The following changes since commit 813bac3d8d70d85cb7835f7945eb9eed84c2d8d0:

Merge tag '2023q3-bsd-user-pull-request' of https://gitlab.com/bsdimp/qemu into staging (2023-08-29 08:58:00 -0400)

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230829

for you to fetch changes up to dad2f2f5afbaf58d6056f31dfd4b9edd0854b8ab:

tcg/sparc64: Disable TCG_TARGET_HAS_extr_i64_i32 (2023-08-29 09:57:39 -0700)

softmmu: Use async_run_on_cpu in tcg_commit

tcg: Remove vecop_list check from tcg_gen_not_vec

tcg/sparc64: Disable TCG_TARGET_HAS_extr_i64_i32

Richard Henderson (4):

softmmu: Assert data in bounds in iotlb_to_section

softmmu: Use async_run_on_cpu in tcg_commit

tcg: Remove vecop_list check from tcg_gen_not_vec

tcg/sparc64: Disable TCG_TARGET_HAS_extr_i64_i32

include/exec/cpu-common.h | 1 -

tcg/sparc64/tcg-target.h | 2 +-

accel/tcg/cpu-exec-common.c | 30 --------------------------

softmmu/physmem.c | 50 ++++++++++++++++++++++++++++++++------------

tcg/tcg-op-vec.c | 7 +++----

tcg/sparc64/tcg-target.c.inc | 11 ----------

6 files changed, 41 insertions(+), 60 deletions(-)

Acked-by: Alex Bennée <alex.bennee@linaro.org>

Suggested-by: Alex Bennée <alex.bennee@linaro.org>

softmmu/physmem.c | 10 ++++++++--

1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/softmmu/physmem.c b/softmmu/physmem.c

--- a/softmmu/physmem.c

+++ b/softmmu/physmem.c

@@ -XXX,XX +XXX,XX @@ MemoryRegionSection *iotlb_to_section(CPUState *cpu,

int asidx = cpu_asidx_from_attrs(cpu, attrs);

CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];

AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch);

- MemoryRegionSection *sections = d->map.sections;

+ int section_index = index & ~TARGET_PAGE_MASK;

+ MemoryRegionSection *ret;

- return &sections[index & ~TARGET_PAGE_MASK];

+ assert(section_index < d->map.sections_nb);

+ ret = d->map.sections + section_index;

+ assert(ret->mr);

+ assert(ret->mr->ops);

static void io_mem_init(void)

2.34.1

After system startup, run the update to memory_dispatch

and the tlb_flush on the cpu. This eliminates a race,

wherein a running cpu sees the memory_dispatch change

but has not yet seen the tlb_flush.

Since the update now happens on the cpu, we need not use

qatomic_rcu_read to protect the read of memory_dispatch.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1826

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1834

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1846

include/exec/cpu-common.h | 1 -

accel/tcg/cpu-exec-common.c | 30 ----------------------------

softmmu/physmem.c | 40 +++++++++++++++++++++++++++----------

3 files changed, 29 insertions(+), 42 deletions(-)

diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h

--- a/include/exec/cpu-common.h

+++ b/include/exec/cpu-common.h

@@ -XXX,XX +XXX,XX @@ static inline void cpu_physical_memory_write(hwaddr addr,

cpu_physical_memory_rw(addr, (void *)buf, len, true);

}

-void cpu_reloading_memory_map(void);

void *cpu_physical_memory_map(hwaddr addr,

hwaddr *plen,

bool is_write);

diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c

index XXXXXXX..XXXXXXX 100644

--- a/accel/tcg/cpu-exec-common.c

+++ b/accel/tcg/cpu-exec-common.c

@@ -XXX,XX +XXX,XX @@ void cpu_loop_exit_noexc(CPUState *cpu)

cpu_loop_exit(cpu);

}

-#if defined(CONFIG_SOFTMMU)

-void cpu_reloading_memory_map(void)

-{

- if (qemu_in_vcpu_thread() && current_cpu->running) {

- /* The guest can in theory prolong the RCU critical section as long

- * as it feels like. The major problem with this is that because it

- * can do multiple reconfigurations of the memory map within the

- * critical section, we could potentially accumulate an unbounded

- * collection of memory data structures awaiting reclamation.

