC_IEEEE_SIM S390_FEAT_FLOATING_POINT_SUPPPORT_ENH /* IEEE-exception-simulation */ +#define FAC_MIE S390_FEAT_STFLE_49 /* misc-instruction-extensions */ +#define FAC_LAT S390_FEAT_STFLE_49 /* load-and-trap */ +#define FAC_LOC S390_FEAT_STFLE_45 /* load/store on condition 1 */ +#define FAC_LD S390_FEAT_LONG_DISPLACEMENT +#define FAC_PC S390_FEAT_STFLE_45 /* population count */ +#define FAC_SCF S390_FEAT_STORE_CLOCK_FAST +#define FAC_SFLE S390_FEAT_STFLE +#define FAC_ILA S390_FEAT_STFLE_45 /* interlocked-access-facility 1 */ +#define FAC_LPP S390_FEAT_SET_PROGRAM_PARAMETERS /* load-program-parameter */ +#define FAC_DAT_ENH S390_FEAT_DAT_ENH +#define FAC_E2 S390_FEAT_EXTENDED_TRANSLATION_2 + static const DisasInsn insn_info[] = { #include "insn-data.def" }; From c8bd95377babc3bd60f86cb3e5b24e74097cf6a9 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Wed, 14 Jun 2017 15:38:18 +0200 Subject: [PATCH 02/15] target/s390x: change PSW_SHIFT_KEY Such shifts are usually used to easily extract the PSW KEY from the PSW mask, so let's avoid the confusing offset of 4. Reviewed-by: Aurelien Jarno Reviewed-by: Thomas Huth Signed-off-by: David Hildenbrand Message-Id: <20170614133819.18480-2-david@redhat.com> Signed-off-by: Richard Henderson --- target/s390x/cpu.h | 2 +- target/s390x/translate.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h index a4028fb315..532a4a075c 100644 --- a/target/s390x/cpu.h +++ b/target/s390x/cpu.h @@ -315,7 +315,7 @@ void s390x_cpu_debug_excp_handler(CPUState *cs); #define PSW_MASK_IO 0x0200000000000000ULL #define PSW_MASK_EXT 0x0100000000000000ULL #define PSW_MASK_KEY 0x00F0000000000000ULL -#define PSW_SHIFT_KEY 56 +#define PSW_SHIFT_KEY 52 #define PSW_MASK_MCHECK 0x0004000000000000ULL #define PSW_MASK_WAIT 0x0002000000000000ULL #define PSW_MASK_PSTATE 0x0001000000000000ULL diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 5a00279016..6ebfb97424 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -3753,7 +3753,7 @@ static ExitStatus op_spka(DisasContext *s, DisasOps *o) { check_privileged(s); tcg_gen_shri_i64(o->in2, o->in2, 4); - tcg_gen_deposit_i64(psw_mask, psw_mask, o->in2, PSW_SHIFT_KEY - 4, 4); + tcg_gen_deposit_i64(psw_mask, psw_mask, o->in2, PSW_SHIFT_KEY, 4); return NO_EXIT; } From 3e7e5e0bc10d32d7cc41d0a39113473a3abfc657 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Wed, 14 Jun 2017 15:38:19 +0200 Subject: [PATCH 03/15] target/s390x: implement mvcos instruction This adds support for the MOVE WITH OPTIONAL SPECIFICATIONS (MVCOS) instruction. Allow to enable it for the qemu cpu model using qemu-system-s390x ... -cpu qemu,mvcos=on ... This allows to boot linux kernel that uses it for uacccess. We are missing (as for most other part) low address protection checks, PSW key / storage key checks and support for AR-mode. We fake an ADDRESSING exception when called from problem state (which seems to rely on PSW key checks to be in place) and if AR-mode is used. user mode will always see a PRIVILEDGED exception. This patch is based on an original patch by Miroslav Benes (thanks!). Signed-off-by: David Hildenbrand Message-Id: <20170614133819.18480-3-david@redhat.com> Signed-off-by: Richard Henderson --- target/s390x/cpu.h | 22 ++++- target/s390x/cpu_models.c | 1 + target/s390x/helper.h | 1 + target/s390x/insn-data.def | 2 + target/s390x/mem_helper.c | 181 ++++++++++++++++++++++++++++++++++--- target/s390x/translate.c | 9 ++ 6 files changed, 201 insertions(+), 15 deletions(-) diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h index 532a4a075c..5b94ace42c 100644 --- a/target/s390x/cpu.h +++ b/target/s390x/cpu.h @@ -304,6 +304,7 @@ void s390x_cpu_debug_excp_handler(CPUState *cs); #undef PSW_MASK_WAIT #undef PSW_MASK_PSTATE #undef PSW_MASK_ASC +#undef PSW_SHIFT_ASC #undef PSW_MASK_CC #undef PSW_MASK_PM #undef PSW_MASK_64 @@ -320,6 +321,7 @@ void s390x_cpu_debug_excp_handler(CPUState *cs); #define PSW_MASK_WAIT 0x0002000000000000ULL #define PSW_MASK_PSTATE 0x0001000000000000ULL #define PSW_MASK_ASC 0x0000C00000000000ULL +#define PSW_SHIFT_ASC 46 #define PSW_MASK_CC 0x0000300000000000ULL #define PSW_MASK_PM 0x00000F0000000000ULL #define PSW_MASK_64 0x0000000100000000ULL @@ -336,6 +338,12 @@ void s390x_cpu_debug_excp_handler(CPUState *cs); #define PSW_ASC_SECONDARY 0x0000800000000000ULL #define PSW_ASC_HOME 0x0000C00000000000ULL +/* the address space values shifted */ +#define AS_PRIMARY 0 +#define AS_ACCREG 1 +#define AS_SECONDARY 2 +#define AS_HOME 3 + /* tb flags */ #define FLAG_MASK_PER (PSW_MASK_PER >> 32) @@ -354,6 +362,7 @@ void s390x_cpu_debug_excp_handler(CPUState *cs); /* Control register 0 bits */ #define CR0_LOWPROT 0x0000000010000000ULL +#define CR0_SECONDARY 0x0000000004000000ULL #define CR0_EDAT 0x0000000000800000ULL /* MMU */ @@ -361,7 +370,18 @@ void s390x_cpu_debug_excp_handler(CPUState *cs); #define MMU_SECONDARY_IDX 1 #define MMU_HOME_IDX 2 -static inline int cpu_mmu_index (CPUS390XState *env, bool ifetch) +static inline bool psw_key_valid(CPUS390XState *env, uint8_t psw_key) +{ + uint16_t pkm = env->cregs[3] >> 16; + + if (env->psw.mask & PSW_MASK_PSTATE) { + /* PSW key has range 0..15, it is valid if the bit is 1 in the PKM */ + return pkm & (0x80 >> psw_key); + } + return true; +} + +static inline int cpu_mmu_index(CPUS390XState *env, bool ifetch) { switch (env->psw.mask & PSW_MASK_ASC) { case PSW_ASC_PRIMARY: diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index 478bcc604e..c3a4ce6c94 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -682,6 +682,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm) S390_FEAT_LONG_DISPLACEMENT_FAST, S390_FEAT_ETF2_ENH, S390_FEAT_STORE_CLOCK_FAST, + S390_FEAT_MOVE_WITH_OPTIONAL_SPEC, S390_FEAT_GENERAL_INSTRUCTIONS_EXT, S390_FEAT_EXECUTE_EXT, S390_FEAT_STFLE_45, diff --git a/target/s390x/helper.h b/target/s390x/helper.h index 69249a5249..b268367e92 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -105,6 +105,7 @@ DEF_HELPER_FLAGS_1(stfl, TCG_CALL_NO_RWG, void, env) DEF_HELPER_2(stfle, i32, env, i64) DEF_HELPER_FLAGS_2(lpq, TCG_CALL_NO_WG, i64, env, i64) DEF_HELPER_FLAGS_4(stpq, TCG_CALL_NO_WG, void, env, i64, i64, i64) +DEF_HELPER_4(mvcos, i32, env, i64, i64, i64) #ifndef CONFIG_USER_ONLY DEF_HELPER_3(servc, i32, env, i64, i64) diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def index d089707073..aa4c5b255c 100644 --- a/target/s390x/insn-data.def +++ b/target/s390x/insn-data.def @@ -590,6 +590,8 @@ C(0xb254, MVPG, RRE, Z, r1_o, r2_o, 0, 0, mvpg, 0) /* MOVE STRING */ C(0xb255, MVST, RRE, Z, r1_o, r2_o, 0, 0, mvst, 0) +/* MOVE WITH OPTIONAL SPECIFICATION */ + C(0xc800, MVCOS, SSF, MVCOS, la1, a2, 0, 0, mvcos, 0) /* MOVE WITH OFFSET */ /* Really format SS_b, but we pack both lengths into one argument for the helper call, so we might as well leave one 8-bit field. */ diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 80caab9c9d..6125725451 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -110,6 +110,20 @@ static inline void cpu_stsize_data_ra(CPUS390XState *env, uint64_t addr, } } +static inline uint64_t wrap_address(CPUS390XState *env, uint64_t a) +{ + if (!(env->psw.mask & PSW_MASK_64)) { + if (!(env->psw.mask & PSW_MASK_32)) { + /* 24-Bit mode */ + a &= 0x00ffffff; + } else { + /* 31-Bit mode */ + a &= 0x7fffffff; + } + } + return a; +} + static void fast_memset(CPUS390XState *env, uint64_t dest, uint8_t byte, uint32_t l, uintptr_t ra) { @@ -133,6 +147,68 @@ static void fast_memset(CPUS390XState *env, uint64_t dest, uint8_t byte, } } +#ifndef CONFIG_USER_ONLY +static void fast_memmove_idx(CPUS390XState *env, uint64_t dest, uint64_t src, + uint32_t len, int dest_idx, int src_idx, + uintptr_t ra) +{ + TCGMemOpIdx oi_dest = make_memop_idx(MO_UB, dest_idx); + TCGMemOpIdx oi_src = make_memop_idx(MO_UB, src_idx); + uint32_t len_adj; + void *src_p; + void *dest_p; + uint8_t x; + + while (len > 0) { + src = wrap_address(env, src); + dest = wrap_address(env, dest); + src_p = tlb_vaddr_to_host(env, src, MMU_DATA_LOAD, src_idx); + dest_p = tlb_vaddr_to_host(env, dest, MMU_DATA_STORE, dest_idx); + + if (src_p && dest_p) { + /* Access to both whole pages granted. */ + len_adj = adj_len_to_page(adj_len_to_page(len, src), dest); + memmove(dest_p, src_p, len_adj); + } else { + /* We failed to get access to one or both whole pages. The next + read or write access will likely fill the QEMU TLB for the + next iteration. */ + len_adj = 1; + x = helper_ret_ldub_mmu(env, src, oi_src, ra); + helper_ret_stb_mmu(env, dest, x, oi_dest, ra); + } + src += len_adj; + dest += len_adj; + len -= len_adj; + } +} + +static int mmu_idx_from_as(uint8_t as) +{ + switch (as) { + case AS_PRIMARY: + return MMU_PRIMARY_IDX; + case AS_SECONDARY: + return MMU_SECONDARY_IDX; + case AS_HOME: + return MMU_HOME_IDX; + default: + /* FIXME AS_ACCREG */ + g_assert_not_reached(); + } +} + +static void fast_memmove_as(CPUS390XState *env, uint64_t dest, uint64_t src, + uint32_t len, uint8_t dest_as, uint8_t src_as, + uintptr_t ra) +{ + int src_idx = mmu_idx_from_as(src_as); + int dest_idx = mmu_idx_from_as(dest_as); + + fast_memmove_idx(env, dest, src, len, dest_idx, src_idx, ra); +} +#endif + static void fast_memmove(CPUS390XState *env, uint64_t dest, uint64_t src, uint32_t l, uintptr_t ra) { @@ -408,20 +484,6 @@ uint32_t HELPER(clm)(CPUS390XState *env, uint32_t r1, uint32_t mask, return cc; } -static inline uint64_t wrap_address(CPUS390XState *env, uint64_t a) -{ - if (!(env->psw.mask & PSW_MASK_64)) { - if (!