Series comparison

-[PATCH v4 00/48]
+[PATCH v10 0/3]
-Based-on: 20211006172307.780893-1-richard.henderson@linaro.org
+Hi,
 ("[PATCH v4 00/41] linux-user: Streamline handling of SIGSEGV")
-This began with Peter wanting a cpu_ldst.h interface that can handle
+This new version removed the translate_fn() from patch 1 because it
-alignment info for Arm M-profile system mode, which will also compile
+wasn't removing the sign-extension for pentry as we thought it would.
-for user-only without ifdefs.
+A more detailed explanation is given in the commit msg of patch 1.
-Once I had that interface, I thought I might as well enforce the
+We're now retrieving the 'lowaddr' value from load_elf_ram_sym() and
-requested alignment in user-only.  There are plenty of cases where
+using it when we're running a 32-bit CPU. This worked with 32 bit
-we ought to have been doing that for quite a while.  This took rather
+'virt' machine booting with the -kernel option.
 more work than I imagined to start.
-Changes for v4:
+If this approach doesn't work for the Xvisor use case, IMO  we should
-  * Rebase, with some patches now upstream.
+just filter kernel_load_addr bits directly as we were doing a handful of
-  * Rename the core function to cpu_loop_exit_sigbus.
+versions ago.
-Changes for v3:
+Patches are based on current riscv-to-apply.next.
   * Updated tcg/{aarch64,ppc,s390,riscv,tci}.
-Changes for v2:
+Changes from v9:
-  * Cleanup prctl(2), add support for prctl(PR_GET/SET_UNALIGN).
+- patch 1:
-  * Adjustments for ppc and sparc reporting address during alignment fault.
+  - removed the translate_fn() callback
   - return 'kernel_low' when running a 32-bit CPU
 - v9 link: https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg04509.html
+Daniel Henrique Barboza (3):
+  hw/riscv: handle 32 bit CPUs kernel_addr in riscv_load_kernel()
+  hw/riscv/boot.c: consolidate all kernel init in riscv_load_kernel()
+  hw/riscv/boot.c: make riscv_load_initrd() static
-r~
+ hw/riscv/boot.c            | 96 +++++++++++++++++++++++---------------
+ hw/riscv/microchip_pfsoc.c | 12 +----
+ hw/riscv/opentitan.c       |  4 +-
-Richard Henderson (48):
+ hw/riscv/sifive_e.c        |  4 +-
-  hw/core: Add TCGCPUOps.record_sigbus
+ hw/riscv/sifive_u.c        | 12 +----
-  linux-user: Add cpu_loop_exit_sigbus
+ hw/riscv/spike.c           | 14 ++----
-  linux-user/alpha: Remove EXCP_UNALIGN handling
+ hw/riscv/virt.c            | 12 +----
-  target/arm: Implement arm_cpu_record_sigbus
+ include/hw/riscv/boot.h    |  3 +-
-  linux-user/hppa: Remove EXCP_UNALIGN handling
+files changed, 76 insertions(+), 81 deletions(-)
   target/microblaze: Do not set MO_ALIGN for user-only
   target/ppc: Move SPR_DSISR setting to powerpc_excp
   target/ppc: Set fault address in ppc_cpu_do_unaligned_access
   target/ppc: Restrict ppc_cpu_do_unaligned_access to sysemu
   target/s390x: Implement s390x_cpu_record_sigbus
   linux-user/hppa: Remove POWERPC_EXCP_ALIGN handling
   target/sh4: Set fault address in superh_cpu_do_unaligned_access
   target/sparc: Remove DEBUG_UNALIGNED
   target/sparc: Split out build_sfsr
   target/sparc: Set fault address in sparc_cpu_do_unaligned_access
   accel/tcg: Report unaligned atomics for user-only
   target/arm: Use MO_128 for 16 byte atomics
   target/i386: Use MO_128 for 16 byte atomics
   target/ppc: Use MO_128 for 16 byte atomics
   target/s390x: Use MO_128 for 16 byte atomics
   target/hexagon: Implement cpu_mmu_index
   accel/tcg: Add cpu_{ld,st}*_mmu interfaces
   accel/tcg: Move cpu_atomic decls to exec/cpu_ldst.h
   target/mips: Use cpu_*_data_ra for msa load/store
   target/mips: Use 8-byte memory ops for msa load/store
   target/s390x: Use cpu_*_mmu instead of helper_*_mmu
   target/sparc: Use cpu_*_mmu instead of helper_*_mmu
   target/arm: Use cpu_*_mmu instead of helper_*_mmu
   tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
   tcg: Add helper_unaligned_{ld,st} for user-only sigbus
   linux-user: Split out do_prctl and subroutines
   linux-user: Disable more prctl subcodes
   Revert "cpu: Move cpu_common_props to hw/core/cpu.c"
   linux-user: Add code for PR_GET/SET_UNALIGN
   target/alpha: Reorg fp memory operations
   target/alpha: Reorg integer memory operations
   target/alpha: Implement prctl_unalign_sigbus
   target/hppa: Implement prctl_unalign_sigbus
   target/sh4: Implement prctl_unalign_sigbus
   linux-user/signal: Handle BUS_ADRALN in host_signal_handler
   tcg: Canonicalize alignment flags in MemOp
   tcg/i386: Support raising sigbus for user-only
   tcg/aarch64: Support raising sigbus for user-only
   tcg/ppc: Support raising sigbus for user-only
   tcg/s390: Support raising sigbus for user-only
   tcg/tci: Support raising sigbus for user-only
   tcg/riscv: Support raising sigbus for user-only
   tests/tcg/multiarch: Add sigbus.c
  docs/devel/loads-stores.rst               |  52 ++-
  include/exec/cpu_ldst.h                   | 332 ++++++++-------
  include/exec/exec-all.h                   |  14 +
  include/hw/core/cpu.h                     |   4 +
  include/hw/core/tcg-cpu-ops.h             |  23 +
  include/tcg/tcg-ldst.h                    |  79 ++++
  include/tcg/tcg.h                         | 158 -------
  linux-user/aarch64/target_prctl.h         | 160 +++++++
  linux-user/aarch64/target_syscall.h       |  23 -
  linux-user/alpha/target_prctl.h           |   1 +
  linux-user/arm/target_prctl.h             |   1 +
  linux-user/cris/target_prctl.h            |   1 +
  linux-user/generic/target_prctl_unalign.h |  27 ++
  linux-user/hexagon/target_prctl.h         |   1 +
  linux-user/hppa/target_prctl.h            |   1 +
  linux-user/i386/target_prctl.h            |   1 +
  linux-user/m68k/target_prctl.h            |   1 +
  linux-user/microblaze/target_prctl.h      |   1 +
  linux-user/mips/target_prctl.h            |  88 ++++
  linux-user/mips/target_syscall.h          |   6 -
  linux-user/mips64/target_prctl.h          |   1 +
  linux-user/mips64/target_syscall.h        |   6 -
  linux-user/nios2/target_prctl.h           |   1 +
  linux-user/openrisc/target_prctl.h        |   1 +
  linux-user/ppc/target_prctl.h             |   1 +
  linux-user/riscv/target_prctl.h           |   1 +
  linux-user/s390x/target_prctl.h           |   1 +
  linux-user/sh4/target_prctl.h             |   1 +
  linux-user/sparc/target_prctl.h           |   1 +
  linux-user/x86_64/target_prctl.h          |   1 +
  linux-user/xtensa/target_prctl.h          |   1 +
  target/alpha/cpu.h                        |   5 +
  target/arm/internals.h                    |   2 +
  target/hexagon/cpu.h                      |   9 +
  target/hppa/cpu.h                         |   5 +-
  target/ppc/internal.h                     |   8 +-
  target/s390x/s390x-internal.h             |   8 +-
  target/sh4/cpu.h                          |   4 +
  tcg/aarch64/tcg-target.h                  |   2 -
  tcg/i386/tcg-target.h                     |   2 -
  tcg/ppc/tcg-target.h                      |   2 -
  tcg/riscv/tcg-target.h                    |   2 -
  tcg/s390x/tcg-target.h                    |   2 -
  accel/tcg/cputlb.c                        | 393 ++++++-----------
  accel/tcg/user-exec.c                     | 414 ++++++++----------
  cpu.c                                     |  31 ++
  hw/core/cpu-common.c                      |  17 +-
  linux-user/aarch64/cpu_loop.c             |  12 +-
  linux-user/alpha/cpu_loop.c               |  15 -
  linux-user/arm/cpu_loop.c                 |  30 +-
  linux-user/hppa/cpu_loop.c                |   7 -
  linux-user/ppc/cpu_loop.c                 |   8 -
  linux-user/signal.c                       |  17 +
  linux-user/syscall.c                      | 490 +++++++++-------------
  target/alpha/translate.c                  | 188 +++++----
  target/arm/cpu.c                          |   1 +
  target/arm/cpu_tcg.c                      |   1 +
  target/arm/helper-a64.c                   |  61 +--
  target/arm/m_helper.c                     |   6 +-
  target/arm/tlb_helper.c                   |   6 +
  target/hppa/translate.c                   |  19 +-
  target/i386/tcg/mem_helper.c              |   2 +-
  target/m68k/op_helper.c                   |   1 -
  target/microblaze/translate.c             |  16 +
  target/mips/tcg/msa_helper.c              | 389 ++++-------------
  target/ppc/excp_helper.c                  |  41 +-
  target/ppc/mem_helper.c                   |   1 -
  target/ppc/translate.c                    |  12 +-
  target/s390x/cpu.c                        |   1 +
  target/s390x/tcg/excp_helper.c            |  27 +-
  target/s390x/tcg/mem_helper.c             |  13 +-
  target/sh4/op_helper.c                    |   5 +
  target/sh4/translate.c                    |  50 ++-
  target/sparc/ldst_helper.c                |  36 +-
  target/sparc/mmu_helper.c                 |  92 ++--
  tcg/tcg-op.c                              |   7 +-
  tcg/tcg.c                                 |   1 +
  tcg/tci.c                                 |  21 +-
  tests/tcg/multiarch/sigbus.c              |  68 +++
  accel/tcg/ldst_common.c.inc               | 307 ++++++++++++++
  tcg/aarch64/tcg-target.c.inc              |  91 +++-
  tcg/i386/tcg-target.c.inc                 | 103 ++++-
  tcg/ppc/tcg-target.c.inc                  |  98 ++++-
  tcg/riscv/tcg-target.c.inc                |  63 ++-
  tcg/s390x/tcg-target.c.inc                |  59 ++-
 files changed, 2457 insertions(+), 1804 deletions(-)
  create mode 100644 include/tcg/tcg-ldst.h
  create mode 100644 linux-user/aarch64/target_prctl.h
  create mode 100644 linux-user/alpha/target_prctl.h
  create mode 100644 linux-user/arm/target_prctl.h
  create mode 100644 linux-user/cris/target_prctl.h
  create mode 100644 linux-user/generic/target_prctl_unalign.h
  create mode 100644 linux-user/hexagon/target_prctl.h
  create mode 100644 linux-user/hppa/target_prctl.h
  create mode 100644 linux-user/i386/target_prctl.h
  create mode 100644 linux-user/m68k/target_prctl.h
  create mode 100644 linux-user/microblaze/target_prctl.h
  create mode 100644 linux-user/mips/target_prctl.h
  create mode 100644 linux-user/mips64/target_prctl.h
  create mode 100644 linux-user/nios2/target_prctl.h
  create mode 100644 linux-user/openrisc/target_prctl.h
  create mode 100644 linux-user/ppc/target_prctl.h
  create mode 100644 linux-user/riscv/target_prctl.h
  create mode 100644 linux-user/s390x/target_prctl.h
  create mode 100644 linux-user/sh4/target_prctl.h
  create mode 100644 linux-user/sparc/target_prctl.h
  create mode 100644 linux-user/x86_64/target_prctl.h
  create mode 100644 linux-user/xtensa/target_prctl.h
  create mode 100644 tests/tcg/multiarch/sigbus.c
  create mode 100644 accel/tcg/ldst_common.c.inc
 --
-.25.1
+.39.1

-[PATCH v4 01/48] hw/core: Add TCGCPUOps.record_sigbus
+Deleted patch
-Add a new user-only interface for updating cpu state before
-raising a signal.  This will take the place of do_unaligned_access
-for user-only and should result in less boilerplate for each guest.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/hw/core/tcg-cpu-ops.h | 23 +++++++++++++++++++++++
-file changed, 23 insertions(+)
-diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/core/tcg-cpu-ops.h
-+++ b/include/hw/core/tcg-cpu-ops.h
-@@ -XXX,XX +XXX,XX @@ struct TCGCPUOps {
-     void (*record_sigsegv)(CPUState *cpu, vaddr addr,
-                            MMUAccessType access_type,
-                            bool maperr, uintptr_t ra);
-+    /**
-+     * record_sigbus:
-+     * @cpu: cpu context
-+     * @addr: misaligned guest address
-+     * @access_type: access was read/write/execute
-+     * @ra: host pc for unwinding
-+     *
-+     * We are about to raise SIGBUS with si_code BUS_ADRALN,
-+     * and si_addr set for @addr.  Record anything further needed
-+     * for the signal ucontext_t.
-+     *
-+     * If the emulated kernel does not provide the signal handler with
-+     * anything besides the user context registers, and the siginfo_t,
-+     * then this hook need do nothing and may be omitted.
-+     * Otherwise, record the data and return; the caller will raise
-+     * the signal, unwind the cpu state, and return to the main loop.
-+     *
-+     * If it is simpler to re-use the sysemu do_unaligned_access code,
-+     * @ra is provided so that a "normal" cpu exception can be raised.
-+     * In this case, the signal must be raised by the architecture cpu_loop.
-+     */
-+    void (*record_sigbus)(CPUState *cpu, vaddr addr,
-+                          MMUAccessType access_type, uintptr_t ra);
- #endif /* CONFIG_SOFTMMU */
- #endif /* NEED_CPU_H */
---
-.25.1

-[PATCH v4 02/48] linux-user: Add cpu_loop_exit_sigbus
+Deleted patch
-This is a new interface to be provided by the os emulator for
-raising SIGBUS on fault.  Use the new record_sigbus target hook.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/exec-all.h | 14 ++++++++++++++
- linux-user/signal.c     | 14 ++++++++++++++
-files changed, 28 insertions(+)
-diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/exec-all.h
-+++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN cpu_loop_exit_sigsegv(CPUState *cpu, target_ulong addr,
-                                          MMUAccessType access_type,
-                                          bool maperr, uintptr_t ra);
-+/**
-+ * cpu_loop_exit_sigbus:
-+ * @cpu: the cpu context
-+ * @addr: the guest address of the alignment fault
-+ * @access_type: access was read/write/execute
-+ * @ra: host pc for unwinding
-+ *
-+ * Use the TCGCPUOps hook to record cpu state, do guest operating system
-+ * specific things to raise SIGBUS, and jump to the main cpu loop.
-+ */
-+void QEMU_NORETURN cpu_loop_exit_sigbus(CPUState *cpu, target_ulong addr,
-+                                        MMUAccessType access_type,
-+                                        uintptr_t ra);
-+
- #else
- static inline void mmap_lock(void) {}
- static inline void mmap_unlock(void) {}
-diff --git a/linux-user/signal.c b/linux-user/signal.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/signal.c
-+++ b/linux-user/signal.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop_exit_sigsegv(CPUState *cpu, target_ulong addr,
-     cpu_loop_exit_restore(cpu, ra);
- }
-+void cpu_loop_exit_sigbus(CPUState *cpu, target_ulong addr,
-+                          MMUAccessType access_type, uintptr_t ra)
-+{
-+    const struct TCGCPUOps *tcg_ops = CPU_GET_CLASS(cpu)->tcg_ops;
-+
-+    if (tcg_ops->record_sigbus) {
-+        tcg_ops->record_sigbus(cpu, addr, access_type, ra);
-+    }
-+
-+    force_sig_fault(TARGET_SIGBUS, TARGET_BUS_ADRALN, addr);
-+    cpu->exception_index = EXCP_INTERRUPT;
-+    cpu_loop_exit_restore(cpu, ra);
-+}
-+
- /* abort execution with signal */
- static void QEMU_NORETURN dump_core_and_abort(int target_sig)
- {
---
-.25.1

-[PATCH v4 03/48] linux-user/alpha: Remove EXCP_UNALIGN handling
+Deleted patch
-We will raise SIGBUS directly from cpu_loop_exit_sigbus.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/alpha/cpu_loop.c | 15 ---------------
-file changed, 15 deletions(-)
-diff --git a/linux-user/alpha/cpu_loop.c b/linux-user/alpha/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/alpha/cpu_loop.c
-+++ b/linux-user/alpha/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUAlphaState *env)
-             fprintf(stderr, "External interrupt. Exit\n");
-             exit(EXIT_FAILURE);
-             break;
--        case EXCP_MMFAULT:
--            info.si_signo = TARGET_SIGSEGV;
--            info.si_errno = 0;
--            info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
--                            ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
--            info._sifields._sigfault._addr = env->trap_arg0;
--            queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
--            break;
--        case EXCP_UNALIGN:
--            info.si_signo = TARGET_SIGBUS;
--            info.si_errno = 0;
--            info.si_code = TARGET_BUS_ADRALN;
--            info._sifields._sigfault._addr = env->trap_arg0;
--            queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
--            break;
-         case EXCP_OPCDEC:
-         do_sigill:
-             info.si_signo = TARGET_SIGILL;
---
-.25.1

-[PATCH v4 04/48] target/arm: Implement arm_cpu_record_sigbus
+Deleted patch
-Because of the complexity of setting ESR, re-use the existing
-arm_cpu_do_unaligned_access function.  This means we have to
-handle the exception ourselves in cpu_loop, transforming it
-to the appropriate signal.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/internals.h        |  2 ++
- linux-user/aarch64/cpu_loop.c | 12 +++++++++---
- linux-user/arm/cpu_loop.c     | 30 ++++++++++++++++++++++++++----
- target/arm/cpu.c              |  1 +
- target/arm/cpu_tcg.c          |  1 +
- target/arm/tlb_helper.c       |  6 ++++++
-files changed, 45 insertions(+), 7 deletions(-)
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ static inline bool arm_extabort_type(MemTxResult result)
- void arm_cpu_record_sigsegv(CPUState *cpu, vaddr addr,
-                             MMUAccessType access_type,
-                             bool maperr, uintptr_t ra);
-+void arm_cpu_record_sigbus(CPUState *cpu, vaddr addr,
-+                           MMUAccessType access_type, uintptr_t ra);
- #else
- bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
-                       MMUAccessType access_type, int mmu_idx,
-diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/cpu_loop.c
-+++ b/linux-user/aarch64/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@
- void cpu_loop(CPUARMState *env)
- {
-     CPUState *cs = env_cpu(env);
--    int trapnr, ec, fsc, si_code;
-+    int trapnr, ec, fsc, si_code, si_signo;
-     abi_long ret;
-     for (;;) {
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
-             fsc = extract32(env->exception.syndrome, 0, 6);
-             switch (fsc) {
-             case 0x04 ... 0x07: /* Translation fault, level {0-3} */
-+                si_signo = TARGET_SIGSEGV;
-                 si_code = TARGET_SEGV_MAPERR;
-                 break;
-             case 0x09 ... 0x0b: /* Access flag fault, level {1-3} */
-             case 0x0d ... 0x0f: /* Permission fault, level {1-3} */
-+                si_signo = TARGET_SIGSEGV;
-                 si_code = TARGET_SEGV_ACCERR;
-                 break;
-             case 0x11: /* Synchronous Tag Check Fault */
-+                si_signo = TARGET_SIGSEGV;
-                 si_code = TARGET_SEGV_MTESERR;
-                 break;
-+            case 0x21: /* Alignment fault */
-+                si_signo = TARGET_SIGBUS;
-+                si_code = TARGET_BUS_ADRALN;
-+                break;
-             default:
-                 g_assert_not_reached();
-             }
--
--            force_sig_fault(TARGET_SIGSEGV, si_code, env->exception.vaddress);
-+            force_sig_fault(si_signo, si_code, env->exception.vaddress);
-             break;
-         case EXCP_DEBUG:
-         case EXCP_BKPT:
-diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/arm/cpu_loop.c
-+++ b/linux-user/arm/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@
- #include "cpu_loop-common.h"
- #include "signal-common.h"
- #include "semihosting/common-semi.h"
-+#include "target/arm/syndrome.h"
- #define get_user_code_u32(x, gaddr, env)                \
-     ({ abi_long __r = get_user_u32((x), (gaddr));       \
-@@ -XXX,XX +XXX,XX @@ static bool emulate_arm_fpa11(CPUARMState *env, uint32_t opcode)
- void cpu_loop(CPUARMState *env)
- {
-     CPUState *cs = env_cpu(env);
--    int trapnr;
-+    int trapnr, si_signo, si_code;
-     unsigned int n, insn;
-     abi_ulong ret;
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
-             break;
-         case EXCP_PREFETCH_ABORT:
-         case EXCP_DATA_ABORT:
--            /* XXX: check env->error_code */
--            force_sig_fault(TARGET_SIGSEGV, TARGET_SEGV_MAPERR,
--                            env->exception.vaddress);
-+            /* For user-only we don't set TTBCR_EAE, so look at the FSR. */
-+            switch (env->exception.fsr & 0x1f) {
-+            case 0x1: /* Alignment */
-+                si_signo = TARGET_SIGBUS;
-+                si_code = TARGET_BUS_ADRALN;
-+                break;
-+            case 0x3: /* Access flag fault, level 1 */
-+            case 0x6: /* Access flag fault, level 2 */
-+            case 0x9: /* Domain fault, level 1 */
-+            case 0xb: /* Domain fault, level 2 */
-+            case 0xd: /* Permision fault, level 1 */
-+            case 0xf: /* Permision fault, level 2 */
-+                si_signo = TARGET_SIGSEGV;
-+                si_code = TARGET_SEGV_ACCERR;
-+                break;
-+            case 0x5: /* Translation fault, level 1 */
-+            case 0x7: /* Translation fault, level 2 */
-+                si_signo = TARGET_SIGSEGV;
-+                si_code = TARGET_SEGV_MAPERR;
-+                break;
-+            default:
-+                g_assert_not_reached();
-+            }
-+            force_sig_fault(si_signo, si_code, env->exception.vaddress);
-             break;
-         case EXCP_DEBUG:
-         case EXCP_BKPT:
-diff --git a/target/arm/cpu.c b/target/arm/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.c
-+++ b/target/arm/cpu.c
-@@ -XXX,XX +XXX,XX @@ static const struct TCGCPUOps arm_tcg_ops = {
- #ifdef CONFIG_USER_ONLY
-     .record_sigsegv = arm_cpu_record_sigsegv,
-+    .record_sigbus = arm_cpu_record_sigbus,
- #else
-     .tlb_fill = arm_cpu_tlb_fill,
-     .cpu_exec_interrupt = arm_cpu_exec_interrupt,
-diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu_tcg.c
-+++ b/target/arm/cpu_tcg.c
-@@ -XXX,XX +XXX,XX @@ static const struct TCGCPUOps arm_v7m_tcg_ops = {
- #ifdef CONFIG_USER_ONLY
-     .record_sigsegv = arm_cpu_record_sigsegv,
-+    .record_sigbus = arm_cpu_record_sigbus,
- #else
-     .tlb_fill = arm_cpu_tlb_fill,
-     .cpu_exec_interrupt = arm_v7m_cpu_exec_interrupt,
-diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/tlb_helper.c
-+++ b/target/arm/tlb_helper.c
-@@ -XXX,XX +XXX,XX @@ void arm_cpu_record_sigsegv(CPUState *cs, vaddr addr,
-     cpu_restore_state(cs, ra, true);
-     arm_deliver_fault(cpu, addr, access_type, MMU_USER_IDX, &fi);
- }
-+
-+void arm_cpu_record_sigbus(CPUState *cs, vaddr addr,
-+                           MMUAccessType access_type, uintptr_t ra)
-+{
-+    arm_cpu_do_unaligned_access(cs, addr, access_type, MMU_USER_IDX, ra);
-+}
- #endif /* !defined(CONFIG_USER_ONLY) */
---
-.25.1

-[PATCH v4 05/48] linux-user/hppa: Remove EXCP_UNALIGN handling
+Deleted patch
-We will raise SIGBUS directly from cpu_loop_exit_sigbus.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/hppa/cpu_loop.c | 7 -------
-file changed, 7 deletions(-)
-diff --git a/linux-user/hppa/cpu_loop.c b/linux-user/hppa/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/hppa/cpu_loop.c
-+++ b/linux-user/hppa/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUHPPAState *env)
-             env->iaoq_f = env->gr[31];
-             env->iaoq_b = env->gr[31] + 4;
-             break;
--        case EXCP_UNALIGN:
--            info.si_signo = TARGET_SIGBUS;
--            info.si_errno = 0;
--            info.si_code = 0;
--            info._sifields._sigfault._addr = env->cr[CR_IOR];
--            queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
--            break;
-         case EXCP_ILL:
-         case EXCP_PRIV_OPR:
-         case EXCP_PRIV_REG:
---
-.25.1

-[PATCH v4 06/48] target/microblaze: Do not set MO_ALIGN for user-only
+Deleted patch
-The kernel will fix up unaligned accesses, so emulate that
-by allowing unaligned accesses to succeed.
-Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/microblaze/translate.c | 16 ++++++++++++++++
-file changed, 16 insertions(+)
-diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/microblaze/translate.c
-+++ b/target/microblaze/translate.c
-@@ -XXX,XX +XXX,XX @@ static TCGv compute_ldst_addr_ea(DisasContext *dc, int ra, int rb)
- }
- #endif
-+#ifndef CONFIG_USER_ONLY
- static void record_unaligned_ess(DisasContext *dc, int rd,
-                                  MemOp size, bool store)
- {
-@@ -XXX,XX +XXX,XX @@ static void record_unaligned_ess(DisasContext *dc, int rd,
-     tcg_set_insn_start_param(dc->insn_start, 1, iflags);
- }
-+#endif
- static bool do_load(DisasContext *dc, int rd, TCGv addr, MemOp mop,
-                     int mem_index, bool rev)
-@@ -XXX,XX +XXX,XX @@ static bool do_load(DisasContext *dc, int rd, TCGv addr, MemOp mop,
-         }
-     }
-+    /*
-+     * For system mode, enforce alignment if the cpu configuration
-+     * requires it.  For user-mode, the Linux kernel will have fixed up
-+     * any unaligned access, so emulate that by *not* setting MO_ALIGN.
-+     */
-+#ifndef CONFIG_USER_ONLY
-     if (size > MO_8 &&
-         (dc->tb_flags & MSR_EE) &&
-         dc->cfg->unaligned_exceptions) {
-         record_unaligned_ess(dc, rd, size, false);
-         mop |= MO_ALIGN;
-     }
-+#endif
-     tcg_gen_qemu_ld_i32(reg_for_write(dc, rd), addr, mem_index, mop);
-@@ -XXX,XX +XXX,XX @@ static bool do_store(DisasContext *dc, int rd, TCGv addr, MemOp mop,
-         }
-     }
-+    /*
-+     * For system mode, enforce alignment if the cpu configuration
-+     * requires it.  For user-mode, the Linux kernel will have fixed up
-+     * any unaligned access, so emulate that by *not* setting MO_ALIGN.
-+     */
-+#ifndef CONFIG_USER_ONLY
-     if (size > MO_8 &&
-         (dc->tb_flags & MSR_EE) &&
-         dc->cfg->unaligned_exceptions) {
-         record_unaligned_ess(dc, rd, size, true);
-         mop |= MO_ALIGN;
-     }
-+#endif
-     tcg_gen_qemu_st_i32(reg_for_read(dc, rd), addr, mem_index, mop);
---
-.25.1

-[PATCH v4 07/48] target/ppc: Move SPR_DSISR setting to powerpc_excp
+Deleted patch
-By doing this while sending the exception, we will have already
-done the unwinding, which makes the ppc_cpu_do_unaligned_access
-code a bit cleaner.
-Update the comment about the expected instruction format.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/ppc/excp_helper.c | 21 +++++++++------------
-file changed, 9 insertions(+), 12 deletions(-)
-diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/excp_helper.c
-+++ b/target/ppc/excp_helper.c
-@@ -XXX,XX +XXX,XX @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp)
-         break;
-     }
-     case POWERPC_EXCP_ALIGN:     /* Alignment exception                      */
--        /* Get rS/rD and rA from faulting opcode */
-         /*
--         * Note: the opcode fields will not be set properly for a
--         * direct store load/store, but nobody cares as nobody
--         * actually uses direct store segments.
-+         * Get rS/rD and rA from faulting opcode.
-+         * Note: We will only invoke ALIGN for atomic operations,
-+         * so all instructions are X-form.
-          */
--        env->spr[SPR_DSISR] |= (env->error_code & 0x03FF0000) >> 16;
-+        {
-+            uint32_t insn = cpu_ldl_code(env, env->nip);
-+            env->spr[SPR_DSISR] |= (insn & 0x03FF0000) >> 16;
-+        }
-         break;
-     case POWERPC_EXCP_PROGRAM:   /* Program exception                        */
-         switch (env->error_code & ~0xF) {
-@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
-                                  int mmu_idx, uintptr_t retaddr)
- {
-     CPUPPCState *env = cs->env_ptr;
--    uint32_t insn;
--
--    /* Restore state and reload the insn we executed, for filling in DSISR.  */
--    cpu_restore_state(cs, retaddr, true);
--    insn = cpu_ldl_code(env, env->nip);
-     cs->exception_index = POWERPC_EXCP_ALIGN;
--    env->error_code = insn & 0x03FF0000;
--    cpu_loop_exit(cs);
-+    env->error_code = 0;
-+    cpu_loop_exit_restore(cs, retaddr);
- }
- #endif
---
-.25.1

-[PATCH v4 08/48] target/ppc: Set fault address in ppc_cpu_do_unaligned_access
+Deleted patch
-We ought to have been recording the virtual address for reporting
-to the guest trap handler.
-Cc: qemu-ppc@nongnu.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/ppc/excp_helper.c | 14 ++++++++++++++
-file changed, 14 insertions(+)
-diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/excp_helper.c
-+++ b/target/ppc/excp_helper.c
-@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
- {
-     CPUPPCState *env = cs->env_ptr;
-+    switch (env->mmu_model) {
-+    case POWERPC_MMU_SOFT_4xx:
-+    case POWERPC_MMU_SOFT_4xx_Z:
-+        env->spr[SPR_40x_DEAR] = vaddr;
-+        break;
-+    case POWERPC_MMU_BOOKE:
-+    case POWERPC_MMU_BOOKE206:
-+        env->spr[SPR_BOOKE_DEAR] = vaddr;
-+        break;
-+    default:
-+        env->spr[SPR_DAR] = vaddr;
-+        break;
-+    }
-+
-     cs->exception_index = POWERPC_EXCP_ALIGN;
-     env->error_code = 0;
-     cpu_loop_exit_restore(cs, retaddr);
---
-.25.1

-[PATCH v4 09/48] target/ppc: Restrict ppc_cpu_do_unaligned_access to sysemu
+Deleted patch
-This is not used by, nor required by, user-only.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/ppc/internal.h    | 8 +++-----
- target/ppc/excp_helper.c | 8 +++-----
-files changed, 6 insertions(+), 10 deletions(-)
-diff --git a/target/ppc/internal.h b/target/ppc/internal.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/internal.h
-+++ b/target/ppc/internal.h
-@@ -XXX,XX +XXX,XX @@ void helper_compute_fprf_float16(CPUPPCState *env, float16 arg);
- void helper_compute_fprf_float32(CPUPPCState *env, float32 arg);
- void helper_compute_fprf_float128(CPUPPCState *env, float128 arg);
--/* Raise a data fault alignment exception for the specified virtual address */
--void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
--                                 MMUAccessType access_type, int mmu_idx,
--                                 uintptr_t retaddr) QEMU_NORETURN;
--
- /* translate.c */
- int ppc_fixup_cpu(PowerPCCPU *cpu);
-@@ -XXX,XX +XXX,XX @@ void ppc_cpu_record_sigsegv(CPUState *cs, vaddr addr,
- bool ppc_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
-                       MMUAccessType access_type, int mmu_idx,
-                       bool probe, uintptr_t retaddr);
-+void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-+                                 MMUAccessType access_type, int mmu_idx,
-+                                 uintptr_t retaddr) QEMU_NORETURN;
- #endif
- #endif /* PPC_INTERNAL_H */
-diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/excp_helper.c
-+++ b/target/ppc/excp_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_book3s_msgsndp(CPUPPCState *env, target_ulong rb)
-     book3s_msgsnd_common(pir, PPC_INTERRUPT_DOORBELL);
- }
--#endif
--#endif /* CONFIG_TCG */
--#endif
-+#endif /* TARGET_PPC64 */
--#ifdef CONFIG_TCG
- void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
-                                  MMUAccessType access_type,
-                                  int mmu_idx, uintptr_t retaddr)
-@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
-     env->error_code = 0;
-     cpu_loop_exit_restore(cs, retaddr);
- }
--#endif
-+#endif /* CONFIG_TCG */
-+#endif /* !CONFIG_USER_ONLY */
---
-.25.1

-[PATCH v4 43/48] tcg/aarch64: Support raising sigbus for user-only
+[PATCH v10 1/3] hw/riscv: handle 32 bit CPUs kernel_addr in riscv_load_kernel()
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+load_elf_ram_sym() will sign-extend 32 bit addresses. If a 32 bit QEMU
 guest happens to be running in a hypervisor that are using 64 bits to
 encode its address, kernel_entry can be padded with '1's and create
 problems [1].
 Using a translate_fn() callback in load_elf_ram_sym() to filter the
 padding from the address doesn't work. A more detailed explanation can
 be found in [2]. The short version is that glue(load_elf, SZ), from
 include/hw/elf_ops.h, will calculate 'pentry' (mapped into the
 'kernel_load_base' var in riscv_load_Kernel()) before using
 translate_fn(), and will not recalculate it after executing it. This
 means that the callback does not prevent the padding from
 kernel_load_base to appear.
 Let's instead use a kernel_low var to capture the 'lowaddr' value from
 load_elf_ram_sim(), and return it when we're dealing with 32 bit CPUs.
 [1] https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg02281.html
 [2] https://lists.gnu.org/archive/html/qemu-devel/2023-02/msg00099.html
 Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
 ---
- tcg/aarch64/tcg-target.h     |  2 -
+ hw/riscv/boot.c            | 15 +++++++++++----
- tcg/aarch64/tcg-target.c.inc | 91 +++++++++++++++++++++++++++++-------
+ hw/riscv/microchip_pfsoc.c |  3 ++-
-files changed, 74 insertions(+), 19 deletions(-)
+ hw/riscv/opentitan.c       |  3 ++-
  hw/riscv/sifive_e.c        |  3 ++-
  hw/riscv/sifive_u.c        |  3 ++-
  hw/riscv/spike.c           |  3 ++-
  hw/riscv/virt.c            |  3 ++-
  include/hw/riscv/boot.h    |  1 +
 files changed, 24 insertions(+), 10 deletions(-)
-diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
+diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/aarch64/tcg-target.h
+--- a/hw/riscv/boot.c
-+++ b/tcg/aarch64/tcg-target.h
++++ b/hw/riscv/boot.c
-@@ -XXX,XX +XXX,XX @@ typedef enum {
+@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
+ }
- void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
+ target_ulong riscv_load_kernel(MachineState *machine,
--#ifdef CONFIG_SOFTMMU
++                               RISCVHartArrayState *harts,
- #define TCG_TARGET_NEED_LDST_LABELS
+                                target_ulong kernel_start_addr,
--#endif
+                                symbol_fn_t sym_cb)
- #define TCG_TARGET_NEED_POOL_LABELS
+ {
+     const char *kernel_filename = machine->kernel_filename;
- #endif /* AARCH64_TCG_TARGET_H */
+-    uint64_t kernel_load_base, kernel_entry;
-diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
++    uint64_t kernel_load_base, kernel_entry, kernel_low;
      g_assert(kernel_filename != NULL);
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_kernel(MachineState *machine,
       * the (expected) load address load address. This allows kernels to have
       * separate SBI and ELF entry points (used by FreeBSD, for example).
       */
 -    if (load_elf_ram_sym(kernel_filename, NULL, NULL, NULL,
 -                         NULL, &kernel_load_base, NULL, NULL, 0,
 +    if (load_elf_ram_sym(kernel_filename, NULL, NULL, NULL, NULL,
 +                         &kernel_load_base, &kernel_low, NULL, 0,
                           EM_RISCV, 1, 0, NULL, true, sym_cb) > 0) {
 -        return kernel_load_base;
 +        kernel_entry = kernel_load_base;
 +
 +        if (riscv_is_32bit(harts)) {
 +            kernel_entry = kernel_low;
 +        }
 +
 +        return kernel_entry;
      }
      if (load_uimage_as(kernel_filename, &kernel_entry, NULL, NULL,
 diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/aarch64/tcg-target.c.inc
+--- a/hw/riscv/microchip_pfsoc.c
-+++ b/tcg/aarch64/tcg-target.c.inc
++++ b/hw/riscv/microchip_pfsoc.c
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ static void microchip_icicle_kit_machine_init(MachineState *machine)
-  * See the COPYING file in the top-level directory for details.
+         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc.u_cpus,
-  */
+                                                          firmware_end_addr);
-+#include "../tcg-ldst.c.inc"
+-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
- #include "../tcg-pool.c.inc"
++        kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
- #include "qemu/bitops.h"
++                                         kernel_start_addr, NULL);
-@@ -XXX,XX +XXX,XX @@ typedef enum {
+         if (machine->initrd_filename) {
-     I3404_ANDI      = 0x12000000,
+             riscv_load_initrd(machine, kernel_entry);
-     I3404_ORRI      = 0x32000000,
+diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
-     I3404_EORI      = 0x52000000,
+index XXXXXXX..XXXXXXX 100644
-+    I3404_ANDSI     = 0x72000000,
+--- a/hw/riscv/opentitan.c
++++ b/hw/riscv/opentitan.c
-     /* Move wide immediate instructions.  */
+@@ -XXX,XX +XXX,XX @@ static void opentitan_board_init(MachineState *machine)
-     I3405_MOVN      = 0x12800000,
+     }
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_goto_long(TCGContext *s, const tcg_insn_unit *target)
-     if (offset == sextract64(offset, 0, 26)) {
+     if (machine->kernel_filename) {
-         tcg_out_insn(s, 3206, B, offset);
+-        riscv_load_kernel(machine, memmap[IBEX_DEV_RAM].base, NULL);
-     } else {
++        riscv_load_kernel(machine, &s->soc.cpus,
--        tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP, (intptr_t)target);
++                          memmap[IBEX_DEV_RAM].base, NULL);
 -        tcg_out_insn(s, 3207, BR, TCG_REG_TMP);
 +        /* Choose X9 as a call-clobbered non-LR temporary. */
 +        tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_X9, (intptr_t)target);
 +        tcg_out_insn(s, 3207, BR, TCG_REG_X9);
      }
  }
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_cltz(TCGContext *s, TCGType ext, TCGReg d,
+diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/riscv/sifive_e.c
 +++ b/hw/riscv/sifive_e.c
@@ -XXX,XX +XXX,XX @@ static void sifive_e_machine_init(MachineState *machine)
                            memmap[SIFIVE_E_DEV_MROM].base, &address_space_memory);
      if (machine->kernel_filename) {
 -        riscv_load_kernel(machine, memmap[SIFIVE_E_DEV_DTIM].base, NULL);
 +        riscv_load_kernel(machine, &s->soc.cpus,
 +                          memmap[SIFIVE_E_DEV_DTIM].base, NULL);
      }
  }
--#ifdef CONFIG_SOFTMMU
+diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
--#include "../tcg-ldst.c.inc"
+index XXXXXXX..XXXXXXX 100644
-+static void tcg_out_adr(TCGContext *s, TCGReg rd, const void *target)
+--- a/hw/riscv/sifive_u.c
-+{
++++ b/hw/riscv/sifive_u.c
-+    ptrdiff_t offset = tcg_pcrel_diff(s, target);
+@@ -XXX,XX +XXX,XX @@ static void sifive_u_machine_init(MachineState *machine)
-+    tcg_debug_assert(offset == sextract64(offset, 0, 21));
+         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc.u_cpus,
-+    tcg_out_insn(s, 3406, ADR, rd, offset);
+                                                          firmware_end_addr);
-+}
+-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
-+#ifdef CONFIG_SOFTMMU
++        kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
- /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
++                                         kernel_start_addr, NULL);
-  *                                     MemOpIdx oi, uintptr_t ra)
-  */
+         if (machine->initrd_filename) {
-@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[MO_SIZE + 1] = {
+             riscv_load_initrd(machine, kernel_entry);
- #endif
+diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
- };
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/riscv/spike.c
--static inline void tcg_out_adr(TCGContext *s, TCGReg rd, const void *target)
++++ b/hw/riscv/spike.c
--{
+@@ -XXX,XX +XXX,XX @@ static void spike_board_init(MachineState *machine)
--    ptrdiff_t offset = tcg_pcrel_diff(s, target);
+         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
--    tcg_debug_assert(offset == sextract64(offset, 0, 21));
+                                                          firmware_end_addr);
--    tcg_out_insn(s, 3406, ADR, rd, offset);
--}
+-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr,
--
++        kernel_entry = riscv_load_kernel(machine, &s->soc[0],
- static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
++                                         kernel_start_addr,
- {
+                                          htif_symbol_callback);
-     MemOpIdx oi = lb->oi;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, MemOp opc,
+         if (machine->initrd_filename) {
-     tcg_out_insn(s, 3202, B_C, TCG_COND_NE, 0);
+diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
- }
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/riscv/virt.c
-+#else
++++ b/hw/riscv/virt.c
-+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addr_reg,
+@@ -XXX,XX +XXX,XX @@ static void virt_machine_done(Notifier *notifier, void *data)
-+                                   unsigned a_bits)
+         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
-+{
+                                                          firmware_end_addr);
-+    unsigned a_mask = (1 << a_bits) - 1;
-+    TCGLabelQemuLdst *label = new_ldst_label(s);
+-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
-+
++        kernel_entry = riscv_load_kernel(machine, &s->soc[0],
-+    label->is_ld = is_ld;
++                                         kernel_start_addr, NULL);
-+    label->addrlo_reg = addr_reg;
-+
+         if (machine->initrd_filename) {
-+    /* tst addr, #mask */
+             riscv_load_initrd(machine, kernel_entry);
-+    tcg_out_logicali(s, I3404_ANDSI, 0, TCG_REG_XZR, addr_reg, a_mask);
+diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
-+
+index XXXXXXX..XXXXXXX 100644
-+    label->label_ptr[0] = s->code_ptr;
+--- a/include/hw/riscv/boot.h
-+
++++ b/include/hw/riscv/boot.h
-+    /* b.ne slow_path */
+@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
-+    tcg_out_insn(s, 3202, B_C, TCG_COND_NE, 0);
+                                  hwaddr firmware_load_addr,
-+
+                                  symbol_fn_t sym_cb);
-+    label->raddr = tcg_splitwx_to_rx(s->code_ptr);
+ target_ulong riscv_load_kernel(MachineState *machine,
-+}
++                               RISCVHartArrayState *harts,
-+
+                                target_ulong firmware_end_addr,
-+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
+                                symbol_fn_t sym_cb);
-+{
+ void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
 +    if (!reloc_pc19(l->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
 +        return false;
 +    }
 +
 +    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_X1, l->addrlo_reg);
 +    tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_X0, TCG_AREG0);
 +
 +    /* "Tail call" to the helper, with the return address back inline. */
 +    tcg_out_adr(s, TCG_REG_LR, l->raddr);
 +    tcg_out_goto_long(s, (const void *)(l->is_ld ? helper_unaligned_ld
 +                                        : helper_unaligned_st));
 +    return true;
 +}
 +
 +static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 +{
 +    return tcg_out_fail_alignment(s, l);
 +}
 +
 +static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
 +{
 +    return tcg_out_fail_alignment(s, l);
 +}
  #endif /* CONFIG_SOFTMMU */
  static void tcg_out_qemu_ld_direct(TCGContext *s, MemOp memop, TCGType ext,
                                     TCGReg data_r, TCGReg addr_r,
                                     TCGType otype, TCGReg off_r)
  {
 -    /* Byte swapping is left to middle-end expansion. */
 -    tcg_debug_assert((memop & MO_BSWAP) == 0);
 -
      switch (memop & MO_SSIZE) {
      case MO_UB:
          tcg_out_ldst_r(s, I3312_LDRB, data_r, addr_r, otype, off_r);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp memop,
                                     TCGReg data_r, TCGReg addr_r,
                                     TCGType otype, TCGReg off_r)
  {
 -    /* Byte swapping is left to middle-end expansion. */
 -    tcg_debug_assert((memop & MO_BSWAP) == 0);
 -
      switch (memop & MO_SIZE) {
      case MO_8:
          tcg_out_ldst_r(s, I3312_STRB, data_r, addr_r, otype, off_r);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
  {
      MemOp memop = get_memop(oi);
      const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
 +
 +    /* Byte swapping is left to middle-end expansion. */
 +    tcg_debug_assert((memop & MO_BSWAP) == 0);
 +
  #ifdef CONFIG_SOFTMMU
      unsigned mem_index = get_mmuidx(oi);
      tcg_insn_unit *label_ptr;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
      add_qemu_ldst_label(s, true, oi, ext, data_reg, addr_reg,
                          s->code_ptr, label_ptr);
  #else /* !CONFIG_SOFTMMU */
 +    unsigned a_bits = get_alignment_bits(memop);
 +    if (a_bits) {
 +        tcg_out_test_alignment(s, true, addr_reg, a_bits);
 +    }
      if (USE_GUEST_BASE) {
          tcg_out_qemu_ld_direct(s, memop, ext, data_reg,
                                 TCG_REG_GUEST_BASE, otype, addr_reg);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
  {
      MemOp memop = get_memop(oi);
      const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
 +
 +    /* Byte swapping is left to middle-end expansion. */
 +    tcg_debug_assert((memop & MO_BSWAP) == 0);
 +
  #ifdef CONFIG_SOFTMMU
      unsigned mem_index = get_mmuidx(oi);
      tcg_insn_unit *label_ptr;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
      add_qemu_ldst_label(s, false, oi, (memop & MO_SIZE)== MO_64,
                          data_reg, addr_reg, s->code_ptr, label_ptr);
  #else /* !CONFIG_SOFTMMU */
 +    unsigned a_bits = get_alignment_bits(memop);
 +    if (a_bits) {
 +        tcg_out_test_alignment(s, false, addr_reg, a_bits);
 +    }
      if (USE_GUEST_BASE) {
          tcg_out_qemu_st_direct(s, memop, data_reg,
                                 TCG_REG_GUEST_BASE, otype, addr_reg);
 --
-.25.1
+.39.1

