While openrisc has a split i/d tlb, qemu does not. Perform a
lookup on both i & d tlbs in parallel and put the composite
rights into qemu's tlb. This avoids ping-ponging the qemu tlb
between EXEC and READ.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
The architecture supports 128 TLB entries. There is no reason
not to provide all of them. In the process we need to fix a
bug that failed to parameterize the configuration register that
tells the operating system the number of entries.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
---
v2:
- Change VMState version.
The sizes are already the same, however, we can improve things
if they are identical by design.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
The code in cpu_mmu_index does not properly honor SR_DME.
This bug has workarounds elsewhere in that we flush the
tlb more often than necessary, on the state changes that
should be reflected in a change of mmu_index.
Fixing this means that we can respect the mmu_index that
is given to tlb_flush.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
The previous code was confused, avoiding the flush of the old entry
if the new entry is invalid. We need to flush the old page if the
old entry is valid and the new page if the new entry is valid.
This bug was masked by over-flushing elsewhere.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
While we had defines for *_WAYS, we didn't define more than 1.
Reduce the complexity by eliminating this unused dimension.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
There is no reason to use an indirect branch instead
of simply testing the SR bits that control mmu state.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
There is no reason to allocate this separately. This was probably
copied from target/mips which makes the same mistake.
While doing so, move tlb into the clear-on-reset range. While not
all of the TLB bits are guaranteed zero on reset, all of the valid
bits are cleared, and the rest of the bits are unspecified.
Therefore clearing the whole of the TLB is correct.
Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Rather than pass base+offset to the helper, pass the full index.
In most cases the base is r0 and optimization yields a constant.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
A store to SR changes interrupt state, which should return
to the main loop to recognize that state.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Track direct jumps via dc->jmp_pc_imm. Use that in
preference to jmp_pc when possible. Emit goto_tb in
that case, and lookup_and_goto_tb otherwise.
Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
We failed to store to cpu_pc before raising the exception,
which caused us to re-execute the same insn that we stepped.
Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
No need to use the interrupt mechanisms when we can
simply exit the tb directly.
Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Rather than emit disassembly while translating, reuse the
generated decoder to build a separate disassembler.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Missing break when this feature was added in 89e71e873d
("target/openrisc: implement shadow registers"). This was causing
strange issues as we get writes into the translation block jump cache
and other bits of state.
Fixes: 89e71e873d ("target/openrisc: implement shadow registers")
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Do the cast to uintptr_t within the helper, so that the compiler
can type check the pointer argument. We can also do some more
sanity checking of the index argument.
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The architecture manual is unclear about this, but the or1ksim
does writeback before the exception. This requires splitting
the helpers in half, with the exception raised by the second.
Acked-by: Stafford Horne <shorne@gmail.com>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <rth@twiddle.net>
Notes:
- Changed the num_insns test in insn_start to check for
dc->base.num_insns > 1, since when tb_start is first
called in a TB, base.num_insns is already set to 1.
- Removed DISAS_NEXT from the switch in tb_stop; use
DISAS_TOO_MANY instead.
- Added an assert_not_reached on tb_stop for DISAS_NEXT
and the default case.
- Merged the two separate log_target_disas calls into the
disas_log op.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Stafford Horne <shorne@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
In icount mode, instructions that access io memory spaces in the middle
of the translation block invoke TB recompilation. After recompilation,
such instructions become last in the TB and are allowed to access io
memory spaces.
When the code includes instruction like i386 'xchg eax, 0xffffd080'
which accesses APIC, QEMU goes into an infinite loop of the recompilation.
This instruction includes two memory accesses - one read and one write.
After the first access, APIC calls cpu_report_tpr_access, which restores
the CPU state to get the current eip. But cpu_restore_state_from_tb
resets the cpu->can_do_io flag which makes the second memory access invalid.
Therefore the second memory access causes a recompilation of the block.
Then these operations repeat again and again.
This patch moves resetting cpu->can_do_io flag from
cpu_restore_state_from_tb to cpu_loop_exit* functions.
It also adds a parameter for cpu_restore_state which controls restoring
icount. There is no need to restore icount when we only query CPU state
without breaking the TB. Restoring it in such cases leads to the
incorrect flow of the virtual time.
In most cases new parameter is true (icount should be recalculated).
But there are two cases in i386 and openrisc when the CPU state is only
queried without the need to break the TB. This patch fixes both of
these cases.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
Message-Id: <20180409091320.12504.35329.stgit@pasha-VirtualBox>
[rth: Make can_do_io setting unconditional; move from cpu_exec;
make cpu_loop_exit_{noexc,restore} call cpu_loop_exit.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
As cpu.h is another typically widely included file which doesn't need
full access to the softfloat API we can remove the includes from here
as well. Where they do need types it's typically for float_status and
the rounding modes so we move that to softfloat-types.h as well.
As a result of not having softfloat in every cpu.h call we now need to
add it to various helpers that do need the full softfloat.h
definitions.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
[For PPC parts]
Acked-by: David Gibson <david@gibson.dropbear.id.au>
The MC68040 MMU provides the size of the access that
triggers the page fault.
This size is set in the Special Status Word which
is written in the stack frame of the access fault
exception.
So we need the size in m68k_cpu_unassigned_access() and
m68k_cpu_handle_mmu_fault().
To be able to do that, this patch modifies the prototype of
handle_mmu_fault handler, tlb_fill() and probe_write().
do_unassigned_access() already includes a size parameter.
This patch also updates handle_mmu_fault handlers and
tlb_fill() of all targets (only parameter, no code change).
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20180118193846.24953-2-laurent@vivier.eu>
cpu_restore_state officially supports being passed an address it can't
resolve the state for. As a result the checks in the helpers are
superfluous and can be removed. This makes the code consistent with
other users of cpu_restore_state.
Of course this does nothing to address what to do if cpu_restore_state
can't resolve the state but so far it seems this is handled elsewhere.
The change was made with included coccinelle script.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[rth: Fixed up comment indentation. Added second hunk to script to
combine cpu_restore_state and cpu_loop_exit.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
x86/cpu/numa queue, 2017-10-27
# gpg: Signature made Fri 27 Oct 2017 15:17:12 BST
# gpg: using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6
* remotes/ehabkost/tags/x86-and-machine-pull-request: (39 commits)
x86: Skip check apic_id_limit for Xen
numa: fixup parsed NumaNodeOptions earlier
mips: r4k: replace cpu_model with cpu_type
mips: mipssim: replace cpu_model with cpu_type
mips: Magnum/Acer Pica 61: replace cpu_model with cpu_type
mips: fulong2e: replace cpu_model with cpu_type
mips: malta/boston: replace cpu_model with cpu_type
mips: use object_new() instead of gnew()+object_initialize()
sparc: leon3: use generic cpu_model parsing
sparc: sparc: use generic cpu_model parsing
sparc: sun4u/sun4v/niagara: use generic cpu_model parsing
sparc: cleanup cpu type name composition
tricore: use generic cpu_model parsing
tricore: cleanup cpu type name composition
unicore32: use generic cpu_model parsing
unicore32: cleanup cpu type name composition
xtensa: lx60/lx200/ml605/kc705: use generic cpu_model parsing
xtensa: sim: use generic cpu_model parsing
xtensa: cleanup cpu type name composition
sh4: remove SuperHCPUClass::name field
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