(env->psw.mask & PSW_MASK_32)) { - /* 24-Bit mode */ - a &= 0x00ffffff; - } else { - /* 31-Bit mode */ - a &= 0x7fffffff; - } - } - return a; -} - static inline uint64_t get_address(CPUS390XState *env, int reg) { return wrap_address(env, env->regs[reg]); @@ -1789,3 +1851,94 @@ void HELPER(ex)(CPUS390XState *env, uint32_t ilen, uint64_t r1, uint64_t addr) that requires such execution. */ env->ex_value = insn | ilen; } + +uint32_t HELPER(mvcos)(CPUS390XState *env, uint64_t dest, uint64_t src, + uint64_t len) +{ + const uint8_t psw_key = (env->psw.mask & PSW_MASK_KEY) >> PSW_SHIFT_KEY; + const uint8_t psw_as = (env->psw.mask & PSW_MASK_ASC) >> PSW_SHIFT_ASC; + const uint64_t r0 = env->regs[0]; + const uintptr_t ra = GETPC(); + CPUState *cs = CPU(s390_env_get_cpu(env)); + uint8_t dest_key, dest_as, dest_k, dest_a; + uint8_t src_key, src_as, src_k, src_a; + uint64_t val; + int cc = 0; + + HELPER_LOG("%s dest %" PRIx64 ", src %" PRIx64 ", len %" PRIx64 "\n", + __func__, dest, src, len); + + if (!(env->psw.mask & PSW_MASK_DAT)) { + cpu_restore_state(cs, ra); + program_interrupt(env, PGM_SPECIAL_OP, 6); + } + + /* OAC (operand access control) for the first operand -> dest */ + val = (r0 & 0xffff0000ULL) >> 16; + dest_key = (val >> 12) & 0xf; + dest_as = (val >> 6) & 0x3; + dest_k = (val >> 1) & 0x1; + dest_a = val & 0x1; + + /* OAC (operand access control) for the second operand -> src */ + val = (r0 & 0x0000ffffULL); + src_key = (val >> 12) & 0xf; + src_as = (val >> 6) & 0x3; + src_k = (val >> 1) & 0x1; + src_a = val & 0x1; + + if (!dest_k) { + dest_key = psw_key; + } + if (!src_k) { + src_key = psw_key; + } + if (!dest_a) { + dest_as = psw_as; + } + if (!src_a) { + src_as = psw_as; + } + + if (dest_a && dest_as == AS_HOME && (env->psw.mask & PSW_MASK_PSTATE)) { + cpu_restore_state(cs, ra); + program_interrupt(env, PGM_SPECIAL_OP, 6); + } + if (!(env->cregs[0] & CR0_SECONDARY) && + (dest_as == AS_SECONDARY || src_as == AS_SECONDARY)) { + cpu_restore_state(cs, ra); + program_interrupt(env, PGM_SPECIAL_OP, 6); + } + if (!psw_key_valid(env, dest_key) || !psw_key_valid(env, src_key)) { + cpu_restore_state(cs, ra); + program_interrupt(env, PGM_PRIVILEGED, 6); + } + + len = wrap_length(env, len); + if (len > 4096) { + cc = 3; + len = 4096; + } + + /* FIXME: AR-mode and proper problem state mode (using PSW keys) missing */ + if (src_as == AS_ACCREG || dest_as == AS_ACCREG || + (env->psw.mask & PSW_MASK_PSTATE)) { + qemu_log_mask(LOG_UNIMP, "%s: AR-mode and PSTATE support missing\n", + __func__); + cpu_restore_state(cs, ra); + program_interrupt(env, PGM_ADDRESSING, 6); + } + + /* FIXME: a) LAP + * b) Access using correct keys + * c) AR-mode + */ +#ifdef CONFIG_USER_ONLY + /* psw keys are never valid in user mode, we will never reach this */ + g_assert_not_reached(); +#else + fast_memmove_as(env, dest, src, len, dest_as, src_as, ra); +#endif + + return cc; +} diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 6ebfb97424..802ccd9752 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -3041,6 +3041,14 @@ static ExitStatus op_mvclu(DisasContext *s, DisasOps *o) return NO_EXIT; } +static ExitStatus op_mvcos(DisasContext *s, DisasOps *o) +{ + int r3 = get_field(s->fields, r3); + gen_helper_mvcos(cc_op, cpu_env, o->addr1, o->in2, regs[r3]); + set_cc_static(s); + return NO_EXIT; +} + #ifndef CONFIG_USER_ONLY static ExitStatus op_mvcp(DisasContext *s, DisasOps *o) { @@ -5413,6 +5421,7 @@ enum DisasInsnEnum { #define FAC_SCF S390_FEAT_STORE_CLOCK_FAST #define FAC_SFLE S390_FEAT_STFLE #define FAC_ILA S390_FEAT_STFLE_45 /* interlocked-access-facility 1 */ +#define FAC_MVCOS S390_FEAT_MOVE_WITH_OPTIONAL_SPEC #define FAC_LPP S390_FEAT_SET_PROGRAM_PARAMETERS /* load-program-parameter */ #define FAC_DAT_ENH S390_FEAT_DAT_ENH #define FAC_E2 S390_FEAT_EXTENDED_TRANSLATION_2 From e1a5d922b44946e0453189faff41464f95163c10 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Thu, 15 Jun 2017 14:14:06 -0700 Subject: [PATCH 04/15] target/s390x: Mark FPSEH facility as available This facility bit includes DFP-rounding, FPR-GR-transfer, FPS-sign-handling, and IEEE-exception-simulation. We do support all of these. Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/cpu_models.