-[PATCH v4 10/48] target/s390x: Implement s390x_cpu_record_sigbus
+[PATCH v10 2/3] hw/riscv/boot.c: consolidate all kernel init in riscv_load_kernel()
-For s390x, the only unaligned accesses that are signaled are atomic,
+The microchip_icicle_kit, sifive_u, spike and virt boards are now doing
-and we don't actually want to raise SIGBUS for those, but instead
+the same steps when '-kernel' is used:
-raise a SPECIFICATION error, which the kernel will report as SIGILL.
+- execute load_kernel()
-Split out a do_unaligned_access function to share between the user-only
+- load init_rd()
-s390x_cpu_record_sigbus and the sysemu s390x_do_unaligned_access.
+- write kernel_cmdline
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Let's fold everything inside riscv_load_kernel() to avoid code
 repetition. To not change the behavior of boards that aren't calling
 riscv_load_init(), add an 'load_initrd' flag to riscv_load_kernel() and
 allow these boards to opt out from initrd loading.
 Cc: Palmer Dabbelt <palmer@dabbelt.com>
 Reviewed-by: Bin Meng <bmeng@tinylab.org>
 Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
 Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
 ---
- target/s390x/s390x-internal.h  |  8 +++++---
+ hw/riscv/boot.c            | 21 ++++++++++++++++++---
- target/s390x/cpu.c             |  1 +
+ hw/riscv/microchip_pfsoc.c | 11 +----------
- target/s390x/tcg/excp_helper.c | 27 ++++++++++++++++++++-------
+ hw/riscv/opentitan.c       |  3 ++-
-files changed, 26 insertions(+), 10 deletions(-)
+ hw/riscv/sifive_e.c        |  3 ++-
+ hw/riscv/sifive_u.c        | 11 +----------
-diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
+ hw/riscv/spike.c           | 11 +----------
-index XXXXXXX..XXXXXXX 100644
+ hw/riscv/virt.c            | 11 +----------
---- a/target/s390x/s390x-internal.h
+ include/hw/riscv/boot.h    |  1 +
-+++ b/target/s390x/s390x-internal.h
+files changed, 27 insertions(+), 45 deletions(-)
-@@ -XXX,XX +XXX,XX @@ ObjectClass *s390_cpu_class_by_name(const char *name);
- void s390x_cpu_debug_excp_handler(CPUState *cs);
+diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
- void s390_cpu_do_interrupt(CPUState *cpu);
+index XXXXXXX..XXXXXXX 100644
- bool s390_cpu_exec_interrupt(CPUState *cpu, int int_req);
+--- a/hw/riscv/boot.c
--void s390x_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
++++ b/hw/riscv/boot.c
--                                   MMUAccessType access_type, int mmu_idx,
+@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
--                                   uintptr_t retaddr) QEMU_NORETURN;
+ target_ulong riscv_load_kernel(MachineState *machine,
+                                RISCVHartArrayState *harts,
- #ifdef CONFIG_USER_ONLY
+                                target_ulong kernel_start_addr,
- void s390_cpu_record_sigsegv(CPUState *cs, vaddr address,
++                               bool load_initrd,
-                              MMUAccessType access_type,
+                                symbol_fn_t sym_cb)
-                              bool maperr, uintptr_t retaddr);
+ {
-+void s390_cpu_record_sigbus(CPUState *cs, vaddr address,
+     const char *kernel_filename = machine->kernel_filename;
-+                            MMUAccessType access_type, uintptr_t retaddr);
+     uint64_t kernel_load_base, kernel_entry, kernel_low;
- #else
++    void *fdt = machine->fdt;
- bool s390_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
-                        MMUAccessType access_type, int mmu_idx,
+     g_assert(kernel_filename != NULL);
-                        bool probe, uintptr_t retaddr);
-+void s390x_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
+@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_kernel(MachineState *machine,
-+                                   MMUAccessType access_type, int mmu_idx,
+             kernel_entry = kernel_low;
-+                                   uintptr_t retaddr) QEMU_NORETURN;
+         }
- #endif
+-        return kernel_entry;
++        goto out;
-diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
+     }
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/cpu.c
+     if (load_uimage_as(kernel_filename, &kernel_entry, NULL, NULL,
-+++ b/target/s390x/cpu.c
+                        NULL, NULL, NULL) > 0) {
-@@ -XXX,XX +XXX,XX @@ static const struct TCGCPUOps s390_tcg_ops = {
+-        return kernel_entry;
++        goto out;
- #ifdef CONFIG_USER_ONLY
+     }
-     .record_sigsegv = s390_cpu_record_sigsegv,
-+    .record_sigbus = s390_cpu_record_sigbus,
+     if (load_image_targphys_as(kernel_filename, kernel_start_addr,
- #else
+                                current_machine->ram_size, NULL) > 0) {
-     .tlb_fill = s390_cpu_tlb_fill,
+-        return kernel_start_addr;
-     .cpu_exec_interrupt = s390_cpu_exec_interrupt,
++        kernel_entry = kernel_start_addr;
-diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
++        goto out;
-index XXXXXXX..XXXXXXX 100644
+     }
---- a/target/s390x/tcg/excp_helper.c
-+++ b/target/s390x/tcg/excp_helper.c
+     error_report("could not load kernel '%s'", kernel_filename);
-@@ -XXX,XX +XXX,XX @@ void HELPER(data_exception)(CPUS390XState *env, uint32_t dxc)
+     exit(1);
-     tcg_s390_data_exception(env, dxc, GETPC());
++
 +out:
 +    if (load_initrd && machine->initrd_filename) {
 +        riscv_load_initrd(machine, kernel_entry);
 +    }
 +
 +    if (fdt && machine->kernel_cmdline && *machine->kernel_cmdline) {
 +        qemu_fdt_setprop_string(fdt, "/chosen", "bootargs",
 +                                machine->kernel_cmdline);
 +    }
 +
 +    return kernel_entry;
  }
-+/*
+ void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
-+ * Unaligned accesses are only diagnosed with MO_ALIGN.  At the moment,
+diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
-+ * this is only for the atomic operations, for which we want to raise a
+index XXXXXXX..XXXXXXX 100644
-+ * specification exception.
+--- a/hw/riscv/microchip_pfsoc.c
-+ */
++++ b/hw/riscv/microchip_pfsoc.c
-+static void QEMU_NORETURN do_unaligned_access(CPUState *cs, uintptr_t retaddr)
+@@ -XXX,XX +XXX,XX @@ static void microchip_icicle_kit_machine_init(MachineState *machine)
-+{
+                                                          firmware_end_addr);
-+    S390CPU *cpu = S390_CPU(cs);
-+    CPUS390XState *env = &cpu->env;
+         kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
-+
+-                                         kernel_start_addr, NULL);
-+    tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
+-
-+}
+-        if (machine->initrd_filename) {
-+
+-            riscv_load_initrd(machine, kernel_entry);
- #if defined(CONFIG_USER_ONLY)
+-        }
+-
- void s390_cpu_do_interrupt(CPUState *cs)
+-        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
-@@ -XXX,XX +XXX,XX @@ void s390_cpu_record_sigsegv(CPUState *cs, vaddr address,
+-            qemu_fdt_setprop_string(machine->fdt, "/chosen",
-     cpu_loop_exit_restore(cs, retaddr);
+-                                    "bootargs", machine->kernel_cmdline);
 -        }
 +                                         kernel_start_addr, true, NULL);
          /* Compute the fdt load address in dram */
          fdt_load_addr = riscv_compute_fdt_addr(memmap[MICROCHIP_PFSOC_DRAM_LO].base,
 diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/riscv/opentitan.c
 +++ b/hw/riscv/opentitan.c
@@ -XXX,XX +XXX,XX @@ static void opentitan_board_init(MachineState *machine)
      if (machine->kernel_filename) {
          riscv_load_kernel(machine, &s->soc.cpus,
 -                          memmap[IBEX_DEV_RAM].base, NULL);
 +                          memmap[IBEX_DEV_RAM].base,
 +                          false, NULL);
      }
  }
-+void s390_cpu_record_sigbus(CPUState *cs, vaddr address,
+diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
-+                            MMUAccessType access_type, uintptr_t retaddr)
+index XXXXXXX..XXXXXXX 100644
-+{
+--- a/hw/riscv/sifive_e.c
-+    do_unaligned_access(cs, retaddr);
++++ b/hw/riscv/sifive_e.c
-+}
+@@ -XXX,XX +XXX,XX @@ static void sifive_e_machine_init(MachineState *machine)
-+
- #else /* !CONFIG_USER_ONLY */
+     if (machine->kernel_filename) {
+         riscv_load_kernel(machine, &s->soc.cpus,
- static inline uint64_t cpu_mmu_idx_to_asc(int mmu_idx)
+-                          memmap[SIFIVE_E_DEV_DTIM].base, NULL);
-@@ -XXX,XX +XXX,XX @@ void s390x_cpu_debug_excp_handler(CPUState *cs)
++                          memmap[SIFIVE_E_DEV_DTIM].base,
 +                          false, NULL);
      }
  }
--/* Unaligned accesses are only diagnosed with MO_ALIGN.  At the moment,
+diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
--   this is only for the atomic operations, for which we want to raise a
+index XXXXXXX..XXXXXXX 100644
--   specification exception.  */
+--- a/hw/riscv/sifive_u.c
- void s390x_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
++++ b/hw/riscv/sifive_u.c
-                                    MMUAccessType access_type,
+@@ -XXX,XX +XXX,XX @@ static void sifive_u_machine_init(MachineState *machine)
-                                    int mmu_idx, uintptr_t retaddr)
+                                                          firmware_end_addr);
- {
--    S390CPU *cpu = S390_CPU(cs);
+         kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
--    CPUS390XState *env = &cpu->env;
+-                                         kernel_start_addr, NULL);
 -
--    tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
+-        if (machine->initrd_filename) {
-+    do_unaligned_access(cs, retaddr);
+-            riscv_load_initrd(machine, kernel_entry);
- }
+-        }
+-
- static void QEMU_NORETURN monitor_event(CPUS390XState *env,
+-        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
 -            qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
 -                                    machine->kernel_cmdline);
 -        }
 +                                         kernel_start_addr, true, NULL);
      } else {
         /*
          * If dynamic firmware is used, it doesn't know where is the next mode
 diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/riscv/spike.c
 +++ b/hw/riscv/spike.c
@@ -XXX,XX +XXX,XX @@ static void spike_board_init(MachineState *machine)
          kernel_entry = riscv_load_kernel(machine, &s->soc[0],
                                           kernel_start_addr,
 -                                         htif_symbol_callback);
 -
 -        if (machine->initrd_filename) {
 -            riscv_load_initrd(machine, kernel_entry);
 -        }
 -
 -        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
 -            qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
 -                                    machine->kernel_cmdline);
 -        }
 +                                         true, htif_symbol_callback);
      } else {
         /*
          * If dynamic firmware is used, it doesn't know where is the next mode
 diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/riscv/virt.c
 +++ b/hw/riscv/virt.c
@@ -XXX,XX +XXX,XX @@ static void virt_machine_done(Notifier *notifier, void *data)
                                                           firmware_end_addr);
          kernel_entry = riscv_load_kernel(machine, &s->soc[0],
 -                                         kernel_start_addr, NULL);
 -
 -        if (machine->initrd_filename) {
 -            riscv_load_initrd(machine, kernel_entry);
 -        }
 -
 -        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
 -            qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
 -                                    machine->kernel_cmdline);
 -        }
 +                                         kernel_start_addr, true, NULL);
      } else {
         /*
          * If dynamic firmware is used, it doesn't know where is the next mode
 diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/hw/riscv/boot.h
 +++ b/include/hw/riscv/boot.h
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
  target_ulong riscv_load_kernel(MachineState *machine,
                                 RISCVHartArrayState *harts,
                                 target_ulong firmware_end_addr,
 +                               bool load_initrd,
                                 symbol_fn_t sym_cb);
  void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
  uint64_t riscv_compute_fdt_addr(hwaddr dram_start, uint64_t dram_size,
 --
-.25.1
+.39.1

-[PATCH v4 11/48] linux-user/hppa: Remove POWERPC_EXCP_ALIGN handling
+Deleted patch
-We will raise SIGBUS directly from cpu_loop_exit_sigbus.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/ppc/cpu_loop.c | 8 --------
-file changed, 8 deletions(-)
-diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/ppc/cpu_loop.c
-+++ b/linux-user/ppc/cpu_loop.c
-@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUPPCState *env)
-             cpu_abort(cs, "External interrupt while in user mode. "
-                       "Aborting\n");
-             break;
--        case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
--            /* XXX: check this */
--            info.si_signo = TARGET_SIGBUS;
--            info.si_errno = 0;
--            info.si_code = TARGET_BUS_ADRALN;
--            info._sifields._sigfault._addr = env->nip;
--            queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
--            break;
-         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
-         case POWERPC_EXCP_HV_EMU:   /* HV emulation                          */
-             /* XXX: check this */
---
-.25.1

-[PATCH v4 12/48] target/sh4: Set fault address in superh_cpu_do_unaligned_access
+Deleted patch
-We ought to have been recording the virtual address for reporting
-to the guest trap handler.
-Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sh4/op_helper.c | 5 +++++
-file changed, 5 insertions(+)
-diff --git a/target/sh4/op_helper.c b/target/sh4/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/op_helper.c
-+++ b/target/sh4/op_helper.c
-@@ -XXX,XX +XXX,XX @@ void superh_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-                                     MMUAccessType access_type,
-                                     int mmu_idx, uintptr_t retaddr)
- {
-+    CPUSH4State *env = cs->env_ptr;
-+
-+    env->tea = addr;
-     switch (access_type) {
-     case MMU_INST_FETCH:
-     case MMU_DATA_LOAD:
-@@ -XXX,XX +XXX,XX @@ void superh_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-     case MMU_DATA_STORE:
-         cs->exception_index = 0x100;
-         break;
-+    default:
-+        g_assert_not_reached();
-     }
-     cpu_loop_exit_restore(cs, retaddr);
- }
---
-.25.1

-[PATCH v4 13/48] target/sparc: Remove DEBUG_UNALIGNED
+Deleted patch
-The printf should have been qemu_log_mask, the parameters
-themselves no longer compile, and because this is placed
-before unwinding the PC is actively wrong.
-We get better (and correct) logging on the other side of
-raising the exception, in sparc_cpu_do_interrupt.
-Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sparc/ldst_helper.c | 9 ---------
-file changed, 9 deletions(-)
-diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/ldst_helper.c
-+++ b/target/sparc/ldst_helper.c
-@@ -XXX,XX +XXX,XX @@
- //#define DEBUG_MMU
- //#define DEBUG_MXCC
--//#define DEBUG_UNALIGNED
- //#define DEBUG_UNASSIGNED
- //#define DEBUG_ASI
- //#define DEBUG_CACHE_CONTROL
-@@ -XXX,XX +XXX,XX @@ static void do_check_align(CPUSPARCState *env, target_ulong addr,
-                            uint32_t align, uintptr_t ra)
- {
-     if (addr & align) {
--#ifdef DEBUG_UNALIGNED
--        printf("Unaligned access to 0x" TARGET_FMT_lx " from 0x" TARGET_FMT_lx
--               "\n", addr, env->pc);
--#endif
-         cpu_raise_exception_ra(env, TT_UNALIGNED, ra);
-     }
- }
-@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-     SPARCCPU *cpu = SPARC_CPU(cs);
-     CPUSPARCState *env = &cpu->env;
--#ifdef DEBUG_UNALIGNED
--    printf("Unaligned access to 0x" TARGET_FMT_lx " from 0x" TARGET_FMT_lx
--           "\n", addr, env->pc);
--#endif
-     cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr);
- }
- #endif
---
-.25.1

-[PATCH v4 14/48] target/sparc: Split out build_sfsr
+[PATCH v10 3/3] hw/riscv/boot.c: make riscv_load_initrd() static
-Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
+The only remaining caller is riscv_load_kernel_and_initrd() which
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+belongs to the same file.
 Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Reviewed-by: Bin Meng <bmeng@tinylab.org>
 Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
 ---
- target/sparc/mmu_helper.c | 72 +++++++++++++++++++++++++--------------
+ hw/riscv/boot.c         | 80 ++++++++++++++++++++---------------------
-file changed, 46 insertions(+), 26 deletions(-)
+ include/hw/riscv/boot.h |  1 -
 files changed, 40 insertions(+), 41 deletions(-)
-diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
+diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/mmu_helper.c
+--- a/hw/riscv/boot.c
-+++ b/target/sparc/mmu_helper.c
++++ b/hw/riscv/boot.c
-@@ -XXX,XX +XXX,XX @@ static inline int ultrasparc_tag_match(SparcTLBEntry *tlb,
+@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
-     return 0;
+     exit(1);
  }
-+static uint64_t build_sfsr(CPUSPARCState *env, int mmu_idx, int rw)
++static void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
 +{
-+    uint64_t sfsr = SFSR_VALID_BIT;
++    const char *filename = machine->initrd_filename;
 +    uint64_t mem_size = machine->ram_size;
 +    void *fdt = machine->fdt;
 +    hwaddr start, end;
 +    ssize_t size;
 +
-+    switch (mmu_idx) {
++    g_assert(filename != NULL);
-+    case MMU_PHYS_IDX:
++
-+        sfsr |= SFSR_CT_NOTRANS;
++    /*
-+        break;
++     * We want to put the initrd far enough into RAM that when the
-+    case MMU_USER_IDX:
++     * kernel is uncompressed it will not clobber the initrd. However
-+    case MMU_KERNEL_IDX:
++     * on boards without much RAM we must ensure that we still leave
-+        sfsr |= SFSR_CT_PRIMARY;
++     * enough room for a decent sized initrd, and on boards with large
-+        break;
++     * amounts of RAM we must avoid the initrd being so far up in RAM
-+    case MMU_USER_SECONDARY_IDX:
++     * that it is outside lowmem and inaccessible to the kernel.
-+    case MMU_KERNEL_SECONDARY_IDX:
++     * So for boards with less  than 256MB of RAM we put the initrd
-+        sfsr |= SFSR_CT_SECONDARY;
++     * halfway into RAM, and for boards with 256MB of RAM or more we put
-+        break;
++     * the initrd at 128MB.
-+    case MMU_NUCLEUS_IDX:
++     */
-+        sfsr |= SFSR_CT_NUCLEUS;
++    start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
-+        break;
++
-+    default:
++    size = load_ramdisk(filename, start, mem_size - start);
-+        g_assert_not_reached();
++    if (size == -1) {
 +        size = load_image_targphys(filename, start, mem_size - start);
 +        if (size == -1) {
 +            error_report("could not load ramdisk '%s'", filename);
 +            exit(1);
 +        }
 +    }
 +
-+    if (rw == 1) {
++    /* Some RISC-V machines (e.g. opentitan) don't have a fdt. */
-+        sfsr |= SFSR_WRITE_BIT;
++    if (fdt) {
-+    } else if (rw == 4) {
++        end = start + size;
-+        sfsr |= SFSR_NF_BIT;
++        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start);
 +        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end);
 +    }
-+
-+    if (env->pstate & PS_PRIV) {
-+        sfsr |= SFSR_PR_BIT;
-+    }
-+
-+    if (env->dmmu.sfsr & SFSR_VALID_BIT) { /* Fault status register */
-+        sfsr |= SFSR_OW_BIT; /* overflow (not read before another fault) */
-+    }
-+
-+    /* FIXME: ASI field in SFSR must be set */
-+
-+    return sfsr;
 +}
 +
- static int get_physical_address_data(CPUSPARCState *env, hwaddr *physical,
+ target_ulong riscv_load_kernel(MachineState *machine,
-                                      int *prot, MemTxAttrs *attrs,
+                                RISCVHartArrayState *harts,
-                                      target_ulong address, int rw, int mmu_idx)
+                                target_ulong kernel_start_addr,
- {
+@@ -XXX,XX +XXX,XX @@ out:
-     CPUState *cs = env_cpu(env);
+     return kernel_entry;
-     unsigned int i;
+ }
-+    uint64_t sfsr;
-     uint64_t context;
+-void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
--    uint64_t sfsr = 0;
+-{
-     bool is_user = false;
+-    const char *filename = machine->initrd_filename;
+-    uint64_t mem_size = machine->ram_size;
-+    sfsr = build_sfsr(env, mmu_idx, rw);
+-    void *fdt = machine->fdt;
-+
+-    hwaddr start, end;
-     switch (mmu_idx) {
+-    ssize_t size;
-     case MMU_PHYS_IDX:
+-
-         g_assert_not_reached();
+-    g_assert(filename != NULL);
-@@ -XXX,XX +XXX,XX @@ static int get_physical_address_data(CPUSPARCState *env, hwaddr *physical,
+-
-         /* fallthru */
+-    /*
-     case MMU_KERNEL_IDX:
+-     * We want to put the initrd far enough into RAM that when the
-         context = env->dmmu.mmu_primary_context & 0x1fff;
+-     * kernel is uncompressed it will not clobber the initrd. However
--        sfsr |= SFSR_CT_PRIMARY;
+-     * on boards without much RAM we must ensure that we still leave
-         break;
+-     * enough room for a decent sized initrd, and on boards with large
-     case MMU_USER_SECONDARY_IDX:
+-     * amounts of RAM we must avoid the initrd being so far up in RAM
-         is_user = true;
+-     * that it is outside lowmem and inaccessible to the kernel.
-         /* fallthru */
+-     * So for boards with less  than 256MB of RAM we put the initrd
-     case MMU_KERNEL_SECONDARY_IDX:
+-     * halfway into RAM, and for boards with 256MB of RAM or more we put
-         context = env->dmmu.mmu_secondary_context & 0x1fff;
+-     * the initrd at 128MB.
--        sfsr |= SFSR_CT_SECONDARY;
+-     */
-         break;
+-    start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
--    case MMU_NUCLEUS_IDX:
+-
--        sfsr |= SFSR_CT_NUCLEUS;
+-    size = load_ramdisk(filename, start, mem_size - start);
--        /* FALLTHRU */
+-    if (size == -1) {
-     default:
+-        size = load_image_targphys(filename, start, mem_size - start);
-         context = 0;
+-        if (size == -1) {
-         break;
+-            error_report("could not load ramdisk '%s'", filename);
-     }
+-            exit(1);
+-        }
 -    if (rw == 1) {
 -        sfsr |= SFSR_WRITE_BIT;
 -    } else if (rw == 4) {
 -        sfsr |= SFSR_NF_BIT;
 -    }
 -
-     for (i = 0; i < 64; i++) {
+-    /* Some RISC-V machines (e.g. opentitan) don't have a fdt. */
-         /* ctx match, vaddr match, valid? */
+-    if (fdt) {
-         if (ultrasparc_tag_match(&env->dtlb[i], address, context, physical)) {
+-        end = start + size;
-@@ -XXX,XX +XXX,XX @@ static int get_physical_address_data(CPUSPARCState *env, hwaddr *physical,
+-        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start);
-                 return 0;
+-        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end);
-             }
+-    }
+-}
 -            if (env->dmmu.sfsr & SFSR_VALID_BIT) { /* Fault status register */
 -                sfsr |= SFSR_OW_BIT; /* overflow (not read before
 -                                        another fault) */
 -            }
 -
--            if (env->pstate & PS_PRIV) {
+ /*
--                sfsr |= SFSR_PR_BIT;
+  * This function makes an assumption that the DRAM interval
--            }
+  * 'dram_base' + 'dram_size' is contiguous.
--
+diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
--            /* FIXME: ASI field in SFSR must be set */
+index XXXXXXX..XXXXXXX 100644
--            env->dmmu.sfsr = sfsr | SFSR_VALID_BIT;
+--- a/include/hw/riscv/boot.h
--
++++ b/include/hw/riscv/boot.h
-+            env->dmmu.sfsr = sfsr;
+@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_kernel(MachineState *machine,
-             env->dmmu.sfar = address; /* Fault address register */
+                                target_ulong firmware_end_addr,
--
+                                bool load_initrd,
-             env->dmmu.tag_access = (address & ~0x1fffULL) | context;
+                                symbol_fn_t sym_cb);
--
+-void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
-             return 1;
+ uint64_t riscv_compute_fdt_addr(hwaddr dram_start, uint64_t dram_size,
-         }
+                                 MachineState *ms);
-     }
+ void riscv_load_fdt(hwaddr fdt_addr, void *fdt);
 --
-.25.1
+.39.1

-[PATCH v4 15/48] target/sparc: Set fault address in sparc_cpu_do_unaligned_access
+Deleted patch
-We ought to have been recording the virtual address for reporting
-to the guest trap handler.  Move the function to mmu_helper.c, so
-that we can re-use code shared with get_physical_address_data.
-Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sparc/ldst_helper.c | 13 -------------
- target/sparc/mmu_helper.c  | 20 ++++++++++++++++++++
-files changed, 20 insertions(+), 13 deletions(-)
-diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/ldst_helper.c
-+++ b/target/sparc/ldst_helper.c
-@@ -XXX,XX +XXX,XX @@ void sparc_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
-                           is_asi, size, retaddr);
- }
- #endif
--
--#if !defined(CONFIG_USER_ONLY)
--void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
--                                                 MMUAccessType access_type,
--                                                 int mmu_idx,
--                                                 uintptr_t retaddr)
--{
--    SPARCCPU *cpu = SPARC_CPU(cs);
--    CPUSPARCState *env = &cpu->env;
--
--    cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr);
--}
--#endif
-diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/mmu_helper.c
-+++ b/target/sparc/mmu_helper.c
-@@ -XXX,XX +XXX,XX @@ hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
-     }
-     return phys_addr;
- }
-+
-+#ifndef CONFIG_USER_ONLY
-+void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-+                                                 MMUAccessType access_type,
-+                                                 int mmu_idx,
-+                                                 uintptr_t retaddr)
-+{
-+    SPARCCPU *cpu = SPARC_CPU(cs);
-+    CPUSPARCState *env = &cpu->env;
-+
-+#ifdef TARGET_SPARC64
-+    env->dmmu.sfsr = build_sfsr(env, mmu_idx, access_type);
-+    env->dmmu.sfar = addr;
-+#else
-+    env->mmuregs[4] = addr;
-+#endif
-+
-+    cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr);
-+}
-+#endif /* !CONFIG_USER_ONLY */
---
-.25.1

-[PATCH v4 16/48] accel/tcg: Report unaligned atomics for user-only
+Deleted patch
-Use the new cpu_loop_exit_sigbus for atomic_mmu_lookup, which
-has access to complete alignment info from the TCGMemOpIdx arg.
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- accel/tcg/user-exec.c | 13 ++++++++++++-
-file changed, 12 insertions(+), 1 deletion(-)
-diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/user-exec.c
-+++ b/accel/tcg/user-exec.c
-@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
-                                MemOpIdx oi, int size, int prot,
-                                uintptr_t retaddr)
- {
-+    MemOp mop = get_memop(oi);
-+    int a_bits = get_alignment_bits(mop);
-+    void *ret;
-+
-+    /* Enforce guest required alignment.  */
-+    if (unlikely(addr & ((1 << a_bits) - 1))) {
-+        MMUAccessType t = prot == PAGE_READ ? MMU_DATA_LOAD : MMU_DATA_STORE;
-+        cpu_loop_exit_sigbus(env_cpu(env), addr, t, retaddr);
-+    }
-+
-     /* Enforce qemu required alignment.  */
-     if (unlikely(addr & (size - 1))) {
-         cpu_loop_exit_atomic(env_cpu(env), retaddr);
-     }
--    void *ret = g2h(env_cpu(env), addr);
-+
-+    ret = g2h(env_cpu(env), addr);
-     set_helper_retaddr(retaddr);
-     return ret;
- }
---
-.25.1

-[PATCH v4 17/48] target/arm: Use MO_128 for 16 byte atomics
+Deleted patch
-Cc: qemu-arm@nongnu.org
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/helper-a64.c | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper-a64.c
-+++ b/target/arm/helper-a64.c
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
-     mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
-     cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
-     newv = int128_make128(new_lo, new_hi);
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
-     mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
-+    oi = make_memop_idx(MO_BE | MO_128 | MO_ALIGN, mem_idx);
-     /*
-      * High and low need to be switched here because this is not actually a
-@@ -XXX,XX +XXX,XX @@ void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
-     mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
-     cmpv = int128_make128(env->xregs[rs], env->xregs[rs + 1]);
-     newv = int128_make128(new_lo, new_hi);
-@@ -XXX,XX +XXX,XX @@ void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
-     mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
-     cmpv = int128_make128(env->xregs[rs + 1], env->xregs[rs]);
-     newv = int128_make128(new_lo, new_hi);
---
-.25.1

-[PATCH v4 18/48] target/i386: Use MO_128 for 16 byte atomics
+Deleted patch
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/i386/tcg/mem_helper.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/i386/tcg/mem_helper.c b/target/i386/tcg/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/mem_helper.c
-+++ b/target/i386/tcg/mem_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
-         Int128 newv = int128_make128(env->regs[R_EBX], env->regs[R_ECX]);
-         int mem_idx = cpu_mmu_index(env, false);
--        MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-+        MemOpIdx oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
-         Int128 oldv = cpu_atomic_cmpxchgo_le_mmu(env, a0, cmpv, newv, oi, ra);
-         if (int128_eq(oldv, cmpv)) {
---
-.25.1

-[PATCH v4 19/48] target/ppc: Use MO_128 for 16 byte atomics
+Deleted patch
-Cc: qemu-ppc@nongnu.org
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/ppc/translate.c | 12 +++++++-----
-file changed, 7 insertions(+), 5 deletions(-)
-diff --git a/target/ppc/translate.c b/target/ppc/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/translate.c
-+++ b/target/ppc/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_std(DisasContext *ctx)
-             if (HAVE_ATOMIC128) {
-                 TCGv_i32 oi = tcg_temp_new_i32();
-                 if (ctx->le_mode) {
--                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
-+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128,
-+                                                        ctx->mem_idx));
-                     gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
-                 } else {
--                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
-+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128,
-+                                                        ctx->mem_idx));
-                     gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
-                 }
-                 tcg_temp_free_i32(oi);
-@@ -XXX,XX +XXX,XX @@ static void gen_lqarx(DisasContext *ctx)
-         if (HAVE_ATOMIC128) {
-             TCGv_i32 oi = tcg_temp_new_i32();
-             if (ctx->le_mode) {
--                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
-+                tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128 | MO_ALIGN,
-                                                     ctx->mem_idx));
-                 gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
-             } else {
--                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
-+                tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128 | MO_ALIGN,
-                                                     ctx->mem_idx));
-                 gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
-             }
-@@ -XXX,XX +XXX,XX @@ static void gen_stqcx_(DisasContext *ctx)
-     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
-         if (HAVE_CMPXCHG128) {
--            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
-+            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_128) | MO_ALIGN);
-             if (ctx->le_mode) {
-                 gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env,
-                                              EA, lo, hi, oi);
---
-.25.1

-[PATCH v4 20/48] target/s390x: Use MO_128 for 16 byte atomics
+Deleted patch
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/s390x/tcg/mem_helper.c | 4 ++--
-file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/mem_helper.c
-+++ b/target/s390x/tcg/mem_helper.c
-@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
-     mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-+    oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
-     oldv = cpu_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
-     fail = !int128_eq(oldv, cmpv);
-@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
-                 cpu_stq_data_ra(env, a1 + 0, int128_gethi(nv), ra);
-                 cpu_stq_data_ra(env, a1 + 8, int128_getlo(nv), ra);
-             } else if (HAVE_CMPXCHG128) {
--                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-+                MemOpIdx oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
-                 ov = cpu_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
-                 cc = !int128_eq(ov, cv);
-             } else {
---
-.25.1

-[PATCH v4 21/48] target/hexagon: Implement cpu_mmu_index
+Deleted patch
-The function is trivial for user-only, but still must be present.
-Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/hexagon/cpu.h | 9 +++++++++
-file changed, 9 insertions(+)
-diff --git a/target/hexagon/cpu.h b/target/hexagon/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/hexagon/cpu.h
-+++ b/target/hexagon/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUHexagonState *env, target_ulong *pc,
- #endif
- }
-+static inline int cpu_mmu_index(CPUHexagonState *env, bool ifetch)
-+{
-+#ifdef CONFIG_USER_ONLY
-+    return MMU_USER_IDX;
-+#else
-+#error System mode not supported on Hexagon yet
-+#endif
-+}
-+
- typedef struct CPUHexagonState CPUArchState;
- typedef HexagonCPU ArchCPU;
---
-.25.1

