rpms / qemu

Clone
Source Code
GIT

Blame 0322-tcg-arm-fix-TLB-access-in-qemu-ld-st-ops.patch

el4 el5 el6 eln epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main private-bonzini-demo private-bonzini-demo-f20 private-bonzini-el6 private-bonzini-mpath private-bonzini-tcmalloc private-ehabkost-fixing-exclusivearch private-glommer-merge rawhide
  1.   private-bonzini-el6
  2.   0322-tcg-arm-fix-TLB-access-in-qemu-ld-st-ops.patch
Blob History Raw
f375e62 
From 7482be857b0d55189020bef699b65903be9c256a Mon Sep 17 00:00:00 2001
f375e62 
From: Aurelien Jarno <aurelien@aurel32.net>
f375e62 
Date: Tue, 9 Oct 2012 21:53:11 +0200
f375e62 
Subject: [PATCH] tcg/arm: fix TLB access in qemu-ld/st ops
f375e62
f375e62 
The TCG arm backend considers likely that the offset to the TLB
f375e62 
entries does not exceed 12 bits for mem_index = 0. In practice this is
f375e62 
not true for at least the MIPS target.
f375e62
f375e62 
The current patch fixes that by loading the bits 23-12 with a separate
f375e62 
instruction, and using loads with address writeback, independently of
f375e62 
the value of mem_idx. In total this allow a 24-bit offset, which is a
f375e62 
lot more than needed.
f375e62
f375e62 
Cc: Andrzej Zaborowski <balrogg@gmail.com>
f375e62 
Cc: Peter Maydell <peter.maydell@linaro.org>
f375e62 
Cc: qemu-stable@nongnu.org
f375e62 
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
f375e62 
(cherry picked from commit d17bd1d8cc27f8c1a24c65f555a77a661c332b7f)
f375e62
f375e62 
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
f375e62 
---
f375e62 
 tcg/arm/tcg-target.c | 78 ++++++++++++++++++++++++++++------------------------
f375e62 
 1 file changed, 42 insertions(+), 36 deletions(-)
f375e62
f375e62 
diff --git a/tcg/arm/tcg-target.c b/tcg/arm/tcg-target.c
f375e62 
index aed3b53..fbad716 100644
f375e62 
--- a/tcg/arm/tcg-target.c
f375e62 
+++ b/tcg/arm/tcg-target.c
f375e62 
@@ -630,6 +630,22 @@ static inline void tcg_out_ld32_12(TCGContext *s, int cond,
f375e62 
                         (rn << 16) | (rd << 12) | ((-im) & 0xfff));
f375e62 
 }
f375e62
f375e62 
+/* Offset pre-increment with base writeback.  */
f375e62 
+static inline void tcg_out_ld32_12wb(TCGContext *s, int cond,
f375e62 
+                                     int rd, int rn, tcg_target_long im)
f375e62 
+{
f375e62 
+    /* ldr with writeback and both register equals is UNPREDICTABLE */
f375e62 
+    assert(rd != rn);
f375e62 
+
f375e62 
+    if (im >= 0) {
f375e62 
+        tcg_out32(s, (cond << 28) | 0x05b00000 |
f375e62 
+                        (rn << 16) | (rd << 12) | (im & 0xfff));
f375e62 
+    } else {
f375e62 
+        tcg_out32(s, (cond << 28) | 0x05300000 |
f375e62 
+                        (rn << 16) | (rd << 12) | ((-im) & 0xfff));
f375e62 
+    }
f375e62 
+}
f375e62 
+
f375e62 
 static inline void tcg_out_st32_12(TCGContext *s, int cond,
f375e62 
                 int rd, int rn, tcg_target_long im)
f375e62 
 {
f375e62 
@@ -1062,7 +1078,7 @@ static inline void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, int opc)
f375e62 
 {
f375e62 
     int addr_reg, data_reg, data_reg2, bswap;
f375e62 
 #ifdef CONFIG_SOFTMMU
f375e62 
-    int mem_index, s_bits;
f375e62 
+    int mem_index, s_bits, tlb_offset;
f375e62 
     TCGReg argreg;
f375e62 
 # if TARGET_LONG_BITS == 64
f375e62 
     int addr_reg2;
f375e62 
@@ -1102,19 +1118,15 @@ static inline void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, int opc)
f375e62 
                     TCG_REG_R0, TCG_REG_R8, CPU_TLB_SIZE - 1);
f375e62 
     tcg_out_dat_reg(s, COND_AL, ARITH_ADD, TCG_REG_R0, TCG_AREG0,
f375e62 
                     TCG_REG_R0, SHIFT_IMM_LSL(CPU_TLB_ENTRY_BITS));
f375e62 
-    /* In the
f375e62 
-     *  ldr r1 [r0, #(offsetof(CPUArchState, tlb_table[mem_index][0].addr_read))]
f375e62 
-     * below, the offset is likely to exceed 12 bits if mem_index != 0 and
f375e62 
-     * not exceed otherwise, so use an
f375e62 
-     *  add r0, r0, #(mem_index * sizeof *CPUArchState.tlb_table)
f375e62 
-     * before.