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index c3a4ce6c94..e676d7d196 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -685,6 +685,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm) S390_FEAT_MOVE_WITH_OPTIONAL_SPEC, S390_FEAT_GENERAL_INSTRUCTIONS_EXT, S390_FEAT_EXECUTE_EXT, + S390_FEAT_FLOATING_POINT_SUPPPORT_ENH, S390_FEAT_STFLE_45, }; int i; From 45aa9aa3b7730b38403553355b36a29f8905916a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 16 Jun 2017 16:35:34 -0700 Subject: [PATCH 05/15] target/s390x: Implement load-on-condition-2 insns Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/insn-data.def | 9 +++++++++ target/s390x/insn-format.def | 1 + target/s390x/translate.c | 18 +++++++++++++++--- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def index aa4c5b255c..c8ad4da531 100644 --- a/target/s390x/insn-data.def +++ b/target/s390x/insn-data.def @@ -514,6 +514,13 @@ C(0xb9e2, LOCGR, RRF_c, LOC, r1, r2, r1, 0, loc, 0) C(0xebf2, LOC, RSY_b, LOC, r1, m2_32u, new, r1_32, loc, 0) C(0xebe2, LOCG, RSY_b, LOC, r1, m2_64, r1, 0, loc, 0) +/* LOAD HALFWORD IMMEDIATE ON CONDITION */ + C(0xec42, LOCHI, RIE_g, LOC2, r1, i2, new, r1_32, loc, 0) + C(0xec46, LOCGHI, RIE_g, LOC2, r1, i2, r1, 0, loc, 0) + C(0xec4e, LOCHHI, RIE_g, LOC2, r1_sr32, i2, new, r1_32h, loc, 0) +/* LOAD HIGH ON CONDITION */ + C(0xb9e0, LOCFHR, RRF_c, LOC2, r1_sr32, r2, new, r1_32h, loc, 0) + C(0xebe0, LOCFH, RSY_b, LOC2, r1_sr32, m2_32u, new, r1_32h, loc, 0) /* LOAD PAIR DISJOINT */ D(0xc804, LPD, SSF, ILA, 0, 0, new_P, r3_P32, lpd, 0, MO_TEUL) D(0xc805, LPDG, SSF, ILA, 0, 0, new_P, r3_P64, lpd, 0, MO_TEQ) @@ -779,6 +786,8 @@ /* STORE ON CONDITION */ D(0xebf3, STOC, RSY_b, LOC, 0, 0, 0, 0, soc, 0, 0) D(0xebe3, STOCG, RSY_b, LOC, 0, 0, 0, 0, soc, 0, 1) +/* STORE HIGH ON CONDITION */ + D(0xebe1, STOCFH, RSY_b, LOC2, 0, 0, 0, 0, soc, 0, 2) /* STORE REVERSED */ C(0xe33f, STRVH, RXY_a, Z, la2, r1_16u, new, m1_16, rev16, 0) C(0xe33e, STRV, RXY_a, Z, la2, r1_32u, new, m1_32, rev32, 0) diff --git a/target/s390x/insn-format.def b/target/s390x/insn-format.def index 0e898b90bd..a412d90fb7 100644 --- a/target/s390x/insn-format.def +++ b/target/s390x/insn-format.def @@ -11,6 +11,7 @@ F4(RIE_c, R(1, 8), I(2,32, 8), M(3,12), I(4,16,16)) F3(RIE_d, R(1, 8), I(2,16,16), R(3,12)) F3(RIE_e, R(1, 8), I(2,16,16), R(3,12)) F5(RIE_f, R(1, 8), R(2,12), I(3,16,8), I(4,24,8), I(5,32,8)) +F3(RIE_g, R(1, 8), I(2,16,16), M(3,12)) F2(RIL_a, R(1, 8), I(2,16,32)) F2(RIL_b, R(1, 8), I(2,16,32)) F2(RIL_c, M(1, 8), I(2,16,32)) diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 802ccd9752..9932afb0f9 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -3641,7 +3641,7 @@ static ExitStatus op_sigp(DisasContext *s, DisasOps *o) static ExitStatus op_soc(DisasContext *s, DisasOps *o) { DisasCompare c; - TCGv_i64 a; + TCGv_i64 a, h; TCGLabel *lab; int r1; @@ -3661,10 +3661,21 @@ static ExitStatus op_soc(DisasContext *s, DisasOps *o) r1 = get_field(s->fields, r1); a = get_address(s, 0, get_field(s->fields, b2), get_field(s->fields, d2)); - if (s->insn->data) { + switch (s->insn->data) { + case 1: /* STOCG */ tcg_gen_qemu_st64(regs[r1], a, get_mem_index(s)); - } else { + break; + case 0: /* STOC */ tcg_gen_qemu_st32(regs[r1], a, get_mem_index(s)); + break; + case 2: /* STOCFH */ + h = tcg_temp_new_i64(); + tcg_gen_shri_i64(h, regs[r1], 32); + tcg_gen_qemu_st32(h, a, get_mem_index(s)); + tcg_temp_free_i64(h); + break; + default: + g_assert_not_reached(); } tcg_temp_free_i64(a); @@ -5416,6 +5427,7 @@ enum DisasInsnEnum { #define FAC_MIE S390_FEAT_STFLE_49 /* misc-instruction-extensions */ #define FAC_LAT S390_FEAT_STFLE_49 /* load-and-trap */ #define FAC_LOC S390_FEAT_STFLE_45 /* load/store on condition 1 */ +#define FAC_LOC2 S390_FEAT_STFLE_53 /* load/store on condition 2 */ #define FAC_LD S390_FEAT_LONG_DISPLACEMENT #define FAC_PC S390_FEAT_STFLE_45 /* population count */ #define FAC_SCF S390_FEAT_STORE_CLOCK_FAST From c2a5c1d718eabfde04ebabf2434168b0716107cb Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 16 Jun 2017 16:47:51 -0700 Subject: [PATCH 06/15] target/s390x: Implement load-and-zero-rightmost-byte insns Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/insn-data.def | 5 +++++ target/s390x/translate.c | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def index c8ad4da531..05556864a2 100644 --- a/target/s390x/insn-data.def +++ b/target/s390x/insn-data.def @@ -427,6 +427,11 @@ /* LOAD AND TRAP */ C(0xe39f, LAT, RXY_a, LAT, 0, m2_32u, r1, 0, lat, 0) C(0xe385, LGAT, RXY_a, LAT, 0, a2, r1, 0, lgat, 0) +/* LOAD AND ZERO RIGHTMOST BYTE */ + C(0xe3eb, LZRF, RXY_a, LZRB, 0, m2_32u, new, r1_32, lzrb, 0) + C(0xe32a, LZRG, RXY_a, LZRB, 0, m2_64, r1, 0, lzrb, 0) +/* LOAD LOGICAL AND ZERO RIGHTMOST BYTE */ + C(0xe33a, LLZRGF, RXY_a, LZRB, 0, m2_32u, r1, 0, lzrb, 0) /* LOAD BYTE */ C(0xb926, LBR, RRE, EI, 0, r2_8s, 0, r1_32, mov2, 0) C(0xb906, LGBR, RRE, EI, 0, r2_8s, 0, r1, mov2, 0) diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 9932afb0f9..5275c77036 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -2906,6 +2906,12 @@ static ExitStatus op_lurag(DisasContext *s, DisasOps *o) } #endif +static ExitStatus op_lzrb(DisasContext *s, DisasOps *o) +{ + tcg_gen_andi_i64(o->out, o->in2, -256); + return NO_EXIT; +} + static ExitStatus op_mov2(DisasContext *s, DisasOps *o) { o->out = o->in2; @@ -5437,6 +5443,7 @@ enum DisasInsnEnum { #define FAC_LPP S390_FEAT_SET_PROGRAM_PARAMETERS /* load-program-parameter */ #define FAC_DAT_ENH S390_FEAT_DAT_ENH #define FAC_E2 S390_FEAT_EXTENDED_TRANSLATION_2 +#define FAC_LZRB S390_FEAT_STFLE_53 /* load-and-zero-rightmost-byte */ static const DisasInsn insn_info[] = { #include "insn-data.def" From 37b8638d4347aaa72d359dc35e529937ec250bf4 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 16 Jun 2017 16:49:28 -0700 Subject: [PATCH 07/15] target/s390x: Mark STFLE_53 facility as available This facility bit includes load-on-condition-2 and load-and-zero-rightmost-byte. Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/cpu_models.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index e676d7d196..c55823ba74 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -687,6 +687,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm) S390_FEAT_EXECUTE_EXT, S390_FEAT_FLOATING_POINT_SUPPPORT_ENH, S390_FEAT_STFLE_45, + S390_FEAT_STFLE_53, }; int i; From 6a68acd5b7bbf191a74d47ab38e27e5864d326d3 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 16 Jun 2017 17:05:50 -0700 Subject: [PATCH 08/15] target/s390x: Implement execution-hint insns Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/insn-data.def | 9 +++++++++ target/s390x/translate.c | 5 ++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def index 05556864a2..8e3f7dbd76 100644 --- a/target/s390x/insn-data.def +++ b/target/s390x/insn-data.def @@ -134,6 +134,15 @@ D(0x8500, BRXLE, RSI, Z, 0, 0, 0, 0, bx32, 0, 1) D(0xec44, BRXHG, RIE_e, Z, 0, 0, 0, 0, bx64, 0, 0) D(0xec45, BRXHLE, RIE_e, Z, 0, 0, 0, 0, bx64, 0, 1) +/* BRANCH PREDICTION PRELOAD */ + /* ??? Format is SMI, but implemented as NOP, so we need no fields. */ + C(0xc700, BPP, E, EH, 0, 0, 0, 0, 0, 0) +/* BRANCH PREDICTION RELATIVE PRELOAD */ + /* ??? Format is MII, but implemented as NOP, so we need no fields. */ + C(0xc500, BPRP, E, EH, 0, 0, 0, 0, 0, 0) +/* NEXT INSTRUCTION ACCESS INTENT */ + /* ??? Format is IE, but implemented as NOP, so we need no fields. */ + C(0xb2fa, NIAI, E, EH, 0, 0, 0, 0, 0, 0) /* CHECKSUM */ C(0xb241, CKSM, RRE, Z, r1_o, ra2, new, r1_32, cksm, 0) diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 5275c77036..06d56000c8 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -5443,6 +5443,7 @@ enum DisasInsnEnum { #define FAC_LPP S390_FEAT_SET_PROGRAM_PARAMETERS /* load-program-parameter */ #define FAC_DAT_ENH S390_FEAT_DAT_ENH #define FAC_E2 S390_FEAT_EXTENDED_TRANSLATION_2 +#define FAC_EH S390_FEAT_STFLE_49 /* execution-hint */ #define FAC_LZRB S390_FEAT_STFLE_53 /* load-and-zero-rightmost-byte */ static const DisasInsn insn_info[] = { @@ -5556,7 +5557,7 @@ static const DisasInsn *extract_insn(CPUS390XState *env, DisasContext *s, case 0x80: /* S */ case 0x82: /* S */ case 0x93: /* S */ - case 0xb2: /* S, RRF, RRE */ + case 0xb2: /* S, RRF, RRE, IE */ case 0xb3: /* RRE, RRD, RRF */ case 0xb9: /* RRE, RRF */ case 0xe5: /* SSE, SIL */ @@ -5572,6 +5573,8 @@ static const DisasInsn *extract_insn(CPUS390XState *env, DisasContext *s, case 0xcc: /* RIL */ op2 = (insn << 12) >> 60; break; + case 0xc5: /* MII */ + case 0xc7: /* SMI */ case 0xd0 ... 0xdf: /* SS */ case 0xe1: /* SS */ case 0xe2: /* SS */ From 632c61a9b891affe3fe1037b16231c4a45b87d58 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 16 Jun 2017 17:15:39 -0700 Subject: [PATCH 09/15] target/s390x: Implement processor-assist insn Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/insn-data.def | 3 +++ target/s390x/translate.c | 1 + 2 files changed, 4 insertions(+) diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def index 8e3f7dbd76..5ba7822f27 100644 --- a/target/s390x/insn-data.def +++ b/target/s390x/insn-data.def @@ -699,6 +699,9 @@ /* Implemented as nops of course. */ C(0xe336, PFD, RXY_b, GIE, 0, 0, 0, 0, 0, 0) C(0xc602, PFDRL, RIL_c, GIE, 0, 0, 0, 0, 0, 0) +/* PERFORM PROCESSOR ASSIST */ + /* Implemented as nop of course. */ + C(0xb2e8, PPA, RRF_c, PPA, 0, 0, 0, 0, 0, 0) /* POPULATION COUNT */ C(0xb9e1, POPCNT, RRE, PC, 0, r2_o, r1, 0, popcnt, nz64) diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 06d56000c8..72af76df27 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -5444,6 +5444,7 @@ enum DisasInsnEnum { #define FAC_DAT_ENH S390_FEAT_DAT_ENH #define FAC_E2 S390_FEAT_EXTENDED_TRANSLATION_2 #define FAC_EH S390_FEAT_STFLE_49 /* execution-hint */ +#define FAC_PPA S390_FEAT_STFLE_49 /* processor-assist */ #define FAC_LZRB S390_FEAT_STFLE_53 /* load-and-zero-rightmost-byte */ static const DisasInsn insn_info[] = { From afa26f3bae18992cc9598a2cb1a9a09d2e813f76 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 16 Jun 2017 17:16:24 -0700 Subject: [PATCH 10/15] target/s390x: Mark STFLE_49 facility as available This facility bit includes execution-hint, load-and-trap, miscellaneous-instruction-extensions and processor-assist. Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/cpu_models.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index c55823ba74..d4fcddb1d3 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -687,6 +687,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm) S390_FEAT_EXECUTE_EXT, S390_FEAT_FLOATING_POINT_SUPPPORT_ENH, S390_FEAT_STFLE_45, + S390_FEAT_STFLE_49, S390_FEAT_STFLE_53, }; int i; From 3c39c800bf8fb22222372f9ae84423f966f6da98 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 16 Jun 2017 17:37:59 -0700 Subject: [PATCH 11/15] target/s390x: Finish implementing ETF2-ENH Missed the proper alignment in TRTO/TRTT, and ignoring the M3 field for all TRXX insns without ETF2-ENH. Reviewed-by: Aurelien Jarno Signed-off-by: Richard Henderson --- target/s390x/mem_helper.c | 11 ++++++++++- target/s390x/translate.c | 5 +++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 6125725451..a0a805cd1b 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -1265,13 +1265,22 @@ uint32_t HELPER(trXX)(CPUS390XState *env, uint32_t r1, uint32_t r2, uintptr_t ra = GETPC(); int dsize = (sizes & 1) ? 1 : 2; int ssize = (sizes & 2) ? 1 : 2; - uint64_t tbl = get_address(env, 1) & ~7; + uint64_t tbl = get_address(env, 1); uint64_t dst = get_address(env, r1); uint64_t len = get_length(env, r1 + 1); uint64_t src = get_address(env, r2); uint32_t cc = 3; int i; + /* The lower address bits of TBL are ignored. For TROO, TROT, it's + the low 3 bits (double-word aligned). For TRTO, TRTT, it's either + the low 12 bits (4K, without ETF2-ENH) or 3 bits (with ETF2-ENH). */ + if (ssize == 2 && !s390_has_feat(S390_FEAT_ETF2_ENH)) { + tbl &= -4096; + } else { + tbl &= -8; + } + check_alignment(env, len, ssize, ra); /* Lest we fail to service interrupts in a timely manner, */ diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 72af76df27..a3414c0616 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -4356,8 +4356,9 @@ static ExitStatus op_trXX(DisasContext *s, DisasOps *o) TCGv_i32 tst = tcg_temp_new_i32(); int m3 = get_field(s->fields, m3); - /* XXX: the C bit in M3 should be considered as 0 when the - ETF2-enhancement facility is not installed. */ + if (!s390_has_feat(S390_FEAT_ETF2_ENH)) { + m3 = 0; + } if (m3 & 1) { tcg_gen_movi_i32(tst, -1); } else { From 159fed45db25c0c82f3833509502c8242a65c097 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Sun, 18 Jun 2017 21:11:48 -0700 Subject: [PATCH 12/15] target/s390x: Clean up TB flag bits MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Most of the PSW bits that were being copied into TB->flags are not relevant to translation. Removing those that are unnecessary reduces the amount of translation required. Reviewed-by: Aurelien Jarno Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson --- target/s390x/cpu.h | 24 +++++++++--------------- target/s390x/translate.c | 16 ++++++++-------- 2 files changed, 17 insertions(+), 23 deletions(-) diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h index 5b94ace42c..9faca04b52 100644 --- a/target/s390x/cpu.h +++ b/target/s390x/cpu.h @@ -346,19 +346,14 @@ void s390x_cpu_debug_excp_handler(CPUState *cs); /* tb flags */ -#define FLAG_MASK_PER (PSW_MASK_PER >> 32) -#define FLAG_MASK_DAT (PSW_MASK_DAT >> 32) -#define FLAG_MASK_IO (PSW_MASK_IO >> 32) -#define FLAG_MASK_EXT (PSW_MASK_EXT >> 32) -#define FLAG_MASK_KEY (PSW_MASK_KEY >> 32) -#define FLAG_MASK_MCHECK (PSW_MASK_MCHECK >> 32) -#define FLAG_MASK_WAIT (PSW_MASK_WAIT >> 32) -#define FLAG_MASK_PSTATE (PSW_MASK_PSTATE >> 32) -#define FLAG_MASK_ASC (PSW_MASK_ASC >> 32) -#define FLAG_MASK_CC (PSW_MASK_CC >> 32) -#define FLAG_MASK_PM (PSW_MASK_PM >> 32) -#define FLAG_MASK_64 (PSW_MASK_64 >> 32) -#define FLAG_MASK_32 0x00001000 +#define FLAG_MASK_PSW_SHIFT 31 +#define FLAG_MASK_PER (PSW_MASK_PER >> FLAG_MASK_PSW_SHIFT) +#define FLAG_MASK_PSTATE (PSW_MASK_PSTATE >> FLAG_MASK_PSW_SHIFT) +#define FLAG_MASK_ASC (PSW_MASK_ASC >> FLAG_MASK_PSW_SHIFT) +#define FLAG_MASK_64 (PSW_MASK_64 >> FLAG_MASK_PSW_SHIFT) +#define FLAG_MASK_32 (PSW_MASK_32 >> FLAG_MASK_PSW_SHIFT) +#define FLAG_MASK_PSW (FLAG_MASK_PER | FLAG_MASK_PSTATE \ + | FLAG_MASK_ASC | FLAG_MASK_64 | FLAG_MASK_32) /* Control register 0 bits */ #define CR0_LOWPROT 0x0000000010000000ULL @@ -416,8 +411,7 @@ static inline void cpu_get_tb_cpu_state(CPUS390XState* env, target_ulong *pc, { *pc = env->psw.addr; *cs_base = env->ex_value; - *flags = ((env->psw.mask >> 32) & ~FLAG_MASK_CC) | - ((env->psw.mask & PSW_MASK_32) ? FLAG_MASK_32 : 0); + *flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW; } #define MAX_ILEN 6 diff --git a/target/s390x/translate.c b/target/s390x/translate.c index