-[PATCH v4 22/48] accel/tcg: Add cpu_{ld,st}*_mmu interfaces
+Deleted patch
-These functions are much closer to the softmmu helper
-functions, in that they take the complete MemOpIdx,
-and from that they may enforce required alignment.
-The previous cpu_ldst.h functions did not have alignment info,
-and so did not enforce it.  Retain this by adding MO_UNALN to
-the MemOp that we create in calling the new functions.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- docs/devel/loads-stores.rst |  52 ++++-
- include/exec/cpu_ldst.h     | 245 ++++++++--------------
- accel/tcg/cputlb.c          | 392 ++++++++++++------------------------
- accel/tcg/user-exec.c       | 390 +++++++++++++++--------------------
- accel/tcg/ldst_common.c.inc | 307 ++++++++++++++++++++++++++++
-files changed, 722 insertions(+), 664 deletions(-)
- create mode 100644 accel/tcg/ldst_common.c.inc
-diff --git a/docs/devel/loads-stores.rst b/docs/devel/loads-stores.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/devel/loads-stores.rst
-+++ b/docs/devel/loads-stores.rst
-@@ -XXX,XX +XXX,XX @@ Regexes for git grep
-  - ``\<ldn_\([hbl]e\)?_p\>``
-  - ``\<stn_\([hbl]e\)?_p\>``
--``cpu_{ld,st}*_mmuidx_ra``
--~~~~~~~~~~~~~~~~~~~~~~~~~~
-+``cpu_{ld,st}*_mmu``
-+~~~~~~~~~~~~~~~~~~~~
--These functions operate on a guest virtual address plus a context,
--known as a "mmu index" or ``mmuidx``, which controls how that virtual
--address is translated.  The meaning of the indexes are target specific,
--but specifying a particular index might be necessary if, for instance,
--the helper requires an "always as non-privileged" access rather that
--the default access for the current state of the guest CPU.
-+These functions operate on a guest virtual address, plus a context
-+known as a "mmu index" which controls how that virtual address is
-+translated, plus a ``MemOp`` which contains alignment requirements
-+among other things.  The ``MemOp`` and mmu index are combined into
-+a single argument of type ``MemOpIdx``.
-+
-+The meaning of the indexes are target specific, but specifying a
-+particular index might be necessary if, for instance, the helper
-+requires a "always as non-privileged" access rather than the
-+default access for the current state of the guest CPU.
- These functions may cause a guest CPU exception to be taken
- (e.g. for an alignment fault or MMU fault) which will result in
-@@ -XXX,XX +XXX,XX @@ function, which is a return address into the generated code [#gpc]_.
- Function names follow the pattern:
-+load: ``cpu_ld{size}{end}_mmu(env, ptr, oi, retaddr)``
-+
-+store: ``cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)``
-+
-+``size``
-+ - ``b`` : 8 bits
-+ - ``w`` : 16 bits
-+ - ``l`` : 32 bits
-+ - ``q`` : 64 bits
-+
-+``end``
-+ - (empty) : for target endian, or 8 bit sizes
-+ - ``_be`` : big endian
-+ - ``_le`` : little endian
-+
-+Regexes for git grep:
-+ - ``\<cpu_ld[bwlq](_[bl]e)\?_mmu\>``
-+ - ``\<cpu_st[bwlq](_[bl]e)\?_mmu\>``
-+
-+
-+``cpu_{ld,st}*_mmuidx_ra``
-+~~~~~~~~~~~~~~~~~~~~~~~~~~
-+
-+These functions work like the ``cpu_{ld,st}_mmu`` functions except
-+that the ``mmuidx`` parameter is not combined with a ``MemOp``,
-+and therefore there is no required alignment supplied or enforced.
-+
-+Function names follow the pattern:
-+
- load: ``cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmuidx, retaddr)``
- store: ``cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmuidx, retaddr)``
-@@ -XXX,XX +XXX,XX @@ of the guest CPU, as determined by ``cpu_mmu_index(env, false)``.
- These are generally the preferred way to do accesses by guest
- virtual address from helper functions, unless the access should
--be performed with a context other than the default.
-+be performed with a context other than the default, or alignment
-+should be enforced for the access.
- Function names follow the pattern:
-diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu_ldst.h
-+++ b/include/exec/cpu_ldst.h
-@@ -XXX,XX +XXX,XX @@
-  * load:  cpu_ld{sign}{size}{end}_{mmusuffix}(env, ptr)
-  *        cpu_ld{sign}{size}{end}_{mmusuffix}_ra(env, ptr, retaddr)
-  *        cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmu_idx, retaddr)
-+ *        cpu_ld{sign}{size}{end}_mmu(env, ptr, oi, retaddr)
-  *
-  * store: cpu_st{size}{end}_{mmusuffix}(env, ptr, val)
-  *        cpu_st{size}{end}_{mmusuffix}_ra(env, ptr, val, retaddr)
-  *        cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmu_idx, retaddr)
-+ *        cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)
-  *
-  * sign is:
-  * (empty): for 32 and 64 bit sizes
-@@ -XXX,XX +XXX,XX @@
-  * The "mmuidx" suffix carries an extra mmu_idx argument that specifies
-  * the index to use; the "data" and "code" suffixes take the index from
-  * cpu_mmu_index().
-+ *
-+ * The "mmu" suffix carries the full MemOpIdx, with both mmu_idx and the
-+ * MemOp including alignment requirements.  The alignment will be enforced.
-  */
- #ifndef CPU_LDST_H
- #define CPU_LDST_H
-+#include "exec/memopidx.h"
-+
- #if defined(CONFIG_USER_ONLY)
- /* sparc32plus has 64bit long but 32bit space address
-  * this can make bad result with g2h() and h2g()
-@@ -XXX,XX +XXX,XX @@ typedef target_ulong abi_ptr;
- uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr);
- int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr);
--
- uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr);
- int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr);
- uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr);
- uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr);
--
- uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr);
- int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr);
- uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr);
-@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr);
- uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
--
- uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
--
- uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
- void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
--
- void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
- void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
- void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
--
- void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
- void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
- void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
- void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
-                      uint32_t val, uintptr_t ra);
--
- void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                         uint32_t val, uintptr_t ra);
- void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                         uint32_t val, uintptr_t ra);
- void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                         uint64_t val, uintptr_t ra);
--
- void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                         uint32_t val, uintptr_t ra);
- void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
-@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
- void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                         uint64_t val, uintptr_t ra);
-+uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                            int mmu_idx, uintptr_t ra);
-+int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                       int mmu_idx, uintptr_t ra);
-+uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                               int mmu_idx, uintptr_t ra);
-+int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                          int mmu_idx, uintptr_t ra);
-+uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                              int mmu_idx, uintptr_t ra);
-+uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                              int mmu_idx, uintptr_t ra);
-+uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                               int mmu_idx, uintptr_t ra);
-+int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                          int mmu_idx, uintptr_t ra);
-+uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                              int mmu_idx, uintptr_t ra);
-+uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
-+                              int mmu_idx, uintptr_t ra);
-+
-+void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
-+                       int mmu_idx, uintptr_t ra);
-+void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra);
-+void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra);
-+void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
-+                          int mmu_idx, uintptr_t ra);
-+void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra);
-+void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra);
-+void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
-+                          int mmu_idx, uintptr_t ra);
-+
-+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr ptr, MemOpIdx oi, uintptr_t ra);
-+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr ptr,
-+                        MemOpIdx oi, uintptr_t ra);
-+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr ptr,
-+                        MemOpIdx oi, uintptr_t ra);
-+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr ptr,
-+                        MemOpIdx oi, uintptr_t ra);
-+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr ptr,
-+                        MemOpIdx oi, uintptr_t ra);
-+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr ptr,
-+                        MemOpIdx oi, uintptr_t ra);
-+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr ptr,
-+                        MemOpIdx oi, uintptr_t ra);
-+
-+void cpu_stb_mmu(CPUArchState *env, abi_ptr ptr, uint8_t val,
-+                 MemOpIdx oi, uintptr_t ra);
-+void cpu_stw_be_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
-+                    MemOpIdx oi, uintptr_t ra);
-+void cpu_stl_be_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
-+                    MemOpIdx oi, uintptr_t ra);
-+void cpu_stq_be_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
-+                    MemOpIdx oi, uintptr_t ra);
-+void cpu_stw_le_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
-+                    MemOpIdx oi, uintptr_t ra);
-+void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
-+                    MemOpIdx oi, uintptr_t ra);
-+void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
-+                    MemOpIdx oi, uintptr_t ra);
-+
- #if defined(CONFIG_USER_ONLY)
- extern __thread uintptr_t helper_retaddr;
-@@ -XXX,XX +XXX,XX @@ static inline void clear_helper_retaddr(void)
-     helper_retaddr = 0;
- }
--/*
-- * Provide the same *_mmuidx_ra interface as for softmmu.
-- * The mmu_idx argument is ignored.
-- */
--
--static inline uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                          int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldub_data_ra(env, addr, ra);
--}
--
--static inline int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                     int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldsb_data_ra(env, addr, ra);
--}
--
--static inline uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                             int mmu_idx, uintptr_t ra)
--{
--    return cpu_lduw_be_data_ra(env, addr, ra);
--}
--
--static inline int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldsw_be_data_ra(env, addr, ra);
--}
--
--static inline uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                            int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldl_be_data_ra(env, addr, ra);
--}
--
--static inline uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                            int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldq_be_data_ra(env, addr, ra);
--}
--
--static inline uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                             int mmu_idx, uintptr_t ra)
--{
--    return cpu_lduw_le_data_ra(env, addr, ra);
--}
--
--static inline int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldsw_le_data_ra(env, addr, ra);
--}
--
--static inline uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                            int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldl_le_data_ra(env, addr, ra);
--}
--
--static inline uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                            int mmu_idx, uintptr_t ra)
--{
--    return cpu_ldq_le_data_ra(env, addr, ra);
--}
--
--static inline void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                     uint32_t val, int mmu_idx, uintptr_t ra)
--{
--    cpu_stb_data_ra(env, addr, val, ra);
--}
--
--static inline void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        uint32_t val, int mmu_idx,
--                                        uintptr_t ra)
--{
--    cpu_stw_be_data_ra(env, addr, val, ra);
--}
--
--static inline void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        uint32_t val, int mmu_idx,
--                                        uintptr_t ra)
--{
--    cpu_stl_be_data_ra(env, addr, val, ra);
--}
--
--static inline void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        uint64_t val, int mmu_idx,
--                                        uintptr_t ra)
--{
--    cpu_stq_be_data_ra(env, addr, val, ra);
--}
--
--static inline void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        uint32_t val, int mmu_idx,
--                                        uintptr_t ra)
--{
--    cpu_stw_le_data_ra(env, addr, val, ra);
--}
--
--static inline void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        uint32_t val, int mmu_idx,
--                                        uintptr_t ra)
--{
--    cpu_stl_le_data_ra(env, addr, val, ra);
--}
--
--static inline void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        uint64_t val, int mmu_idx,
--                                        uintptr_t ra)
--{
--    cpu_stq_le_data_ra(env, addr, val, ra);
--}
--
- #else
- /* Needed for TCG_OVERSIZED_GUEST */
-@@ -XXX,XX +XXX,XX @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, uintptr_t mmu_idx,
-     return &env_tlb(env)->f[mmu_idx].table[tlb_index(env, mmu_idx, addr)];
- }
--uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                            int mmu_idx, uintptr_t ra);
--int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                       int mmu_idx, uintptr_t ra);
--
--uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                               int mmu_idx, uintptr_t ra);
--int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                          int mmu_idx, uintptr_t ra);
--uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--
--uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                               int mmu_idx, uintptr_t ra);
--int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                          int mmu_idx, uintptr_t ra);
--uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--
--void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                       int mmu_idx, uintptr_t retaddr);
--
--void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
--                          int mmu_idx, uintptr_t retaddr);
--
--void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
--                          int mmu_idx, uintptr_t retaddr);
--
- #endif /* defined(CONFIG_USER_ONLY) */
- #ifdef TARGET_WORDS_BIGENDIAN
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_ldsw_mmuidx_ra   cpu_ldsw_be_mmuidx_ra
- # define cpu_ldl_mmuidx_ra    cpu_ldl_be_mmuidx_ra
- # define cpu_ldq_mmuidx_ra    cpu_ldq_be_mmuidx_ra
-+# define cpu_ldw_mmu          cpu_ldw_be_mmu
-+# define cpu_ldl_mmu          cpu_ldl_be_mmu
-+# define cpu_ldq_mmu          cpu_ldq_be_mmu
- # define cpu_stw_data         cpu_stw_be_data
- # define cpu_stl_data         cpu_stl_be_data
- # define cpu_stq_data         cpu_stq_be_data
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_stw_mmuidx_ra    cpu_stw_be_mmuidx_ra
- # define cpu_stl_mmuidx_ra    cpu_stl_be_mmuidx_ra
- # define cpu_stq_mmuidx_ra    cpu_stq_be_mmuidx_ra
-+# define cpu_stw_mmu          cpu_stw_be_mmu
-+# define cpu_stl_mmu          cpu_stl_be_mmu
-+# define cpu_stq_mmu          cpu_stq_be_mmu
- #else
- # define cpu_lduw_data        cpu_lduw_le_data
- # define cpu_ldsw_data        cpu_ldsw_le_data
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_ldsw_mmuidx_ra   cpu_ldsw_le_mmuidx_ra
- # define cpu_ldl_mmuidx_ra    cpu_ldl_le_mmuidx_ra
- # define cpu_ldq_mmuidx_ra    cpu_ldq_le_mmuidx_ra
-+# define cpu_ldw_mmu          cpu_ldw_le_mmu
-+# define cpu_ldl_mmu          cpu_ldl_le_mmu
-+# define cpu_ldq_mmu          cpu_ldq_le_mmu
- # define cpu_stw_data         cpu_stw_le_data
- # define cpu_stl_data         cpu_stl_le_data
- # define cpu_stq_data         cpu_stq_le_data
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_stw_mmuidx_ra    cpu_stw_le_mmuidx_ra
- # define cpu_stl_mmuidx_ra    cpu_stl_le_mmuidx_ra
- # define cpu_stq_mmuidx_ra    cpu_stq_le_mmuidx_ra
-+# define cpu_stw_mmu          cpu_stw_le_mmu
-+# define cpu_stl_mmu          cpu_stl_le_mmu
-+# define cpu_stq_mmu          cpu_stq_le_mmu
- #endif
- uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr);
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cputlb.c
-+++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
-     cpu_loop_exit_atomic(env_cpu(env), retaddr);
- }
-+/*
-+ * Verify that we have passed the correct MemOp to the correct function.
-+ *
-+ * In the case of the helper_*_mmu functions, we will have done this by
-+ * using the MemOp to look up the helper during code generation.
-+ *
-+ * In the case of the cpu_*_mmu functions, this is up to the caller.
-+ * We could present one function to target code, and dispatch based on
-+ * the MemOp, but so far we have worked hard to avoid an indirect function
-+ * call along the memory path.
-+ */
-+static void validate_memop(MemOpIdx oi, MemOp expected)
-+{
-+#ifdef CONFIG_DEBUG_TCG
-+    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
-+    assert(have == expected);
-+#endif
-+}
-+
- /*
-  * Load Helpers
-  *
-@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
- static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
-                               MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_UB);
-     return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
- }
-@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
- static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                  MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_LEUW);
-     return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
-                        full_le_lduw_mmu);
- }
-@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
- static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                  MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_BEUW);
-     return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
-                        full_be_lduw_mmu);
- }
-@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
- static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                  MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_LEUL);
-     return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
-                        full_le_ldul_mmu);
- }
-@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
- static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                  MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_BEUL);
-     return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
-                        full_be_ldul_mmu);
- }
-@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
- uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
-                            MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_LEQ);
-     return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
-                        helper_le_ldq_mmu);
- }
-@@ -XXX,XX +XXX,XX @@ uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
- uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
-                            MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_BEQ);
-     return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
-                        helper_be_ldq_mmu);
- }
-@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
-  */
- static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
--                                       int mmu_idx, uintptr_t retaddr,
--                                       MemOp op, FullLoadHelper *full_load)
-+                                       MemOpIdx oi, uintptr_t retaddr,
-+                                       FullLoadHelper *full_load)
- {
--    MemOpIdx oi = make_memop_idx(op, mmu_idx);
-     uint64_t ret;
-     trace_guest_ld_before_exec(env_cpu(env), addr, oi);
--
-     ret = full_load(env, addr, oi, retaddr);
--
-     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
--
-     return ret;
- }
--uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                            int mmu_idx, uintptr_t ra)
-+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr, MemOpIdx oi, uintptr_t ra)
- {
--    return cpu_load_helper(env, addr, mmu_idx, ra, MO_UB, full_ldub_mmu);
-+    return cpu_load_helper(env, addr, oi, ra, full_ldub_mmu);
- }
--int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                       int mmu_idx, uintptr_t ra)
-+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
-+    return cpu_load_helper(env, addr, oi, ra, full_be_lduw_mmu);
- }
--uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                               int mmu_idx, uintptr_t ra)
-+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUW, full_be_lduw_mmu);
-+    return cpu_load_helper(env, addr, oi, ra, full_be_ldul_mmu);
- }
--int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                          int mmu_idx, uintptr_t ra)
-+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
-+    return cpu_load_helper(env, addr, oi, MO_BEQ, helper_be_ldq_mmu);
- }
--uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra)
-+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUL, full_be_ldul_mmu);
-+    return cpu_load_helper(env, addr, oi, ra, full_le_lduw_mmu);
- }
--uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra)
-+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEQ, helper_be_ldq_mmu);
-+    return cpu_load_helper(env, addr, oi, ra, full_le_ldul_mmu);
- }
--uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                               int mmu_idx, uintptr_t ra)
-+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUW, full_le_lduw_mmu);
--}
--
--int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                          int mmu_idx, uintptr_t ra)
--{
--    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
--}
--
--uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra)
--{
--    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUL, full_le_ldul_mmu);
--}
--
--uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra)
--{
--    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEQ, helper_le_ldq_mmu);
--}
--
--uint32_t cpu_ldub_data_ra(CPUArchState *env, target_ulong ptr,
--                          uintptr_t retaddr)
--{
--    return cpu_ldub_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--int cpu_ldsb_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
--{
--    return cpu_ldsb_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--uint32_t cpu_lduw_be_data_ra(CPUArchState *env, target_ulong ptr,
--                             uintptr_t retaddr)
--{
--    return cpu_lduw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--int cpu_ldsw_be_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
--{
--    return cpu_ldsw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--uint32_t cpu_ldl_be_data_ra(CPUArchState *env, target_ulong ptr,
--                            uintptr_t retaddr)
--{
--    return cpu_ldl_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--uint64_t cpu_ldq_be_data_ra(CPUArchState *env, target_ulong ptr,
--                            uintptr_t retaddr)
--{
--    return cpu_ldq_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--uint32_t cpu_lduw_le_data_ra(CPUArchState *env, target_ulong ptr,
--                             uintptr_t retaddr)
--{
--    return cpu_lduw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--int cpu_ldsw_le_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
--{
--    return cpu_ldsw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--uint32_t cpu_ldl_le_data_ra(CPUArchState *env, target_ulong ptr,
--                            uintptr_t retaddr)
--{
--    return cpu_ldl_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--uint64_t cpu_ldq_le_data_ra(CPUArchState *env, target_ulong ptr,
--                            uintptr_t retaddr)
--{
--    return cpu_ldq_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
--}
--
--uint32_t cpu_ldub_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldub_data_ra(env, ptr, 0);
--}
--
--int cpu_ldsb_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldsb_data_ra(env, ptr, 0);
--}
--
--uint32_t cpu_lduw_be_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_lduw_be_data_ra(env, ptr, 0);
--}
--
--int cpu_ldsw_be_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldsw_be_data_ra(env, ptr, 0);
--}
--
--uint32_t cpu_ldl_be_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldl_be_data_ra(env, ptr, 0);
--}
--
--uint64_t cpu_ldq_be_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldq_be_data_ra(env, ptr, 0);
--}
--
--uint32_t cpu_lduw_le_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_lduw_le_data_ra(env, ptr, 0);
--}
--
--int cpu_ldsw_le_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldsw_le_data_ra(env, ptr, 0);
--}
--
--uint32_t cpu_ldl_le_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldl_le_data_ra(env, ptr, 0);
--}
--
--uint64_t cpu_ldq_le_data(CPUArchState *env, target_ulong ptr)
--{
--    return cpu_ldq_le_data_ra(env, ptr, 0);
-+    return cpu_load_helper(env, addr, oi, ra, helper_le_ldq_mmu);
- }
- /*
-@@ -XXX,XX +XXX,XX @@ store_memop(void *haddr, uint64_t val, MemOp op)
-     }
- }
-+static void full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                         MemOpIdx oi, uintptr_t retaddr);
-+
- static void __attribute__((noinline))
- store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
-                        uintptr_t retaddr, size_t size, uintptr_t mmu_idx,
-@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
-         for (i = 0; i < size; ++i) {
-             /* Big-endian extract.  */
-             uint8_t val8 = val >> (((size - 1) * 8) - (i * 8));
--            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
-+            full_stb_mmu(env, addr + i, val8, oi, retaddr);
-         }
-     } else {
-         for (i = 0; i < size; ++i) {
-             /* Little-endian extract.  */
-             uint8_t val8 = val >> (i * 8);
--            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
-+            full_stb_mmu(env, addr + i, val8, oi, retaddr);
-         }
-     }
- }
-@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
-     store_memop(haddr, val, op);
- }
--void __attribute__((noinline))
--helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
--                   MemOpIdx oi, uintptr_t retaddr)
-+static void __attribute__((noinline))
-+full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+             MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_UB);
-     store_helper(env, addr, val, oi, retaddr, MO_UB);
- }
-+void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-+                        MemOpIdx oi, uintptr_t retaddr)
-+{
-+    full_stb_mmu(env, addr, val, oi, retaddr);
-+}
-+
-+static void full_le_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                            MemOpIdx oi, uintptr_t retaddr)
-+{
-+    validate_memop(oi, MO_LEUW);
-+    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
-+}
-+
- void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                        MemOpIdx oi, uintptr_t retaddr)
- {
--    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
-+    full_le_stw_mmu(env, addr, val, oi, retaddr);
-+}
-+
-+static void full_be_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                            MemOpIdx oi, uintptr_t retaddr)
-+{
-+    validate_memop(oi, MO_BEUW);
-+    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
- }
- void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                        MemOpIdx oi, uintptr_t retaddr)
- {
--    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
-+    full_be_stw_mmu(env, addr, val, oi, retaddr);
-+}
-+
-+static void full_le_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                            MemOpIdx oi, uintptr_t retaddr)
-+{
-+    validate_memop(oi, MO_LEUL);
-+    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
- }
- void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                        MemOpIdx oi, uintptr_t retaddr)
- {
--    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
-+    full_le_stl_mmu(env, addr, val, oi, retaddr);
-+}
-+
-+static void full_be_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                            MemOpIdx oi, uintptr_t retaddr)
-+{
-+    validate_memop(oi, MO_BEUL);
-+    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
- }
- void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                        MemOpIdx oi, uintptr_t retaddr)
- {
--    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
-+    full_be_stl_mmu(env, addr, val, oi, retaddr);
- }
- void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                        MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_LEQ);
-     store_helper(env, addr, val, oi, retaddr, MO_LEQ);
- }
- void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                        MemOpIdx oi, uintptr_t retaddr)
- {
-+    validate_memop(oi, MO_BEQ);
-     store_helper(env, addr, val, oi, retaddr, MO_BEQ);
- }
-@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-  * Store Helpers for cpu_ldst.h
-  */
--static inline void QEMU_ALWAYS_INLINE
--cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
--                 int mmu_idx, uintptr_t retaddr, MemOp op)
-+typedef void FullStoreHelper(CPUArchState *env, target_ulong addr,
-+                             uint64_t val, MemOpIdx oi, uintptr_t retaddr);
-+
-+static inline void cpu_store_helper(CPUArchState *env, target_ulong addr,
-+                                    uint64_t val, MemOpIdx oi, uintptr_t ra,
-+                                    FullStoreHelper *full_store)
- {
--    MemOpIdx oi = make_memop_idx(op, mmu_idx);
--
-     trace_guest_st_before_exec(env_cpu(env), addr, oi);
--
--    store_helper(env, addr, val, oi, retaddr, op);
--
-+    full_store(env, addr, val, oi, ra);
-     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
--void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
--                       int mmu_idx, uintptr_t retaddr)
-+void cpu_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-+                 MemOpIdx oi, uintptr_t retaddr)
- {
--    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_UB);
-+    cpu_store_helper(env, addr, val, oi, retaddr, full_stb_mmu);
- }
--void cpu_stw_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr)
-+void cpu_stw_be_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-+                    MemOpIdx oi, uintptr_t retaddr)
- {
--    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUW);
-+    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stw_mmu);
- }
--void cpu_stl_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr)
-+void cpu_stl_be_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-+                    MemOpIdx oi, uintptr_t retaddr)
- {
--    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUL);
-+    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stl_mmu);
- }
--void cpu_stq_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
--                          int mmu_idx, uintptr_t retaddr)
-+void cpu_stq_be_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                    MemOpIdx oi, uintptr_t retaddr)
- {
--    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEQ);
-+    cpu_store_helper(env, addr, val, oi, retaddr, helper_be_stq_mmu);
- }
--void cpu_stw_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr)
-+void cpu_stw_le_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-+                    MemOpIdx oi, uintptr_t retaddr)
- {
--    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUW);
-+    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stw_mmu);
- }
--void cpu_stl_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr)
-+void cpu_stl_le_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-+                    MemOpIdx oi, uintptr_t retaddr)
- {
--    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUL);
-+    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stl_mmu);
- }
--void cpu_stq_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
--                          int mmu_idx, uintptr_t retaddr)
-+void cpu_stq_le_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                    MemOpIdx oi, uintptr_t retaddr)
- {
--    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEQ);
-+    cpu_store_helper(env, addr, val, oi, retaddr, helper_le_stq_mmu);
- }
--void cpu_stb_data_ra(CPUArchState *env, target_ulong ptr,
--                     uint32_t val, uintptr_t retaddr)
--{
--    cpu_stb_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
--}
--
--void cpu_stw_be_data_ra(CPUArchState *env, target_ulong ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    cpu_stw_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
--}
--
--void cpu_stl_be_data_ra(CPUArchState *env, target_ulong ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    cpu_stl_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
--}
--
--void cpu_stq_be_data_ra(CPUArchState *env, target_ulong ptr,
--                        uint64_t val, uintptr_t retaddr)
--{
--    cpu_stq_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
--}
--
--void cpu_stw_le_data_ra(CPUArchState *env, target_ulong ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    cpu_stw_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
--}
--
--void cpu_stl_le_data_ra(CPUArchState *env, target_ulong ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    cpu_stl_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
--}
--
--void cpu_stq_le_data_ra(CPUArchState *env, target_ulong ptr,
--                        uint64_t val, uintptr_t retaddr)
--{
--    cpu_stq_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
--}
--
--void cpu_stb_data(CPUArchState *env, target_ulong ptr, uint32_t val)
--{
--    cpu_stb_data_ra(env, ptr, val, 0);
--}
--
--void cpu_stw_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
--{
--    cpu_stw_be_data_ra(env, ptr, val, 0);
--}
--
--void cpu_stl_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
--{
--    cpu_stl_be_data_ra(env, ptr, val, 0);
--}
--
--void cpu_stq_be_data(CPUArchState *env, target_ulong ptr, uint64_t val)
--{
--    cpu_stq_be_data_ra(env, ptr, val, 0);
--}
--
--void cpu_stw_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
--{
--    cpu_stw_le_data_ra(env, ptr, val, 0);
--}
--
--void cpu_stl_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
--{
--    cpu_stl_le_data_ra(env, ptr, val, 0);
--}
--
--void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
--{
--    cpu_stq_le_data_ra(env, ptr, val, 0);
--}
-+#include "ldst_common.c.inc"
- /*
-  * First set of functions passes in OI and RETADDR.
-diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/user-exec.c
-+++ b/accel/tcg/user-exec.c
-@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
- /* The softmmu versions of these helpers are in cputlb.c.  */
--uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
-+/*
-+ * Verify that we have passed the correct MemOp to the correct function.
-+ *
-+ * We could present one function to target code, and dispatch based on
-+ * the MemOp, but so far we have worked hard to avoid an indirect function
-+ * call along the memory path.
-+ */
-+static void validate_memop(MemOpIdx oi, MemOp expected)
- {
--    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
--    uint32_t ret;
-+#ifdef CONFIG_DEBUG_TCG
-+    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
-+    assert(have == expected);
-+#endif
-+}
--    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
--    ret = ldub_p(g2h(env_cpu(env), ptr));
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-+static void *cpu_mmu_lookup(CPUArchState *env, target_ulong addr,
-+                            MemOpIdx oi, uintptr_t ra, MMUAccessType type)
-+{
-+    MemOp mop = get_memop(oi);
-+    int a_bits = get_alignment_bits(mop);
-+    void *ret;
-+
-+    /* Enforce guest required alignment.  */
-+    if (unlikely(addr & ((1 << a_bits) - 1))) {
-+        cpu_loop_exit_sigbus(env_cpu(env), addr, type, ra);
-+    }
-+
-+    ret = g2h(env_cpu(env), addr);
-+    set_helper_retaddr(ra);
-     return ret;
- }
--int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
-+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr,
-+                    MemOpIdx oi, uintptr_t ra)
- {
--    return (int8_t)cpu_ldub_data(env, ptr);
--}
-+    void *haddr;
-+    uint8_t ret;
--uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
--{
--    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
--    uint32_t ret;
--
--    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
--    ret = lduw_be_p(g2h(env_cpu(env), ptr));
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-+    validate_memop(oi, MO_UB);
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-+    ret = ldub_p(haddr);
-+    clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-     return ret;
- }
--int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
-+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return (int16_t)cpu_lduw_be_data(env, ptr);
--}
-+    void *haddr;
-+    uint16_t ret;
--uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
--{
--    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
--    uint32_t ret;
--
--    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
--    ret = ldl_be_p(g2h(env_cpu(env), ptr));
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-+    validate_memop(oi, MO_BEUW);
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-+    ret = lduw_be_p(haddr);
-+    clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-     return ret;
- }
--uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
-+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
-+    void *haddr;
-+    uint32_t ret;
-+
-+    validate_memop(oi, MO_BEUL);
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-+    ret = ldl_be_p(haddr);
-+    clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-+    return ret;
-+}
-+
-+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
-+{
-+    void *haddr;
-     uint64_t ret;
--    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
--    ret = ldq_be_p(g2h(env_cpu(env), ptr));
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-+    validate_memop(oi, MO_BEQ);
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-+    ret = ldq_be_p(haddr);
-+    clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-     return ret;
- }
--uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
-+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
-+    void *haddr;
-+    uint16_t ret;
-+
-+    validate_memop(oi, MO_LEUW);
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-+    ret = lduw_le_p(haddr);
-+    clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-+    return ret;
-+}
-+
-+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
-+{
-+    void *haddr;
-     uint32_t ret;
--    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
--    ret = lduw_le_p(g2h(env_cpu(env), ptr));
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-+    validate_memop(oi, MO_LEUL);
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-+    ret = ldl_le_p(haddr);
-+    clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-     return ret;
- }
--int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
-+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
-+                        MemOpIdx oi, uintptr_t ra)
- {
--    return (int16_t)cpu_lduw_le_data(env, ptr);
--}
--
--uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
--{
--    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
--    uint32_t ret;
--
--    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
--    ret = ldl_le_p(g2h(env_cpu(env), ptr));
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
--    return ret;
--}
--
--uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
--{
--    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
-+    void *haddr;
-     uint64_t ret;
--    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
--    ret = ldq_le_p(g2h(env_cpu(env), ptr));
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-+    validate_memop(oi, MO_LEQ);
-+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
-+    ret = ldq_le_p(haddr);
-+    clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-     return ret;
- }
--uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-+void cpu_stb_mmu(CPUArchState *env, abi_ptr addr, uint8_t val,
-+                 MemOpIdx oi, uintptr_t ra)
- {
--    uint32_t ret;
-+    void *haddr;
--    set_helper_retaddr(retaddr);
--    ret = cpu_ldub_data(env, ptr);
-+    validate_memop(oi, MO_UB);
-+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-+    stb_p(haddr, val);
-     clear_helper_retaddr();
--    return ret;
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
--int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-+void cpu_stw_be_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
-+                    MemOpIdx oi, uintptr_t ra)
- {
--    return (int8_t)cpu_ldub_data_ra(env, ptr, retaddr);
--}
-+    void *haddr;
--uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
--{
--    uint32_t ret;
--
--    set_helper_retaddr(retaddr);
--    ret = cpu_lduw_be_data(env, ptr);
-+    validate_memop(oi, MO_BEUW);
-+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-+    stw_be_p(haddr, val);
-     clear_helper_retaddr();
--    return ret;
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
--int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-+void cpu_stl_be_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
-+                    MemOpIdx oi, uintptr_t ra)
- {
--    return (int16_t)cpu_lduw_be_data_ra(env, ptr, retaddr);
--}
-+    void *haddr;
--uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
--{
--    uint32_t ret;
--
--    set_helper_retaddr(retaddr);
--    ret = cpu_ldl_be_data(env, ptr);
-+    validate_memop(oi, MO_BEUL);
-+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-+    stl_be_p(haddr, val);
-     clear_helper_retaddr();
--    return ret;
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
--uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-+void cpu_stq_be_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
-+                    MemOpIdx oi, uintptr_t ra)
- {
--    uint64_t ret;
-+    void *haddr;
--    set_helper_retaddr(retaddr);
--    ret = cpu_ldq_be_data(env, ptr);
-+    validate_memop(oi, MO_BEQ);
-+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-+    stq_be_p(haddr, val);
-     clear_helper_retaddr();
--    return ret;
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
--uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-+void cpu_stw_le_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
-+                    MemOpIdx oi, uintptr_t ra)
- {
--    uint32_t ret;
-+    void *haddr;
--    set_helper_retaddr(retaddr);
--    ret = cpu_lduw_le_data(env, ptr);
-+    validate_memop(oi, MO_LEUW);
-+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-+    stw_le_p(haddr, val);
-     clear_helper_retaddr();
--    return ret;
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
--int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-+void cpu_stl_le_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
-+                    MemOpIdx oi, uintptr_t ra)
- {
--    return (int16_t)cpu_lduw_le_data_ra(env, ptr, retaddr);
--}
-+    void *haddr;
--uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
--{
--    uint32_t ret;
--
--    set_helper_retaddr(retaddr);
--    ret = cpu_ldl_le_data(env, ptr);
-+    validate_memop(oi, MO_LEUL);
-+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-+    stl_le_p(haddr, val);
-     clear_helper_retaddr();
--    return ret;
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
--uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-+void cpu_stq_le_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
-+                    MemOpIdx oi, uintptr_t ra)
- {
--    uint64_t ret;
-+    void *haddr;
--    set_helper_retaddr(retaddr);
--    ret = cpu_ldq_le_data(env, ptr);
--    clear_helper_retaddr();
--    return ret;
--}
--
--void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
--{
--    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
--
--    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
--    stb_p(g2h(env_cpu(env), ptr), val);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
--}
--
--void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
--{
--    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
--
--    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
--    stw_be_p(g2h(env_cpu(env), ptr), val);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
--}
--
--void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
--{
--    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
--
--    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
--    stl_be_p(g2h(env_cpu(env), ptr), val);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
--}
--
--void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
--{
--    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
--
--    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
--    stq_be_p(g2h(env_cpu(env), ptr), val);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
--}
--
--void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
--{
--    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
--
--    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
--    stw_le_p(g2h(env_cpu(env), ptr), val);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
--}
--
--void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
--{
--    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
--
--    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
--    stl_le_p(g2h(env_cpu(env), ptr), val);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
--}
--
--void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
--{
--    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
--
--    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
--    stq_le_p(g2h(env_cpu(env), ptr), val);
--    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
--}
--
--void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
--                     uint32_t val, uintptr_t retaddr)
--{
--    set_helper_retaddr(retaddr);
--    cpu_stb_data(env, ptr, val);
--    clear_helper_retaddr();
--}
--
--void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    set_helper_retaddr(retaddr);
--    cpu_stw_be_data(env, ptr, val);
--    clear_helper_retaddr();
--}
--
--void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    set_helper_retaddr(retaddr);
--    cpu_stl_be_data(env, ptr, val);
--    clear_helper_retaddr();
--}
--
--void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
--                        uint64_t val, uintptr_t retaddr)
--{
--    set_helper_retaddr(retaddr);
--    cpu_stq_be_data(env, ptr, val);
--    clear_helper_retaddr();
--}
--
--void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    set_helper_retaddr(retaddr);
--    cpu_stw_le_data(env, ptr, val);
--    clear_helper_retaddr();
--}
--
--void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
--                        uint32_t val, uintptr_t retaddr)
--{
--    set_helper_retaddr(retaddr);
--    cpu_stl_le_data(env, ptr, val);
--    clear_helper_retaddr();
--}
--
--void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
--                        uint64_t val, uintptr_t retaddr)
--{
--    set_helper_retaddr(retaddr);
--    cpu_stq_le_data(env, ptr, val);
-+    validate_memop(oi, MO_LEQ);
-+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
-+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
-+    stq_le_p(haddr, val);
-     clear_helper_retaddr();
-+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
- }
- uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr ptr)
-@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr ptr)
-     return ret;
- }
-+#include "ldst_common.c.inc"
-+
- /*
-  * Do not allow unaligned operations to proceed.  Return the host address.
-  *
-diff --git a/accel/tcg/ldst_common.c.inc b/accel/tcg/ldst_common.c.inc
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/accel/tcg/ldst_common.c.inc
-@@ -XXX,XX +XXX,XX @@
-+/*
-+ * Routines common to user and system emulation of load/store.
-+ *
-+ *  Copyright (c) 2003 Fabrice Bellard
-+ *
-+ * SPDX-License-Identifier: GPL-2.0-or-later
-+ *
-+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
-+ * See the COPYING file in the top-level directory.
-+ */
-+
-+uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                            int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
-+    return cpu_ldb_mmu(env, addr, oi, ra);
-+}
-+
-+int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                       int mmu_idx, uintptr_t ra)
-+{
-+    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
-+}
-+
-+uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                               int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
-+    return cpu_ldw_be_mmu(env, addr, oi, ra);
-+}
-+
-+int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
-+}
-+
-+uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                              int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
-+    return cpu_ldl_be_mmu(env, addr, oi, ra);
-+}
-+
-+uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                              int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
-+    return cpu_ldq_be_mmu(env, addr, oi, ra);
-+}
-+
-+uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                               int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
-+    return cpu_ldw_le_mmu(env, addr, oi, ra);
-+}
-+
-+int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
-+}
-+
-+uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                              int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
-+    return cpu_ldl_le_mmu(env, addr, oi, ra);
-+}
-+
-+uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-+                              int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
-+    return cpu_ldq_le_mmu(env, addr, oi, ra);
-+}
-+
-+void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-+                       int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
-+    cpu_stb_mmu(env, addr, val, oi, ra);
-+}
-+
-+void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
-+    cpu_stw_be_mmu(env, addr, val, oi, ra);
-+}
-+
-+void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
-+    cpu_stl_be_mmu(env, addr, val, oi, ra);
-+}
-+
-+void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
-+    cpu_stq_be_mmu(env, addr, val, oi, ra);
-+}
-+
-+void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
-+    cpu_stw_le_mmu(env, addr, val, oi, ra);
-+}
-+
-+void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
-+    cpu_stl_le_mmu(env, addr, val, oi, ra);
-+}
-+
-+void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
-+                          int mmu_idx, uintptr_t ra)
-+{
-+    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
-+    cpu_stq_le_mmu(env, addr, val, oi, ra);
-+}
-+
-+/*--------------------------*/
-+
-+uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return cpu_ldub_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
-+}
-+
-+int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return (int8_t)cpu_ldub_data_ra(env, addr, ra);
-+}
-+
-+uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return cpu_lduw_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
-+}
-+
-+int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return (int16_t)cpu_lduw_be_data_ra(env, addr, ra);
-+}
-+
-+uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return cpu_ldl_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
-+}
-+
-+uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return cpu_ldq_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
-+}
-+
-+uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return cpu_lduw_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
-+}
-+
-+int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return (int16_t)cpu_lduw_le_data_ra(env, addr, ra);
-+}
-+
-+uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return cpu_ldl_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
-+}
-+
-+uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
-+{
-+    return cpu_ldq_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
-+}
-+
-+void cpu_stb_data_ra(CPUArchState *env, abi_ptr addr,
-+                     uint32_t val, uintptr_t ra)
-+{
-+    cpu_stb_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
-+}
-+
-+void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr addr,
-+                        uint32_t val, uintptr_t ra)
-+{
-+    cpu_stw_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
-+}
-+
-+void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr addr,
-+                        uint32_t val, uintptr_t ra)
-+{
-+    cpu_stl_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
-+}
-+
-+void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr addr,
-+                        uint64_t val, uintptr_t ra)
-+{
-+    cpu_stq_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
-+}
-+
-+void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr addr,
-+                        uint32_t val, uintptr_t ra)
-+{
-+    cpu_stw_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
-+}
-+
-+void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr addr,
-+                        uint32_t val, uintptr_t ra)
-+{
-+    cpu_stl_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
-+}
-+
-+void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr addr,
-+                        uint64_t val, uintptr_t ra)
-+{
-+    cpu_stq_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
-+}
-+
-+/*--------------------------*/
-+
-+uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return cpu_ldub_data_ra(env, addr, 0);
-+}
-+
-+int cpu_ldsb_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return (int8_t)cpu_ldub_data(env, addr);
-+}
-+
-+uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return cpu_lduw_be_data_ra(env, addr, 0);
-+}
-+
-+int cpu_ldsw_be_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return (int16_t)cpu_lduw_be_data(env, addr);
-+}
-+
-+uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return cpu_ldl_be_data_ra(env, addr, 0);
-+}
-+
-+uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return cpu_ldq_be_data_ra(env, addr, 0);
-+}
-+
-+uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return cpu_lduw_le_data_ra(env, addr, 0);
-+}
-+
-+int cpu_ldsw_le_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return (int16_t)cpu_lduw_le_data(env, addr);
-+}
-+
-+uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return cpu_ldl_le_data_ra(env, addr, 0);
-+}
-+
-+uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr addr)
-+{
-+    return cpu_ldq_le_data_ra(env, addr, 0);
-+}
-+
-+void cpu_stb_data(CPUArchState *env, abi_ptr addr, uint32_t val)
-+{
-+    cpu_stb_data_ra(env, addr, val, 0);
-+}
-+
-+void cpu_stw_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
-+{
-+    cpu_stw_be_data_ra(env, addr, val, 0);
-+}
-+
-+void cpu_stl_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
-+{
-+    cpu_stl_be_data_ra(env, addr, val, 0);
-+}
-+
-+void cpu_stq_be_data(CPUArchState *env, abi_ptr addr, uint64_t val)
-+{
-+    cpu_stq_be_data_ra(env, addr, val, 0);
-+}
-+
-+void cpu_stw_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
-+{
-+    cpu_stw_le_data_ra(env, addr, val, 0);
-+}
-+
-+void cpu_stl_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
-+{
-+    cpu_stl_le_data_ra(env, addr, val, 0);
-+}
-+
-+void cpu_stq_le_data(CPUArchState *env, abi_ptr addr, uint64_t val)
-+{
-+    cpu_stq_le_data_ra(env, addr, val, 0);
-+}
---
-.25.1