- *

- * Because the only thing we're currently protecting with RCU is the

- * memory data structures, it's sufficient to break the critical section

- * in this callback, which we know will get called every time the

- * memory map is rearranged.

- *

- * (If we add anything else in the system that uses RCU to protect

- * its data structures, we will need to implement some other mechanism

- * to force TCG CPUs to exit the critical section, at which point this

- * part of this callback might become unnecessary.)

- *

- * This pair matches cpu_exec's rcu_read_lock()/rcu_read_unlock(), which

- * only protects cpu->as->dispatch. Since we know our caller is about

- * to reload it, it's safe to split the critical section.

- */

- rcu_read_unlock();

- rcu_read_lock();

- }

-}

-

void cpu_loop_exit(CPUState *cpu)

{

/* Undo the setting in cpu_tb_exec. */

diff --git a/softmmu/physmem.c b/softmmu/physmem.c

index XXXXXXX..XXXXXXX 100644

--- a/softmmu/physmem.c

+++ b/softmmu/physmem.c

@@ -XXX,XX +XXX,XX @@ address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr orig_addr,

IOMMUTLBEntry iotlb;

int iommu_idx;

hwaddr addr = orig_addr;

- AddressSpaceDispatch *d =

- qatomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);

+ AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;

for (;;) {

section = address_space_translate_internal(d, addr, &addr, plen, false);

@@ -XXX,XX +XXX,XX @@ MemoryRegionSection *iotlb_to_section(CPUState *cpu,

{

int asidx = cpu_asidx_from_attrs(cpu, attrs);

CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];

- AddressSpaceDispatch *d = qatomic_rcu_read(&cpuas->memory_dispatch);

+ AddressSpaceDispatch *d = cpuas->memory_dispatch;

int section_index = index & ~TARGET_PAGE_MASK;

MemoryRegionSection *ret;

@@ -XXX,XX +XXX,XX @@ static void tcg_log_global_after_sync(MemoryListener *listener)

}

+static void tcg_commit_cpu(CPUState *cpu, run_on_cpu_data data)

+{

+ CPUAddressSpace *cpuas = data.host_ptr;

+

+ cpuas->memory_dispatch = address_space_to_dispatch(cpuas->as);

+ tlb_flush(cpu);

+}

+

static void tcg_commit(MemoryListener *listener)

CPUAddressSpace *cpuas;

- AddressSpaceDispatch *d;

+ CPUState *cpu;

assert(tcg_enabled());

/* since each CPU stores ram addresses in its TLB cache, we must

reset the modified entries */

cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);

- cpu_reloading_memory_map();

- /* The CPU and TLB are protected by the iothread lock.

- * We reload the dispatch pointer now because cpu_reloading_memory_map()

- * may have split the RCU critical section.

+ cpu = cpuas->cpu;

+

+ /*

+ * Defer changes to as->memory_dispatch until the cpu is quiescent.

+ * Otherwise we race between (1) other cpu threads and (2) ongoing

+ * i/o for the current cpu thread, with data cached by mmu_lookup().

+ *

+ * In addition, queueing the work function will kick the cpu back to

+ * the main loop, which will end the RCU critical section and reclaim

+ * the memory data structures.

+ *

+ * That said, the listener is also called during realize, before

+ * all of the tcg machinery for run-on is initialized: thus halt_cond.

*/

- d = address_space_to_dispatch(cpuas->as);

- qatomic_rcu_set(&cpuas->memory_dispatch, d);

- tlb_flush(cpuas->cpu);

+ if (cpu->halt_cond) {

+ async_run_on_cpu(cpu, tcg_commit_cpu, RUN_ON_CPU_HOST_PTR(cpuas));

+ } else {

+ tcg_commit_cpu(cpu, RUN_ON_CPU_HOST_PTR(cpuas));

+ }

static void memory_map_init(void)

2.34.1

The not pattern is always available via generic expansion.

See debug block in tcg_can_emit_vecop_list.