a3414c0616..df3fefab97 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -323,11 +323,11 @@ static inline uint64_t ld_code4(CPUS390XState *env, uint64_t pc) static int get_mem_index(DisasContext *s) { switch (s->tb->flags & FLAG_MASK_ASC) { - case PSW_ASC_PRIMARY >> 32: + case PSW_ASC_PRIMARY >> FLAG_MASK_PSW_SHIFT: return 0; - case PSW_ASC_SECONDARY >> 32: + case PSW_ASC_SECONDARY >> FLAG_MASK_PSW_SHIFT: return 1; - case PSW_ASC_HOME >> 32: + case PSW_ASC_HOME >> FLAG_MASK_PSW_SHIFT: return 2; default: tcg_abort(); @@ -387,7 +387,7 @@ static inline void gen_trap(DisasContext *s) #ifndef CONFIG_USER_ONLY static void check_privileged(DisasContext *s) { - if (s->tb->flags & (PSW_MASK_PSTATE >> 32)) { + if (s->tb->flags & FLAG_MASK_PSTATE) { gen_program_exception(s, PGM_PRIVILEGED); } } @@ -2932,20 +2932,20 @@ static ExitStatus op_mov2e(DisasContext *s, DisasOps *o) o->g_in2 = false; switch (s->tb->flags & FLAG_MASK_ASC) { - case PSW_ASC_PRIMARY >> 32: + case PSW_ASC_PRIMARY >> FLAG_MASK_PSW_SHIFT: tcg_gen_movi_i64(ar1, 0); break; - case PSW_ASC_ACCREG >> 32: + case PSW_ASC_ACCREG >> FLAG_MASK_PSW_SHIFT: tcg_gen_movi_i64(ar1, 1); break; - case PSW_ASC_SECONDARY >> 32: + case PSW_ASC_SECONDARY >> FLAG_MASK_PSW_SHIFT: if (b2) { tcg_gen_ld32u_i64(ar1, cpu_env, offsetof(CPUS390XState, aregs[b2])); } else { tcg_gen_movi_i64(ar1, 0); } break; - case PSW_ASC_HOME >> 32: + case PSW_ASC_HOME >> FLAG_MASK_PSW_SHIFT: tcg_gen_movi_i64(ar1, 2); break; } From faf1c63d34861734895521277153c6c0e72b395c Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Thu, 22 Jun 2017 11:41:49 +0200 Subject: [PATCH 13/15] target/s390x: Indicate and check for local tlb clearing Let's allow to enable it for the qemu cpu model and correctly emulate it. Signed-off-by: David Hildenbrand Message-Id: <20170622094151.28633-2-david@redhat.com> Signed-off-by: Richard Henderson --- target/s390x/cpu_models.c | 1 + target/s390x/mem_helper.c | 2 -- target/s390x/translate.c | 6 +++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index d4fcddb1d3..51b17b98f3 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -688,6 +688,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm) S390_FEAT_FLOATING_POINT_SUPPPORT_ENH, S390_FEAT_STFLE_45, S390_FEAT_STFLE_49, + S390_FEAT_LOCAL_TLB_CLEARING, S390_FEAT_STFLE_53, }; int i; diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index a0a805cd1b..182c46f6b5 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -1629,8 +1629,6 @@ void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr, /* XXX we exploit the fact that Linux passes the exact virtual address here - it's not obliged to! */ - /* XXX: the LC bit should be considered as 0 if the local-TLB-clearing - facility is not installed. */ if (m4 & 1) { tlb_flush_page(cs, page); } else { diff --git a/target/s390x/translate.c b/target/s390x/translate.c index df3fefab97..1db5f2d5b9 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -2385,7 +2385,11 @@ static ExitStatus op_ipte(DisasContext *s, DisasOps *o) TCGv_i32 m4; check_privileged(s); - m4 = tcg_const_i32(get_field(s->fields, m4)); + if (s390_has_feat(S390_FEAT_LOCAL_TLB_CLEARING)) { + m4 = tcg_const_i32(get_field(s->fields, m4)); + } else { + m4 = tcg_const_i32(0); + } gen_helper_ipte(cpu_env, o->in1, o->in2, m4); tcg_temp_free_i32(m4); return NO_EXIT; From 97b95aae3bc47eccb06c522a5945a8566b64cc86 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Thu, 22 Jun 2017 11:41:50 +0200 Subject: [PATCH 14/15] target/s390x: Improve heuristic for ipte If only the page index is set, most likely we don't have a valid virtual address. Let's do a full tlb flush for that case. Signed-off-by: David Hildenbrand Message-Id: <20170622094151.28633-3-david@redhat.com> Signed-off-by: Richard Henderson --- target/s390x/mem_helper.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 182c46f6b5..20cef9a3e5 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -1630,16 +1630,23 @@ void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr, /* XXX we exploit the fact that Linux passes the exact virtual address here - it's not obliged to! */ if (m4 & 1) { - tlb_flush_page(cs, page); + if (vaddr & ~VADDR_PX) { + tlb_flush_page(cs, page); + /* XXX 31-bit hack */ + tlb_flush_page(cs, page ^ 0x80000000); + } else { + /* looks like we don't have a valid virtual address */ + tlb_flush(cs); + } } else { - tlb_flush_page_all_cpus_synced(cs, page); - } - - /* XXX 31-bit hack */ - if (m4 & 1) { - tlb_flush_page(cs, page ^ 0x80000000); - } else { - tlb_flush_page_all_cpus_synced(cs, page ^ 0x80000000); + if (vaddr & ~VADDR_PX) { + tlb_flush_page_all_cpus_synced(cs, page); + /* XXX 31-bit hack */ + tlb_flush_page_all_cpus_synced(cs, page ^ 0x80000000); + } else { + /* looks like we don't have a valid