-[PATCH v4 23/48] accel/tcg: Move cpu_atomic decls to exec/cpu_ldst.h
+Deleted patch
-The previous placement in tcg/tcg.h was not logical.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/exec/cpu_ldst.h       | 87 +++++++++++++++++++++++++++++++++++
- include/tcg/tcg.h             | 87 -----------------------------------
- target/arm/helper-a64.c       |  1 -
- target/m68k/op_helper.c       |  1 -
- target/ppc/mem_helper.c       |  1 -
- target/s390x/tcg/mem_helper.c |  1 -
-files changed, 87 insertions(+), 91 deletions(-)
-diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu_ldst.h
-+++ b/include/exec/cpu_ldst.h
-@@ -XXX,XX +XXX,XX @@
- #define CPU_LDST_H
- #include "exec/memopidx.h"
-+#include "qemu/int128.h"
- #if defined(CONFIG_USER_ONLY)
- /* sparc32plus has 64bit long but 32bit space address
-@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
- void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
-                     MemOpIdx oi, uintptr_t ra);
-+uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
-+                                 uint32_t cmpv, uint32_t newv,
-+                                 MemOpIdx oi, uintptr_t retaddr);
-+uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
-+                                    uint32_t cmpv, uint32_t newv,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
-+                                    uint32_t cmpv, uint32_t newv,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
-+                                    uint64_t cmpv, uint64_t newv,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
-+                                    uint32_t cmpv, uint32_t newv,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
-+                                    uint32_t cmpv, uint32_t newv,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
-+                                    uint64_t cmpv, uint64_t newv,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+
-+#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
-+TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
-+    (CPUArchState *env, target_ulong addr, TYPE val,  \
-+     MemOpIdx oi, uintptr_t retaddr);
-+
-+#ifdef CONFIG_ATOMIC64
-+#define GEN_ATOMIC_HELPER_ALL(NAME)          \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
-+    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
-+    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
-+#else
-+#define GEN_ATOMIC_HELPER_ALL(NAME)          \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
-+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
-+#endif
-+
-+GEN_ATOMIC_HELPER_ALL(fetch_add)
-+GEN_ATOMIC_HELPER_ALL(fetch_sub)
-+GEN_ATOMIC_HELPER_ALL(fetch_and)
-+GEN_ATOMIC_HELPER_ALL(fetch_or)
-+GEN_ATOMIC_HELPER_ALL(fetch_xor)
-+GEN_ATOMIC_HELPER_ALL(fetch_smin)
-+GEN_ATOMIC_HELPER_ALL(fetch_umin)
-+GEN_ATOMIC_HELPER_ALL(fetch_smax)
-+GEN_ATOMIC_HELPER_ALL(fetch_umax)
-+
-+GEN_ATOMIC_HELPER_ALL(add_fetch)
-+GEN_ATOMIC_HELPER_ALL(sub_fetch)
-+GEN_ATOMIC_HELPER_ALL(and_fetch)
-+GEN_ATOMIC_HELPER_ALL(or_fetch)
-+GEN_ATOMIC_HELPER_ALL(xor_fetch)
-+GEN_ATOMIC_HELPER_ALL(smin_fetch)
-+GEN_ATOMIC_HELPER_ALL(umin_fetch)
-+GEN_ATOMIC_HELPER_ALL(smax_fetch)
-+GEN_ATOMIC_HELPER_ALL(umax_fetch)
-+
-+GEN_ATOMIC_HELPER_ALL(xchg)
-+
-+#undef GEN_ATOMIC_HELPER_ALL
-+#undef GEN_ATOMIC_HELPER
-+
-+Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
-+                                  Int128 cmpv, Int128 newv,
-+                                  MemOpIdx oi, uintptr_t retaddr);
-+Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
-+                                  Int128 cmpv, Int128 newv,
-+                                  MemOpIdx oi, uintptr_t retaddr);
-+
-+Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
-+                             MemOpIdx oi, uintptr_t retaddr);
-+Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
-+                             MemOpIdx oi, uintptr_t retaddr);
-+void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-+                           MemOpIdx oi, uintptr_t retaddr);
-+void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-+                           MemOpIdx oi, uintptr_t retaddr);
-+
- #if defined(CONFIG_USER_ONLY)
- extern __thread uintptr_t helper_retaddr;
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/queue.h"
- #include "tcg/tcg-mo.h"
- #include "tcg-target.h"
--#include "qemu/int128.h"
- #include "tcg/tcg-cond.h"
- /* XXX: make safe guess about sizes */
-@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
- #endif
- #endif /* CONFIG_SOFTMMU */
--uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
--                                 uint32_t cmpv, uint32_t newv,
--                                 MemOpIdx oi, uintptr_t retaddr);
--uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
--                                    uint32_t cmpv, uint32_t newv,
--                                    MemOpIdx oi, uintptr_t retaddr);
--uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
--                                    uint32_t cmpv, uint32_t newv,
--                                    MemOpIdx oi, uintptr_t retaddr);
--uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
--                                    uint64_t cmpv, uint64_t newv,
--                                    MemOpIdx oi, uintptr_t retaddr);
--uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
--                                    uint32_t cmpv, uint32_t newv,
--                                    MemOpIdx oi, uintptr_t retaddr);
--uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
--                                    uint32_t cmpv, uint32_t newv,
--                                    MemOpIdx oi, uintptr_t retaddr);
--uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
--                                    uint64_t cmpv, uint64_t newv,
--                                    MemOpIdx oi, uintptr_t retaddr);
--
--#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
--TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
--    (CPUArchState *env, target_ulong addr, TYPE val,  \
--     MemOpIdx oi, uintptr_t retaddr);
--
--#ifdef CONFIG_ATOMIC64
--#define GEN_ATOMIC_HELPER_ALL(NAME)          \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
--    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
--    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
--#else
--#define GEN_ATOMIC_HELPER_ALL(NAME)          \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
--    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
--#endif
--
--GEN_ATOMIC_HELPER_ALL(fetch_add)
--GEN_ATOMIC_HELPER_ALL(fetch_sub)
--GEN_ATOMIC_HELPER_ALL(fetch_and)
--GEN_ATOMIC_HELPER_ALL(fetch_or)
--GEN_ATOMIC_HELPER_ALL(fetch_xor)
--GEN_ATOMIC_HELPER_ALL(fetch_smin)
--GEN_ATOMIC_HELPER_ALL(fetch_umin)
--GEN_ATOMIC_HELPER_ALL(fetch_smax)
--GEN_ATOMIC_HELPER_ALL(fetch_umax)
--
--GEN_ATOMIC_HELPER_ALL(add_fetch)
--GEN_ATOMIC_HELPER_ALL(sub_fetch)
--GEN_ATOMIC_HELPER_ALL(and_fetch)
--GEN_ATOMIC_HELPER_ALL(or_fetch)
--GEN_ATOMIC_HELPER_ALL(xor_fetch)
--GEN_ATOMIC_HELPER_ALL(smin_fetch)
--GEN_ATOMIC_HELPER_ALL(umin_fetch)
--GEN_ATOMIC_HELPER_ALL(smax_fetch)
--GEN_ATOMIC_HELPER_ALL(umax_fetch)
--
--GEN_ATOMIC_HELPER_ALL(xchg)
--
--#undef GEN_ATOMIC_HELPER_ALL
--#undef GEN_ATOMIC_HELPER
--
--Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
--                                  Int128 cmpv, Int128 newv,
--                                  MemOpIdx oi, uintptr_t retaddr);
--Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
--                                  Int128 cmpv, Int128 newv,
--                                  MemOpIdx oi, uintptr_t retaddr);
--
--Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
--                             MemOpIdx oi, uintptr_t retaddr);
--Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
--                             MemOpIdx oi, uintptr_t retaddr);
--void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
--                           MemOpIdx oi, uintptr_t retaddr);
--void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
--                           MemOpIdx oi, uintptr_t retaddr);
--
- #ifdef CONFIG_DEBUG_TCG
- void tcg_assert_listed_vecop(TCGOpcode);
- #else
-diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper-a64.c
-+++ b/target/arm/helper-a64.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu_ldst.h"
- #include "qemu/int128.h"
- #include "qemu/atomic128.h"
--#include "tcg/tcg.h"
- #include "fpu/softfloat.h"
- #include <zlib.h> /* For crc32 */
-diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/m68k/op_helper.c
-+++ b/target/m68k/op_helper.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/exec-all.h"
- #include "exec/cpu_ldst.h"
- #include "semihosting/semihost.h"
--#include "tcg/tcg.h"
- #if !defined(CONFIG_USER_ONLY)
-diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/mem_helper.c
-+++ b/target/ppc/mem_helper.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "helper_regs.h"
- #include "exec/cpu_ldst.h"
--#include "tcg/tcg.h"
- #include "internal.h"
- #include "qemu/atomic128.h"
-diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/mem_helper.c
-+++ b/target/s390x/tcg/mem_helper.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu_ldst.h"
- #include "qemu/int128.h"
- #include "qemu/atomic128.h"
--#include "tcg/tcg.h"
- #include "trace.h"
- #if !defined(CONFIG_USER_ONLY)
---
-.25.1

-[PATCH v4 24/48] target/mips: Use cpu_*_data_ra for msa load/store
+Deleted patch
-We should not have been using the helper_ret_* set of
-functions, as they are supposed to be private to tcg.
-Nor should we have been using the plain cpu_*_data set
-of functions, as they do not handle unwinding properly.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/msa_helper.c | 420 +++++++++++------------------------
-file changed, 135 insertions(+), 285 deletions(-)
-diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/msa_helper.c
-+++ b/target/mips/tcg/msa_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_b(CPUMIPSState *env, uint32_t wd,
-                      target_ulong addr)
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
--    MEMOP_IDX(DF_BYTE)
--#if !defined(CONFIG_USER_ONLY)
-+    uintptr_t ra = GETPC();
-+
- #if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
--    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
--    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
--    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
--    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
--    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
--    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
--    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
--    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
--    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
--    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
--    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
--    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
--    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
--    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
--    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
-+    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
-+    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
-+    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
-+    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
-+    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
-+    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
-+    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
-+    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
-+    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (8  << DF_BYTE), ra);
-+    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (9  << DF_BYTE), ra);
-+    pwd->b[10] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
-+    pwd->b[11] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
-+    pwd->b[12] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
-+    pwd->b[13] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
-+    pwd->b[14] = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
-+    pwd->b[15] = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
- #else
--    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
--    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
--    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
--    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
--    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
--    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
--    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
--    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
--    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
--    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
--    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
--    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
--    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
--    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
--    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
--    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
--#endif
--#else
--#if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->b[0]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
--    pwd->b[1]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
--    pwd->b[2]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
--    pwd->b[3]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
--    pwd->b[4]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
--    pwd->b[5]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
--    pwd->b[6]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
--    pwd->b[7]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
--    pwd->b[8]  = cpu_ldub_data(env, addr + (8  << DF_BYTE));
--    pwd->b[9]  = cpu_ldub_data(env, addr + (9  << DF_BYTE));
--    pwd->b[10] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
--    pwd->b[11] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
--    pwd->b[12] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
--    pwd->b[13] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
--    pwd->b[14] = cpu_ldub_data(env, addr + (14 << DF_BYTE));
--    pwd->b[15] = cpu_ldub_data(env, addr + (15 << DF_BYTE));
--#else
--    pwd->b[0]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
--    pwd->b[1]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
--    pwd->b[2]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
--    pwd->b[3]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
--    pwd->b[4]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
--    pwd->b[5]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
--    pwd->b[6]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
--    pwd->b[7]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
--    pwd->b[8]  = cpu_ldub_data(env, addr + (15 << DF_BYTE));
--    pwd->b[9]  = cpu_ldub_data(env, addr + (14 << DF_BYTE));
--    pwd->b[10] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
--    pwd->b[11] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
--    pwd->b[12] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
--    pwd->b[13] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
--    pwd->b[14] = cpu_ldub_data(env, addr + (9 << DF_BYTE));
--    pwd->b[15] = cpu_ldub_data(env, addr + (8 << DF_BYTE));
--#endif
-+    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
-+    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
-+    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
-+    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
-+    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
-+    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
-+    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
-+    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
-+    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
-+    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
-+    pwd->b[10] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
-+    pwd->b[11] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
-+    pwd->b[12] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
-+    pwd->b[13] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
-+    pwd->b[14] = cpu_ldub_data_ra(env, addr + (9 << DF_BYTE), ra);
-+    pwd->b[15] = cpu_ldub_data_ra(env, addr + (8 << DF_BYTE), ra);
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
-                      target_ulong addr)
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
--    MEMOP_IDX(DF_HALF)
--#if !defined(CONFIG_USER_ONLY)
-+    uintptr_t ra = GETPC();
-+
- #if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
--    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
--    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
--    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
--    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
--    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
--    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
--    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
-+    pwd->h[0] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
-+    pwd->h[1] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
-+    pwd->h[2] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
-+    pwd->h[3] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
-+    pwd->h[4] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
-+    pwd->h[5] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
-+    pwd->h[6] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
-+    pwd->h[7] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
- #else
--    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
--    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
--    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
--    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
--    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
--    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
--    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
--    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
--#endif
--#else
--#if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->h[0] = cpu_lduw_data(env, addr + (0 << DF_HALF));
--    pwd->h[1] = cpu_lduw_data(env, addr + (1 << DF_HALF));
--    pwd->h[2] = cpu_lduw_data(env, addr + (2 << DF_HALF));
--    pwd->h[3] = cpu_lduw_data(env, addr + (3 << DF_HALF));
--    pwd->h[4] = cpu_lduw_data(env, addr + (4 << DF_HALF));
--    pwd->h[5] = cpu_lduw_data(env, addr + (5 << DF_HALF));
--    pwd->h[6] = cpu_lduw_data(env, addr + (6 << DF_HALF));
--    pwd->h[7] = cpu_lduw_data(env, addr + (7 << DF_HALF));
--#else
--    pwd->h[0] = cpu_lduw_data(env, addr + (3 << DF_HALF));
--    pwd->h[1] = cpu_lduw_data(env, addr + (2 << DF_HALF));
--    pwd->h[2] = cpu_lduw_data(env, addr + (1 << DF_HALF));
--    pwd->h[3] = cpu_lduw_data(env, addr + (0 << DF_HALF));
--    pwd->h[4] = cpu_lduw_data(env, addr + (7 << DF_HALF));
--    pwd->h[5] = cpu_lduw_data(env, addr + (6 << DF_HALF));
--    pwd->h[6] = cpu_lduw_data(env, addr + (5 << DF_HALF));
--    pwd->h[7] = cpu_lduw_data(env, addr + (4 << DF_HALF));
--#endif
-+    pwd->h[0] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
-+    pwd->h[1] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
-+    pwd->h[2] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
-+    pwd->h[3] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
-+    pwd->h[4] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
-+    pwd->h[5] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
-+    pwd->h[6] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
-+    pwd->h[7] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
-                      target_ulong addr)
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
--    MEMOP_IDX(DF_WORD)
--#if !defined(CONFIG_USER_ONLY)
-+    uintptr_t ra = GETPC();
-+
- #if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
--    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
--    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
--    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
-+    pwd->w[0] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
-+    pwd->w[1] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
-+    pwd->w[2] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
-+    pwd->w[3] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
- #else
--    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
--    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
--    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
--    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
--#endif
--#else
--#if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->w[0] = cpu_ldl_data(env, addr + (0 << DF_WORD));
--    pwd->w[1] = cpu_ldl_data(env, addr + (1 << DF_WORD));
--    pwd->w[2] = cpu_ldl_data(env, addr + (2 << DF_WORD));
--    pwd->w[3] = cpu_ldl_data(env, addr + (3 << DF_WORD));
--#else
--    pwd->w[0] = cpu_ldl_data(env, addr + (1 << DF_WORD));
--    pwd->w[1] = cpu_ldl_data(env, addr + (0 << DF_WORD));
--    pwd->w[2] = cpu_ldl_data(env, addr + (3 << DF_WORD));
--    pwd->w[3] = cpu_ldl_data(env, addr + (2 << DF_WORD));
--#endif
-+    pwd->w[0] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
-+    pwd->w[1] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
-+    pwd->w[2] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
-+    pwd->w[3] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
-                      target_ulong addr)
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
--    MEMOP_IDX(DF_DOUBLE)
--#if !defined(CONFIG_USER_ONLY)
--    pwd->d[0] = helper_ret_ldq_mmu(env, addr + (0 << DF_DOUBLE), oi, GETPC());
--    pwd->d[1] = helper_ret_ldq_mmu(env, addr + (1 << DF_DOUBLE), oi, GETPC());
--#else
--    pwd->d[0] = cpu_ldq_data(env, addr + (0 << DF_DOUBLE));
--    pwd->d[1] = cpu_ldq_data(env, addr + (1 << DF_DOUBLE));
--#endif
-+    uintptr_t ra = GETPC();
-+
-+    pwd->d[0] = cpu_ldq_data_ra(env, addr + (0 << DF_DOUBLE), ra);
-+    pwd->d[1] = cpu_ldq_data_ra(env, addr + (1 << DF_DOUBLE), ra);
- }
- #define MSA_PAGESPAN(x) \
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_b(CPUMIPSState *env, uint32_t wd,
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     int mmu_idx = cpu_mmu_index(env, false);
-+    uintptr_t ra = GETPC();
-+
-+    ensure_writable_pages(env, addr, mmu_idx, ra);
--    MEMOP_IDX(DF_BYTE)
--    ensure_writable_pages(env, addr, mmu_idx, GETPC());
--#if !defined(CONFIG_USER_ONLY)
- #if !defined(HOST_WORDS_BIGENDIAN)
--    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[0],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[1],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[2],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[3],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[4],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[5],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[6],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[7],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[8],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[9],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[10], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[11], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[12], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[13], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[14], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[15], oi, GETPC());
-+    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[0], ra);
-+    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[1], ra);
-+    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[2], ra);
-+    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[3], ra);
-+    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[4], ra);
-+    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[5], ra);
-+    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[6], ra);
-+    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[7], ra);
-+    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[8], ra);
-+    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[9], ra);
-+    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[10], ra);
-+    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[11], ra);
-+    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[12], ra);
-+    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[13], ra);
-+    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[14], ra);
-+    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[15], ra);
- #else
--    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[0],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[1],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[2],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[3],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[4],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[5],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[6],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[7],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[8],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[9],  oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[10], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[11], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[12], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[13], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[14], oi, GETPC());
--    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[15], oi, GETPC());
--#endif
--#else
--#if !defined(HOST_WORDS_BIGENDIAN)
--    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[0]);
--    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[1]);
--    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[2]);
--    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[3]);
--    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[4]);
--    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[5]);
--    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[6]);
--    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[7]);
--    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[8]);
--    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[9]);
--    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[10]);
--    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[11]);
--    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[12]);
--    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[13]);
--    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[14]);
--    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[15]);
--#else
--    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[0]);
--    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[1]);
--    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[2]);
--    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[3]);
--    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[4]);
--    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[5]);
--    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[6]);
--    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[7]);
--    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[8]);
--    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[9]);
--    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[10]);
--    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[11]);
--    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[12]);
--    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[13]);
--    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[14]);
--    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[15]);
--#endif
-+    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[0], ra);
-+    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[1], ra);
-+    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[2], ra);
-+    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[3], ra);
-+    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[4], ra);
-+    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[5], ra);
-+    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[6], ra);
-+    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[7], ra);
-+    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[8], ra);
-+    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[9], ra);
-+    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[10], ra);
-+    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[11], ra);
-+    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[12], ra);
-+    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[13], ra);
-+    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[14], ra);
-+    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[15], ra);
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     int mmu_idx = cpu_mmu_index(env, false);
-+    uintptr_t ra = GETPC();
-+
-+    ensure_writable_pages(env, addr, mmu_idx, ra);
--    MEMOP_IDX(DF_HALF)
--    ensure_writable_pages(env, addr, mmu_idx, GETPC());
--#if !defined(CONFIG_USER_ONLY)
- #if !defined(HOST_WORDS_BIGENDIAN)
--    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[0], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[1], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[2], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[3], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[4], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[5], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[6], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[7], oi, GETPC());
-+    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[0], ra);
-+    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[1], ra);
-+    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[2], ra);
-+    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[3], ra);
-+    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[4], ra);
-+    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[5], ra);
-+    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[6], ra);
-+    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[7], ra);
- #else
--    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[0], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[1], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[2], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[3], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[4], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[5], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[6], oi, GETPC());
--    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[7], oi, GETPC());
--#endif
--#else
--#if !defined(HOST_WORDS_BIGENDIAN)
--    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[0]);
--    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[1]);
--    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[2]);
--    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[3]);
--    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[4]);
--    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[5]);
--    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[6]);
--    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[7]);
--#else
--    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[0]);
--    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[1]);
--    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[2]);
--    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[3]);
--    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[4]);
--    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[5]);
--    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[6]);
--    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[7]);
--#endif
-+    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[0], ra);
-+    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[1], ra);
-+    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[2], ra);
-+    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[3], ra);
-+    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[4], ra);
-+    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[5], ra);
-+    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[6], ra);
-+    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[7], ra);
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     int mmu_idx = cpu_mmu_index(env, false);
-+    uintptr_t ra = GETPC();
-+
-+    ensure_writable_pages(env, addr, mmu_idx, ra);
--    MEMOP_IDX(DF_WORD)
--    ensure_writable_pages(env, addr, mmu_idx, GETPC());
--#if !defined(CONFIG_USER_ONLY)
- #if !defined(HOST_WORDS_BIGENDIAN)
--    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[0], oi, GETPC());
--    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[1], oi, GETPC());
--    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[2], oi, GETPC());
--    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[3], oi, GETPC());
-+    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[0], ra);
-+    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[1], ra);
-+    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[2], ra);
-+    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[3], ra);
- #else
--    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[0], oi, GETPC());
--    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[1], oi, GETPC());
--    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[2], oi, GETPC());
--    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[3], oi, GETPC());
--#endif
--#else
--#if !defined(HOST_WORDS_BIGENDIAN)
--    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[0]);
--    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[1]);
--    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[2]);
--    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[3]);
--#else
--    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[0]);
--    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[1]);
--    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[2]);
--    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[3]);
--#endif
-+    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[0], ra);
-+    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[1], ra);
-+    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[2], ra);
-+    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[3], ra);
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     int mmu_idx = cpu_mmu_index(env, false);
-+    uintptr_t ra = GETPC();
--    MEMOP_IDX(DF_DOUBLE)
-     ensure_writable_pages(env, addr, mmu_idx, GETPC());
--#if !defined(CONFIG_USER_ONLY)
--    helper_ret_stq_mmu(env, addr + (0 << DF_DOUBLE), pwd->d[0], oi, GETPC());
--    helper_ret_stq_mmu(env, addr + (1 << DF_DOUBLE), pwd->d[1], oi, GETPC());
--#else
--    cpu_stq_data(env, addr + (0 << DF_DOUBLE), pwd->d[0]);
--    cpu_stq_data(env, addr + (1 << DF_DOUBLE), pwd->d[1]);
--#endif
-+
-+    cpu_stq_data_ra(env, addr + (0 << DF_DOUBLE), pwd->d[0], ra);
-+    cpu_stq_data_ra(env, addr + (1 << DF_DOUBLE), pwd->d[1], ra);
- }
---
-.25.1

-[PATCH v4 25/48] target/mips: Use 8-byte memory ops for msa load/store
+Deleted patch
-Rather than use 4-16 separate operations, use 2 operations
-plus some byte reordering as necessary.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/mips/tcg/msa_helper.c | 201 +++++++++++++----------------------
-file changed, 71 insertions(+), 130 deletions(-)
-diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/msa_helper.c
-+++ b/target/mips/tcg/msa_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ffint_u_df(CPUMIPSState *env, uint32_t df, uint32_t wd,
- #define MEMOP_IDX(DF)
- #endif
-+#ifdef TARGET_WORDS_BIGENDIAN
-+static inline uint64_t bswap16x4(uint64_t x)
-+{
-+    uint64_t m = 0x00ff00ff00ff00ffull;
-+    return ((x & m) << 8) | ((x >> 8) & m);
-+}
-+
-+static inline uint64_t bswap32x2(uint64_t x)
-+{
-+    return ror64(bswap64(x), 32);
-+}
-+#endif
-+
- void helper_msa_ld_b(CPUMIPSState *env, uint32_t wd,
-                      target_ulong addr)
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     uintptr_t ra = GETPC();
-+    uint64_t d0, d1;
--#if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
--    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
--    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
--    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
--    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
--    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
--    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
--    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
--    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (8  << DF_BYTE), ra);
--    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (9  << DF_BYTE), ra);
--    pwd->b[10] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
--    pwd->b[11] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
--    pwd->b[12] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
--    pwd->b[13] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
--    pwd->b[14] = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
--    pwd->b[15] = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
--#else
--    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
--    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
--    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
--    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
--    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
--    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
--    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
--    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
--    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
--    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
--    pwd->b[10] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
--    pwd->b[11] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
--    pwd->b[12] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
--    pwd->b[13] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
--    pwd->b[14] = cpu_ldub_data_ra(env, addr + (9 << DF_BYTE), ra);
--    pwd->b[15] = cpu_ldub_data_ra(env, addr + (8 << DF_BYTE), ra);
--#endif
-+    /* Load 8 bytes at a time.  Vector element ordering makes this LE.  */
-+    d0 = cpu_ldq_le_data_ra(env, addr + 0, ra);
-+    d1 = cpu_ldq_le_data_ra(env, addr + 8, ra);
-+    pwd->d[0] = d0;
-+    pwd->d[1] = d1;
- }
- void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     uintptr_t ra = GETPC();
-+    uint64_t d0, d1;
--#if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->h[0] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
--    pwd->h[1] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
--    pwd->h[2] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
--    pwd->h[3] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
--    pwd->h[4] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
--    pwd->h[5] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
--    pwd->h[6] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
--    pwd->h[7] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
--#else
--    pwd->h[0] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
--    pwd->h[1] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
--    pwd->h[2] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
--    pwd->h[3] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
--    pwd->h[4] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
--    pwd->h[5] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
--    pwd->h[6] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
--    pwd->h[7] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
-+    /*
-+     * Load 8 bytes at a time.  Use little-endian load, then for
-+     * big-endian target, we must then swap the four halfwords.
-+     */
-+    d0 = cpu_ldq_le_data_ra(env, addr + 0, ra);
-+    d1 = cpu_ldq_le_data_ra(env, addr + 8, ra);
-+#ifdef TARGET_WORDS_BIGENDIAN
-+    d0 = bswap16x4(d0);
-+    d1 = bswap16x4(d1);
- #endif
-+    pwd->d[0] = d0;
-+    pwd->d[1] = d1;
- }
- void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     uintptr_t ra = GETPC();
-+    uint64_t d0, d1;
--#if !defined(HOST_WORDS_BIGENDIAN)
--    pwd->w[0] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
--    pwd->w[1] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
--    pwd->w[2] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
--    pwd->w[3] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
--#else
--    pwd->w[0] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
--    pwd->w[1] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
--    pwd->w[2] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
--    pwd->w[3] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
-+    /*
-+     * Load 8 bytes at a time.  Use little-endian load, then for
-+     * big-endian target, we must then bswap the two words.
-+     */
-+    d0 = cpu_ldq_le_data_ra(env, addr + 0, ra);
-+    d1 = cpu_ldq_le_data_ra(env, addr + 8, ra);
-+#ifdef TARGET_WORDS_BIGENDIAN
-+    d0 = bswap32x2(d0);
-+    d1 = bswap32x2(d1);
- #endif
-+    pwd->d[0] = d0;
-+    pwd->d[1] = d1;
- }
- void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
- {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     uintptr_t ra = GETPC();
-+    uint64_t d0, d1;
--    pwd->d[0] = cpu_ldq_data_ra(env, addr + (0 << DF_DOUBLE), ra);
--    pwd->d[1] = cpu_ldq_data_ra(env, addr + (1 << DF_DOUBLE), ra);
-+    d0 = cpu_ldq_data_ra(env, addr + 0, ra);
-+    d1 = cpu_ldq_data_ra(env, addr + 8, ra);
-+    pwd->d[0] = d0;
-+    pwd->d[1] = d1;
- }
- #define MSA_PAGESPAN(x) \
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_b(CPUMIPSState *env, uint32_t wd,
-     ensure_writable_pages(env, addr, mmu_idx, ra);
--#if !defined(HOST_WORDS_BIGENDIAN)
--    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[0], ra);
--    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[1], ra);
--    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[2], ra);
--    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[3], ra);
--    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[4], ra);
--    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[5], ra);
--    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[6], ra);
--    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[7], ra);
--    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[8], ra);
--    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[9], ra);
--    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[10], ra);
--    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[11], ra);
--    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[12], ra);
--    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[13], ra);
--    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[14], ra);
--    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[15], ra);
--#else
--    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[0], ra);
--    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[1], ra);
--    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[2], ra);
--    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[3], ra);
--    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[4], ra);
--    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[5], ra);
--    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[6], ra);
--    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[7], ra);
--    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[8], ra);
--    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[9], ra);
--    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[10], ra);
--    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[11], ra);
--    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[12], ra);
--    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[13], ra);
--    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[14], ra);
--    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[15], ra);
--#endif
-+    /* Store 8 bytes at a time.  Vector element ordering makes this LE.  */
-+    cpu_stq_le_data_ra(env, addr + 0, pwd->d[0], ra);
-+    cpu_stq_le_data_ra(env, addr + 0, pwd->d[1], ra);
- }
- void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     int mmu_idx = cpu_mmu_index(env, false);
-     uintptr_t ra = GETPC();
-+    uint64_t d0, d1;
-     ensure_writable_pages(env, addr, mmu_idx, ra);
--#if !defined(HOST_WORDS_BIGENDIAN)
--    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[0], ra);
--    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[1], ra);
--    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[2], ra);
--    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[3], ra);
--    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[4], ra);
--    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[5], ra);
--    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[6], ra);
--    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[7], ra);
--#else
--    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[0], ra);
--    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[1], ra);
--    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[2], ra);
--    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[3], ra);
--    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[4], ra);
--    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[5], ra);
--    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[6], ra);
--    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[7], ra);
-+    /* Store 8 bytes at a time.  See helper_msa_ld_h. */
-+    d0 = pwd->d[0];
-+    d1 = pwd->d[1];
-+#ifdef TARGET_WORDS_BIGENDIAN
-+    d0 = bswap16x4(d0);
-+    d1 = bswap16x4(d1);
- #endif
-+    cpu_stq_le_data_ra(env, addr + 0, d0, ra);
-+    cpu_stq_le_data_ra(env, addr + 8, d1, ra);
- }
- void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-     int mmu_idx = cpu_mmu_index(env, false);
-     uintptr_t ra = GETPC();
-+    uint64_t d0, d1;
-     ensure_writable_pages(env, addr, mmu_idx, ra);
--#if !defined(HOST_WORDS_BIGENDIAN)
--    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[0], ra);
--    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[1], ra);
--    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[2], ra);
--    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[3], ra);
--#else
--    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[0], ra);
--    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[1], ra);
--    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[2], ra);
--    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[3], ra);
-+    /* Store 8 bytes at a time.  See helper_msa_ld_w. */
-+    d0 = pwd->d[0];
-+    d1 = pwd->d[1];
-+#ifdef TARGET_WORDS_BIGENDIAN
-+    d0 = bswap32x2(d0);
-+    d1 = bswap32x2(d1);
- #endif
-+    cpu_stq_le_data_ra(env, addr + 0, d0, ra);
-+    cpu_stq_le_data_ra(env, addr + 8, d1, ra);
- }
- void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
-@@ -XXX,XX +XXX,XX @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
-     ensure_writable_pages(env, addr, mmu_idx, GETPC());
--    cpu_stq_data_ra(env, addr + (0 << DF_DOUBLE), pwd->d[0], ra);
--    cpu_stq_data_ra(env, addr + (1 << DF_DOUBLE), pwd->d[1], ra);
-+    cpu_stq_data_ra(env, addr + 0, pwd->d[0], ra);
-+    cpu_stq_data_ra(env, addr + 8, pwd->d[1], ra);
- }
---
-.25.1

-[PATCH v4 26/48] target/s390x: Use cpu_*_mmu instead of helper_*_mmu
+Deleted patch
-The helper_*_mmu functions were the only thing available
-when this code was written.  This could have been adjusted
-when we added cpu_*_mmuidx_ra, but now we can most easily
-use the newest set of interfaces.
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/s390x/tcg/mem_helper.c | 8 ++++----
-file changed, 4 insertions(+), 4 deletions(-)
-diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/mem_helper.c
-+++ b/target/s390x/tcg/mem_helper.c
-@@ -XXX,XX +XXX,XX @@ static void do_access_memset(CPUS390XState *env, vaddr vaddr, char *haddr,
-          * page. This is especially relevant to speed up TLB_NOTDIRTY.
-          */
-         g_assert(size > 0);
--        helper_ret_stb_mmu(env, vaddr, byte, oi, ra);
-+        cpu_stb_mmu(env, vaddr, byte, oi, ra);
-         haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
-         if (likely(haddr)) {
-             memset(haddr + 1, byte, size - 1);
-         } else {
-             for (i = 1; i < size; i++) {
--                helper_ret_stb_mmu(env, vaddr + i, byte, oi, ra);
-+                cpu_stb_mmu(env, vaddr + i, byte, oi, ra);
-             }
-         }
-     }
-@@ -XXX,XX +XXX,XX @@ static uint8_t do_access_get_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
-      * Do a single access and test if we can then get access to the
-      * page. This is especially relevant to speed up TLB_NOTDIRTY.
-      */
--    byte = helper_ret_ldub_mmu(env, vaddr + offset, oi, ra);
-+    byte = cpu_ldb_mmu(env, vaddr + offset, oi, ra);
-     *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_LOAD, mmu_idx);
-     return byte;
- #endif
-@@ -XXX,XX +XXX,XX @@ static void do_access_set_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
-      * Do a single access and test if we can then get access to the
-      * page. This is especially relevant to speed up TLB_NOTDIRTY.
-      */
--    helper_ret_stb_mmu(env, vaddr + offset, byte, oi, ra);
-+    cpu_stb_mmu(env, vaddr + offset, byte, oi, ra);
-     *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
- #endif
- }
---
-.25.1

-[PATCH v4 27/48] target/sparc: Use cpu_*_mmu instead of helper_*_mmu
+Deleted patch
-The helper_*_mmu functions were the only thing available
-when this code was written.  This could have been adjusted
-when we added cpu_*_mmuidx_ra, but now we can most easily
-use the newest set of interfaces.
-Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/sparc/ldst_helper.c | 14 +++++++-------
-file changed, 7 insertions(+), 7 deletions(-)
-diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/ldst_helper.c
-+++ b/target/sparc/ldst_helper.c
-@@ -XXX,XX +XXX,XX @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr,
-             oi = make_memop_idx(memop, idx);
-             switch (size) {
-             case 1:
--                ret = helper_ret_ldub_mmu(env, addr, oi, GETPC());
-+                ret = cpu_ldb_mmu(env, addr, oi, GETPC());
-                 break;
-             case 2:
-                 if (asi & 8) {
--                    ret = helper_le_lduw_mmu(env, addr, oi, GETPC());
-+                    ret = cpu_ldw_le_mmu(env, addr, oi, GETPC());
-                 } else {
--                    ret = helper_be_lduw_mmu(env, addr, oi, GETPC());
-+                    ret = cpu_ldw_be_mmu(env, addr, oi, GETPC());
-                 }
-                 break;
-             case 4:
-                 if (asi & 8) {
--                    ret = helper_le_ldul_mmu(env, addr, oi, GETPC());
-+                    ret = cpu_ldl_le_mmu(env, addr, oi, GETPC());
-                 } else {
--                    ret = helper_be_ldul_mmu(env, addr, oi, GETPC());
-+                    ret = cpu_ldl_be_mmu(env, addr, oi, GETPC());
-                 }
-                 break;
-             case 8:
-                 if (asi & 8) {
--                    ret = helper_le_ldq_mmu(env, addr, oi, GETPC());
-+                    ret = cpu_ldq_le_mmu(env, addr, oi, GETPC());
-                 } else {
--                    ret = helper_be_ldq_mmu(env, addr, oi, GETPC());
-+                    ret = cpu_ldq_be_mmu(env, addr, oi, GETPC());
-                 }
-                 break;
-             default:
---
-.25.1

-[PATCH v4 28/48] target/arm: Use cpu_*_mmu instead of helper_*_mmu
+Deleted patch
-The helper_*_mmu functions were the only thing available
-when this code was written.  This could have been adjusted
-when we added cpu_*_mmuidx_ra, but now we can most easily
-use the newest set of interfaces.
-Cc: qemu-arm@nongnu.org
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/arm/helper-a64.c | 52 +++++++----------------------------------
- target/arm/m_helper.c   |  6 ++---
-files changed, 11 insertions(+), 47 deletions(-)
-diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper-a64.c
-+++ b/target/arm/helper-a64.c
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
-     uintptr_t ra = GETPC();
-     uint64_t o0, o1;
-     bool success;
--
--#ifdef CONFIG_USER_ONLY
--    /* ??? Enforce alignment.  */
--    uint64_t *haddr = g2h(env_cpu(env), addr);
--
--    set_helper_retaddr(ra);
--    o0 = ldq_le_p(haddr + 0);
--    o1 = ldq_le_p(haddr + 1);
--    oldv = int128_make128(o0, o1);
--
--    success = int128_eq(oldv, cmpv);
--    if (success) {
--        stq_le_p(haddr + 0, int128_getlo(newv));
--        stq_le_p(haddr + 1, int128_gethi(newv));
--    }
--    clear_helper_retaddr();
--#else
-     int mem_idx = cpu_mmu_index(env, false);
-     MemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-     MemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
--    o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
--    o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
-+    o0 = cpu_ldq_le_mmu(env, addr + 0, oi0, ra);
-+    o1 = cpu_ldq_le_mmu(env, addr + 8, oi1, ra);
-     oldv = int128_make128(o0, o1);
-     success = int128_eq(oldv, cmpv);
-     if (success) {
--        helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
--        helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
-+        cpu_stq_le_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
-+        cpu_stq_le_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
-     }
--#endif
-     return !success;
- }
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
-     uintptr_t ra = GETPC();
-     uint64_t o0, o1;
-     bool success;
--
--#ifdef CONFIG_USER_ONLY
--    /* ??? Enforce alignment.  */
--    uint64_t *haddr = g2h(env_cpu(env), addr);
--
--    set_helper_retaddr(ra);
--    o1 = ldq_be_p(haddr + 0);
--    o0 = ldq_be_p(haddr + 1);
--    oldv = int128_make128(o0, o1);
--
--    success = int128_eq(oldv, cmpv);
--    if (success) {
--        stq_be_p(haddr + 0, int128_gethi(newv));
--        stq_be_p(haddr + 1, int128_getlo(newv));
--    }
--    clear_helper_retaddr();
--#else
-     int mem_idx = cpu_mmu_index(env, false);
-     MemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
-     MemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
--    o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
--    o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
-+    o1 = cpu_ldq_be_mmu(env, addr + 0, oi0, ra);
-+    o0 = cpu_ldq_be_mmu(env, addr + 8, oi1, ra);
-     oldv = int128_make128(o0, o1);
-     success = int128_eq(oldv, cmpv);
-     if (success) {
--        helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
--        helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
-+        cpu_stq_be_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
-+        cpu_stq_be_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
-     }
--#endif
-     return !success;
- }
-diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/m_helper.c
-+++ b/target/arm/m_helper.c
-@@ -XXX,XX +XXX,XX @@ static bool do_v7m_function_return(ARMCPU *cpu)
-          * do them as secure, so work out what MMU index that is.
-          */
-         mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);
--        oi = make_memop_idx(MO_LE, arm_to_core_mmu_idx(mmu_idx));
--        newpc = helper_le_ldul_mmu(env, frameptr, oi, 0);
--        newpsr = helper_le_ldul_mmu(env, frameptr + 4, oi, 0);
-+        oi = make_memop_idx(MO_LEUL, arm_to_core_mmu_idx(mmu_idx));
-+        newpc = cpu_ldl_le_mmu(env, frameptr, oi, 0);
-+        newpsr = cpu_ldl_le_mmu(env, frameptr + 4, oi, 0);
-         /* Consistency checks on new IPSR */
-         newpsr_exc = newpsr & XPSR_EXCP;
---
-.25.1

-[PATCH v4 29/48] tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
+Deleted patch
-These functions have been replaced by cpu_*_mmu as the
-most proper interface to use from target code.
-Hide these declarations from code that should not use them.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg-ldst.h | 74 ++++++++++++++++++++++++++++++++++++++++++
- include/tcg/tcg.h      | 71 ----------------------------------------
- accel/tcg/cputlb.c     |  1 +
- tcg/tcg.c              |  1 +
- tcg/tci.c              |  1 +
-files changed, 77 insertions(+), 71 deletions(-)
- create mode 100644 include/tcg/tcg-ldst.h
-diff --git a/include/tcg/tcg-ldst.h b/include/tcg/tcg-ldst.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/include/tcg/tcg-ldst.h
-@@ -XXX,XX +XXX,XX @@
-+/*
-+ * Memory helpers that will be used by TCG generated code.
-+ *
-+ * Copyright (c) 2008 Fabrice Bellard
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a copy
-+ * of this software and associated documentation files (the "Software"), to deal
-+ * in the Software without restriction, including without limitation the rights
-+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-+ * copies of the Software, and to permit persons to whom the Software is
-+ * furnished to do so, subject to the following conditions:
-+ *
-+ * The above copyright notice and this permission notice shall be included in
-+ * all copies or substantial portions of the Software.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-+ * THE SOFTWARE.
-+ */
-+
-+#ifndef TCG_LDST_H
-+#define TCG_LDST_H 1
-+
-+#ifdef CONFIG_SOFTMMU
-+
-+/* Value zero-extended to tcg register size.  */
-+tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
-+                                     MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
-+                           MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
-+                           MemOpIdx oi, uintptr_t retaddr);
-+
-+/* Value sign-extended to tcg register size.  */
-+tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
-+                                     MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
-+                                    MemOpIdx oi, uintptr_t retaddr);
-+
-+void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-+                        MemOpIdx oi, uintptr_t retaddr);
-+void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-+                       MemOpIdx oi, uintptr_t retaddr);
-+void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-+                       MemOpIdx oi, uintptr_t retaddr);
-+void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                       MemOpIdx oi, uintptr_t retaddr);
-+void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-+                       MemOpIdx oi, uintptr_t retaddr);
-+void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-+                       MemOpIdx oi, uintptr_t retaddr);
-+void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-+                       MemOpIdx oi, uintptr_t retaddr);
-+
-+#endif /* CONFIG_SOFTMMU */
-+#endif /* TCG_LDST_H */
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
-+++ b/include/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
-      :  (target_long)dup_const(VECE, C))
- #endif
--/*
-- * Memory helpers that will be used by TCG generated code.
-- */
--#ifdef CONFIG_SOFTMMU
--/* Value zero-extended to tcg register size.  */
--tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
--                                     MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
--                           MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
--                           MemOpIdx oi, uintptr_t retaddr);
--
--/* Value sign-extended to tcg register size.  */
--tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
--                                     MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
--                                    MemOpIdx oi, uintptr_t retaddr);
--
--void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
--                        MemOpIdx oi, uintptr_t retaddr);
--void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
--                       MemOpIdx oi, uintptr_t retaddr);
--void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
--                       MemOpIdx oi, uintptr_t retaddr);
--void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
--                       MemOpIdx oi, uintptr_t retaddr);
--void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
--                       MemOpIdx oi, uintptr_t retaddr);
--void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
--                       MemOpIdx oi, uintptr_t retaddr);
--void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
--                       MemOpIdx oi, uintptr_t retaddr);
--
--/* Temporary aliases until backends are converted.  */
--#ifdef TARGET_WORDS_BIGENDIAN
--# define helper_ret_ldsw_mmu  helper_be_ldsw_mmu
--# define helper_ret_lduw_mmu  helper_be_lduw_mmu
--# define helper_ret_ldsl_mmu  helper_be_ldsl_mmu
--# define helper_ret_ldul_mmu  helper_be_ldul_mmu
--# define helper_ret_ldl_mmu   helper_be_ldul_mmu
--# define helper_ret_ldq_mmu   helper_be_ldq_mmu
--# define helper_ret_stw_mmu   helper_be_stw_mmu
--# define helper_ret_stl_mmu   helper_be_stl_mmu
--# define helper_ret_stq_mmu   helper_be_stq_mmu
--#else
--# define helper_ret_ldsw_mmu  helper_le_ldsw_mmu
--# define helper_ret_lduw_mmu  helper_le_lduw_mmu
--# define helper_ret_ldsl_mmu  helper_le_ldsl_mmu
--# define helper_ret_ldul_mmu  helper_le_ldul_mmu
--# define helper_ret_ldl_mmu   helper_le_ldul_mmu
--# define helper_ret_ldq_mmu   helper_le_ldq_mmu
--# define helper_ret_stw_mmu   helper_le_stw_mmu
--# define helper_ret_stl_mmu   helper_le_stl_mmu
--# define helper_ret_stq_mmu   helper_le_stq_mmu
--#endif
--#endif /* CONFIG_SOFTMMU */
--
- #ifdef CONFIG_DEBUG_TCG
- void tcg_assert_listed_vecop(TCGOpcode);
- #else
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cputlb.c
-+++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@
- #ifdef CONFIG_PLUGIN
- #include "qemu/plugin-memory.h"
- #endif
-+#include "tcg/tcg-ldst.h"
- /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
- /* #define DEBUG_TLB */
-diff --git a/tcg/tcg.c b/tcg/tcg.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
-+++ b/tcg/tcg.c
-@@ -XXX,XX +XXX,XX @@
- #include "elf.h"
- #include "exec/log.h"
-+#include "tcg/tcg-ldst.h"
- #include "tcg-internal.h"
- #ifdef CONFIG_TCG_INTERPRETER
-diff --git a/tcg/tci.c b/tcg/tci.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tci.c
-+++ b/tcg/tci.c
-@@ -XXX,XX +XXX,XX @@
- #include "tcg/tcg.h"           /* MAX_OPC_PARAM_IARGS */
- #include "exec/cpu_ldst.h"
- #include "tcg/tcg-op.h"
-+#include "tcg/tcg-ldst.h"
- #include "qemu/compiler.h"
- #include <ffi.h>
---
-.25.1