Fixes: 11978f6f58 ("tcg: Fix expansion of INDEX_op_not_vec")

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

tcg/tcg-op-vec.c | 7 +++----

1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tcg/tcg-op-vec.c b/tcg/tcg-op-vec.c

--- a/tcg/tcg-op-vec.c

+++ b/tcg/tcg-op-vec.c

@@ -XXX,XX +XXX,XX @@ static bool do_op2(unsigned vece, TCGv_vec r, TCGv_vec a, TCGOpcode opc)

void tcg_gen_not_vec(unsigned vece, TCGv_vec r, TCGv_vec a)

- const TCGOpcode *hold_list = tcg_swap_vecop_list(NULL);

-

- if (!TCG_TARGET_HAS_not_vec || !do_op2(vece, r, a, INDEX_op_not_vec)) {

+ if (TCG_TARGET_HAS_not_vec) {

+ vec_gen_op2(INDEX_op_not_vec, 0, r, a);

+ } else {

tcg_gen_xor_vec(0, r, a, tcg_constant_vec_matching(r, 0, -1));

}

- tcg_swap_vecop_list(hold_list);

2.34.1

Since a59a29312660 ("tcg/sparc64: Remove sparc32plus constraints")

we no longer distinguish registers with 32 vs 64 bits.

Therefore we can remove support for the backend-specific

type change opcodes.

tcg/sparc64/tcg-target.h | 2 +-

tcg/sparc64/tcg-target.c.inc | 11 -----------

2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/tcg/sparc64/tcg-target.h b/tcg/sparc64/tcg-target.h

--- a/tcg/sparc64/tcg-target.h

+++ b/tcg/sparc64/tcg-target.h

@@ -XXX,XX +XXX,XX @@ extern bool use_vis3_instructions;

#define TCG_TARGET_HAS_mulsh_i32 0

#define TCG_TARGET_HAS_qemu_st8_i32 0

-#define TCG_TARGET_HAS_extr_i64_i32 1

+#define TCG_TARGET_HAS_extr_i64_i32 0

#define TCG_TARGET_HAS_div_i64 1

#define TCG_TARGET_HAS_rem_i64 0

#define TCG_TARGET_HAS_rot_i64 0

diff --git a/tcg/sparc64/tcg-target.c.inc b/tcg/sparc64/tcg-target.c.inc

index XXXXXXX..XXXXXXX 100644

--- a/tcg/sparc64/tcg-target.c.inc

+++ b/tcg/sparc64/tcg-target.c.inc

@@ -XXX,XX +XXX,XX @@ static void tcg_out_extu_i32_i64(TCGContext *s, TCGReg rd, TCGReg rs)

tcg_out_ext32u(s, rd, rs);

-static void tcg_out_extrl_i64_i32(TCGContext *s, TCGReg rd, TCGReg rs)

-{

- tcg_out_mov(s, TCG_TYPE_I32, rd, rs);

-}

-

static bool tcg_out_xchg(TCGContext *s, TCGType type, TCGReg r1, TCGReg r2)

{

return false;

@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,

case INDEX_op_divu_i64:

c = ARITH_UDIVX;

goto gen_arith;

- case INDEX_op_extrh_i64_i32:

- tcg_out_arithi(s, a0, a1, 32, SHIFT_SRLX);

- break;

case INDEX_op_brcond_i64:

tcg_out_brcond_i64(s, a2, a0, a1, const_args[1], arg_label(args[3]));

@@ -XXX,XX +XXX,XX @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc,

case INDEX_op_ext32u_i64:

case INDEX_op_ext_i32_i64:

case INDEX_op_extu_i32_i64:

- case INDEX_op_extrl_i64_i32:

default:

g_assert_not_reached();

}

@@ -XXX,XX +XXX,XX @@ static TCGConstraintSetIndex tcg_target_op_def(TCGOpcode op)

case INDEX_op_ext32u_i64:

case INDEX_op_ext_i32_i64:

case INDEX_op_extu_i32_i64:

- case INDEX_op_extrl_i64_i32:

- case INDEX_op_extrh_i64_i32:

case INDEX_op_qemu_ld_a32_i32:

case INDEX_op_qemu_ld_a64_i32:

case INDEX_op_qemu_ld_a32_i64:

2.34.1