virtual address */ + tlb_flush_all_cpus_synced(cs); + } } } From be7f28de5d7f635647d7991ace96c54d9f724be4 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Thu, 22 Jun 2017 11:41:51 +0200 Subject: [PATCH 15/15] target/s390x: Implement idte instruction Let's keep it very simple for now and flush the complete tlb, we currently can't find the right entries in our tlb, we would have to store the used tables for each element. As we now fully implement the DAT-enhancement facility, we can allow to enable it for the qemu CPU model. Signed-off-by: David Hildenbrand Message-Id: <20170622094151.28633-4-david@redhat.com> Signed-off-by: Richard Henderson --- target/s390x/cpu_models.c | 1 + target/s390x/helper.h | 1 + target/s390x/insn-data.def | 2 ++ target/s390x/mem_helper.c | 51 ++++++++++++++++++++++++++++++++++++++ target/s390x/translate.c | 15 +++++++++++ 5 files changed, 70 insertions(+) diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c index 51b17b98f3..63903c2d6f 100644 --- a/target/s390x/cpu_models.c +++ b/target/s390x/cpu_models.c @@ -675,6 +675,7 @@ static void check_compatibility(const S390CPUModel *max_model, static void add_qemu_cpu_model_features(S390FeatBitmap fbm) { static const int feats[] = { + S390_FEAT_DAT_ENH, S390_FEAT_STFLE, S390_FEAT_EXTENDED_IMMEDIATE, S390_FEAT_EXTENDED_TRANSLATION_2, diff --git a/target/s390x/helper.h b/target/s390x/helper.h index b268367e92..964097b2ce 100644 --- a/target/s390x/helper.h +++ b/target/s390x/helper.h @@ -131,6 +131,7 @@ DEF_HELPER_4(mvcs, i32, env, i64, i64, i64) DEF_HELPER_4(mvcp, i32, env, i64, i64, i64) DEF_HELPER_4(sigp, i32, env, i64, i32, i64) DEF_HELPER_FLAGS_2(sacf, TCG_CALL_NO_WG, void, env, i64) +DEF_HELPER_FLAGS_4(idte, TCG_CALL_NO_RWG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_4(ipte, TCG_CALL_NO_RWG, void, env, i64, i64, i32) DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env) DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env) diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def index 5ba7822f27..d3bb8516ed 100644 --- a/target/s390x/insn-data.def +++ b/target/s390x/insn-data.def @@ -928,6 +928,8 @@ C(0x8300, DIAG, RSI, Z, 0, 0, 0, 0, diag, 0) /* INSERT STORAGE KEY EXTENDED */ C(0xb229, ISKE, RRE, Z, 0, r2_o, new, r1_8, iske, 0) +/* INVALIDATE DAT TABLE ENTRY */ + C(0xb98e, IPDE, RRF_b, Z, r1_o, r2_o, 0, 0, idte, 0) /* INVALIDATE PAGE TABLE ENTRY */ C(0xb221, IPTE, RRF_a, Z, r1_o, r2_o, 0, 0, ipte, 0) /* LOAD CONTROL */ diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 20cef9a3e5..ede84711d1 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -1610,6 +1610,57 @@ uint32_t HELPER(mvcp)(CPUS390XState *env, uint64_t l, uint64_t a1, uint64_t a2) return cc; } +void HELPER(idte)(CPUS390XState *env, uint64_t r1, uint64_t r2, uint32_t m4) +{ + CPUState *cs = CPU(s390_env_get_cpu(env)); + const uintptr_t ra = GETPC(); + uint64_t table, entry, raddr; + uint16_t entries, i, index = 0; + + if (r2 & 0xff000) { + cpu_restore_state(cs, ra); + program_interrupt(env, PGM_SPECIFICATION, 4); + } + + if (!(r2 & 0x800)) { + /* invalidation-and-clearing operation */ + table = r1 & _ASCE_ORIGIN; + entries = (r2 & 0x7ff) + 1; + + switch (r1 & _ASCE_TYPE_MASK) { + case _ASCE_TYPE_REGION1: + index = (r2 >> 53) & 0x7ff; + break; + case _ASCE_TYPE_REGION2: + index = (r2 >> 42) & 0x7ff; + break; + case _ASCE_TYPE_REGION3: + index = (r2 >> 31) & 0x7ff; + break; + case _ASCE_TYPE_SEGMENT: + index = (r2 >> 20) & 0x7ff; + break; + } + for (i = 0; i < entries; i++) { + /* addresses are not wrapped in 24/31bit mode but table index is */ + raddr = table + ((index + i) & 0x7ff) * sizeof(entry); + entry = ldq_phys(cs->as, raddr); + if (!(entry & _REGION_ENTRY_INV)) { + /* we are allowed to not store if already invalid */ + entry |= _REGION_ENTRY_INV; + stq_phys(cs->as, raddr, entry); + } + } + } + + /* We simply flush the complete tlb, therefore we can ignore r3. */ + if (m4 & 1) { + tlb_flush(cs); + } else { + tlb_flush_all_cpus_synced(cs); + } +} + /* invalidate pte */ void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr, uint32_t m4) diff --git a/target/s390x/translate.c b/target/s390x/translate.c index 1db5f2d5b9..592d6b0f38 100644 --- a/target/s390x/translate.c +++ b/target/s390x/translate.c @@ -2380,6 +2380,21 @@ static ExitStatus op_ipm(DisasContext *s, DisasOps *o) } #ifndef CONFIG_USER_ONLY +static ExitStatus op_idte(DisasContext *s, DisasOps *o) +{ + TCGv_i32 m4; + + check_privileged(s); + if (s390_has_feat(S390_FEAT_LOCAL_TLB_CLEARING)) { + m4 = tcg_const_i32(get_field(s->fields, m4)); + } else { + m4 = tcg_const_i32(0); + } + gen_helper_idte(cpu_env, o->in1, o->in2, m4); + tcg_temp_free_i32(m4); + return NO_EXIT; +} + static ExitStatus op_ipte(DisasContext *s, DisasOps *o) { TCGv_i32 m4;