-[PATCH v4 30/48] tcg: Add helper_unaligned_{ld, st} for user-only sigbus
+Deleted patch
-To be called from tcg generated code on hosts that support
-unaligned accesses natively, in response to an access that
-is supposed to be aligned.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/tcg/tcg-ldst.h |  5 +++++
- accel/tcg/user-exec.c  | 11 +++++++++++
-files changed, 16 insertions(+)
-diff --git a/include/tcg/tcg-ldst.h b/include/tcg/tcg-ldst.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg-ldst.h
-+++ b/include/tcg/tcg-ldst.h
-@@ -XXX,XX +XXX,XX @@ void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
- void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                        MemOpIdx oi, uintptr_t retaddr);
-+#else
-+
-+void QEMU_NORETURN helper_unaligned_ld(CPUArchState *env, target_ulong addr);
-+void QEMU_NORETURN helper_unaligned_st(CPUArchState *env, target_ulong addr);
-+
- #endif /* CONFIG_SOFTMMU */
- #endif /* TCG_LDST_H */
-diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/user-exec.c
-+++ b/accel/tcg/user-exec.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "qemu/atomic128.h"
- #include "trace/trace-root.h"
-+#include "tcg/tcg-ldst.h"
- #include "internal.h"
- __thread uintptr_t helper_retaddr;
-@@ -XXX,XX +XXX,XX @@ static void validate_memop(MemOpIdx oi, MemOp expected)
- #endif
- }
-+void helper_unaligned_ld(CPUArchState *env, target_ulong addr)
-+{
-+    cpu_loop_exit_sigbus(env_cpu(env), addr, MMU_DATA_LOAD, GETPC());
-+}
-+
-+void helper_unaligned_st(CPUArchState *env, target_ulong addr)
-+{
-+    cpu_loop_exit_sigbus(env_cpu(env), addr, MMU_DATA_STORE, GETPC());
-+}
-+
- static void *cpu_mmu_lookup(CPUArchState *env, target_ulong addr,
-                             MemOpIdx oi, uintptr_t ra, MMUAccessType type)
- {
---
-.25.1

-[PATCH v4 31/48] linux-user: Split out do_prctl and subroutines
+Deleted patch
-Since the prctl constants are supposed to be generic, supply
-any that are not provided by the host.
-Split out subroutines for PR_GET_FP_MODE, PR_SET_FP_MODE,
-PR_GET_VL, PR_SET_VL, PR_RESET_KEYS, PR_SET_TAGGED_ADDR_CTRL,
-PR_GET_TAGGED_ADDR_CTRL.  Return EINVAL for guests that do
-not support these options rather than pass them on to the host.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/aarch64/target_prctl.h    | 160 ++++++++++
- linux-user/aarch64/target_syscall.h  |  23 --
- linux-user/alpha/target_prctl.h      |   1 +
- linux-user/arm/target_prctl.h        |   1 +
- linux-user/cris/target_prctl.h       |   1 +
- linux-user/hexagon/target_prctl.h    |   1 +
- linux-user/hppa/target_prctl.h       |   1 +
- linux-user/i386/target_prctl.h       |   1 +
- linux-user/m68k/target_prctl.h       |   1 +
- linux-user/microblaze/target_prctl.h |   1 +
- linux-user/mips/target_prctl.h       |  88 ++++++
- linux-user/mips/target_syscall.h     |   6 -
- linux-user/mips64/target_prctl.h     |   1 +
- linux-user/mips64/target_syscall.h   |   6 -
- linux-user/nios2/target_prctl.h      |   1 +
- linux-user/openrisc/target_prctl.h   |   1 +
- linux-user/ppc/target_prctl.h        |   1 +
- linux-user/riscv/target_prctl.h      |   1 +
- linux-user/s390x/target_prctl.h      |   1 +
- linux-user/sh4/target_prctl.h        |   1 +
- linux-user/sparc/target_prctl.h      |   1 +
- linux-user/x86_64/target_prctl.h     |   1 +
- linux-user/xtensa/target_prctl.h     |   1 +
- linux-user/syscall.c                 | 433 +++++++++------------------
-files changed, 414 insertions(+), 320 deletions(-)
- create mode 100644 linux-user/aarch64/target_prctl.h
- create mode 100644 linux-user/alpha/target_prctl.h
- create mode 100644 linux-user/arm/target_prctl.h
- create mode 100644 linux-user/cris/target_prctl.h
- create mode 100644 linux-user/hexagon/target_prctl.h
- create mode 100644 linux-user/hppa/target_prctl.h
- create mode 100644 linux-user/i386/target_prctl.h
- create mode 100644 linux-user/m68k/target_prctl.h
- create mode 100644 linux-user/microblaze/target_prctl.h
- create mode 100644 linux-user/mips/target_prctl.h
- create mode 100644 linux-user/mips64/target_prctl.h
- create mode 100644 linux-user/nios2/target_prctl.h
- create mode 100644 linux-user/openrisc/target_prctl.h
- create mode 100644 linux-user/ppc/target_prctl.h
- create mode 100644 linux-user/riscv/target_prctl.h
- create mode 100644 linux-user/s390x/target_prctl.h
- create mode 100644 linux-user/sh4/target_prctl.h
- create mode 100644 linux-user/sparc/target_prctl.h
- create mode 100644 linux-user/x86_64/target_prctl.h
- create mode 100644 linux-user/xtensa/target_prctl.h
-diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/aarch64/target_prctl.h
-@@ -XXX,XX +XXX,XX @@
-+/*
-+ * AArch64 specific prctl functions for linux-user
-+ *
-+ * SPDX-License-Identifier: GPL-2.0-or-later
-+ */
-+#ifndef AARCH64_TARGET_PRCTL_H
-+#define AARCH64_TARGET_PRCTL_H
-+
-+static abi_long do_prctl_get_vl(CPUArchState *env)
-+{
-+    ARMCPU *cpu = env_archcpu(env);
-+    if (cpu_isar_feature(aa64_sve, cpu)) {
-+        return ((cpu->env.vfp.zcr_el[1] & 0xf) + 1) * 16;
-+    }
-+    return -TARGET_EINVAL;
-+}
-+#define do_prctl_get_vl do_prctl_get_vl
-+
-+static abi_long do_prctl_set_vl(CPUArchState *env, abi_long arg2)
-+{
-+    /*
-+     * We cannot support either PR_SVE_SET_VL_ONEXEC or PR_SVE_VL_INHERIT.
-+     * Note the kernel definition of sve_vl_valid allows for VQ=512,
-+     * i.e. VL=8192, even though the current architectural maximum is VQ=16.
-+     */
-+    if (cpu_isar_feature(aa64_sve, env_archcpu(env))
-+        && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
-+        ARMCPU *cpu = env_archcpu(env);
-+        uint32_t vq, old_vq;
-+
-+        old_vq = (env->vfp.zcr_el[1] & 0xf) + 1;
-+        vq = MAX(arg2 / 16, 1);
-+        vq = MIN(vq, cpu->sve_max_vq);
-+
-+        if (vq < old_vq) {
-+            aarch64_sve_narrow_vq(env, vq);
-+        }
-+        env->vfp.zcr_el[1] = vq - 1;
-+        arm_rebuild_hflags(env);
-+        return vq * 16;
-+    }
-+    return -TARGET_EINVAL;
-+}
-+#define do_prctl_set_vl do_prctl_set_vl
-+
-+static abi_long do_prctl_reset_keys(CPUArchState *env, abi_long arg2)
-+{
-+    ARMCPU *cpu = env_archcpu(env);
-+
-+    if (cpu_isar_feature(aa64_pauth, cpu)) {
-+        int all = (PR_PAC_APIAKEY | PR_PAC_APIBKEY |
-+                   PR_PAC_APDAKEY | PR_PAC_APDBKEY | PR_PAC_APGAKEY);
-+        int ret = 0;
-+        Error *err = NULL;
-+
-+        if (arg2 == 0) {
-+            arg2 = all;
-+        } else if (arg2 & ~all) {
-+            return -TARGET_EINVAL;
-+        }
-+        if (arg2 & PR_PAC_APIAKEY) {
-+            ret |= qemu_guest_getrandom(&env->keys.apia,
-+                                        sizeof(ARMPACKey), &err);
-+        }
-+        if (arg2 & PR_PAC_APIBKEY) {
-+            ret |= qemu_guest_getrandom(&env->keys.apib,
-+                                        sizeof(ARMPACKey), &err);
-+        }
-+        if (arg2 & PR_PAC_APDAKEY) {
-+            ret |= qemu_guest_getrandom(&env->keys.apda,
-+                                        sizeof(ARMPACKey), &err);
-+        }
-+        if (arg2 & PR_PAC_APDBKEY) {
-+            ret |= qemu_guest_getrandom(&env->keys.apdb,
-+                                        sizeof(ARMPACKey), &err);
-+        }
-+        if (arg2 & PR_PAC_APGAKEY) {
-+            ret |= qemu_guest_getrandom(&env->keys.apga,
-+                                        sizeof(ARMPACKey), &err);
-+        }
-+        if (ret != 0) {
-+            /*
-+             * Some unknown failure in the crypto.  The best
-+             * we can do is log it and fail the syscall.
-+             * The real syscall cannot fail this way.
-+             */
-+            qemu_log_mask(LOG_UNIMP, "PR_PAC_RESET_KEYS: Crypto failure: %s",
-+                          error_get_pretty(err));
-+            error_free(err);
-+            return -TARGET_EIO;
-+        }
-+        return 0;
-+    }
-+    return -TARGET_EINVAL;
-+}
-+#define do_prctl_reset_keys do_prctl_reset_keys
-+
-+static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchState *env, abi_long arg2)
-+{
-+    abi_ulong valid_mask = PR_TAGGED_ADDR_ENABLE;
-+    ARMCPU *cpu = env_archcpu(env);
-+
-+    if (cpu_isar_feature(aa64_mte, cpu)) {
-+        valid_mask |= PR_MTE_TCF_MASK;
-+        valid_mask |= PR_MTE_TAG_MASK;
-+    }
-+
-+    if (arg2 & ~valid_mask) {
-+        return -TARGET_EINVAL;
-+    }
-+    env->tagged_addr_enable = arg2 & PR_TAGGED_ADDR_ENABLE;
-+
-+    if (cpu_isar_feature(aa64_mte, cpu)) {
-+        switch (arg2 & PR_MTE_TCF_MASK) {
-+        case PR_MTE_TCF_NONE:
-+        case PR_MTE_TCF_SYNC:
-+        case PR_MTE_TCF_ASYNC:
-+            break;
-+        default:
-+            return -EINVAL;
-+        }
-+
-+        /*
-+         * Write PR_MTE_TCF to SCTLR_EL1[TCF0].
-+         * Note that the syscall values are consistent with hw.
-+         */
-+        env->cp15.sctlr_el[1] =
-+            deposit64(env->cp15.sctlr_el[1], 38, 2, arg2 >> PR_MTE_TCF_SHIFT);
-+
-+        /*
-+         * Write PR_MTE_TAG to GCR_EL1[Exclude].
-+         * Note that the syscall uses an include mask,
-+         * and hardware uses an exclude mask -- invert.
-+         */
-+        env->cp15.gcr_el1 =
-+            deposit64(env->cp15.gcr_el1, 0, 16, ~arg2 >> PR_MTE_TAG_SHIFT);
-+        arm_rebuild_hflags(env);
-+    }
-+    return 0;
-+}
-+#define do_prctl_set_tagged_addr_ctrl do_prctl_set_tagged_addr_ctrl
-+
-+static abi_long do_prctl_get_tagged_addr_ctrl(CPUArchState *env)
-+{
-+    ARMCPU *cpu = env_archcpu(env);
-+    abi_long ret = 0;
-+
-+    if (env->tagged_addr_enable) {
-+        ret |= PR_TAGGED_ADDR_ENABLE;
-+    }
-+    if (cpu_isar_feature(aa64_mte, cpu)) {
-+        /* See do_prctl_set_tagged_addr_ctrl. */
-+        ret |= extract64(env->cp15.sctlr_el[1], 38, 2) << PR_MTE_TCF_SHIFT;
-+        ret = deposit64(ret, PR_MTE_TAG_SHIFT, 16, ~env->cp15.gcr_el1);
-+    }
-+    return ret;
-+}
-+#define do_prctl_get_tagged_addr_ctrl do_prctl_get_tagged_addr_ctrl
-+
-+#endif /* AARCH64_TARGET_PRCTL_H */
-diff --git a/linux-user/aarch64/target_syscall.h b/linux-user/aarch64/target_syscall.h
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/aarch64/target_syscall.h
-+++ b/linux-user/aarch64/target_syscall.h
-@@ -XXX,XX +XXX,XX @@ struct target_pt_regs {
- #define TARGET_MCL_FUTURE  2
- #define TARGET_MCL_ONFAULT 4
--#define TARGET_PR_SVE_SET_VL  50
--#define TARGET_PR_SVE_GET_VL  51
--
--#define TARGET_PR_PAC_RESET_KEYS 54
--# define TARGET_PR_PAC_APIAKEY   (1 << 0)
--# define TARGET_PR_PAC_APIBKEY   (1 << 1)
--# define TARGET_PR_PAC_APDAKEY   (1 << 2)
--# define TARGET_PR_PAC_APDBKEY   (1 << 3)
--# define TARGET_PR_PAC_APGAKEY   (1 << 4)
--
--#define TARGET_PR_SET_TAGGED_ADDR_CTRL 55
--#define TARGET_PR_GET_TAGGED_ADDR_CTRL 56
--# define TARGET_PR_TAGGED_ADDR_ENABLE  (1UL << 0)
--/* MTE tag check fault modes */
--# define TARGET_PR_MTE_TCF_SHIFT       1
--# define TARGET_PR_MTE_TCF_NONE        (0UL << TARGET_PR_MTE_TCF_SHIFT)
--# define TARGET_PR_MTE_TCF_SYNC        (1UL << TARGET_PR_MTE_TCF_SHIFT)
--# define TARGET_PR_MTE_TCF_ASYNC       (2UL << TARGET_PR_MTE_TCF_SHIFT)
--# define TARGET_PR_MTE_TCF_MASK        (3UL << TARGET_PR_MTE_TCF_SHIFT)
--/* MTE tag inclusion mask */
--# define TARGET_PR_MTE_TAG_SHIFT       3
--# define TARGET_PR_MTE_TAG_MASK        (0xffffUL << TARGET_PR_MTE_TAG_SHIFT)
--
- #endif /* AARCH64_TARGET_SYSCALL_H */
-diff --git a/linux-user/alpha/target_prctl.h b/linux-user/alpha/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/alpha/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/arm/target_prctl.h b/linux-user/arm/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/arm/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/cris/target_prctl.h b/linux-user/cris/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/cris/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/hexagon/target_prctl.h b/linux-user/hexagon/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/hexagon/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/hppa/target_prctl.h b/linux-user/hppa/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/hppa/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/i386/target_prctl.h b/linux-user/i386/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/i386/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/m68k/target_prctl.h b/linux-user/m68k/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/m68k/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/microblaze/target_prctl.h b/linux-user/microblaze/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/microblaze/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/mips/target_prctl.h b/linux-user/mips/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/mips/target_prctl.h
-@@ -XXX,XX +XXX,XX @@
-+/*
-+ * MIPS specific prctl functions for linux-user
-+ *
-+ * SPDX-License-Identifier: GPL-2.0-or-later
-+ */
-+#ifndef MIPS_TARGET_PRCTL_H
-+#define MIPS_TARGET_PRCTL_H
-+
-+static abi_long do_prctl_get_fp_mode(CPUArchState *env)
-+{
-+    abi_long ret = 0;
-+
-+    if (env->CP0_Status & (1 << CP0St_FR)) {
-+        ret |= PR_FP_MODE_FR;
-+    }
-+    if (env->CP0_Config5 & (1 << CP0C5_FRE)) {
-+        ret |= PR_FP_MODE_FRE;
-+    }
-+    return ret;
-+}
-+#define do_prctl_get_fp_mode do_prctl_get_fp_mode
-+
-+static abi_long do_prctl_set_fp_mode(CPUArchState *env, abi_long arg2)
-+{
-+    bool old_fr = env->CP0_Status & (1 << CP0St_FR);
-+    bool old_fre = env->CP0_Config5 & (1 << CP0C5_FRE);
-+    bool new_fr = arg2 & PR_FP_MODE_FR;
-+    bool new_fre = arg2 & PR_FP_MODE_FRE;
-+    const unsigned int known_bits = PR_FP_MODE_FR | PR_FP_MODE_FRE;
-+
-+    /* If nothing to change, return right away, successfully.  */
-+    if (old_fr == new_fr && old_fre == new_fre) {
-+        return 0;
-+    }
-+    /* Check the value is valid */
-+    if (arg2 & ~known_bits) {
-+        return -TARGET_EOPNOTSUPP;
-+    }
-+    /* Setting FRE without FR is not supported.  */
-+    if (new_fre && !new_fr) {
-+        return -TARGET_EOPNOTSUPP;
-+    }
-+    if (new_fr && !(env->active_fpu.fcr0 & (1 << FCR0_F64))) {
-+        /* FR1 is not supported */
-+        return -TARGET_EOPNOTSUPP;
-+    }
-+    if (!new_fr && (env->active_fpu.fcr0 & (1 << FCR0_F64))
-+        && !(env->CP0_Status_rw_bitmask & (1 << CP0St_FR))) {
-+        /* cannot set FR=0 */
-+        return -TARGET_EOPNOTSUPP;
-+    }
-+    if (new_fre && !(env->active_fpu.fcr0 & (1 << FCR0_FREP))) {
-+        /* Cannot set FRE=1 */
-+        return -TARGET_EOPNOTSUPP;
-+    }
-+
-+    int i;
-+    fpr_t *fpr = env->active_fpu.fpr;
-+    for (i = 0; i < 32 ; i += 2) {
-+        if (!old_fr && new_fr) {
-+            fpr[i].w[!FP_ENDIAN_IDX] = fpr[i + 1].w[FP_ENDIAN_IDX];
-+        } else if (old_fr && !new_fr) {
-+            fpr[i + 1].w[FP_ENDIAN_IDX] = fpr[i].w[!FP_ENDIAN_IDX];
-+        }
-+    }
-+
-+    if (new_fr) {
-+        env->CP0_Status |= (1 << CP0St_FR);
-+        env->hflags |= MIPS_HFLAG_F64;
-+    } else {
-+        env->CP0_Status &= ~(1 << CP0St_FR);
-+        env->hflags &= ~MIPS_HFLAG_F64;
-+    }
-+    if (new_fre) {
-+        env->CP0_Config5 |= (1 << CP0C5_FRE);
-+        if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
-+            env->hflags |= MIPS_HFLAG_FRE;
-+        }
-+    } else {
-+        env->CP0_Config5 &= ~(1 << CP0C5_FRE);
-+        env->hflags &= ~MIPS_HFLAG_FRE;
-+    }
-+
-+    return 0;
-+}
-+#define do_prctl_set_fp_mode do_prctl_set_fp_mode
-+
-+#endif /* MIPS_TARGET_PRCTL_H */
-diff --git a/linux-user/mips/target_syscall.h b/linux-user/mips/target_syscall.h
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/mips/target_syscall.h
-+++ b/linux-user/mips/target_syscall.h
-@@ -XXX,XX +XXX,XX @@ static inline abi_ulong target_shmlba(CPUMIPSState *env)
-     return 0x40000;
- }
--/* MIPS-specific prctl() options */
--#define TARGET_PR_SET_FP_MODE  45
--#define TARGET_PR_GET_FP_MODE  46
--#define TARGET_PR_FP_MODE_FR   (1 << 0)
--#define TARGET_PR_FP_MODE_FRE  (1 << 1)
--
- #endif /* MIPS_TARGET_SYSCALL_H */
-diff --git a/linux-user/mips64/target_prctl.h b/linux-user/mips64/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/mips64/target_prctl.h
-@@ -0,0 +1 @@
-+#include "../mips/target_prctl.h"
-diff --git a/linux-user/mips64/target_syscall.h b/linux-user/mips64/target_syscall.h
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/mips64/target_syscall.h
-+++ b/linux-user/mips64/target_syscall.h
-@@ -XXX,XX +XXX,XX @@ static inline abi_ulong target_shmlba(CPUMIPSState *env)
-     return 0x40000;
- }
--/* MIPS-specific prctl() options */
--#define TARGET_PR_SET_FP_MODE  45
--#define TARGET_PR_GET_FP_MODE  46
--#define TARGET_PR_FP_MODE_FR   (1 << 0)
--#define TARGET_PR_FP_MODE_FRE  (1 << 1)
--
- #endif /* MIPS64_TARGET_SYSCALL_H */
-diff --git a/linux-user/nios2/target_prctl.h b/linux-user/nios2/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/nios2/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/openrisc/target_prctl.h b/linux-user/openrisc/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/openrisc/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/ppc/target_prctl.h b/linux-user/ppc/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/ppc/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/riscv/target_prctl.h b/linux-user/riscv/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/riscv/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/s390x/target_prctl.h b/linux-user/s390x/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/s390x/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/sh4/target_prctl.h b/linux-user/sh4/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/sh4/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/sparc/target_prctl.h b/linux-user/sparc/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/sparc/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/x86_64/target_prctl.h b/linux-user/x86_64/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/x86_64/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/xtensa/target_prctl.h b/linux-user/xtensa/target_prctl.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/xtensa/target_prctl.h
-@@ -0,0 +1 @@
-+/* No special prctl support required. */
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -XXX,XX +XXX,XX @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
-     return ret;
- }
- #endif /* defined(TARGET_ABI32 */
--
- #endif /* defined(TARGET_I386) */
-+/*
-+ * These constants are generic.  Supply any that are missing from the host.
-+ */
-+#ifndef PR_SET_NAME
-+# define PR_SET_NAME    15
-+# define PR_GET_NAME    16
-+#endif
-+#ifndef PR_SET_FP_MODE
-+# define PR_SET_FP_MODE 45
-+# define PR_GET_FP_MODE 46
-+# define PR_FP_MODE_FR   (1 << 0)
-+# define PR_FP_MODE_FRE  (1 << 1)
-+#endif
-+#ifndef PR_SVE_SET_VL
-+# define PR_SVE_SET_VL  50
-+# define PR_SVE_GET_VL  51
-+# define PR_SVE_VL_LEN_MASK  0xffff
-+# define PR_SVE_VL_INHERIT   (1 << 17)
-+#endif
-+#ifndef PR_PAC_RESET_KEYS
-+# define PR_PAC_RESET_KEYS  54
-+# define PR_PAC_APIAKEY   (1 << 0)
-+# define PR_PAC_APIBKEY   (1 << 1)
-+# define PR_PAC_APDAKEY   (1 << 2)
-+# define PR_PAC_APDBKEY   (1 << 3)
-+# define PR_PAC_APGAKEY   (1 << 4)
-+#endif
-+#ifndef PR_SET_TAGGED_ADDR_CTRL
-+# define PR_SET_TAGGED_ADDR_CTRL 55
-+# define PR_GET_TAGGED_ADDR_CTRL 56
-+# define PR_TAGGED_ADDR_ENABLE  (1UL << 0)
-+#endif
-+#ifndef PR_MTE_TCF_SHIFT
-+# define PR_MTE_TCF_SHIFT       1
-+# define PR_MTE_TCF_NONE        (0UL << PR_MTE_TCF_SHIFT)
-+# define PR_MTE_TCF_SYNC        (1UL << PR_MTE_TCF_SHIFT)
-+# define PR_MTE_TCF_ASYNC       (2UL << PR_MTE_TCF_SHIFT)
-+# define PR_MTE_TCF_MASK        (3UL << PR_MTE_TCF_SHIFT)
-+# define PR_MTE_TAG_SHIFT       3
-+# define PR_MTE_TAG_MASK        (0xffffUL << PR_MTE_TAG_SHIFT)
-+#endif
-+
-+#include "target_prctl.h"
-+
-+static abi_long do_prctl_inval0(CPUArchState *env)
-+{
-+    return -TARGET_EINVAL;
-+}
-+
-+static abi_long do_prctl_inval1(CPUArchState *env, abi_long arg2)
-+{
-+    return -TARGET_EINVAL;
-+}
-+
-+#ifndef do_prctl_get_fp_mode
-+#define do_prctl_get_fp_mode do_prctl_inval0
-+#endif
-+#ifndef do_prctl_set_fp_mode
-+#define do_prctl_set_fp_mode do_prctl_inval1
-+#endif
-+#ifndef do_prctl_get_vl
-+#define do_prctl_get_vl do_prctl_inval0
-+#endif
-+#ifndef do_prctl_set_vl
-+#define do_prctl_set_vl do_prctl_inval1
-+#endif
-+#ifndef do_prctl_reset_keys
-+#define do_prctl_reset_keys do_prctl_inval1
-+#endif
-+#ifndef do_prctl_set_tagged_addr_ctrl
-+#define do_prctl_set_tagged_addr_ctrl do_prctl_inval1
-+#endif
-+#ifndef do_prctl_get_tagged_addr_ctrl
-+#define do_prctl_get_tagged_addr_ctrl do_prctl_inval0
-+#endif
-+
-+static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
-+                         abi_long arg3, abi_long arg4, abi_long arg5)
-+{
-+    abi_long ret;
-+
-+    switch (option) {
-+    case PR_GET_PDEATHSIG:
-+        {
-+            int deathsig;
-+            ret = get_errno(prctl(PR_GET_PDEATHSIG, &deathsig,
-+                                  arg3, arg4, arg5));
-+            if (!is_error(ret) && arg2 && put_user_s32(deathsig, arg2)) {
-+                return -TARGET_EFAULT;
-+            }
-+            return ret;
-+        }
-+    case PR_GET_NAME:
-+        {
-+            void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
-+            if (!name) {
-+                return -TARGET_EFAULT;
-+            }
-+            ret = get_errno(prctl(PR_GET_NAME, (uintptr_t)name,
-+                                  arg3, arg4, arg5));
-+            unlock_user(name, arg2, 16);
-+            return ret;
-+        }
-+    case PR_SET_NAME:
-+        {
-+            void *name = lock_user(VERIFY_READ, arg2, 16, 1);
-+            if (!name) {
-+                return -TARGET_EFAULT;
-+            }
-+            ret = get_errno(prctl(PR_SET_NAME, (uintptr_t)name,
-+                                  arg3, arg4, arg5));
-+            unlock_user(name, arg2, 0);
-+            return ret;
-+        }
-+    case PR_GET_FP_MODE:
-+        return do_prctl_get_fp_mode(env);
-+    case PR_SET_FP_MODE:
-+        return do_prctl_set_fp_mode(env, arg2);
-+    case PR_SVE_GET_VL:
-+        return do_prctl_get_vl(env);
-+    case PR_SVE_SET_VL:
-+        return do_prctl_set_vl(env, arg2);
-+    case PR_PAC_RESET_KEYS:
-+        if (arg3 || arg4 || arg5) {
-+            return -TARGET_EINVAL;
-+        }
-+        return do_prctl_reset_keys(env, arg2);
-+    case PR_SET_TAGGED_ADDR_CTRL:
-+        if (arg3 || arg4 || arg5) {
-+            return -TARGET_EINVAL;
-+        }
-+        return do_prctl_set_tagged_addr_ctrl(env, arg2);
-+    case PR_GET_TAGGED_ADDR_CTRL:
-+        if (arg2 || arg3 || arg4 || arg5) {
-+            return -TARGET_EINVAL;
-+        }
-+        return do_prctl_get_tagged_addr_ctrl(env);
-+    case PR_GET_SECCOMP:
-+    case PR_SET_SECCOMP:
-+        /* Disable seccomp to prevent the target disabling syscalls we need. */
-+        return -TARGET_EINVAL;
-+    default:
-+        /* Most prctl options have no pointer arguments */
-+        return get_errno(prctl(option, arg2, arg3, arg4, arg5));
-+    }
-+}
-+
- #define NEW_STACK_SIZE 0x40000
-@@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
-         return ret;
- #endif
-     case TARGET_NR_prctl:
--        switch (arg1) {
--        case PR_GET_PDEATHSIG:
--        {
--            int deathsig;
--            ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
--            if (!is_error(ret) && arg2
--                && put_user_s32(deathsig, arg2)) {
--                return -TARGET_EFAULT;
--            }
--            return ret;
--        }
--#ifdef PR_GET_NAME
--        case PR_GET_NAME:
--        {
--            void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
--            if (!name) {
--                return -TARGET_EFAULT;
--            }
--            ret = get_errno(prctl(arg1, (unsigned long)name,
--                                  arg3, arg4, arg5));
--            unlock_user(name, arg2, 16);
--            return ret;
--        }
--        case PR_SET_NAME:
--        {
--            void *name = lock_user(VERIFY_READ, arg2, 16, 1);
--            if (!name) {
--                return -TARGET_EFAULT;
--            }
--            ret = get_errno(prctl(arg1, (unsigned long)name,
--                                  arg3, arg4, arg5));
--            unlock_user(name, arg2, 0);
--            return ret;
--        }
--#endif
--#ifdef TARGET_MIPS
--        case TARGET_PR_GET_FP_MODE:
--        {
--            CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
--            ret = 0;
--            if (env->CP0_Status & (1 << CP0St_FR)) {
--                ret |= TARGET_PR_FP_MODE_FR;
--            }
--            if (env->CP0_Config5 & (1 << CP0C5_FRE)) {
--                ret |= TARGET_PR_FP_MODE_FRE;
--            }
--            return ret;
--        }
--        case TARGET_PR_SET_FP_MODE:
--        {
--            CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
--            bool old_fr = env->CP0_Status & (1 << CP0St_FR);
--            bool old_fre = env->CP0_Config5 & (1 << CP0C5_FRE);
--            bool new_fr = arg2 & TARGET_PR_FP_MODE_FR;
--            bool new_fre = arg2 & TARGET_PR_FP_MODE_FRE;
--
--            const unsigned int known_bits = TARGET_PR_FP_MODE_FR |
--                                            TARGET_PR_FP_MODE_FRE;
--
--            /* If nothing to change, return right away, successfully.  */
--            if (old_fr == new_fr && old_fre == new_fre) {
--                return 0;
--            }
--            /* Check the value is valid */
--            if (arg2 & ~known_bits) {
--                return -TARGET_EOPNOTSUPP;
--            }
--            /* Setting FRE without FR is not supported.  */
--            if (new_fre && !new_fr) {
--                return -TARGET_EOPNOTSUPP;
--            }
--            if (new_fr && !(env->active_fpu.fcr0 & (1 << FCR0_F64))) {
--                /* FR1 is not supported */
--                return -TARGET_EOPNOTSUPP;
--            }
--            if (!new_fr && (env->active_fpu.fcr0 & (1 << FCR0_F64))
--                && !(env->CP0_Status_rw_bitmask & (1 << CP0St_FR))) {
--                /* cannot set FR=0 */
--                return -TARGET_EOPNOTSUPP;
--            }
--            if (new_fre && !(env->active_fpu.fcr0 & (1 << FCR0_FREP))) {
--                /* Cannot set FRE=1 */
--                return -TARGET_EOPNOTSUPP;
--            }
--
--            int i;
--            fpr_t *fpr = env->active_fpu.fpr;
--            for (i = 0; i < 32 ; i += 2) {
--                if (!old_fr && new_fr) {
--                    fpr[i].w[!FP_ENDIAN_IDX] = fpr[i + 1].w[FP_ENDIAN_IDX];
--                } else if (old_fr && !new_fr) {
--                    fpr[i + 1].w[FP_ENDIAN_IDX] = fpr[i].w[!FP_ENDIAN_IDX];
--                }
--            }
--
--            if (new_fr) {
--                env->CP0_Status |= (1 << CP0St_FR);
--                env->hflags |= MIPS_HFLAG_F64;
--            } else {
--                env->CP0_Status &= ~(1 << CP0St_FR);
--                env->hflags &= ~MIPS_HFLAG_F64;
--            }
--            if (new_fre) {
--                env->CP0_Config5 |= (1 << CP0C5_FRE);
--                if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
--                    env->hflags |= MIPS_HFLAG_FRE;
--                }
--            } else {
--                env->CP0_Config5 &= ~(1 << CP0C5_FRE);
--                env->hflags &= ~MIPS_HFLAG_FRE;
--            }
--
--            return 0;
--        }
--#endif /* MIPS */
--#ifdef TARGET_AARCH64
--        case TARGET_PR_SVE_SET_VL:
--            /*
--             * We cannot support either PR_SVE_SET_VL_ONEXEC or
--             * PR_SVE_VL_INHERIT.  Note the kernel definition
--             * of sve_vl_valid allows for VQ=512, i.e. VL=8192,
--             * even though the current architectural maximum is VQ=16.
--             */
--            ret = -TARGET_EINVAL;
--            if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
--                && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
--                CPUARMState *env = cpu_env;
--                ARMCPU *cpu = env_archcpu(env);
--                uint32_t vq, old_vq;
--
--                old_vq = (env->vfp.zcr_el[1] & 0xf) + 1;
--                vq = MAX(arg2 / 16, 1);
--                vq = MIN(vq, cpu->sve_max_vq);
--
--                if (vq < old_vq) {
--                    aarch64_sve_narrow_vq(env, vq);
--                }
--                env->vfp.zcr_el[1] = vq - 1;
--                arm_rebuild_hflags(env);
--                ret = vq * 16;
--            }
--            return ret;
--        case TARGET_PR_SVE_GET_VL:
--            ret = -TARGET_EINVAL;
--            {
--                ARMCPU *cpu = env_archcpu(cpu_env);
--                if (cpu_isar_feature(aa64_sve, cpu)) {
--                    ret = ((cpu->env.vfp.zcr_el[1] & 0xf) + 1) * 16;
--                }
--            }
--            return ret;
--        case TARGET_PR_PAC_RESET_KEYS:
--            {
--                CPUARMState *env = cpu_env;
--                ARMCPU *cpu = env_archcpu(env);
--
--                if (arg3 || arg4 || arg5) {
--                    return -TARGET_EINVAL;
--                }
--                if (cpu_isar_feature(aa64_pauth, cpu)) {
--                    int all = (TARGET_PR_PAC_APIAKEY | TARGET_PR_PAC_APIBKEY |
--                               TARGET_PR_PAC_APDAKEY | TARGET_PR_PAC_APDBKEY |
--                               TARGET_PR_PAC_APGAKEY);
--                    int ret = 0;
--                    Error *err = NULL;
--
--                    if (arg2 == 0) {
--                        arg2 = all;
--                    } else if (arg2 & ~all) {
--                        return -TARGET_EINVAL;
--                    }
--                    if (arg2 & TARGET_PR_PAC_APIAKEY) {
--                        ret |= qemu_guest_getrandom(&env->keys.apia,
--                                                    sizeof(ARMPACKey), &err);
--                    }
--                    if (arg2 & TARGET_PR_PAC_APIBKEY) {
--                        ret |= qemu_guest_getrandom(&env->keys.apib,
--                                                    sizeof(ARMPACKey), &err);
--                    }
--                    if (arg2 & TARGET_PR_PAC_APDAKEY) {
--                        ret |= qemu_guest_getrandom(&env->keys.apda,
--                                                    sizeof(ARMPACKey), &err);
--                    }
--                    if (arg2 & TARGET_PR_PAC_APDBKEY) {
--                        ret |= qemu_guest_getrandom(&env->keys.apdb,
--                                                    sizeof(ARMPACKey), &err);
--                    }
--                    if (arg2 & TARGET_PR_PAC_APGAKEY) {
--                        ret |= qemu_guest_getrandom(&env->keys.apga,
--                                                    sizeof(ARMPACKey), &err);
--                    }
--                    if (ret != 0) {
--                        /*
--                         * Some unknown failure in the crypto.  The best
--                         * we can do is log it and fail the syscall.
--                         * The real syscall cannot fail this way.
--                         */
--                        qemu_log_mask(LOG_UNIMP,
--                                      "PR_PAC_RESET_KEYS: Crypto failure: %s",
--                                      error_get_pretty(err));
--                        error_free(err);
--                        return -TARGET_EIO;
--                    }
--                    return 0;
--                }
--            }
--            return -TARGET_EINVAL;
--        case TARGET_PR_SET_TAGGED_ADDR_CTRL:
--            {
--                abi_ulong valid_mask = TARGET_PR_TAGGED_ADDR_ENABLE;
--                CPUARMState *env = cpu_env;
--                ARMCPU *cpu = env_archcpu(env);
--
--                if (cpu_isar_feature(aa64_mte, cpu)) {
--                    valid_mask |= TARGET_PR_MTE_TCF_MASK;
--                    valid_mask |= TARGET_PR_MTE_TAG_MASK;
--                }
--
--                if ((arg2 & ~valid_mask) || arg3 || arg4 || arg5) {
--                    return -TARGET_EINVAL;
--                }
--                env->tagged_addr_enable = arg2 & TARGET_PR_TAGGED_ADDR_ENABLE;
--
--                if (cpu_isar_feature(aa64_mte, cpu)) {
--                    switch (arg2 & TARGET_PR_MTE_TCF_MASK) {
--                    case TARGET_PR_MTE_TCF_NONE:
--                    case TARGET_PR_MTE_TCF_SYNC:
--                    case TARGET_PR_MTE_TCF_ASYNC:
--                        break;
--                    default:
--                        return -EINVAL;
--                    }
--
--                    /*
--                     * Write PR_MTE_TCF to SCTLR_EL1[TCF0].
--                     * Note that the syscall values are consistent with hw.
--                     */
--                    env->cp15.sctlr_el[1] =
--                        deposit64(env->cp15.sctlr_el[1], 38, 2,
--                                  arg2 >> TARGET_PR_MTE_TCF_SHIFT);
--
--                    /*
--                     * Write PR_MTE_TAG to GCR_EL1[Exclude].
--                     * Note that the syscall uses an include mask,
--                     * and hardware uses an exclude mask -- invert.
--                     */
--                    env->cp15.gcr_el1 =
--                        deposit64(env->cp15.gcr_el1, 0, 16,
--                                  ~arg2 >> TARGET_PR_MTE_TAG_SHIFT);
--                    arm_rebuild_hflags(env);
--                }
--                return 0;
--            }
--        case TARGET_PR_GET_TAGGED_ADDR_CTRL:
--            {
--                abi_long ret = 0;
--                CPUARMState *env = cpu_env;
--                ARMCPU *cpu = env_archcpu(env);
--
--                if (arg2 || arg3 || arg4 || arg5) {
--                    return -TARGET_EINVAL;
--                }
--                if (env->tagged_addr_enable) {
--                    ret |= TARGET_PR_TAGGED_ADDR_ENABLE;
--                }
--                if (cpu_isar_feature(aa64_mte, cpu)) {
--                    /* See above. */
--                    ret |= (extract64(env->cp15.sctlr_el[1], 38, 2)
--                            << TARGET_PR_MTE_TCF_SHIFT);
--                    ret = deposit64(ret, TARGET_PR_MTE_TAG_SHIFT, 16,
--                                    ~env->cp15.gcr_el1);
--                }
--                return ret;
--            }
--#endif /* AARCH64 */
--        case PR_GET_SECCOMP:
--        case PR_SET_SECCOMP:
--            /* Disable seccomp to prevent the target disabling syscalls we
--             * need. */
--            return -TARGET_EINVAL;
--        default:
--            /* Most prctl options have no pointer arguments */
--            return get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
--        }
-+        return do_prctl(cpu_env, arg1, arg2, arg3, arg4, arg5);
-         break;
- #ifdef TARGET_NR_arch_prctl
-     case TARGET_NR_arch_prctl:
---
-.25.1