f375e62 
-     */
f375e62 
-    if (mem_index)
f375e62 
+    /* We assume that the offset is contained within 20 bits.  */
f375e62 
+    tlb_offset = offsetof(CPUArchState, tlb_table[mem_index][0].addr_read);
f375e62 
+    assert(tlb_offset & ~0xfffff == 0);
f375e62 
+    if (tlb_offset > 0xfff) {
f375e62 
         tcg_out_dat_imm(s, COND_AL, ARITH_ADD, TCG_REG_R0, TCG_REG_R0,
f375e62 
-                        (mem_index << (TLB_SHIFT & 1)) |
f375e62 
-                        ((16 - (TLB_SHIFT >> 1)) << 8));
f375e62 
-    tcg_out_ld32_12(s, COND_AL, TCG_REG_R1, TCG_REG_R0,
f375e62 
-                    offsetof(CPUArchState, tlb_table[0][0].addr_read));
f375e62 
+                        0xa00 | (tlb_offset >> 12));
f375e62 
+        tlb_offset &= 0xfff;
f375e62 
+    }
f375e62 
+    tcg_out_ld32_12wb(s, COND_AL, TCG_REG_R1, TCG_REG_R0, tlb_offset);
f375e62 
     tcg_out_dat_reg(s, COND_AL, ARITH_CMP, 0, TCG_REG_R1,
f375e62 
                     TCG_REG_R8, SHIFT_IMM_LSL(TARGET_PAGE_BITS));
f375e62 
     /* Check alignment.  */
f375e62 
@@ -1122,15 +1134,14 @@ static inline void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, int opc)
f375e62 
         tcg_out_dat_imm(s, COND_EQ, ARITH_TST,
f375e62 
                         0, addr_reg, (1 << s_bits) - 1);
f375e62 
 #  if TARGET_LONG_BITS == 64
f375e62 
-    /* XXX: possibly we could use a block data load or writeback in
f375e62 
-     * the first access.  */
f375e62 
-    tcg_out_ld32_12(s, COND_EQ, TCG_REG_R1, TCG_REG_R0,
f375e62 
-                    offsetof(CPUArchState, tlb_table[0][0].addr_read) + 4);
f375e62 
+    /* XXX: possibly we could use a block data load in the first access.  */
f375e62 
+    tcg_out_ld32_12(s, COND_EQ, TCG_REG_R1, TCG_REG_R0, 4);
f375e62 
     tcg_out_dat_reg(s, COND_EQ, ARITH_CMP, 0,
f375e62 
                     TCG_REG_R1, addr_reg2, SHIFT_IMM_LSL(0));
f375e62 
 #  endif
f375e62 
     tcg_out_ld32_12(s, COND_EQ, TCG_REG_R1, TCG_REG_R0,
f375e62 
-                    offsetof(CPUArchState, tlb_table[0][0].addend));
f375e62 
+                    offsetof(CPUTLBEntry, addend)
f375e62 
+                    - offsetof(CPUTLBEntry, addr_read));
f375e62
f375e62 
     switch (opc) {
f375e62 
     case 0:
f375e62 
@@ -1288,7 +1299,7 @@ static inline void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, int opc)
f375e62 
 {
f375e62 
     int addr_reg, data_reg, data_reg2, bswap;
f375e62 
 #ifdef CONFIG_SOFTMMU
f375e62 
-    int mem_index, s_bits;
f375e62 
+    int mem_index, s_bits, tlb_offset;
f375e62 
     TCGReg argreg;
f375e62 
 # if TARGET_LONG_BITS == 64
f375e62 
     int addr_reg2;
f375e62 
@@ -1325,19 +1336,15 @@ static inline void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, int opc)
f375e62 
                     TCG_REG_R0, TCG_REG_R8, CPU_TLB_SIZE - 1);
f375e62 
     tcg_out_dat_reg(s, COND_AL, ARITH_ADD, TCG_REG_R0,
f375e62 
                     TCG_AREG0, TCG_REG_R0, SHIFT_IMM_LSL(CPU_TLB_ENTRY_BITS));
f375e62 
-    /* In the
f375e62 
-     *  ldr r1 [r0, #(offsetof(CPUArchState, tlb_table[mem_index][0].addr_write))]
f375e62 
-     * below, the offset is likely to exceed 12 bits if mem_index != 0 and
f375e62 
-     * not exceed otherwise, so use an
f375e62 
-     *  add r0, r0, #(mem_index * sizeof *CPUArchState.tlb_table)
f375e62 
-     * before.