-[PATCH v4 32/48] linux-user: Disable more prctl subcodes
+Deleted patch
-Create a list of subcodes that we want to pass on, a list of
-subcodes that should not be passed on because they would affect
-the running qemu itself, and a list that probably could be
-implemented but require extra work. Do not pass on unknown subcodes.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/syscall.c | 56 ++++++++++++++++++++++++++++++++++++++++----
-file changed, 52 insertions(+), 4 deletions(-)
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -XXX,XX +XXX,XX @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
- # define PR_MTE_TAG_SHIFT       3
- # define PR_MTE_TAG_MASK        (0xffffUL << PR_MTE_TAG_SHIFT)
- #endif
-+#ifndef PR_SET_IO_FLUSHER
-+# define PR_SET_IO_FLUSHER 57
-+# define PR_GET_IO_FLUSHER 58
-+#endif
-+#ifndef PR_SET_SYSCALL_USER_DISPATCH
-+# define PR_SET_SYSCALL_USER_DISPATCH 59
-+#endif
- #include "target_prctl.h"
-@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
-             return -TARGET_EINVAL;
-         }
-         return do_prctl_get_tagged_addr_ctrl(env);
-+
-+    case PR_GET_DUMPABLE:
-+    case PR_SET_DUMPABLE:
-+    case PR_GET_KEEPCAPS:
-+    case PR_SET_KEEPCAPS:
-+    case PR_GET_TIMING:
-+    case PR_SET_TIMING:
-+    case PR_GET_TIMERSLACK:
-+    case PR_SET_TIMERSLACK:
-+    case PR_MCE_KILL:
-+    case PR_MCE_KILL_GET:
-+    case PR_GET_NO_NEW_PRIVS:
-+    case PR_SET_NO_NEW_PRIVS:
-+    case PR_GET_IO_FLUSHER:
-+    case PR_SET_IO_FLUSHER:
-+        /* Some prctl options have no pointer arguments and we can pass on. */
-+        return get_errno(prctl(option, arg2, arg3, arg4, arg5));
-+
-+    case PR_GET_CHILD_SUBREAPER:
-+    case PR_SET_CHILD_SUBREAPER:
-+    case PR_GET_SPECULATION_CTRL:
-+    case PR_SET_SPECULATION_CTRL:
-+    case PR_GET_TID_ADDRESS:
-+        /* TODO */
-+        return -TARGET_EINVAL;
-+
-+    case PR_GET_FPEXC:
-+    case PR_SET_FPEXC:
-+        /* Was used for SPE on PowerPC. */
-+        return -TARGET_EINVAL;
-+
-+    case PR_GET_ENDIAN:
-+    case PR_SET_ENDIAN:
-+    case PR_GET_FPEMU:
-+    case PR_SET_FPEMU:
-+    case PR_SET_MM:
-     case PR_GET_SECCOMP:
-     case PR_SET_SECCOMP:
--        /* Disable seccomp to prevent the target disabling syscalls we need. */
--        return -TARGET_EINVAL;
-+    case PR_SET_SYSCALL_USER_DISPATCH:
-+    case PR_GET_THP_DISABLE:
-+    case PR_SET_THP_DISABLE:
-+    case PR_GET_TSC:
-+    case PR_SET_TSC:
-+    case PR_GET_UNALIGN:
-+    case PR_SET_UNALIGN:
-     default:
--        /* Most prctl options have no pointer arguments */
--        return get_errno(prctl(option, arg2, arg3, arg4, arg5));
-+        /* Disable to prevent the target disabling stuff we need. */
-+        return -TARGET_EINVAL;
-     }
- }
---
-.25.1

-[PATCH v4 33/48] Revert "cpu: Move cpu_common_props to hw/core/cpu.c"
+Deleted patch
-This reverts commit 1b36e4f5a5de585210ea95f2257839c2312be28f.
-Despite a comment saying why cpu_common_props cannot be placed in
-a file that is compiled once, it was moved anyway.  Revert that.
-Since then, Property is not defined in hw/core/cpu.h, so it is now
-easier to declare a function to install the properties rather than
-the Property array itself.
-Cc: Eduardo Habkost <ehabkost@redhat.com>
-Suggested-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/hw/core/cpu.h |  1 +
- cpu.c                 | 21 +++++++++++++++++++++
- hw/core/cpu-common.c  | 17 +----------------
-files changed, 23 insertions(+), 16 deletions(-)
-diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/core/cpu.h
-+++ b/include/hw/core/cpu.h
-@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
-     GCC_FMT_ATTR(2, 3);
- /* $(top_srcdir)/cpu.c */
-+void cpu_class_init_props(DeviceClass *dc);
- void cpu_exec_initfn(CPUState *cpu);
- void cpu_exec_realizefn(CPUState *cpu, Error **errp);
- void cpu_exec_unrealizefn(CPUState *cpu);
-diff --git a/cpu.c b/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/cpu.c
-+++ b/cpu.c
-@@ -XXX,XX +XXX,XX @@ void cpu_exec_unrealizefn(CPUState *cpu)
-     cpu_list_remove(cpu);
- }
-+static Property cpu_common_props[] = {
-+#ifndef CONFIG_USER_ONLY
-+    /*
-+     * Create a memory property for softmmu CPU object,
-+     * so users can wire up its memory. (This can't go in hw/core/cpu.c
-+     * because that file is compiled only once for both user-mode
-+     * and system builds.) The default if no link is set up is to use
-+     * the system address space.
-+     */
-+    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
-+                     MemoryRegion *),
-+#endif
-+    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
-+    DEFINE_PROP_END_OF_LIST(),
-+};
-+
-+void cpu_class_init_props(DeviceClass *dc)
-+{
-+    device_class_set_props(dc, cpu_common_props);
-+}
-+
- void cpu_exec_initfn(CPUState *cpu)
- {
-     cpu->as = NULL;
-diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/core/cpu-common.c
-+++ b/hw/core/cpu-common.c
-@@ -XXX,XX +XXX,XX @@ static int64_t cpu_common_get_arch_id(CPUState *cpu)
-     return cpu->cpu_index;
- }
--static Property cpu_common_props[] = {
--#ifndef CONFIG_USER_ONLY
--    /* Create a memory property for softmmu CPU object,
--     * so users can wire up its memory. (This can't go in hw/core/cpu.c
--     * because that file is compiled only once for both user-mode
--     * and system builds.) The default if no link is set up is to use
--     * the system address space.
--     */
--    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
--                     MemoryRegion *),
--#endif
--    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
--    DEFINE_PROP_END_OF_LIST(),
--};
--
- static void cpu_class_init(ObjectClass *klass, void *data)
- {
-     DeviceClass *dc = DEVICE_CLASS(klass);
-@@ -XXX,XX +XXX,XX @@ static void cpu_class_init(ObjectClass *klass, void *data)
-     dc->realize = cpu_common_realizefn;
-     dc->unrealize = cpu_common_unrealizefn;
-     dc->reset = cpu_common_reset;
--    device_class_set_props(dc, cpu_common_props);
-+    cpu_class_init_props(dc);
-     /*
-      * Reason: CPUs still need special care by board code: wiring up
-      * IRQs, adding reset handlers, halting non-first CPUs, ...
---
-.25.1

-[PATCH v4 34/48] linux-user: Add code for PR_GET/SET_UNALIGN
+Deleted patch
-This requires extra work for each target, but adds the
-common syscall code, and the necessary flag in CPUState.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- include/hw/core/cpu.h                     |  3 +++
- linux-user/generic/target_prctl_unalign.h | 27 +++++++++++++++++++++++
- cpu.c                                     | 20 ++++++++++++-----
- linux-user/syscall.c                      | 13 +++++++++--
-files changed, 56 insertions(+), 7 deletions(-)
- create mode 100644 linux-user/generic/target_prctl_unalign.h
-diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/hw/core/cpu.h
-+++ b/include/hw/core/cpu.h
-@@ -XXX,XX +XXX,XX @@ struct CPUState {
-     bool ignore_memory_transaction_failures;
-+    /* Used for user-only emulation of prctl(PR_SET_UNALIGN). */
-+    bool prctl_unalign_sigbus;
-+
-     struct hax_vcpu_state *hax_vcpu;
-     struct hvf_vcpu_state *hvf;
-diff --git a/linux-user/generic/target_prctl_unalign.h b/linux-user/generic/target_prctl_unalign.h
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/linux-user/generic/target_prctl_unalign.h
-@@ -XXX,XX +XXX,XX @@
-+/*
-+ * Generic prctl unalign functions for linux-user
-+ *
-+ * SPDX-License-Identifier: GPL-2.0-or-later
-+ */
-+#ifndef GENERIC_TARGET_PRCTL_UNALIGN_H
-+#define GENERIC_TARGET_PRCTL_UNALIGN_H
-+
-+static abi_long do_prctl_get_unalign(CPUArchState *env, target_long arg2)
-+{
-+    CPUState *cs = env_cpu(env);
-+    uint32_t res = PR_UNALIGN_NOPRINT;
-+    if (cs->prctl_unalign_sigbus) {
-+        res |= PR_UNALIGN_SIGBUS;
-+    }
-+    return put_user_u32(res, arg2);
-+}
-+#define do_prctl_get_unalign do_prctl_get_unalign
-+
-+static abi_long do_prctl_set_unalign(CPUArchState *env, target_long arg2)
-+{
-+    env_cpu(env)->prctl_unalign_sigbus = arg2 & PR_UNALIGN_SIGBUS;
-+    return 0;
-+}
-+#define do_prctl_set_unalign do_prctl_set_unalign
-+
-+#endif /* GENERIC_TARGET_PRCTL_UNALIGN_H */
-diff --git a/cpu.c b/cpu.c
-index XXXXXXX..XXXXXXX 100644
---- a/cpu.c
-+++ b/cpu.c
-@@ -XXX,XX +XXX,XX @@ void cpu_exec_unrealizefn(CPUState *cpu)
-     cpu_list_remove(cpu);
- }
-+/*
-+ * This can't go in hw/core/cpu.c because that file is compiled only
-+ * once for both user-mode and system builds.
-+ */
- static Property cpu_common_props[] = {
--#ifndef CONFIG_USER_ONLY
-+#ifdef CONFIG_USER_ONLY
-     /*
--     * Create a memory property for softmmu CPU object,
--     * so users can wire up its memory. (This can't go in hw/core/cpu.c
--     * because that file is compiled only once for both user-mode
--     * and system builds.) The default if no link is set up is to use
-+     * Create a property for the user-only object, so users can
-+     * adjust prctl(PR_SET_UNALIGN) from the command-line.
-+     * Has no effect if the target does not support the feature.
-+     */
-+    DEFINE_PROP_BOOL("prctl-unalign-sigbus", CPUState,
-+                     prctl_unalign_sigbus, false),
-+#else
-+    /*
-+     * Create a memory property for softmmu CPU object, so users can
-+     * wire up its memory.  The default if no link is set up is to use
-      * the system address space.
-      */
-     DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
-diff --git a/linux-user/syscall.c b/linux-user/syscall.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/syscall.c
-+++ b/linux-user/syscall.c
-@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl_inval1(CPUArchState *env, abi_long arg2)
- #ifndef do_prctl_get_tagged_addr_ctrl
- #define do_prctl_get_tagged_addr_ctrl do_prctl_inval0
- #endif
-+#ifndef do_prctl_get_unalign
-+#define do_prctl_get_unalign do_prctl_inval1
-+#endif
-+#ifndef do_prctl_set_unalign
-+#define do_prctl_set_unalign do_prctl_inval1
-+#endif
- static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
-                          abi_long arg3, abi_long arg4, abi_long arg5)
-@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
-         }
-         return do_prctl_get_tagged_addr_ctrl(env);
-+    case PR_GET_UNALIGN:
-+        return do_prctl_get_unalign(env, arg2);
-+    case PR_SET_UNALIGN:
-+        return do_prctl_set_unalign(env, arg2);
-+
-     case PR_GET_DUMPABLE:
-     case PR_SET_DUMPABLE:
-     case PR_GET_KEEPCAPS:
-@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
-     case PR_SET_THP_DISABLE:
-     case PR_GET_TSC:
-     case PR_SET_TSC:
--    case PR_GET_UNALIGN:
--    case PR_SET_UNALIGN:
-     default:
-         /* Disable to prevent the target disabling stuff we need. */
-         return -TARGET_EINVAL;
---
-.25.1

-[PATCH v4 35/48] target/alpha: Reorg fp memory operations
+Deleted patch
-Pass in the context to each mini-helper, instead of an
-incorrectly named "flags".  Separate gen_load_fp and
-gen_store_fp, away from the integer helpers.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 83 +++++++++++++++++++++++++++-------------
-file changed, 57 insertions(+), 26 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline DisasJumpType gen_invalid(DisasContext *ctx)
-     return gen_excp(ctx, EXCP_OPCDEC, 0);
- }
--static inline void gen_qemu_ldf(TCGv t0, TCGv t1, int flags)
-+static void gen_ldf(DisasContext *ctx, TCGv dest, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
--    tcg_gen_qemu_ld_i32(tmp32, t1, flags, MO_LEUL);
--    gen_helper_memory_to_f(t0, tmp32);
-+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-+    gen_helper_memory_to_f(dest, tmp32);
-     tcg_temp_free_i32(tmp32);
- }
--static inline void gen_qemu_ldg(TCGv t0, TCGv t1, int flags)
-+static void gen_ldg(DisasContext *ctx, TCGv dest, TCGv addr)
- {
-     TCGv tmp = tcg_temp_new();
--    tcg_gen_qemu_ld_i64(tmp, t1, flags, MO_LEQ);
--    gen_helper_memory_to_g(t0, tmp);
-+    tcg_gen_qemu_ld_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
-+    gen_helper_memory_to_g(dest, tmp);
-     tcg_temp_free(tmp);
- }
--static inline void gen_qemu_lds(TCGv t0, TCGv t1, int flags)
-+static void gen_lds(DisasContext *ctx, TCGv dest, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
--    tcg_gen_qemu_ld_i32(tmp32, t1, flags, MO_LEUL);
--    gen_helper_memory_to_s(t0, tmp32);
-+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-+    gen_helper_memory_to_s(dest, tmp32);
-     tcg_temp_free_i32(tmp32);
- }
-+static void gen_ldt(DisasContext *ctx, TCGv dest, TCGv addr)
-+{
-+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, MO_LEQ);
-+}
-+
-+static void gen_load_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
-+                        void (*func)(DisasContext *, TCGv, TCGv))
-+{
-+    /* Loads to $f31 are prefetches, which we can treat as nops. */
-+    if (likely(ra != 31)) {
-+        TCGv addr = tcg_temp_new();
-+        tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
-+        func(ctx, cpu_fir[ra], addr);
-+        tcg_temp_free(addr);
-+    }
-+}
-+
- static inline void gen_qemu_ldl_l(TCGv t0, TCGv t1, int flags)
- {
-     tcg_gen_qemu_ld_i64(t0, t1, flags, MO_LESL);
-@@ -XXX,XX +XXX,XX @@ static inline void gen_load_mem(DisasContext *ctx,
-     tcg_temp_free(tmp);
- }
--static inline void gen_qemu_stf(TCGv t0, TCGv t1, int flags)
-+static void gen_stf(DisasContext *ctx, TCGv src, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
--    gen_helper_f_to_memory(tmp32, t0);
--    tcg_gen_qemu_st_i32(tmp32, t1, flags, MO_LEUL);
-+    gen_helper_f_to_memory(tmp32, addr);
-+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-     tcg_temp_free_i32(tmp32);
- }
--static inline void gen_qemu_stg(TCGv t0, TCGv t1, int flags)
-+static void gen_stg(DisasContext *ctx, TCGv src, TCGv addr)
- {
-     TCGv tmp = tcg_temp_new();
--    gen_helper_g_to_memory(tmp, t0);
--    tcg_gen_qemu_st_i64(tmp, t1, flags, MO_LEQ);
-+    gen_helper_g_to_memory(tmp, src);
-+    tcg_gen_qemu_st_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
-     tcg_temp_free(tmp);
- }
--static inline void gen_qemu_sts(TCGv t0, TCGv t1, int flags)
-+static void gen_sts(DisasContext *ctx, TCGv src, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
--    gen_helper_s_to_memory(tmp32, t0);
--    tcg_gen_qemu_st_i32(tmp32, t1, flags, MO_LEUL);
-+    gen_helper_s_to_memory(tmp32, src);
-+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-     tcg_temp_free_i32(tmp32);
- }
-+static void gen_stt(DisasContext *ctx, TCGv src, TCGv addr)
-+{
-+    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, MO_LEQ);
-+}
-+
-+static void gen_store_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
-+                         void (*func)(DisasContext *, TCGv, TCGv))
-+{
-+    TCGv addr = tcg_temp_new();
-+    tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
-+    func(ctx, load_fpr(ctx, ra), addr);
-+    tcg_temp_free(addr);
-+}
-+
- static inline void gen_store_mem(DisasContext *ctx,
-                                  void (*tcg_gen_qemu_store)(TCGv t0, TCGv t1,
-                                                             int flags),
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
-     case 0x20:
-         /* LDF */
-         REQUIRE_FEN;
--        gen_load_mem(ctx, &gen_qemu_ldf, ra, rb, disp16, 1, 0);
-+        gen_load_fp(ctx, ra, rb, disp16, gen_ldf);
-         break;
-     case 0x21:
-         /* LDG */
-         REQUIRE_FEN;
--        gen_load_mem(ctx, &gen_qemu_ldg, ra, rb, disp16, 1, 0);
-+        gen_load_fp(ctx, ra, rb, disp16, gen_ldg);
-         break;
-     case 0x22:
-         /* LDS */
-         REQUIRE_FEN;
--        gen_load_mem(ctx, &gen_qemu_lds, ra, rb, disp16, 1, 0);
-+        gen_load_fp(ctx, ra, rb, disp16, gen_lds);
-         break;
-     case 0x23:
-         /* LDT */
-         REQUIRE_FEN;
--        gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 1, 0);
-+        gen_load_fp(ctx, ra, rb, disp16, gen_ldt);
-         break;
-     case 0x24:
-         /* STF */
-         REQUIRE_FEN;
--        gen_store_mem(ctx, &gen_qemu_stf, ra, rb, disp16, 1, 0);
-+        gen_store_fp(ctx, ra, rb, disp16, gen_stf);
-         break;
-     case 0x25:
-         /* STG */
-         REQUIRE_FEN;
--        gen_store_mem(ctx, &gen_qemu_stg, ra, rb, disp16, 1, 0);
-+        gen_store_fp(ctx, ra, rb, disp16, gen_stg);
-         break;
-     case 0x26:
-         /* STS */
-         REQUIRE_FEN;
--        gen_store_mem(ctx, &gen_qemu_sts, ra, rb, disp16, 1, 0);
-+        gen_store_fp(ctx, ra, rb, disp16, gen_sts);
-         break;
-     case 0x27:
-         /* STT */
-         REQUIRE_FEN;
--        gen_store_mem(ctx, &tcg_gen_qemu_st64, ra, rb, disp16, 1, 0);
-+        gen_store_fp(ctx, ra, rb, disp16, gen_stt);
-         break;
-     case 0x28:
-         /* LDL */
---
-.25.1

-[PATCH v4 36/48] target/alpha: Reorg integer memory operations
+Deleted patch
-Pass in the MemOp instead of a callback.
-Drop the fp argument; add a locked argument.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- target/alpha/translate.c | 104 +++++++++++++++------------------------
-file changed, 40 insertions(+), 64 deletions(-)
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ static void gen_load_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
-     }
- }
--static inline void gen_qemu_ldl_l(TCGv t0, TCGv t1, int flags)
-+static void gen_load_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
-+                         MemOp op, bool clear, bool locked)
- {
--    tcg_gen_qemu_ld_i64(t0, t1, flags, MO_LESL);
--    tcg_gen_mov_i64(cpu_lock_addr, t1);
--    tcg_gen_mov_i64(cpu_lock_value, t0);
--}
--
--static inline void gen_qemu_ldq_l(TCGv t0, TCGv t1, int flags)
--{
--    tcg_gen_qemu_ld_i64(t0, t1, flags, MO_LEQ);
--    tcg_gen_mov_i64(cpu_lock_addr, t1);
--    tcg_gen_mov_i64(cpu_lock_value, t0);
--}
--
--static inline void gen_load_mem(DisasContext *ctx,
--                                void (*tcg_gen_qemu_load)(TCGv t0, TCGv t1,
--                                                          int flags),
--                                int ra, int rb, int32_t disp16, bool fp,
--                                bool clear)
--{
--    TCGv tmp, addr, va;
-+    TCGv addr, dest;
-     /* LDQ_U with ra $31 is UNOP.  Other various loads are forms of
-        prefetches, which we can treat as nops.  No worries about
-@@ -XXX,XX +XXX,XX @@ static inline void gen_load_mem(DisasContext *ctx,
-         return;
-     }
--    tmp = tcg_temp_new();
--    addr = load_gpr(ctx, rb);
--
--    if (disp16) {
--        tcg_gen_addi_i64(tmp, addr, disp16);
--        addr = tmp;
--    }
-+    addr = tcg_temp_new();
-+    tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
-     if (clear) {
--        tcg_gen_andi_i64(tmp, addr, ~0x7);
--        addr = tmp;
-+        tcg_gen_andi_i64(addr, addr, ~0x7);
-     }
--    va = (fp ? cpu_fir[ra] : ctx->ir[ra]);
--    tcg_gen_qemu_load(va, addr, ctx->mem_idx);
-+    dest = ctx->ir[ra];
-+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, op);
--    tcg_temp_free(tmp);
-+    if (locked) {
-+        tcg_gen_mov_i64(cpu_lock_addr, addr);
-+        tcg_gen_mov_i64(cpu_lock_value, dest);
-+    }
-+    tcg_temp_free(addr);
- }
- static void gen_stf(DisasContext *ctx, TCGv src, TCGv addr)
-@@ -XXX,XX +XXX,XX @@ static void gen_store_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
-     tcg_temp_free(addr);
- }
--static inline void gen_store_mem(DisasContext *ctx,
--                                 void (*tcg_gen_qemu_store)(TCGv t0, TCGv t1,
--                                                            int flags),
--                                 int ra, int rb, int32_t disp16, bool fp,
--                                 bool clear)
-+static void gen_store_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
-+                          MemOp op, bool clear)
- {
--    TCGv tmp, addr, va;
-+    TCGv addr, src;
--    tmp = tcg_temp_new();
--    addr = load_gpr(ctx, rb);
--
--    if (disp16) {
--        tcg_gen_addi_i64(tmp, addr, disp16);
--        addr = tmp;
--    }
-+    addr = tcg_temp_new();
-+    tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
-     if (clear) {
--        tcg_gen_andi_i64(tmp, addr, ~0x7);
--        addr = tmp;
-+        tcg_gen_andi_i64(addr, addr, ~0x7);
-     }
--    va = (fp ? load_fpr(ctx, ra) : load_gpr(ctx, ra));
--    tcg_gen_qemu_store(va, addr, ctx->mem_idx);
-+    src = load_gpr(ctx, ra);
-+    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, op);
--    tcg_temp_free(tmp);
-+    tcg_temp_free(addr);
- }
- static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
-     case 0x0A:
-         /* LDBU */
-         REQUIRE_AMASK(BWX);
--        gen_load_mem(ctx, &tcg_gen_qemu_ld8u, ra, rb, disp16, 0, 0);
-+        gen_load_int(ctx, ra, rb, disp16, MO_UB, 0, 0);
-         break;
-     case 0x0B:
-         /* LDQ_U */
--        gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 0, 1);
-+        gen_load_int(ctx, ra, rb, disp16, MO_LEQ, 1, 0);
-         break;
-     case 0x0C:
-         /* LDWU */
-         REQUIRE_AMASK(BWX);
--        gen_load_mem(ctx, &tcg_gen_qemu_ld16u, ra, rb, disp16, 0, 0);
-+        gen_load_int(ctx, ra, rb, disp16, MO_LEUW, 0, 0);
-         break;
-     case 0x0D:
-         /* STW */
-         REQUIRE_AMASK(BWX);
--        gen_store_mem(ctx, &tcg_gen_qemu_st16, ra, rb, disp16, 0, 0);
-+        gen_store_int(ctx, ra, rb, disp16, MO_LEUW, 0);
-         break;
-     case 0x0E:
-         /* STB */
-         REQUIRE_AMASK(BWX);
--        gen_store_mem(ctx, &tcg_gen_qemu_st8, ra, rb, disp16, 0, 0);
-+        gen_store_int(ctx, ra, rb, disp16, MO_UB, 0);
-         break;
-     case 0x0F:
-         /* STQ_U */
--        gen_store_mem(ctx, &tcg_gen_qemu_st64, ra, rb, disp16, 0, 1);
-+        gen_store_int(ctx, ra, rb, disp16, MO_LEQ, 1);
-         break;
-     case 0x10:
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
-                 break;
-             case 0x2:
-                 /* Longword physical access with lock (hw_ldl_l/p) */
--                gen_qemu_ldl_l(va, addr, MMU_PHYS_IDX);
-+                tcg_gen_qemu_ld_i64(va, addr, MMU_PHYS_IDX, MO_LESL);
-+                tcg_gen_mov_i64(cpu_lock_addr, addr);
-+                tcg_gen_mov_i64(cpu_lock_value, va);
-                 break;
-             case 0x3:
-                 /* Quadword physical access with lock (hw_ldq_l/p) */
--                gen_qemu_ldq_l(va, addr, MMU_PHYS_IDX);
-+                tcg_gen_qemu_ld_i64(va, addr, MMU_PHYS_IDX, MO_LEQ);
-+                tcg_gen_mov_i64(cpu_lock_addr, addr);
-+                tcg_gen_mov_i64(cpu_lock_value, va);
-                 break;
-             case 0x4:
-                 /* Longword virtual PTE fetch (hw_ldl/v) */
-@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
-         break;
-     case 0x28:
-         /* LDL */
--        gen_load_mem(ctx, &tcg_gen_qemu_ld32s, ra, rb, disp16, 0, 0);
-+        gen_load_int(ctx, ra, rb, disp16, MO_LESL, 0, 0);
-         break;
-     case 0x29:
-         /* LDQ */
--        gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 0, 0);
-+        gen_load_int(ctx, ra, rb, disp16, MO_LEQ, 0, 0);
-         break;
-     case 0x2A:
-         /* LDL_L */
--        gen_load_mem(ctx, &gen_qemu_ldl_l, ra, rb, disp16, 0, 0);
-+        gen_load_int(ctx, ra, rb, disp16, MO_LESL, 0, 1);
-         break;
-     case 0x2B:
-         /* LDQ_L */
--        gen_load_mem(ctx, &gen_qemu_ldq_l, ra, rb, disp16, 0, 0);
-+        gen_load_int(ctx, ra, rb, disp16, MO_LEQ, 0, 1);
-         break;
-     case 0x2C:
-         /* STL */
--        gen_store_mem(ctx, &tcg_gen_qemu_st32, ra, rb, disp16, 0, 0);
-+        gen_store_int(ctx, ra, rb, disp16, MO_LEUL, 0);
-         break;
-     case 0x2D:
-         /* STQ */
--        gen_store_mem(ctx, &tcg_gen_qemu_st64, ra, rb, disp16, 0, 0);
-+        gen_store_int(ctx, ra, rb, disp16, MO_LEQ, 0);
-         break;
-     case 0x2E:
-         /* STL_C */
---
-.25.1

-[PATCH v4 37/48] target/alpha: Implement prctl_unalign_sigbus
+Deleted patch
-Leave TARGET_ALIGNED_ONLY set, but use the new CPUState
-flag to set MO_UNALN for the instructions that the kernel
-handles in the unaligned trap.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/alpha/target_prctl.h |  2 +-
- target/alpha/cpu.h              |  5 +++++
- target/alpha/translate.c        | 31 ++++++++++++++++++++++---------
-files changed, 28 insertions(+), 10 deletions(-)
-diff --git a/linux-user/alpha/target_prctl.h b/linux-user/alpha/target_prctl.h
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/alpha/target_prctl.h
-+++ b/linux-user/alpha/target_prctl.h
-@@ -1 +1 @@
--/* No special prctl support required. */
-+#include "../generic/target_prctl_unalign.h"
-diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/cpu.h
-+++ b/target/alpha/cpu.h
-@@ -XXX,XX +XXX,XX @@ enum {
- #define ENV_FLAG_TB_MASK \
-     (ENV_FLAG_PAL_MODE | ENV_FLAG_PS_USER | ENV_FLAG_FEN)
-+#define TB_FLAG_UNALIGN       (1u << 1)
-+
- static inline int cpu_mmu_index(CPUAlphaState *env, bool ifetch)
- {
-     int ret = env->flags & ENV_FLAG_PS_USER ? MMU_USER_IDX : MMU_KERNEL_IDX;
-@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUAlphaState *env, target_ulong *pc,
-     *pc = env->pc;
-     *cs_base = 0;
-     *pflags = env->flags & ENV_FLAG_TB_MASK;
-+#ifdef CONFIG_USER_ONLY
-+    *pflags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
-+#endif
- }
- #ifdef CONFIG_USER_ONLY
-diff --git a/target/alpha/translate.c b/target/alpha/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/alpha/translate.c
-+++ b/target/alpha/translate.c
-@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext DisasContext;
- struct DisasContext {
-     DisasContextBase base;
--#ifndef CONFIG_USER_ONLY
-+#ifdef CONFIG_USER_ONLY
-+    MemOp unalign;
-+#else
-     uint64_t palbr;
- #endif
-     uint32_t tbflags;
-@@ -XXX,XX +XXX,XX @@ struct DisasContext {
-     TCGv sink;
- };
-+#ifdef CONFIG_USER_ONLY
-+#define UNALIGN(C)  (C)->unalign
-+#else
-+#define UNALIGN(C)  0
-+#endif
-+
- /* Target-specific return values from translate_one, indicating the
-    state of the TB.  Note that DISAS_NEXT indicates that we are not
-    exiting the TB.  */
-@@ -XXX,XX +XXX,XX @@ static inline DisasJumpType gen_invalid(DisasContext *ctx)
- static void gen_ldf(DisasContext *ctx, TCGv dest, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
--    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
-     gen_helper_memory_to_f(dest, tmp32);
-     tcg_temp_free_i32(tmp32);
- }
-@@ -XXX,XX +XXX,XX @@ static void gen_ldf(DisasContext *ctx, TCGv dest, TCGv addr)
- static void gen_ldg(DisasContext *ctx, TCGv dest, TCGv addr)
- {
-     TCGv tmp = tcg_temp_new();
--    tcg_gen_qemu_ld_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
-+    tcg_gen_qemu_ld_i64(tmp, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
-     gen_helper_memory_to_g(dest, tmp);
-     tcg_temp_free(tmp);
- }
-@@ -XXX,XX +XXX,XX @@ static void gen_ldg(DisasContext *ctx, TCGv dest, TCGv addr)
- static void gen_lds(DisasContext *ctx, TCGv dest, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
--    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
-     gen_helper_memory_to_s(dest, tmp32);
-     tcg_temp_free_i32(tmp32);
- }
- static void gen_ldt(DisasContext *ctx, TCGv dest, TCGv addr)
- {
--    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, MO_LEQ);
-+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
- }
- static void gen_load_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
-@@ -XXX,XX +XXX,XX @@ static void gen_load_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
-     tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
-     if (clear) {
-         tcg_gen_andi_i64(addr, addr, ~0x7);
-+    } else if (!locked) {
-+        op |= UNALIGN(ctx);
-     }
-     dest = ctx->ir[ra];
-@@ -XXX,XX +XXX,XX @@ static void gen_stf(DisasContext *ctx, TCGv src, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
-     gen_helper_f_to_memory(tmp32, addr);
--    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
-     tcg_temp_free_i32(tmp32);
- }
-@@ -XXX,XX +XXX,XX @@ static void gen_stg(DisasContext *ctx, TCGv src, TCGv addr)
- {
-     TCGv tmp = tcg_temp_new();
-     gen_helper_g_to_memory(tmp, src);
--    tcg_gen_qemu_st_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
-+    tcg_gen_qemu_st_i64(tmp, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
-     tcg_temp_free(tmp);
- }
-@@ -XXX,XX +XXX,XX @@ static void gen_sts(DisasContext *ctx, TCGv src, TCGv addr)
- {
-     TCGv_i32 tmp32 = tcg_temp_new_i32();
-     gen_helper_s_to_memory(tmp32, src);
--    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
-+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
-     tcg_temp_free_i32(tmp32);
- }
- static void gen_stt(DisasContext *ctx, TCGv src, TCGv addr)
- {
--    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, MO_LEQ);
-+    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
- }
- static void gen_store_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
-@@ -XXX,XX +XXX,XX @@ static void gen_store_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
-     tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
-     if (clear) {
-         tcg_gen_andi_i64(addr, addr, ~0x7);
-+    } else {
-+        op |= UNALIGN(ctx);
-     }
-     src = load_gpr(ctx, ra);
-@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
- #ifdef CONFIG_USER_ONLY
-     ctx->ir = cpu_std_ir;
-+    ctx->unalign = (ctx->tbflags & TB_FLAG_UNALIGN ? MO_UNALN : MO_ALIGN);
- #else
-     ctx->palbr = env->palbr;
-     ctx->ir = (ctx->tbflags & ENV_FLAG_PAL_MODE ? cpu_pal_ir : cpu_std_ir);
---
-.25.1

-[PATCH v4 38/48] target/hppa: Implement prctl_unalign_sigbus
+Deleted patch
-Leave TARGET_ALIGNED_ONLY set, but use the new CPUState
-flag to set MO_UNALN for the instructions that the kernel
-handles in the unaligned trap.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/hppa/target_prctl.h |  2 +-
- target/hppa/cpu.h              |  5 ++++-
- target/hppa/translate.c        | 19 +++++++++++++++----
-files changed, 20 insertions(+), 6 deletions(-)
-diff --git a/linux-user/hppa/target_prctl.h b/linux-user/hppa/target_prctl.h
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/hppa/target_prctl.h
-+++ b/linux-user/hppa/target_prctl.h
-@@ -1 +1 @@
--/* No special prctl support required. */
-+#include "../generic/target_prctl_unalign.h"
-diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/hppa/cpu.h
-+++ b/target/hppa/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline target_ulong hppa_form_gva(CPUHPPAState *env, uint64_t spc,
-     return hppa_form_gva_psw(env->psw, spc, off);
- }
--/* Since PSW_{I,CB} will never need to be in tb->flags, reuse them.
-+/*
-+ * Since PSW_{I,CB} will never need to be in tb->flags, reuse them.
-  * TB_FLAG_SR_SAME indicates that SR4 through SR7 all contain the
-  * same value.
-  */
- #define TB_FLAG_SR_SAME     PSW_I
- #define TB_FLAG_PRIV_SHIFT  8
-+#define TB_FLAG_UNALIGN     0x400
- static inline void cpu_get_tb_cpu_state(CPUHPPAState *env, target_ulong *pc,
-                                         target_ulong *cs_base,
-@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUHPPAState *env, target_ulong *pc,
- #ifdef CONFIG_USER_ONLY
-     *pc = env->iaoq_f & -4;
-     *cs_base = env->iaoq_b & -4;
-+    flags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
- #else
-     /* ??? E, T, H, L, B, P bits need to be here, when implemented.  */
-     flags |= env->psw & (PSW_W | PSW_C | PSW_D);
-diff --git a/target/hppa/translate.c b/target/hppa/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/hppa/translate.c
-+++ b/target/hppa/translate.c
-@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
-     int mmu_idx;
-     int privilege;
-     bool psw_n_nonzero;
-+
-+#ifdef CONFIG_USER_ONLY
-+    MemOp unalign;
-+#endif
- } DisasContext;
-+#ifdef CONFIG_USER_ONLY
-+#define UNALIGN(C)  (C)->unalign
-+#else
-+#define UNALIGN(C)  0
-+#endif
-+
- /* Note that ssm/rsm instructions number PSW_W and PSW_E differently.  */
- static int expand_sm_imm(DisasContext *ctx, int val)
- {
-@@ -XXX,XX +XXX,XX @@ static void do_load_32(DisasContext *ctx, TCGv_i32 dest, unsigned rb,
-     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
-              ctx->mmu_idx == MMU_PHYS_IDX);
--    tcg_gen_qemu_ld_reg(dest, addr, ctx->mmu_idx, mop);
-+    tcg_gen_qemu_ld_reg(dest, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
-     if (modify) {
-         save_gpr(ctx, rb, ofs);
-     }
-@@ -XXX,XX +XXX,XX @@ static void do_load_64(DisasContext *ctx, TCGv_i64 dest, unsigned rb,
-     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
-              ctx->mmu_idx == MMU_PHYS_IDX);
--    tcg_gen_qemu_ld_i64(dest, addr, ctx->mmu_idx, mop);
-+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
-     if (modify) {
-         save_gpr(ctx, rb, ofs);
-     }
-@@ -XXX,XX +XXX,XX @@ static void do_store_32(DisasContext *ctx, TCGv_i32 src, unsigned rb,
-     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
-              ctx->mmu_idx == MMU_PHYS_IDX);
--    tcg_gen_qemu_st_i32(src, addr, ctx->mmu_idx, mop);
-+    tcg_gen_qemu_st_i32(src, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
-     if (modify) {
-         save_gpr(ctx, rb, ofs);
-     }
-@@ -XXX,XX +XXX,XX @@ static void do_store_64(DisasContext *ctx, TCGv_i64 src, unsigned rb,
-     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
-              ctx->mmu_idx == MMU_PHYS_IDX);
--    tcg_gen_qemu_st_i64(src, addr, ctx->mmu_idx, mop);
-+    tcg_gen_qemu_st_i64(src, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
-     if (modify) {
-         save_gpr(ctx, rb, ofs);
-     }
-@@ -XXX,XX +XXX,XX @@ static void hppa_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
-     ctx->mmu_idx = MMU_USER_IDX;
-     ctx->iaoq_f = ctx->base.pc_first | MMU_USER_IDX;
-     ctx->iaoq_b = ctx->base.tb->cs_base | MMU_USER_IDX;
-+    ctx->unalign = (ctx->tb_flags & TB_FLAG_UNALIGN ? MO_UNALN : MO_ALIGN);
- #else
-     ctx->privilege = (ctx->tb_flags >> TB_FLAG_PRIV_SHIFT) & 3;
-     ctx->mmu_idx = (ctx->tb_flags & PSW_D ? ctx->privilege : MMU_PHYS_IDX);
---
-.25.1

-[PATCH v4 39/48] target/sh4: Implement prctl_unalign_sigbus
+Deleted patch
-Leave TARGET_ALIGNED_ONLY set, but use the new CPUState
-flag to set MO_UNALN for the instructions that the kernel
-handles in the unaligned trap.
-The Linux kernel does not handle all memory operations: no
-floating-point and no MAC.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/sh4/target_prctl.h |  2 +-
- target/sh4/cpu.h              |  4 +++
- target/sh4/translate.c        | 50 ++++++++++++++++++++++++-----------
-files changed, 39 insertions(+), 17 deletions(-)
-diff --git a/linux-user/sh4/target_prctl.h b/linux-user/sh4/target_prctl.h
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/sh4/target_prctl.h
-+++ b/linux-user/sh4/target_prctl.h
-@@ -1 +1 @@
--/* No special prctl support required. */
-+#include "../generic/target_prctl_unalign.h"
-diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/cpu.h
-+++ b/target/sh4/cpu.h
-@@ -XXX,XX +XXX,XX @@
- #define DELAY_SLOT_RTE         (1 << 2)
- #define TB_FLAG_PENDING_MOVCA  (1 << 3)
-+#define TB_FLAG_UNALIGN        (1 << 4)
- #define GUSA_SHIFT             4
- #ifdef CONFIG_USER_ONLY
-@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
-             | (env->sr & ((1u << SR_MD) | (1u << SR_RB)))      /* Bits 29-30 */
-             | (env->sr & (1u << SR_FD))                        /* Bit 15 */
-             | (env->movcal_backup ? TB_FLAG_PENDING_MOVCA : 0); /* Bit 3 */
-+#ifdef CONFIG_USER_ONLY
-+    *flags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
-+#endif
- }
- #endif /* SH4_CPU_H */
-diff --git a/target/sh4/translate.c b/target/sh4/translate.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sh4/translate.c
-+++ b/target/sh4/translate.c
-@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
- #if defined(CONFIG_USER_ONLY)
- #define IS_USER(ctx) 1
-+#define UNALIGN(C)   (ctx->tbflags & TB_FLAG_UNALIGN ? MO_UNALN : 0)
- #else
- #define IS_USER(ctx) (!(ctx->tbflags & (1u << SR_MD)))
-+#define UNALIGN(C)   0
- #endif
- /* Target-specific values for ctx->base.is_jmp.  */
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_addi_i32(addr, REG(B11_8), B3_0 * 4);
--            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
-+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
-+                                MO_TEUL | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 4);
--            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
-+            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
-+                                MO_TESL | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_UB);
-     return;
-     case 0x2001:        /* mov.w Rm,@Rn */
--        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUW);
-+        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
-+                            MO_TEUW | UNALIGN(ctx));
-     return;
-     case 0x2002:        /* mov.l Rm,@Rn */
--        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
-+        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
-+                            MO_TEUL | UNALIGN(ctx));
-     return;
-     case 0x6000:        /* mov.b @Rm,Rn */
-         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
-     return;
-     case 0x6001:        /* mov.w @Rm,Rn */
--        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
-+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
-+                            MO_TESW | UNALIGN(ctx));
-     return;
-     case 0x6002:        /* mov.l @Rm,Rn */
--        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
-+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
-+                            MO_TESL | UNALIGN(ctx));
-     return;
-     case 0x2004:        /* mov.b Rm,@-Rn */
-     {
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_subi_i32(addr, REG(B11_8), 2);
--            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
-+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
-+                                MO_TEUW | UNALIGN(ctx));
-         tcg_gen_mov_i32(REG(B11_8), addr);
-         tcg_temp_free(addr);
-     }
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_subi_i32(addr, REG(B11_8), 4);
--            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
-+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
-+                                MO_TEUL | UNALIGN(ctx));
-         tcg_gen_mov_i32(REG(B11_8), addr);
-         tcg_temp_free(addr);
-     }
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-         tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 1);
-     return;
-     case 0x6005:        /* mov.w @Rm+,Rn */
--        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
-+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
-+                            MO_TESW | UNALIGN(ctx));
-     if ( B11_8 != B7_4 )
-         tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
-     return;
-     case 0x6006:        /* mov.l @Rm+,Rn */
--        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
-+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
-+                            MO_TESL | UNALIGN(ctx));
-     if ( B11_8 != B7_4 )
-         tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_add_i32(addr, REG(B11_8), REG(0));
--            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
-+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
-+                                MO_TEUW | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_add_i32(addr, REG(B11_8), REG(0));
--            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
-+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
-+                                MO_TEUL | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_add_i32(addr, REG(B7_4), REG(0));
--            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
-+            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
-+                                MO_TESW | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_add_i32(addr, REG(B7_4), REG(0));
--            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
-+            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
-+                                MO_TESL | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
--            tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
-+            tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx,
-+                                MO_TEUW | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
-@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
-     {
-         TCGv addr = tcg_temp_new();
-         tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
--            tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
-+            tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx,
-+                                MO_TESW | UNALIGN(ctx));
-         tcg_temp_free(addr);
-     }
-     return;
---
-.25.1

-[PATCH v4 40/48] linux-user/signal: Handle BUS_ADRALN in host_signal_handler
+Deleted patch
-Handle BUS_ADRALN via cpu_loop_exit_sigbus, but allow other SIGBUS
-si_codes to continue into the host-to-guest signal coversion code.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- linux-user/signal.c | 3 +++
-file changed, 3 insertions(+)
-diff --git a/linux-user/signal.c b/linux-user/signal.c
-index XXXXXXX..XXXXXXX 100644
---- a/linux-user/signal.c
-+++ b/linux-user/signal.c
-@@ -XXX,XX +XXX,XX @@ static void host_signal_handler(int host_sig, siginfo_t *info, void *puc)
-             cpu_loop_exit_sigsegv(cpu, guest_addr, access_type, maperr, pc);
-         } else {
-             sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
-+            if (info->si_code == BUS_ADRALN) {
-+                cpu_loop_exit_sigbus(cpu, guest_addr, access_type, pc);
-+            }
-         }
-         sync_sig = true;
---
-.25.1

-[PATCH v4 41/48] tcg: Canonicalize alignment flags in MemOp
+Deleted patch
-Having observed e.g. al8+leq in dumps, canonicalize to al+leq.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tcg-op.c | 7 ++++++-
-file changed, 6 insertions(+), 1 deletion(-)
-diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg-op.c
-+++ b/tcg/tcg-op.c
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_lookup_and_goto_ptr(void)
- static inline MemOp tcg_canonicalize_memop(MemOp op, bool is64, bool st)
- {
-     /* Trigger the asserts within as early as possible.  */
--    (void)get_alignment_bits(op);
-+    unsigned a_bits = get_alignment_bits(op);
-+
-+    /* Prefer MO_ALIGN+MO_XX over MO_ALIGN_XX+MO_XX */
-+    if (a_bits == (op & MO_SIZE)) {
-+        op = (op & ~MO_AMASK) | MO_ALIGN;
-+    }
-     switch (op & MO_SIZE) {
-     case MO_8:
---
-.25.1

-[PATCH v4 42/48] tcg/i386: Support raising sigbus for user-only
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/i386/tcg-target.h     |   2 -
- tcg/i386/tcg-target.c.inc | 103 ++++++++++++++++++++++++++++++++++++--
-files changed, 98 insertions(+), 7 deletions(-)
-diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/i386/tcg-target.h
-+++ b/tcg/i386/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
- #define TCG_TARGET_HAS_MEMORY_BSWAP  have_movbe
--#ifdef CONFIG_SOFTMMU
- #define TCG_TARGET_NEED_LDST_LABELS
--#endif
- #define TCG_TARGET_NEED_POOL_LABELS
- #endif
-diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/i386/tcg-target.c.inc
-+++ b/tcg/i386/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@
-  * THE SOFTWARE.
-  */
-+#include "../tcg-ldst.c.inc"
- #include "../tcg-pool.c.inc"
- #ifdef CONFIG_DEBUG_TCG
-@@ -XXX,XX +XXX,XX @@ static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
- #define OPC_VZEROUPPER  (0x77 | P_EXT)
- #define OPC_XCHG_ax_r32    (0x90)
--#define OPC_GRP3_Ev    (0xf7)
--#define OPC_GRP5    (0xff)
-+#define OPC_GRP3_Eb     (0xf6)
-+#define OPC_GRP3_Ev     (0xf7)
-+#define OPC_GRP5        (0xff)
- #define OPC_GRP14       (0x73 | P_EXT | P_DATA16)
- /* Group 1 opcode extensions for 0x80-0x83.
-@@ -XXX,XX +XXX,XX @@ static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
- #define SHIFT_SAR 7
- /* Group 3 opcode extensions for 0xf6, 0xf7.  To be used with OPC_GRP3.  */
-+#define EXT3_TESTi 0
- #define EXT3_NOT   2
- #define EXT3_NEG   3
- #define EXT3_MUL   4
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_nopn(TCGContext *s, int n)
- }
- #if defined(CONFIG_SOFTMMU)
--#include "../tcg-ldst.c.inc"
--
- /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
-  *                                     int mmu_idx, uintptr_t ra)
-  */
-@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-     tcg_out_jmp(s, qemu_st_helpers[opc & (MO_BSWAP | MO_SIZE)]);
-     return true;
- }
--#elif TCG_TARGET_REG_BITS == 32
-+#else
-+
-+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addrlo,
-+                                   TCGReg addrhi, unsigned a_bits)
-+{
-+    unsigned a_mask = (1 << a_bits) - 1;
-+    TCGLabelQemuLdst *label;
-+
-+    /*
-+     * We are expecting a_bits to max out at 7, so we can usually use testb.
-+     * For i686, we have to use testl for %esi/%edi.
-+     */
-+    if (a_mask <= 0xff && (TCG_TARGET_REG_BITS == 64 || addrlo < 4)) {
-+        tcg_out_modrm(s, OPC_GRP3_Eb | P_REXB_RM, EXT3_TESTi, addrlo);
-+        tcg_out8(s, a_mask);
-+    } else {
-+        tcg_out_modrm(s, OPC_GRP3_Ev, EXT3_TESTi, addrlo);
-+        tcg_out32(s, a_mask);
-+    }
-+
-+    /* jne slow_path */
-+    tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
-+
-+    label = new_ldst_label(s);
-+    label->is_ld = is_ld;
-+    label->addrlo_reg = addrlo;
-+    label->addrhi_reg = addrhi;
-+    label->raddr = tcg_splitwx_to_rx(s->code_ptr + 4);
-+    label->label_ptr[0] = s->code_ptr;
-+
-+    s->code_ptr += 4;
-+}
-+
-+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    /* resolve label address */
-+    tcg_patch32(l->label_ptr[0], s->code_ptr - l->label_ptr[0] - 4);
-+
-+    if (TCG_TARGET_REG_BITS == 32) {
-+        int ofs = 0;
-+
-+        tcg_out_st(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP, ofs);
-+        ofs += 4;
-+
-+        tcg_out_st(s, TCG_TYPE_I32, l->addrlo_reg, TCG_REG_ESP, ofs);
-+        ofs += 4;
-+        if (TARGET_LONG_BITS == 64) {
-+            tcg_out_st(s, TCG_TYPE_I32, l->addrhi_reg, TCG_REG_ESP, ofs);
-+            ofs += 4;
-+        }
-+
-+        tcg_out_pushi(s, (uintptr_t)l->raddr);
-+    } else {
-+        tcg_out_mov(s, TCG_TYPE_TL, tcg_target_call_iarg_regs[1],
-+                    l->addrlo_reg);
-+        tcg_out_mov(s, TCG_TYPE_PTR, tcg_target_call_iarg_regs[0], TCG_AREG0);
-+
-+        tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_RAX, (uintptr_t)l->raddr);
-+        tcg_out_push(s, TCG_REG_RAX);
-+    }
-+
-+    /* "Tail call" to the helper, with the return address back inline. */
-+    tcg_out_jmp(s, (const void *)(l->is_ld ? helper_unaligned_ld
-+                                  : helper_unaligned_st));
-+    return true;
-+}
-+
-+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
-+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
-+#if TCG_TARGET_REG_BITS == 32
- # define x86_guest_base_seg     0
- # define x86_guest_base_index   -1
- # define x86_guest_base_offset  guest_base
-@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
-     return 0;
- }
- # endif
-+#endif
- #endif /* SOFTMMU */
- static void tcg_out_qemu_ld_direct(TCGContext *s, TCGReg datalo, TCGReg datahi,
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
- #if defined(CONFIG_SOFTMMU)
-     int mem_index;
-     tcg_insn_unit *label_ptr[2];
-+#else
-+    unsigned a_bits;
- #endif
-     datalo = *args++;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
-     add_qemu_ldst_label(s, true, is64, oi, datalo, datahi, addrlo, addrhi,
-                         s->code_ptr, label_ptr);
- #else
-+    a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, true, addrlo, addrhi, a_bits);
-+    }
-+
-     tcg_out_qemu_ld_direct(s, datalo, datahi, addrlo, x86_guest_base_index,
-                            x86_guest_base_offset, x86_guest_base_seg,
-                            is64, opc);
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
- #if defined(CONFIG_SOFTMMU)
-     int mem_index;
-     tcg_insn_unit *label_ptr[2];
-+#else
-+    unsigned a_bits;
- #endif
-     datalo = *args++;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
-     add_qemu_ldst_label(s, false, is64, oi, datalo, datahi, addrlo, addrhi,
-                         s->code_ptr, label_ptr);
- #else
-+    a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, false, addrlo, addrhi, a_bits);
-+    }
-+
-     tcg_out_qemu_st_direct(s, datalo, datahi, addrlo, x86_guest_base_index,
-                            x86_guest_base_offset, x86_guest_base_seg, opc);
- #endif
---
-.25.1

-[PATCH v4 44/48] tcg/ppc: Support raising sigbus for user-only
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/ppc/tcg-target.h     |  2 -
- tcg/ppc/tcg-target.c.inc | 98 ++++++++++++++++++++++++++++++++++++----
-files changed, 90 insertions(+), 10 deletions(-)
-diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/ppc/tcg-target.h
-+++ b/tcg/ppc/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
- #define TCG_TARGET_DEFAULT_MO (0)
- #define TCG_TARGET_HAS_MEMORY_BSWAP     1
--#ifdef CONFIG_SOFTMMU
- #define TCG_TARGET_NEED_LDST_LABELS
--#endif
- #define TCG_TARGET_NEED_POOL_LABELS
- #endif
-diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/ppc/tcg-target.c.inc
-+++ b/tcg/ppc/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@
- #include "elf.h"
- #include "../tcg-pool.c.inc"
-+#include "../tcg-ldst.c.inc"
- /*
-  * Standardize on the _CALL_FOO symbols used by GCC:
-@@ -XXX,XX +XXX,XX @@ void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
-     }
- }
--static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
-+static void tcg_out_call_int(TCGContext *s, int lk,
-+                             const tcg_insn_unit *target)
- {
- #ifdef _CALL_AIX
-     /* Look through the descriptor.  If the branch is in range, and we
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
-     if (in_range_b(diff) && toc == (uint32_t)toc) {
-         tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_TMP1, toc);
--        tcg_out_b(s, LK, tgt);
-+        tcg_out_b(s, lk, tgt);
-     } else {
-         /* Fold the low bits of the constant into the addresses below.  */
-         intptr_t arg = (intptr_t)target;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
-         tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_R0, TCG_REG_TMP1, ofs);
-         tcg_out32(s, MTSPR | RA(TCG_REG_R0) | CTR);
-         tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_R2, TCG_REG_TMP1, ofs + SZP);
--        tcg_out32(s, BCCTR | BO_ALWAYS | LK);
-+        tcg_out32(s, BCCTR | BO_ALWAYS | lk);
-     }
- #elif defined(_CALL_ELF) && _CALL_ELF == 2
-     intptr_t diff;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
-     diff = tcg_pcrel_diff(s, target);
-     if (in_range_b(diff)) {
--        tcg_out_b(s, LK, target);
-+        tcg_out_b(s, lk, target);
-     } else {
-         tcg_out32(s, MTSPR | RS(TCG_REG_R12) | CTR);
--        tcg_out32(s, BCCTR | BO_ALWAYS | LK);
-+        tcg_out32(s, BCCTR | BO_ALWAYS | lk);
-     }
- #else
--    tcg_out_b(s, LK, target);
-+    tcg_out_b(s, lk, target);
- #endif
- }
-+static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
-+{
-+    tcg_out_call_int(s, LK, target);
-+}
-+
- static const uint32_t qemu_ldx_opc[(MO_SSIZE + MO_BSWAP) + 1] = {
-     [MO_UB] = LBZX,
-     [MO_UW] = LHZX,
-@@ -XXX,XX +XXX,XX @@ static const uint32_t qemu_exts_opc[4] = {
- };
- #if defined (CONFIG_SOFTMMU)
--#include "../tcg-ldst.c.inc"
--
- /* helper signature: helper_ld_mmu(CPUState *env, target_ulong addr,
-  *                                 int mmu_idx, uintptr_t ra)
-  */
-@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
-     tcg_out_b(s, 0, lb->raddr);
-     return true;
- }
-+#else
-+
-+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addrlo,
-+                                   TCGReg addrhi, unsigned a_bits)
-+{
-+    unsigned a_mask = (1 << a_bits) - 1;
-+    TCGLabelQemuLdst *label = new_ldst_label(s);
-+
-+    label->is_ld = is_ld;
-+    label->addrlo_reg = addrlo;
-+    label->addrhi_reg = addrhi;
-+
-+    /* We are expecting a_bits to max out at 7, much lower than ANDI. */
-+    tcg_debug_assert(a_bits < 16);
-+    tcg_out32(s, ANDI | SAI(addrlo, TCG_REG_R0, a_mask));
-+
-+    label->label_ptr[0] = s->code_ptr;
-+    tcg_out32(s, BC | BI(0, CR_EQ) | BO_COND_FALSE | LK);
-+
-+    label->raddr = tcg_splitwx_to_rx(s->code_ptr);
-+}
-+
-+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    if (!reloc_pc14(l->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
-+        return false;
-+    }
-+
-+    if (TCG_TARGET_REG_BITS < TARGET_LONG_BITS) {
-+        TCGReg arg = TCG_REG_R4;
-+#ifdef TCG_TARGET_CALL_ALIGN_ARGS
-+        arg |= 1;
-+#endif
-+        if (l->addrlo_reg != arg) {
-+            tcg_out_mov(s, TCG_TYPE_I32, arg, l->addrhi_reg);
-+            tcg_out_mov(s, TCG_TYPE_I32, arg + 1, l->addrlo_reg);
-+        } else if (l->addrhi_reg != arg + 1) {
-+            tcg_out_mov(s, TCG_TYPE_I32, arg + 1, l->addrlo_reg);
-+            tcg_out_mov(s, TCG_TYPE_I32, arg, l->addrhi_reg);
-+        } else {
-+            tcg_out_mov(s, TCG_TYPE_I32, TCG_REG_R0, arg);
-+            tcg_out_mov(s, TCG_TYPE_I32, arg, arg + 1);
-+            tcg_out_mov(s, TCG_TYPE_I32, arg + 1, TCG_REG_R0);
-+        }
-+    } else {
-+        tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_R4, l->addrlo_reg);
-+    }
-+    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_R3, TCG_AREG0);
-+
-+    /* "Tail call" to the helper, with the return address back inline. */
-+    tcg_out_call_int(s, 0, (const void *)(l->is_ld ? helper_unaligned_ld
-+                                          : helper_unaligned_st));
-+    return true;
-+}
-+
-+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
-+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
- #endif /* SOFTMMU */
- static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
- #ifdef CONFIG_SOFTMMU
-     int mem_index;
-     tcg_insn_unit *label_ptr;
-+#else
-+    unsigned a_bits;
- #endif
-     datalo = *args++;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
-     rbase = TCG_REG_R3;
- #else  /* !CONFIG_SOFTMMU */
-+    a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, true, addrlo, addrhi, a_bits);
-+    }
-     rbase = guest_base ? TCG_GUEST_BASE_REG : 0;
-     if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
-         tcg_out_ext32u(s, TCG_REG_TMP1, addrlo);
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
- #ifdef CONFIG_SOFTMMU
-     int mem_index;
-     tcg_insn_unit *label_ptr;
-+#else
-+    unsigned a_bits;
- #endif
-     datalo = *args++;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
-     rbase = TCG_REG_R3;
- #else  /* !CONFIG_SOFTMMU */
-+    a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, false, addrlo, addrhi, a_bits);
-+    }
-     rbase = guest_base ? TCG_GUEST_BASE_REG : 0;
-     if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
-         tcg_out_ext32u(s, TCG_REG_TMP1, addrlo);
---
-.25.1

-[PATCH v4 45/48] tcg/s390: Support raising sigbus for user-only
+Deleted patch
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/s390x/tcg-target.h     |  2 --
- tcg/s390x/tcg-target.c.inc | 59 ++++++++++++++++++++++++++++++++++++--
-files changed, 57 insertions(+), 4 deletions(-)
-diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.h
-+++ b/tcg/s390x/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
-     /* no need to flush icache explicitly */
- }
--#ifdef CONFIG_SOFTMMU
- #define TCG_TARGET_NEED_LDST_LABELS
--#endif
- #define TCG_TARGET_NEED_POOL_LABELS
- #endif
-diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/s390x/tcg-target.c.inc
-+++ b/tcg/s390x/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@
- #error "unsupported code generation mode"
- #endif
-+#include "../tcg-ldst.c.inc"
- #include "../tcg-pool.c.inc"
- #include "elf.h"
-@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
-     RI_OIHL     = 0xa509,
-     RI_OILH     = 0xa50a,
-     RI_OILL     = 0xa50b,
-+    RI_TMLL     = 0xa701,
-     RIE_CGIJ    = 0xec7c,
-     RIE_CGRJ    = 0xec64,
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp opc, TCGReg data,
- }
- #if defined(CONFIG_SOFTMMU)
--#include "../tcg-ldst.c.inc"
--
- /* We're expecting to use a 20-bit negative offset on the tlb memory ops.  */
- QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
- QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -(1 << 19));
-@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
-     return true;
- }
- #else
-+static void tcg_out_test_alignment(TCGContext *s, bool is_ld,
-+                                   TCGReg addrlo, unsigned a_bits)
-+{
-+    unsigned a_mask = (1 << a_bits) - 1;
-+    TCGLabelQemuLdst *l = new_ldst_label(s);
-+
-+    l->is_ld = is_ld;
-+    l->addrlo_reg = addrlo;
-+
-+    /* We are expecting a_bits to max out at 7, much lower than TMLL. */
-+    tcg_debug_assert(a_bits < 16);
-+    tcg_out_insn(s, RI, TMLL, addrlo, a_mask);
-+
-+    tcg_out16(s, RI_BRC | (7 << 4)); /* CC in {1,2,3} */
-+    l->label_ptr[0] = s->code_ptr;
-+    s->code_ptr += 1;
-+
-+    l->raddr = tcg_splitwx_to_rx(s->code_ptr);
-+}
-+
-+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    if (!patch_reloc(l->label_ptr[0], R_390_PC16DBL,
-+                     (intptr_t)tcg_splitwx_to_rx(s->code_ptr), 2)) {
-+        return false;
-+    }
-+
-+    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_R3, l->addrlo_reg);
-+    tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_R2, TCG_AREG0);
-+
-+    /* "Tail call" to the helper, with the return address back inline. */
-+    tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_R14, (uintptr_t)l->raddr);
-+    tgen_gotoi(s, S390_CC_ALWAYS, (const void *)(l->is_ld ? helper_unaligned_ld
-+                                                 : helper_unaligned_st));
-+    return true;
-+}
-+
-+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
-+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
- static void tcg_prepare_user_ldst(TCGContext *s, TCGReg *addr_reg,
-                                   TCGReg *index_reg, tcg_target_long *disp)
- {
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
- #else
-     TCGReg index_reg;
-     tcg_target_long disp;
-+    unsigned a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, true, addr_reg, a_bits);
-+    }
-     tcg_prepare_user_ldst(s, &addr_reg, &index_reg, &disp);
-     tcg_out_qemu_ld_direct(s, opc, data_reg, addr_reg, index_reg, disp);
- #endif
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
- #else
-     TCGReg index_reg;
-     tcg_target_long disp;
-+    unsigned a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, false, addr_reg, a_bits);
-+    }
-     tcg_prepare_user_ldst(s, &addr_reg, &index_reg, &disp);
-     tcg_out_qemu_st_direct(s, opc, data_reg, addr_reg, index_reg, disp);
- #endif
---
-.25.1

-[PATCH v4 46/48] tcg/tci: Support raising sigbus for user-only
+Deleted patch
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/tci.c | 20 ++++++++++++++------
-file changed, 14 insertions(+), 6 deletions(-)
-diff --git a/tcg/tci.c b/tcg/tci.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tci.c
-+++ b/tcg/tci.c
-@@ -XXX,XX +XXX,XX @@ static bool tci_compare64(uint64_t u0, uint64_t u1, TCGCond condition)
- static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
-                             MemOpIdx oi, const void *tb_ptr)
- {
--    MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
-+    MemOp mop = get_memop(oi);
-     uintptr_t ra = (uintptr_t)tb_ptr;
- #ifdef CONFIG_SOFTMMU
--    switch (mop) {
-+    switch (mop & (MO_BSWAP | MO_SSIZE)) {
-     case MO_UB:
-         return helper_ret_ldub_mmu(env, taddr, oi, ra);
-     case MO_SB:
-@@ -XXX,XX +XXX,XX @@ static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
-     }
- #else
-     void *haddr = g2h(env_cpu(env), taddr);
-+    unsigned a_mask = (1u << get_alignment_bits(mop)) - 1;
-     uint64_t ret;
-     set_helper_retaddr(ra);
--    switch (mop) {
-+    if (taddr & a_mask) {
-+        helper_unaligned_ld(env, taddr);
-+    }
-+    switch (mop & (MO_BSWAP | MO_SSIZE)) {
-     case MO_UB:
-         ret = ldub_p(haddr);
-         break;
-@@ -XXX,XX +XXX,XX @@ static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
- static void tci_qemu_st(CPUArchState *env, target_ulong taddr, uint64_t val,
-                         MemOpIdx oi, const void *tb_ptr)
- {
--    MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
-+    MemOp mop = get_memop(oi);
-     uintptr_t ra = (uintptr_t)tb_ptr;
- #ifdef CONFIG_SOFTMMU
--    switch (mop) {
-+    switch (mop & (MO_BSWAP | MO_SIZE)) {
-     case MO_UB:
-         helper_ret_stb_mmu(env, taddr, val, oi, ra);
-         break;
-@@ -XXX,XX +XXX,XX @@ static void tci_qemu_st(CPUArchState *env, target_ulong taddr, uint64_t val,
-     }
- #else
-     void *haddr = g2h(env_cpu(env), taddr);
-+    unsigned a_mask = (1u << get_alignment_bits(mop)) - 1;
-     set_helper_retaddr(ra);
--    switch (mop) {
-+    if (taddr & a_mask) {
-+        helper_unaligned_st(env, taddr);
-+    }
-+    switch (mop & (MO_BSWAP | MO_SIZE)) {
-     case MO_UB:
-         stb_p(haddr, val);
-         break;
---
-.25.1

-[PATCH v4 47/48] tcg/riscv: Support raising sigbus for user-only
+Deleted patch
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tcg/riscv/tcg-target.h     |  2 --
- tcg/riscv/tcg-target.c.inc | 63 ++++++++++++++++++++++++++++++++++++--
-files changed, 61 insertions(+), 4 deletions(-)
-diff --git a/tcg/riscv/tcg-target.h b/tcg/riscv/tcg-target.h
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/riscv/tcg-target.h
-+++ b/tcg/riscv/tcg-target.h
-@@ -XXX,XX +XXX,XX @@ void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
- #define TCG_TARGET_DEFAULT_MO (0)
--#ifdef CONFIG_SOFTMMU
- #define TCG_TARGET_NEED_LDST_LABELS
--#endif
- #define TCG_TARGET_NEED_POOL_LABELS
- #define TCG_TARGET_HAS_MEMORY_BSWAP 0
-diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/riscv/tcg-target.c.inc
-+++ b/tcg/riscv/tcg-target.c.inc
-@@ -XXX,XX +XXX,XX @@
-  * THE SOFTWARE.
-  */
-+#include "../tcg-ldst.c.inc"
- #include "../tcg-pool.c.inc"
- #ifdef CONFIG_DEBUG_TCG
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
-  */
- #if defined(CONFIG_SOFTMMU)
--#include "../tcg-ldst.c.inc"
--
- /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
-  *                                     MemOpIdx oi, uintptr_t ra)
-  */
-@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-     tcg_out_goto(s, l->raddr);
-     return true;
- }
-+#else
-+
-+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addr_reg,
-+                                   unsigned a_bits)
-+{
-+    unsigned a_mask = (1 << a_bits) - 1;
-+    TCGLabelQemuLdst *l = new_ldst_label(s);
-+
-+    l->is_ld = is_ld;
-+    l->addrlo_reg = addr_reg;
-+
-+    /* We are expecting a_bits to max out at 7, so we can always use andi. */
-+    tcg_debug_assert(a_bits < 12);
-+    tcg_out_opc_imm(s, OPC_ANDI, TCG_REG_TMP1, addr_reg, a_mask);
-+
-+    l->label_ptr[0] = s->code_ptr;
-+    tcg_out_opc_branch(s, OPC_BNE, TCG_REG_TMP1, TCG_REG_ZERO, 0);
-+
-+    l->raddr = tcg_splitwx_to_rx(s->code_ptr);
-+}
-+
-+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    /* resolve label address */
-+    if (!reloc_sbimm12(l->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
-+        return false;
-+    }
-+
-+    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_A1, l->addrlo_reg);
-+    tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_A0, TCG_AREG0);
-+
-+    /* tail call, with the return address back inline. */
-+    tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_RA, (uintptr_t)l->raddr);
-+    tcg_out_call_int(s, (const void *)(l->is_ld ? helper_unaligned_ld
-+                                       : helper_unaligned_st), true);
-+    return true;
-+}
-+
-+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
-+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
-+{
-+    return tcg_out_fail_alignment(s, l);
-+}
-+
- #endif /* CONFIG_SOFTMMU */
- static void tcg_out_qemu_ld_direct(TCGContext *s, TCGReg lo, TCGReg hi,
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
-     MemOp opc;
- #if defined(CONFIG_SOFTMMU)
-     tcg_insn_unit *label_ptr[1];
-+#else
-+    unsigned a_bits;
- #endif
-     TCGReg base = TCG_REG_TMP0;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
-         tcg_out_ext32u(s, base, addr_regl);
-         addr_regl = base;
-     }
-+    a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, true, addr_regl, a_bits);
-+    }
-     if (guest_base != 0) {
-         tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl);
-     }
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
-     MemOp opc;
- #if defined(CONFIG_SOFTMMU)
-     tcg_insn_unit *label_ptr[1];
-+#else
-+    unsigned a_bits;
- #endif
-     TCGReg base = TCG_REG_TMP0;
-@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
-         tcg_out_ext32u(s, base, addr_regl);
-         addr_regl = base;
-     }
-+    a_bits = get_alignment_bits(opc);
-+    if (a_bits) {
-+        tcg_out_test_alignment(s, false, addr_regl, a_bits);
-+    }
-     if (guest_base != 0) {
-         tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl);
-     }
---
-.25.1

-[PATCH v4 48/48] tests/tcg/multiarch: Add sigbus.c
+Deleted patch
-A mostly generic test for unaligned access raising SIGBUS.
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
----
- tests/tcg/multiarch/sigbus.c | 68 ++++++++++++++++++++++++++++++++++++
-file changed, 68 insertions(+)
- create mode 100644 tests/tcg/multiarch/sigbus.c
-diff --git a/tests/tcg/multiarch/sigbus.c b/tests/tcg/multiarch/sigbus.c
-new file mode 100644
-index XXXXXXX..XXXXXXX
---- /dev/null
-+++ b/tests/tcg/multiarch/sigbus.c
-@@ -XXX,XX +XXX,XX @@
-+#define _GNU_SOURCE 1
-+
-+#include <assert.h>
-+#include <stdlib.h>
-+#include <signal.h>
-+#include <endian.h>
-+
-+
-+unsigned long long x = 0x8877665544332211ull;
-+void * volatile p = (void *)&x + 1;
-+
-+void sigbus(int sig, siginfo_t *info, void *uc)
-+{
-+    assert(sig == SIGBUS);
-+    assert(info->si_signo == SIGBUS);
-+#ifdef BUS_ADRALN
-+    assert(info->si_code == BUS_ADRALN);
-+#endif
-+    assert(info->si_addr == p);
-+    exit(EXIT_SUCCESS);
-+}
-+
-+int main()
-+{
-+    struct sigaction sa = {
-+        .sa_sigaction = sigbus,
-+        .sa_flags = SA_SIGINFO
-+    };
-+    int allow_fail = 0;
-+    int tmp;
-+
-+    tmp = sigaction(SIGBUS, &sa, NULL);
-+    assert(tmp == 0);
-+
-+    /*
-+     * Select an operation that's likely to enforce alignment.
-+     * On many guests that support unaligned accesses by default,
-+     * this is often an atomic operation.
-+     */
-+#if defined(__aarch64__)
-+    asm volatile("ldxr %w0,[%1]" : "=r"(tmp) : "r"(p) : "memory");
-+#elif defined(__alpha__)
-+    asm volatile("ldl_l %0,0(%1)" : "=r"(tmp) : "r"(p) : "memory");
-+#elif defined(__arm__)
-+    asm volatile("ldrex %0,[%1]" : "=r"(tmp) : "r"(p) : "memory");
-+#elif defined(__powerpc__)
-+    asm volatile("lwarx %0,0,%1" : "=r"(tmp) : "r"(p) : "memory");
-+#elif defined(__riscv_atomic)
-+    asm volatile("lr.w %0,(%1)" : "=r"(tmp) : "r"(p) : "memory");
-+#else
-+    /* No insn known to fault unaligned -- try for a straight load. */
-+    allow_fail = 1;
-+    tmp = *(volatile int *)p;
-+#endif
-+
-+    assert(allow_fail);
-+
-+    /*
-+     * We didn't see a signal.
-+     * We might as well validate the unaligned load worked.
-+     */
-+    if (BYTE_ORDER == LITTLE_ENDIAN) {
-+        assert(tmp == 0x55443322);
-+    } else {
-+        assert(tmp == 0x77665544);
-+    }
-+    return EXIT_SUCCESS;
-+}
---
-.25.1

Based-on: 20211006172307.780893-1-richard.henderson@linaro.org
("[PATCH v4 00/41] linux-user: Streamline handling of SIGSEGV")

This began with Peter wanting a cpu_ldst.h interface that can handle
alignment info for Arm M-profile system mode, which will also compile
for user-only without ifdefs.

Once I had that interface, I thought I might as well enforce the
requested alignment in user-only.  There are plenty of cases where
we ought to have been doing that for quite a while.  This took rather
more work than I imagined to start.

Changes for v4:
  * Rebase, with some patches now upstream.
  * Rename the core function to cpu_loop_exit_sigbus.

Changes for v3:
  * Updated tcg/{aarch64,ppc,s390,riscv,tci}.

Changes for v2:
  * Cleanup prctl(2), add support for prctl(PR_GET/SET_UNALIGN).
  * Adjustments for ppc and sparc reporting address during alignment fault.

Richard Henderson (48):
  hw/core: Add TCGCPUOps.record_sigbus
  linux-user: Add cpu_loop_exit_sigbus
  linux-user/alpha: Remove EXCP_UNALIGN handling
  target/arm: Implement arm_cpu_record_sigbus
  linux-user/hppa: Remove EXCP_UNALIGN handling
  target/microblaze: Do not set MO_ALIGN for user-only
  target/ppc: Move SPR_DSISR setting to powerpc_excp
  target/ppc: Set fault address in ppc_cpu_do_unaligned_access
  target/ppc: Restrict ppc_cpu_do_unaligned_access to sysemu
  target/s390x: Implement s390x_cpu_record_sigbus
  linux-user/hppa: Remove POWERPC_EXCP_ALIGN handling
  target/sh4: Set fault address in superh_cpu_do_unaligned_access
  target/sparc: Remove DEBUG_UNALIGNED
  target/sparc: Split out build_sfsr
  target/sparc: Set fault address in sparc_cpu_do_unaligned_access
  accel/tcg: Report unaligned atomics for user-only
  target/arm: Use MO_128 for 16 byte atomics
  target/i386: Use MO_128 for 16 byte atomics
  target/ppc: Use MO_128 for 16 byte atomics
  target/s390x: Use MO_128 for 16 byte atomics
  target/hexagon: Implement cpu_mmu_index
  accel/tcg: Add cpu_{ld,st}*_mmu interfaces
  accel/tcg: Move cpu_atomic decls to exec/cpu_ldst.h
  target/mips: Use cpu_*_data_ra for msa load/store
  target/mips: Use 8-byte memory ops for msa load/store
  target/s390x: Use cpu_*_mmu instead of helper_*_mmu
  target/sparc: Use cpu_*_mmu instead of helper_*_mmu
  target/arm: Use cpu_*_mmu instead of helper_*_mmu
  tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
  tcg: Add helper_unaligned_{ld,st} for user-only sigbus
  linux-user: Split out do_prctl and subroutines
  linux-user: Disable more prctl subcodes
  Revert "cpu: Move cpu_common_props to hw/core/cpu.c"
  linux-user: Add code for PR_GET/SET_UNALIGN
  target/alpha: Reorg fp memory operations
  target/alpha: Reorg integer memory operations
  target/alpha: Implement prctl_unalign_sigbus
  target/hppa: Implement prctl_unalign_sigbus
  target/sh4: Implement prctl_unalign_sigbus
  linux-user/signal: Handle BUS_ADRALN in host_signal_handler
  tcg: Canonicalize alignment flags in MemOp
  tcg/i386: Support raising sigbus for user-only
  tcg/aarch64: Support raising sigbus for user-only
  tcg/ppc: Support raising sigbus for user-only
  tcg/s390: Support raising sigbus for user-only
  tcg/tci: Support raising sigbus for user-only
  tcg/riscv: Support raising sigbus for user-only
  tests/tcg/multiarch: Add sigbus.c

docs/devel/loads-stores.rst               |  52 ++-
 include/exec/cpu_ldst.h                   | 332 ++++++++-------
 include/exec/exec-all.h                   |  14 +
 include/hw/core/cpu.h                     |   4 +
 include/hw/core/tcg-cpu-ops.h             |  23 +
 include/tcg/tcg-ldst.h                    |  79 ++++
 include/tcg/tcg.h                         | 158 -------
 linux-user/aarch64/target_prctl.h         | 160 +++++++
 linux-user/aarch64/target_syscall.h       |  23 -
 linux-user/alpha/target_prctl.h           |   1 +
 linux-user/arm/target_prctl.h             |   1 +
 linux-user/cris/target_prctl.h            |   1 +
 linux-user/generic/target_prctl_unalign.h |  27 ++
 linux-user/hexagon/target_prctl.h         |   1 +
 linux-user/hppa/target_prctl.h            |   1 +
 linux-user/i386/target_prctl.h            |   1 +
 linux-user/m68k/target_prctl.h            |   1 +
 linux-user/microblaze/target_prctl.h      |   1 +
 linux-user/mips/target_prctl.h            |  88 ++++
 linux-user/mips/target_syscall.h          |   6 -
 linux-user/mips64/target_prctl.h          |   1 +
 linux-user/mips64/target_syscall.h        |   6 -
 linux-user/nios2/target_prctl.h           |   1 +
 linux-user/openrisc/target_prctl.h        |   1 +
 linux-user/ppc/target_prctl.h             |   1 +
 linux-user/riscv/target_prctl.h           |   1 +
 linux-user/s390x/target_prctl.h           |   1 +
 linux-user/sh4/target_prctl.h             |   1 +
 linux-user/sparc/target_prctl.h           |   1 +
 linux-user/x86_64/target_prctl.h          |   1 +
 linux-user/xtensa/target_prctl.h          |   1 +
 target/alpha/cpu.h                        |   5 +
 target/arm/internals.h                    |   2 +
 target/hexagon/cpu.h                      |   9 +
 target/hppa/cpu.h                         |   5 +-
 target/ppc/internal.h                     |   8 +-
 target/s390x/s390x-internal.h             |   8 +-
 target/sh4/cpu.h                          |   4 +
 tcg/aarch64/tcg-target.h                  |   2 -
 tcg/i386/tcg-target.h                     |   2 -
 tcg/ppc/tcg-target.h                      |   2 -
 tcg/riscv/tcg-target.h                    |   2 -
 tcg/s390x/tcg-target.h                    |   2 -
 accel/tcg/cputlb.c                        | 393 ++++++-----------
 accel/tcg/user-exec.c                     | 414 ++++++++----------
 cpu.c                                     |  31 ++
 hw/core/cpu-common.c                      |  17 +-
 linux-user/aarch64/cpu_loop.c             |  12 +-
 linux-user/alpha/cpu_loop.c               |  15 -
 linux-user/arm/cpu_loop.c                 |  30 +-
 linux-user/hppa/cpu_loop.c                |   7 -
 linux-user/ppc/cpu_loop.c                 |   8 -
 linux-user/signal.c                       |  17 +
 linux-user/syscall.c                      | 490 +++++++++-------------
 target/alpha/translate.c                  | 188 +++++----
 target/arm/cpu.c                          |   1 +
 target/arm/cpu_tcg.c                      |   1 +
 target/arm/helper-a64.c                   |  61 +--
 target/arm/m_helper.c                     |   6 +-
 target/arm/tlb_helper.c                   |   6 +
 target/hppa/translate.c                   |  19 +-
 target/i386/tcg/mem_helper.c              |   2 +-
 target/m68k/op_helper.c                   |   1 -
 target/microblaze/translate.c             |  16 +
 target/mips/tcg/msa_helper.c              | 389 ++++-------------
 target/ppc/excp_helper.c                  |  41 +-
 target/ppc/mem_helper.c                   |   1 -
 target/ppc/translate.c                    |  12 +-
 target/s390x/cpu.c                        |   1 +
 target/s390x/tcg/excp_helper.c            |  27 +-
 target/s390x/tcg/mem_helper.c             |  13 +-
 target/sh4/op_helper.c                    |   5 +
 target/sh4/translate.c                    |  50 ++-
 target/sparc/ldst_helper.c                |  36 +-
 target/sparc/mmu_helper.c                 |  92 ++--
 tcg/tcg-op.c                              |   7 +-
 tcg/tcg.c                                 |   1 +
 tcg/tci.c                                 |  21 +-
 tests/tcg/multiarch/sigbus.c              |  68 +++
 accel/tcg/ldst_common.c.inc               | 307 ++++++++++++++
 tcg/aarch64/tcg-target.c.inc              |  91 +++-
 tcg/i386/tcg-target.c.inc                 | 103 ++++-
 tcg/ppc/tcg-target.c.inc                  |  98 ++++-
 tcg/riscv/tcg-target.c.inc                |  63 ++-
 tcg/s390x/tcg-target.c.inc                |  59 ++-
 85 files changed, 2457 insertions(+), 1804 deletions(-)
 create mode 100644 include/tcg/tcg-ldst.h
 create mode 100644 linux-user/aarch64/target_prctl.h
 create mode 100644 linux-user/alpha/target_prctl.h
 create mode 100644 linux-user/arm/target_prctl.h
 create mode 100644 linux-user/cris/target_prctl.h
 create mode 100644 linux-user/generic/target_prctl_unalign.h
 create mode 100644 linux-user/hexagon/target_prctl.h
 create mode 100644 linux-user/hppa/target_prctl.h
 create mode 100644 linux-user/i386/target_prctl.h
 create mode 100644 linux-user/m68k/target_prctl.h
 create mode 100644 linux-user/microblaze/target_prctl.h
 create mode 100644 linux-user/mips/target_prctl.h
 create mode 100644 linux-user/mips64/target_prctl.h
 create mode 100644 linux-user/nios2/target_prctl.h
 create mode 100644 linux-user/openrisc/target_prctl.h
 create mode 100644 linux-user/ppc/target_prctl.h
 create mode 100644 linux-user/riscv/target_prctl.h
 create mode 100644 linux-user/s390x/target_prctl.h
 create mode 100644 linux-user/sh4/target_prctl.h
 create mode 100644 linux-user/sparc/target_prctl.h
 create mode 100644 linux-user/x86_64/target_prctl.h
 create mode 100644 linux-user/xtensa/target_prctl.h
 create mode 100644 tests/tcg/multiarch/sigbus.c
 create mode 100644 accel/tcg/ldst_common.c.inc