f375e62 
-     */
f375e62 
-    if (mem_index)
f375e62 
+    /* We assume that the offset is contained within 20 bits.  */
f375e62 
+    tlb_offset = offsetof(CPUArchState, tlb_table[mem_index][0].addr_write);
f375e62 
+    assert(tlb_offset & ~0xfffff == 0);
f375e62 
+    if (tlb_offset > 0xfff) {
f375e62 
         tcg_out_dat_imm(s, COND_AL, ARITH_ADD, TCG_REG_R0, TCG_REG_R0,
f375e62 
-                        (mem_index << (TLB_SHIFT & 1)) |
f375e62 
-                        ((16 - (TLB_SHIFT >> 1)) << 8));
f375e62 
-    tcg_out_ld32_12(s, COND_AL, TCG_REG_R1, TCG_REG_R0,
f375e62 
-                    offsetof(CPUArchState, tlb_table[0][0].addr_write));
f375e62 
+                        0xa00 | (tlb_offset >> 12));
f375e62 
+        tlb_offset &= 0xfff;
f375e62 
+    }
f375e62 
+    tcg_out_ld32_12wb(s, COND_AL, TCG_REG_R1, TCG_REG_R0, tlb_offset);
f375e62 
     tcg_out_dat_reg(s, COND_AL, ARITH_CMP, 0, TCG_REG_R1,
f375e62 
                     TCG_REG_R8, SHIFT_IMM_LSL(TARGET_PAGE_BITS));
f375e62 
     /* Check alignment.  */
f375e62 
@@ -1345,15 +1352,14 @@ static inline void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, int opc)
f375e62 
         tcg_out_dat_imm(s, COND_EQ, ARITH_TST,
f375e62 
                         0, addr_reg, (1 << s_bits) - 1);
f375e62 
 #  if TARGET_LONG_BITS == 64
f375e62 
-    /* XXX: possibly we could use a block data load or writeback in
f375e62 
-     * the first access.  */
f375e62 
-    tcg_out_ld32_12(s, COND_EQ, TCG_REG_R1, TCG_REG_R0,
f375e62 
-                    offsetof(CPUArchState, tlb_table[0][0].addr_write) + 4);
f375e62 
+    /* XXX: possibly we could use a block data load in the first access.  */
f375e62 
+    tcg_out_ld32_12(s, COND_EQ, TCG_REG_R1, TCG_REG_R0, 4);
f375e62 
     tcg_out_dat_reg(s, COND_EQ, ARITH_CMP, 0,
f375e62 
                     TCG_REG_R1, addr_reg2, SHIFT_IMM_LSL(0));
f375e62 
 #  endif
f375e62 
     tcg_out_ld32_12(s, COND_EQ, TCG_REG_R1, TCG_REG_R0,
f375e62 
-                    offsetof(CPUArchState, tlb_table[0][0].addend));
f375e62 
+                    offsetof(CPUTLBEntry, addend)
f375e62 
+                    - offsetof(CPUTLBEntry, addr_write));
f375e62
f375e62 
     switch (opc) {
f375e62 
     case 0:
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.