-- 
2.25.1

Add a new user-only interface for updating cpu state before
raising a signal.  This will take the place of do_unaligned_access
for user-only and should result in less boilerplate for each guest.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/core/tcg-cpu-ops.h | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/tcg-cpu-ops.h
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -XXX,XX +XXX,XX @@ struct TCGCPUOps {
     void (*record_sigsegv)(CPUState *cpu, vaddr addr,
                            MMUAccessType access_type,
                            bool maperr, uintptr_t ra);
+    /**
+     * record_sigbus:
+     * @cpu: cpu context
+     * @addr: misaligned guest address
+     * @access_type: access was read/write/execute
+     * @ra: host pc for unwinding
+     *
+     * We are about to raise SIGBUS with si_code BUS_ADRALN,
+     * and si_addr set for @addr.  Record anything further needed
+     * for the signal ucontext_t.
+     *
+     * If the emulated kernel does not provide the signal handler with
+     * anything besides the user context registers, and the siginfo_t,
+     * then this hook need do nothing and may be omitted.
+     * Otherwise, record the data and return; the caller will raise
+     * the signal, unwind the cpu state, and return to the main loop.
+     *
+     * If it is simpler to re-use the sysemu do_unaligned_access code,
+     * @ra is provided so that a "normal" cpu exception can be raised.
+     * In this case, the signal must be raised by the architecture cpu_loop.
+     */
+    void (*record_sigbus)(CPUState *cpu, vaddr addr,
+                          MMUAccessType access_type, uintptr_t ra);
 #endif /* CONFIG_SOFTMMU */
 #endif /* NEED_CPU_H */
 
-- 
2.25.1

This is a new interface to be provided by the os emulator for
raising SIGBUS on fault.  Use the new record_sigbus target hook.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/exec-all.h | 14 ++++++++++++++
 linux-user/signal.c     | 14 ++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN cpu_loop_exit_sigsegv(CPUState *cpu, target_ulong addr,
                                          MMUAccessType access_type,
                                          bool maperr, uintptr_t ra);
 
+/**
+ * cpu_loop_exit_sigbus:
+ * @cpu: the cpu context
+ * @addr: the guest address of the alignment fault
+ * @access_type: access was read/write/execute
+ * @ra: host pc for unwinding
+ *
+ * Use the TCGCPUOps hook to record cpu state, do guest operating system
+ * specific things to raise SIGBUS, and jump to the main cpu loop.
+ */
+void QEMU_NORETURN cpu_loop_exit_sigbus(CPUState *cpu, target_ulong addr,
+                                        MMUAccessType access_type,
+                                        uintptr_t ra);
+
 #else
 static inline void mmap_lock(void) {}
 static inline void mmap_unlock(void) {}
diff --git a/linux-user/signal.c b/linux-user/signal.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -XXX,XX +XXX,XX @@ void cpu_loop_exit_sigsegv(CPUState *cpu, target_ulong addr,
     cpu_loop_exit_restore(cpu, ra);
 }
 
+void cpu_loop_exit_sigbus(CPUState *cpu, target_ulong addr,
+                          MMUAccessType access_type, uintptr_t ra)
+{
+    const struct TCGCPUOps *tcg_ops = CPU_GET_CLASS(cpu)->tcg_ops;
+
+    if (tcg_ops->record_sigbus) {
+        tcg_ops->record_sigbus(cpu, addr, access_type, ra);
+    }
+
+    force_sig_fault(TARGET_SIGBUS, TARGET_BUS_ADRALN, addr);
+    cpu->exception_index = EXCP_INTERRUPT;
+    cpu_loop_exit_restore(cpu, ra);
+}
+
 /* abort execution with signal */
 static void QEMU_NORETURN dump_core_and_abort(int target_sig)
 {
-- 
2.25.1

We will raise SIGBUS directly from cpu_loop_exit_sigbus.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/alpha/cpu_loop.c | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/linux-user/alpha/cpu_loop.c b/linux-user/alpha/cpu_loop.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/alpha/cpu_loop.c
+++ b/linux-user/alpha/cpu_loop.c
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUAlphaState *env)
             fprintf(stderr, "External interrupt. Exit\n");
             exit(EXIT_FAILURE);
             break;
-        case EXCP_MMFAULT:
-            info.si_signo = TARGET_SIGSEGV;
-            info.si_errno = 0;
-            info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID
-                            ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR);
-            info._sifields._sigfault._addr = env->trap_arg0;
-            queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
-            break;
-        case EXCP_UNALIGN:
-            info.si_signo = TARGET_SIGBUS;
-            info.si_errno = 0;
-            info.si_code = TARGET_BUS_ADRALN;
-            info._sifields._sigfault._addr = env->trap_arg0;
-            queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
-            break;
         case EXCP_OPCDEC:
         do_sigill:
             info.si_signo = TARGET_SIGILL;
-- 
2.25.1

Because of the complexity of setting ESR, re-use the existing
arm_cpu_do_unaligned_access function.  This means we have to
handle the exception ourselves in cpu_loop, transforming it
to the appropriate signal.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/internals.h        |  2 ++
 linux-user/aarch64/cpu_loop.c | 12 +++++++++---
 linux-user/arm/cpu_loop.c     | 30 ++++++++++++++++++++++++++----
 target/arm/cpu.c              |  1 +
 target/arm/cpu_tcg.c          |  1 +
 target/arm/tlb_helper.c       |  6 ++++++
 6 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@ static inline bool arm_extabort_type(MemTxResult result)
 void arm_cpu_record_sigsegv(CPUState *cpu, vaddr addr,
                             MMUAccessType access_type,
                             bool maperr, uintptr_t ra);
+void arm_cpu_record_sigbus(CPUState *cpu, vaddr addr,
+                           MMUAccessType access_type, uintptr_t ra);
 #else
 bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                       MMUAccessType access_type, int mmu_idx,
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -XXX,XX +XXX,XX @@
 void cpu_loop(CPUARMState *env)
 {
     CPUState *cs = env_cpu(env);
-    int trapnr, ec, fsc, si_code;
+    int trapnr, ec, fsc, si_code, si_signo;
     abi_long ret;
 
     for (;;) {
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
             fsc = extract32(env->exception.syndrome, 0, 6);
             switch (fsc) {
             case 0x04 ... 0x07: /* Translation fault, level {0-3} */
+                si_signo = TARGET_SIGSEGV;
                 si_code = TARGET_SEGV_MAPERR;
                 break;
             case 0x09 ... 0x0b: /* Access flag fault, level {1-3} */
             case 0x0d ... 0x0f: /* Permission fault, level {1-3} */
+                si_signo = TARGET_SIGSEGV;
                 si_code = TARGET_SEGV_ACCERR;
                 break;
             case 0x11: /* Synchronous Tag Check Fault */
+                si_signo = TARGET_SIGSEGV;
                 si_code = TARGET_SEGV_MTESERR;
                 break;
+            case 0x21: /* Alignment fault */
+                si_signo = TARGET_SIGBUS;
+                si_code = TARGET_BUS_ADRALN;
+                break;
             default:
                 g_assert_not_reached();
             }
-
-            force_sig_fault(TARGET_SIGSEGV, si_code, env->exception.vaddress);
+            force_sig_fault(si_signo, si_code, env->exception.vaddress);
             break;
         case EXCP_DEBUG:
         case EXCP_BKPT:
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -XXX,XX +XXX,XX @@
 #include "cpu_loop-common.h"
 #include "signal-common.h"
 #include "semihosting/common-semi.h"
+#include "target/arm/syndrome.h"
 
 #define get_user_code_u32(x, gaddr, env)                \
     ({ abi_long __r = get_user_u32((x), (gaddr));       \
@@ -XXX,XX +XXX,XX @@ static bool emulate_arm_fpa11(CPUARMState *env, uint32_t opcode)
 void cpu_loop(CPUARMState *env)
 {
     CPUState *cs = env_cpu(env);
-    int trapnr;
+    int trapnr, si_signo, si_code;
     unsigned int n, insn;
     abi_ulong ret;
 
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUARMState *env)
             break;
         case EXCP_PREFETCH_ABORT:
         case EXCP_DATA_ABORT:
-            /* XXX: check env->error_code */
-            force_sig_fault(TARGET_SIGSEGV, TARGET_SEGV_MAPERR,
-                            env->exception.vaddress);
+            /* For user-only we don't set TTBCR_EAE, so look at the FSR. */
+            switch (env->exception.fsr & 0x1f) {
+            case 0x1: /* Alignment */
+                si_signo = TARGET_SIGBUS;
+                si_code = TARGET_BUS_ADRALN;
+                break;
+            case 0x3: /* Access flag fault, level 1 */
+            case 0x6: /* Access flag fault, level 2 */
+            case 0x9: /* Domain fault, level 1 */
+            case 0xb: /* Domain fault, level 2 */
+            case 0xd: /* Permision fault, level 1 */
+            case 0xf: /* Permision fault, level 2 */
+                si_signo = TARGET_SIGSEGV;
+                si_code = TARGET_SEGV_ACCERR;
+                break;
+            case 0x5: /* Translation fault, level 1 */
+            case 0x7: /* Translation fault, level 2 */
+                si_signo = TARGET_SIGSEGV;
+                si_code = TARGET_SEGV_MAPERR;
+                break;
+            default:
+                g_assert_not_reached();
+            }
+            force_sig_fault(si_signo, si_code, env->exception.vaddress);
             break;
         case EXCP_DEBUG:
         case EXCP_BKPT:
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static const struct TCGCPUOps arm_tcg_ops = {
 
 #ifdef CONFIG_USER_ONLY
     .record_sigsegv = arm_cpu_record_sigsegv,
+    .record_sigbus = arm_cpu_record_sigbus,
 #else
     .tlb_fill = arm_cpu_tlb_fill,
     .cpu_exec_interrupt = arm_cpu_exec_interrupt,
diff --git a/target/arm/cpu_tcg.c b/target/arm/cpu_tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu_tcg.c
+++ b/target/arm/cpu_tcg.c
@@ -XXX,XX +XXX,XX @@ static const struct TCGCPUOps arm_v7m_tcg_ops = {
 
 #ifdef CONFIG_USER_ONLY
     .record_sigsegv = arm_cpu_record_sigsegv,
+    .record_sigbus = arm_cpu_record_sigbus,
 #else
     .tlb_fill = arm_cpu_tlb_fill,
     .cpu_exec_interrupt = arm_v7m_cpu_exec_interrupt,
diff --git a/target/arm/tlb_helper.c b/target/arm/tlb_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tlb_helper.c
+++ b/target/arm/tlb_helper.c
@@ -XXX,XX +XXX,XX @@ void arm_cpu_record_sigsegv(CPUState *cs, vaddr addr,
     cpu_restore_state(cs, ra, true);
     arm_deliver_fault(cpu, addr, access_type, MMU_USER_IDX, &fi);
 }
+
+void arm_cpu_record_sigbus(CPUState *cs, vaddr addr,
+                           MMUAccessType access_type, uintptr_t ra)
+{
+    arm_cpu_do_unaligned_access(cs, addr, access_type, MMU_USER_IDX, ra);
+}
 #endif /* !defined(CONFIG_USER_ONLY) */
-- 
2.25.1

The kernel will fix up unaligned accesses, so emulate that
by allowing unaligned accesses to succeed.

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/microblaze/translate.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -XXX,XX +XXX,XX @@ static TCGv compute_ldst_addr_ea(DisasContext *dc, int ra, int rb)
 }
 #endif
 
+#ifndef CONFIG_USER_ONLY
 static void record_unaligned_ess(DisasContext *dc, int rd,
                                  MemOp size, bool store)
 {
@@ -XXX,XX +XXX,XX @@ static void record_unaligned_ess(DisasContext *dc, int rd,
 
     tcg_set_insn_start_param(dc->insn_start, 1, iflags);
 }
+#endif
 
 static bool do_load(DisasContext *dc, int rd, TCGv addr, MemOp mop,
                     int mem_index, bool rev)
@@ -XXX,XX +XXX,XX @@ static bool do_load(DisasContext *dc, int rd, TCGv addr, MemOp mop,
         }
     }
 
+    /*
+     * For system mode, enforce alignment if the cpu configuration
+     * requires it.  For user-mode, the Linux kernel will have fixed up
+     * any unaligned access, so emulate that by *not* setting MO_ALIGN.
+     */
+#ifndef CONFIG_USER_ONLY
     if (size > MO_8 &&
         (dc->tb_flags & MSR_EE) &&
         dc->cfg->unaligned_exceptions) {
         record_unaligned_ess(dc, rd, size, false);
         mop |= MO_ALIGN;
     }
+#endif
 
     tcg_gen_qemu_ld_i32(reg_for_write(dc, rd), addr, mem_index, mop);
 
@@ -XXX,XX +XXX,XX @@ static bool do_store(DisasContext *dc, int rd, TCGv addr, MemOp mop,
         }
     }
 
+    /*
+     * For system mode, enforce alignment if the cpu configuration
+     * requires it.  For user-mode, the Linux kernel will have fixed up
+     * any unaligned access, so emulate that by *not* setting MO_ALIGN.
+     */
+#ifndef CONFIG_USER_ONLY
     if (size > MO_8 &&
         (dc->tb_flags & MSR_EE) &&
         dc->cfg->unaligned_exceptions) {
         record_unaligned_ess(dc, rd, size, true);
         mop |= MO_ALIGN;
     }
+#endif
 
     tcg_gen_qemu_st_i32(reg_for_read(dc, rd), addr, mem_index, mop);
 
-- 
2.25.1

By doing this while sending the exception, we will have already
done the unwinding, which makes the ppc_cpu_do_unaligned_access
code a bit cleaner.

Update the comment about the expected instruction format.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/ppc/excp_helper.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -XXX,XX +XXX,XX @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp)
         break;
     }
     case POWERPC_EXCP_ALIGN:     /* Alignment exception                      */
-        /* Get rS/rD and rA from faulting opcode */
         /*
-         * Note: the opcode fields will not be set properly for a
-         * direct store load/store, but nobody cares as nobody
-         * actually uses direct store segments.
+         * Get rS/rD and rA from faulting opcode.
+         * Note: We will only invoke ALIGN for atomic operations,
+         * so all instructions are X-form.
          */
-        env->spr[SPR_DSISR] |= (env->error_code & 0x03FF0000) >> 16;
+        {
+            uint32_t insn = cpu_ldl_code(env, env->nip);
+            env->spr[SPR_DSISR] |= (insn & 0x03FF0000) >> 16;
+        }
         break;
     case POWERPC_EXCP_PROGRAM:   /* Program exception                        */
         switch (env->error_code & ~0xF) {
@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
                                  int mmu_idx, uintptr_t retaddr)
 {
     CPUPPCState *env = cs->env_ptr;
-    uint32_t insn;
-
-    /* Restore state and reload the insn we executed, for filling in DSISR.  */
-    cpu_restore_state(cs, retaddr, true);
-    insn = cpu_ldl_code(env, env->nip);
 
     cs->exception_index = POWERPC_EXCP_ALIGN;
-    env->error_code = insn & 0x03FF0000;
-    cpu_loop_exit(cs);
+    env->error_code = 0;
+    cpu_loop_exit_restore(cs, retaddr);
 }
 #endif
-- 
2.25.1

We ought to have been recording the virtual address for reporting
to the guest trap handler.

Cc: qemu-ppc@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/ppc/excp_helper.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
 {
     CPUPPCState *env = cs->env_ptr;
 
+    switch (env->mmu_model) {
+    case POWERPC_MMU_SOFT_4xx:
+    case POWERPC_MMU_SOFT_4xx_Z:
+        env->spr[SPR_40x_DEAR] = vaddr;
+        break;
+    case POWERPC_MMU_BOOKE:
+    case POWERPC_MMU_BOOKE206:
+        env->spr[SPR_BOOKE_DEAR] = vaddr;
+        break;
+    default:
+        env->spr[SPR_DAR] = vaddr;
+        break;
+    }
+
     cs->exception_index = POWERPC_EXCP_ALIGN;
     env->error_code = 0;
     cpu_loop_exit_restore(cs, retaddr);
-- 
2.25.1

This is not used by, nor required by, user-only.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/ppc/internal.h    | 8 +++-----
 target/ppc/excp_helper.c | 8 +++-----
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -XXX,XX +XXX,XX @@ void helper_compute_fprf_float16(CPUPPCState *env, float16 arg);
 void helper_compute_fprf_float32(CPUPPCState *env, float32 arg);
 void helper_compute_fprf_float128(CPUPPCState *env, float128 arg);
 
-/* Raise a data fault alignment exception for the specified virtual address */
-void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-                                 MMUAccessType access_type, int mmu_idx,
-                                 uintptr_t retaddr) QEMU_NORETURN;
-
 /* translate.c */
 
 int ppc_fixup_cpu(PowerPCCPU *cpu);
@@ -XXX,XX +XXX,XX @@ void ppc_cpu_record_sigsegv(CPUState *cs, vaddr addr,
 bool ppc_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                       MMUAccessType access_type, int mmu_idx,
                       bool probe, uintptr_t retaddr);
+void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
+                                 MMUAccessType access_type, int mmu_idx,
+                                 uintptr_t retaddr) QEMU_NORETURN;
 #endif
 
 #endif /* PPC_INTERNAL_H */
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_book3s_msgsndp(CPUPPCState *env, target_ulong rb)
 
     book3s_msgsnd_common(pir, PPC_INTERRUPT_DOORBELL);
 }
-#endif
-#endif /* CONFIG_TCG */
-#endif
+#endif /* TARGET_PPC64 */
 
-#ifdef CONFIG_TCG
 void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
                                  MMUAccessType access_type,
                                  int mmu_idx, uintptr_t retaddr)
@@ -XXX,XX +XXX,XX @@ void ppc_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
     env->error_code = 0;
     cpu_loop_exit_restore(cs, retaddr);
 }
-#endif
+#endif /* CONFIG_TCG */
+#endif /* !CONFIG_USER_ONLY */
-- 
2.25.1

For s390x, the only unaligned accesses that are signaled are atomic,
and we don't actually want to raise SIGBUS for those, but instead
raise a SPECIFICATION error, which the kernel will report as SIGILL.

Split out a do_unaligned_access function to share between the user-only
s390x_cpu_record_sigbus and the sysemu s390x_do_unaligned_access.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/s390x-internal.h  |  8 +++++---
 target/s390x/cpu.c             |  1 +
 target/s390x/tcg/excp_helper.c | 27 ++++++++++++++++++++-------
 3 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/s390x-internal.h
+++ b/target/s390x/s390x-internal.h
@@ -XXX,XX +XXX,XX @@ ObjectClass *s390_cpu_class_by_name(const char *name);
 void s390x_cpu_debug_excp_handler(CPUState *cs);
 void s390_cpu_do_interrupt(CPUState *cpu);
 bool s390_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void s390x_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-                                   MMUAccessType access_type, int mmu_idx,
-                                   uintptr_t retaddr) QEMU_NORETURN;
 
 #ifdef CONFIG_USER_ONLY
 void s390_cpu_record_sigsegv(CPUState *cs, vaddr address,
                              MMUAccessType access_type,
                              bool maperr, uintptr_t retaddr);
+void s390_cpu_record_sigbus(CPUState *cs, vaddr address,
+                            MMUAccessType access_type, uintptr_t retaddr);
 #else
 bool s390_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                        MMUAccessType access_type, int mmu_idx,
                        bool probe, uintptr_t retaddr);
+void s390x_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
+                                   MMUAccessType access_type, int mmu_idx,
+                                   uintptr_t retaddr) QEMU_NORETURN;
 #endif
 
 
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -XXX,XX +XXX,XX @@ static const struct TCGCPUOps s390_tcg_ops = {
 
 #ifdef CONFIG_USER_ONLY
     .record_sigsegv = s390_cpu_record_sigsegv,
+    .record_sigbus = s390_cpu_record_sigbus,
 #else
     .tlb_fill = s390_cpu_tlb_fill,
     .cpu_exec_interrupt = s390_cpu_exec_interrupt,
diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/excp_helper.c
+++ b/target/s390x/tcg/excp_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(data_exception)(CPUS390XState *env, uint32_t dxc)
     tcg_s390_data_exception(env, dxc, GETPC());
 }
 
+/*
+ * Unaligned accesses are only diagnosed with MO_ALIGN.  At the moment,
+ * this is only for the atomic operations, for which we want to raise a
+ * specification exception.
+ */
+static void QEMU_NORETURN do_unaligned_access(CPUState *cs, uintptr_t retaddr)
+{
+    S390CPU *cpu = S390_CPU(cs);
+    CPUS390XState *env = &cpu->env;
+
+    tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
+}
+
 #if defined(CONFIG_USER_ONLY)
 
 void s390_cpu_do_interrupt(CPUState *cs)
@@ -XXX,XX +XXX,XX @@ void s390_cpu_record_sigsegv(CPUState *cs, vaddr address,
     cpu_loop_exit_restore(cs, retaddr);
 }
 
+void s390_cpu_record_sigbus(CPUState *cs, vaddr address,
+                            MMUAccessType access_type, uintptr_t retaddr)
+{
+    do_unaligned_access(cs, retaddr);
+}
+
 #else /* !CONFIG_USER_ONLY */
 
 static inline uint64_t cpu_mmu_idx_to_asc(int mmu_idx)
@@ -XXX,XX +XXX,XX @@ void s390x_cpu_debug_excp_handler(CPUState *cs)
     }
 }
 
-/* Unaligned accesses are only diagnosed with MO_ALIGN.  At the moment,
-   this is only for the atomic operations, for which we want to raise a
-   specification exception.  */
 void s390x_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
                                    MMUAccessType access_type,
                                    int mmu_idx, uintptr_t retaddr)
 {
-    S390CPU *cpu = S390_CPU(cs);
-    CPUS390XState *env = &cpu->env;
-
-    tcg_s390_program_interrupt(env, PGM_SPECIFICATION, retaddr);
+    do_unaligned_access(cs, retaddr);
 }
 
 static void QEMU_NORETURN monitor_event(CPUS390XState *env,
-- 
2.25.1

We will raise SIGBUS directly from cpu_loop_exit_sigbus.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/ppc/cpu_loop.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/ppc/cpu_loop.c
+++ b/linux-user/ppc/cpu_loop.c
@@ -XXX,XX +XXX,XX @@ void cpu_loop(CPUPPCState *env)
             cpu_abort(cs, "External interrupt while in user mode. "
                       "Aborting\n");
             break;
-        case POWERPC_EXCP_ALIGN:    /* Alignment exception                   */
-            /* XXX: check this */
-            info.si_signo = TARGET_SIGBUS;
-            info.si_errno = 0;
-            info.si_code = TARGET_BUS_ADRALN;
-            info._sifields._sigfault._addr = env->nip;
-            queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info);
-            break;
         case POWERPC_EXCP_PROGRAM:  /* Program exception                     */
         case POWERPC_EXCP_HV_EMU:   /* HV emulation                          */
             /* XXX: check this */
-- 
2.25.1

We ought to have been recording the virtual address for reporting
to the guest trap handler.

Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sh4/op_helper.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/sh4/op_helper.c b/target/sh4/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/op_helper.c
+++ b/target/sh4/op_helper.c
@@ -XXX,XX +XXX,XX @@ void superh_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
                                     MMUAccessType access_type,
                                     int mmu_idx, uintptr_t retaddr)
 {
+    CPUSH4State *env = cs->env_ptr;
+
+    env->tea = addr;
     switch (access_type) {
     case MMU_INST_FETCH:
     case MMU_DATA_LOAD:
@@ -XXX,XX +XXX,XX @@ void superh_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
     case MMU_DATA_STORE:
         cs->exception_index = 0x100;
         break;
+    default:
+        g_assert_not_reached();
     }
     cpu_loop_exit_restore(cs, retaddr);
 }
-- 
2.25.1

The printf should have been qemu_log_mask, the parameters
themselves no longer compile, and because this is placed
before unwinding the PC is actively wrong.

We get better (and correct) logging on the other side of
raising the exception, in sparc_cpu_do_interrupt.

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/ldst_helper.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -XXX,XX +XXX,XX @@
 
 //#define DEBUG_MMU
 //#define DEBUG_MXCC
-//#define DEBUG_UNALIGNED
 //#define DEBUG_UNASSIGNED
 //#define DEBUG_ASI
 //#define DEBUG_CACHE_CONTROL
@@ -XXX,XX +XXX,XX @@ static void do_check_align(CPUSPARCState *env, target_ulong addr,
                            uint32_t align, uintptr_t ra)
 {
     if (addr & align) {
-#ifdef DEBUG_UNALIGNED
-        printf("Unaligned access to 0x" TARGET_FMT_lx " from 0x" TARGET_FMT_lx
-               "\n", addr, env->pc);
-#endif
         cpu_raise_exception_ra(env, TT_UNALIGNED, ra);
     }
 }
@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
     SPARCCPU *cpu = SPARC_CPU(cs);
     CPUSPARCState *env = &cpu->env;
 
-#ifdef DEBUG_UNALIGNED
-    printf("Unaligned access to 0x" TARGET_FMT_lx " from 0x" TARGET_FMT_lx
-           "\n", addr, env->pc);
-#endif
     cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr);
 }
 #endif
-- 
2.25.1

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/mmu_helper.c | 72 +++++++++++++++++++++++++--------------
 1 file changed, 46 insertions(+), 26 deletions(-)

diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -XXX,XX +XXX,XX @@ static inline int ultrasparc_tag_match(SparcTLBEntry *tlb,
     return 0;
 }
 
+static uint64_t build_sfsr(CPUSPARCState *env, int mmu_idx, int rw)
+{
+    uint64_t sfsr = SFSR_VALID_BIT;
+
+    switch (mmu_idx) {
+    case MMU_PHYS_IDX:
+        sfsr |= SFSR_CT_NOTRANS;
+        break;
+    case MMU_USER_IDX:
+    case MMU_KERNEL_IDX:
+        sfsr |= SFSR_CT_PRIMARY;
+        break;
+    case MMU_USER_SECONDARY_IDX:
+    case MMU_KERNEL_SECONDARY_IDX:
+        sfsr |= SFSR_CT_SECONDARY;
+        break;
+    case MMU_NUCLEUS_IDX:
+        sfsr |= SFSR_CT_NUCLEUS;
+        break;
+    default:
+        g_assert_not_reached();
+    }
+
+    if (rw == 1) {
+        sfsr |= SFSR_WRITE_BIT;
+    } else if (rw == 4) {
+        sfsr |= SFSR_NF_BIT;
+    }
+
+    if (env->pstate & PS_PRIV) {
+        sfsr |= SFSR_PR_BIT;
+    }
+
+    if (env->dmmu.sfsr & SFSR_VALID_BIT) { /* Fault status register */
+        sfsr |= SFSR_OW_BIT; /* overflow (not read before another fault) */
+    }
+
+    /* FIXME: ASI field in SFSR must be set */
+
+    return sfsr;
+}
+
 static int get_physical_address_data(CPUSPARCState *env, hwaddr *physical,
                                      int *prot, MemTxAttrs *attrs,
                                      target_ulong address, int rw, int mmu_idx)
 {
     CPUState *cs = env_cpu(env);
     unsigned int i;
+    uint64_t sfsr;
     uint64_t context;
-    uint64_t sfsr = 0;
     bool is_user = false;
 
+    sfsr = build_sfsr(env, mmu_idx, rw);
+
     switch (mmu_idx) {
     case MMU_PHYS_IDX:
         g_assert_not_reached();
@@ -XXX,XX +XXX,XX @@ static int get_physical_address_data(CPUSPARCState *env, hwaddr *physical,
         /* fallthru */
     case MMU_KERNEL_IDX:
         context = env->dmmu.mmu_primary_context & 0x1fff;
-        sfsr |= SFSR_CT_PRIMARY;
         break;
     case MMU_USER_SECONDARY_IDX:
         is_user = true;
         /* fallthru */
     case MMU_KERNEL_SECONDARY_IDX:
         context = env->dmmu.mmu_secondary_context & 0x1fff;
-        sfsr |= SFSR_CT_SECONDARY;
         break;
-    case MMU_NUCLEUS_IDX:
-        sfsr |= SFSR_CT_NUCLEUS;
-        /* FALLTHRU */
     default:
         context = 0;
         break;
     }
 
-    if (rw == 1) {
-        sfsr |= SFSR_WRITE_BIT;
-    } else if (rw == 4) {
-        sfsr |= SFSR_NF_BIT;
-    }
-
     for (i = 0; i < 64; i++) {
         /* ctx match, vaddr match, valid? */
         if (ultrasparc_tag_match(&env->dtlb[i], address, context, physical)) {
@@ -XXX,XX +XXX,XX @@ static int get_physical_address_data(CPUSPARCState *env, hwaddr *physical,
                 return 0;
             }
 
-            if (env->dmmu.sfsr & SFSR_VALID_BIT) { /* Fault status register */
-                sfsr |= SFSR_OW_BIT; /* overflow (not read before
-                                        another fault) */
-            }
-
-            if (env->pstate & PS_PRIV) {
-                sfsr |= SFSR_PR_BIT;
-            }
-
-            /* FIXME: ASI field in SFSR must be set */
-            env->dmmu.sfsr = sfsr | SFSR_VALID_BIT;
-
+            env->dmmu.sfsr = sfsr;
             env->dmmu.sfar = address; /* Fault address register */
-
             env->dmmu.tag_access = (address & ~0x1fffULL) | context;
-
             return 1;
         }
     }
-- 
2.25.1

We ought to have been recording the virtual address for reporting
to the guest trap handler.  Move the function to mmu_helper.c, so
that we can re-use code shared with get_physical_address_data.

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/ldst_helper.c | 13 -------------
 target/sparc/mmu_helper.c  | 20 ++++++++++++++++++++
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -XXX,XX +XXX,XX @@ void sparc_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
                           is_asi, size, retaddr);
 }
 #endif
-
-#if !defined(CONFIG_USER_ONLY)
-void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-                                                 MMUAccessType access_type,
-                                                 int mmu_idx,
-                                                 uintptr_t retaddr)
-{
-    SPARCCPU *cpu = SPARC_CPU(cs);
-    CPUSPARCState *env = &cpu->env;
-
-    cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr);
-}
-#endif
diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -XXX,XX +XXX,XX @@ hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
     }
     return phys_addr;
 }
+
+#ifndef CONFIG_USER_ONLY
+void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
+                                                 MMUAccessType access_type,
+                                                 int mmu_idx,
+                                                 uintptr_t retaddr)
+{
+    SPARCCPU *cpu = SPARC_CPU(cs);
+    CPUSPARCState *env = &cpu->env;
+
+#ifdef TARGET_SPARC64
+    env->dmmu.sfsr = build_sfsr(env, mmu_idx, access_type);
+    env->dmmu.sfar = addr;
+#else
+    env->mmuregs[4] = addr;
+#endif
+
+    cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr);
+}
+#endif /* !CONFIG_USER_ONLY */
-- 
2.25.1

Use the new cpu_loop_exit_sigbus for atomic_mmu_lookup, which
has access to complete alignment info from the TCGMemOpIdx arg.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/user-exec.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
                                MemOpIdx oi, int size, int prot,
                                uintptr_t retaddr)
 {
+    MemOp mop = get_memop(oi);
+    int a_bits = get_alignment_bits(mop);
+    void *ret;
+
+    /* Enforce guest required alignment.  */
+    if (unlikely(addr & ((1 << a_bits) - 1))) {
+        MMUAccessType t = prot == PAGE_READ ? MMU_DATA_LOAD : MMU_DATA_STORE;
+        cpu_loop_exit_sigbus(env_cpu(env), addr, t, retaddr);
+    }
+
     /* Enforce qemu required alignment.  */
     if (unlikely(addr & (size - 1))) {
         cpu_loop_exit_atomic(env_cpu(env), retaddr);
     }
-    void *ret = g2h(env_cpu(env), addr);
+
+    ret = g2h(env_cpu(env), addr);
     set_helper_retaddr(retaddr);
     return ret;
 }
-- 
2.25.1

Cc: qemu-arm@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper-a64.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
 
     cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
     newv = int128_make128(new_lo, new_hi);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_BE | MO_128 | MO_ALIGN, mem_idx);
 
     /*
      * High and low need to be switched here because this is not actually a
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
 
     cmpv = int128_make128(env->xregs[rs], env->xregs[rs + 1]);
     newv = int128_make128(new_lo, new_hi);
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
 
     cmpv = int128_make128(env->xregs[rs + 1], env->xregs[rs]);
     newv = int128_make128(new_lo, new_hi);
-- 
2.25.1

Cc: qemu-ppc@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/ppc/translate.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_std(DisasContext *ctx)
             if (HAVE_ATOMIC128) {
                 TCGv_i32 oi = tcg_temp_new_i32();
                 if (ctx->le_mode) {
-                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128,
+                                                        ctx->mem_idx));
                     gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
                 } else {
-                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128,
+                                                        ctx->mem_idx));
                     gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
                 }
                 tcg_temp_free_i32(oi);
@@ -XXX,XX +XXX,XX @@ static void gen_lqarx(DisasContext *ctx)
         if (HAVE_ATOMIC128) {
             TCGv_i32 oi = tcg_temp_new_i32();
             if (ctx->le_mode) {
-                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128 | MO_ALIGN,
                                                     ctx->mem_idx));
                 gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
             } else {
-                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128 | MO_ALIGN,
                                                     ctx->mem_idx));
                 gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
             }
@@ -XXX,XX +XXX,XX @@ static void gen_stqcx_(DisasContext *ctx)
 
     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
         if (HAVE_CMPXCHG128) {
-            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
+            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_128) | MO_ALIGN);
             if (ctx->le_mode) {
                 gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env,
                                              EA, lo, hi, oi);
-- 
2.25.1

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/tcg/mem_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
     oldv = cpu_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
     fail = !int128_eq(oldv, cmpv);
 
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                 cpu_stq_data_ra(env, a1 + 0, int128_gethi(nv), ra);
                 cpu_stq_data_ra(env, a1 + 8, int128_getlo(nv), ra);
             } else if (HAVE_CMPXCHG128) {
-                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+                MemOpIdx oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
                 ov = cpu_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
                 cc = !int128_eq(ov, cv);
             } else {
-- 
2.25.1

These functions are much closer to the softmmu helper
functions, in that they take the complete MemOpIdx,
and from that they may enforce required alignment.

The previous cpu_ldst.h functions did not have alignment info,
and so did not enforce it.  Retain this by adding MO_UNALN to
the MemOp that we create in calling the new functions.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 docs/devel/loads-stores.rst |  52 ++++-
 include/exec/cpu_ldst.h     | 245 ++++++++--------------
 accel/tcg/cputlb.c          | 392 ++++++++++++------------------------
 accel/tcg/user-exec.c       | 390 +++++++++++++++--------------------
 accel/tcg/ldst_common.c.inc | 307 ++++++++++++++++++++++++++++
 5 files changed, 722 insertions(+), 664 deletions(-)
 create mode 100644 accel/tcg/ldst_common.c.inc

diff --git a/docs/devel/loads-stores.rst b/docs/devel/loads-stores.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/loads-stores.rst
+++ b/docs/devel/loads-stores.rst
@@ -XXX,XX +XXX,XX @@ Regexes for git grep
  - ``\<ldn_$[hbl]e$?_p\>``
  - ``\<stn_$[hbl]e$?_p\>``
 
-``cpu_{ld,st}*_mmuidx_ra``
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+``cpu_{ld,st}*_mmu``
+~~~~~~~~~~~~~~~~~~~~
 
-These functions operate on a guest virtual address plus a context,
-known as a "mmu index" or ``mmuidx``, which controls how that virtual
-address is translated.  The meaning of the indexes are target specific,
-but specifying a particular index might be necessary if, for instance,
-the helper requires an "always as non-privileged" access rather that
-the default access for the current state of the guest CPU.
+These functions operate on a guest virtual address, plus a context
+known as a "mmu index" which controls how that virtual address is
+translated, plus a ``MemOp`` which contains alignment requirements
+among other things.  The ``MemOp`` and mmu index are combined into
+a single argument of type ``MemOpIdx``.
+
+The meaning of the indexes are target specific, but specifying a
+particular index might be necessary if, for instance, the helper
+requires a "always as non-privileged" access rather than the
+default access for the current state of the guest CPU.
 
 These functions may cause a guest CPU exception to be taken
 (e.g. for an alignment fault or MMU fault) which will result in
@@ -XXX,XX +XXX,XX @@ function, which is a return address into the generated code [#gpc]_.
 
 Function names follow the pattern:
 
+load: ``cpu_ld{size}{end}_mmu(env, ptr, oi, retaddr)``
+
+store: ``cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)``
+
+``size``
+ - ``b`` : 8 bits
+ - ``w`` : 16 bits
+ - ``l`` : 32 bits
+ - ``q`` : 64 bits
+
+``end``
+ - (empty) : for target endian, or 8 bit sizes
+ - ``_be`` : big endian
+ - ``_le`` : little endian
+
+Regexes for git grep:
+ - ``\<cpu_ld[bwlq](_[bl]e)\?_mmu\>``
+ - ``\<cpu_st[bwlq](_[bl]e)\?_mmu\>``
+
+
+``cpu_{ld,st}*_mmuidx_ra``
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+These functions work like the ``cpu_{ld,st}_mmu`` functions except
+that the ``mmuidx`` parameter is not combined with a ``MemOp``,
+and therefore there is no required alignment supplied or enforced.
+
+Function names follow the pattern:
+
 load: ``cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmuidx, retaddr)``
 
 store: ``cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmuidx, retaddr)``
@@ -XXX,XX +XXX,XX @@ of the guest CPU, as determined by ``cpu_mmu_index(env, false)``.
 
 These are generally the preferred way to do accesses by guest
 virtual address from helper functions, unless the access should
-be performed with a context other than the default.
+be performed with a context other than the default, or alignment
+should be enforced for the access.
 
 Function names follow the pattern:
 
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -XXX,XX +XXX,XX @@
  * load:  cpu_ld{sign}{size}{end}_{mmusuffix}(env, ptr)
  *        cpu_ld{sign}{size}{end}_{mmusuffix}_ra(env, ptr, retaddr)
  *        cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmu_idx, retaddr)
+ *        cpu_ld{sign}{size}{end}_mmu(env, ptr, oi, retaddr)
  *
  * store: cpu_st{size}{end}_{mmusuffix}(env, ptr, val)
  *        cpu_st{size}{end}_{mmusuffix}_ra(env, ptr, val, retaddr)
  *        cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmu_idx, retaddr)
+ *        cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)
  *
  * sign is:
  * (empty): for 32 and 64 bit sizes
@@ -XXX,XX +XXX,XX @@
  * The "mmuidx" suffix carries an extra mmu_idx argument that specifies
  * the index to use; the "data" and "code" suffixes take the index from
  * cpu_mmu_index().
+ *
+ * The "mmu" suffix carries the full MemOpIdx, with both mmu_idx and the
+ * MemOp including alignment requirements.  The alignment will be enforced.
  */
 #ifndef CPU_LDST_H
 #define CPU_LDST_H
 
+#include "exec/memopidx.h"
+
 #if defined(CONFIG_USER_ONLY)
 /* sparc32plus has 64bit long but 32bit space address
  * this can make bad result with g2h() and h2g()
@@ -XXX,XX +XXX,XX @@ typedef target_ulong abi_ptr;
 
 uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr);
 int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr);
-
 uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr);
 int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr);
 uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr);
 uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr);
-
 uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr);
 int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr);
 uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr);
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr);
 
 uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
-
 uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
-
 uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 
 void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
-
 void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
-
 void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
 
 void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
                      uint32_t val, uintptr_t ra);
-
 void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint32_t val, uintptr_t ra);
 void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint32_t val, uintptr_t ra);
 void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint64_t val, uintptr_t ra);
-
 void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint32_t val, uintptr_t ra);
 void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
 void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint64_t val, uintptr_t ra);
 
+uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                            int mmu_idx, uintptr_t ra);
+int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                       int mmu_idx, uintptr_t ra);
+uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                               int mmu_idx, uintptr_t ra);
+int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                          int mmu_idx, uintptr_t ra);
+uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                               int mmu_idx, uintptr_t ra);
+int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                          int mmu_idx, uintptr_t ra);
+uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+
+void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                       int mmu_idx, uintptr_t ra);
+void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                          int mmu_idx, uintptr_t ra);
+
+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr ptr, MemOpIdx oi, uintptr_t ra);
+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+
+void cpu_stb_mmu(CPUArchState *env, abi_ptr ptr, uint8_t val,
+                 MemOpIdx oi, uintptr_t ra);
+void cpu_stw_be_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stl_be_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stq_be_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stw_le_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra);
+
 #if defined(CONFIG_USER_ONLY)
 
 extern __thread uintptr_t helper_retaddr;
@@ -XXX,XX +XXX,XX @@ static inline void clear_helper_retaddr(void)
     helper_retaddr = 0;
 }
 
-/*
- * Provide the same *_mmuidx_ra interface as for softmmu.
- * The mmu_idx argument is ignored.
- */
-
-static inline uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                          int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldub_data_ra(env, addr, ra);
-}
-
-static inline int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                     int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldsb_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                             int mmu_idx, uintptr_t ra)
-{
-    return cpu_lduw_be_data_ra(env, addr, ra);
-}
-
-static inline int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldsw_be_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldl_be_data_ra(env, addr, ra);
-}
-
-static inline uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldq_be_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                             int mmu_idx, uintptr_t ra)
-{
-    return cpu_lduw_le_data_ra(env, addr, ra);
-}
-
-static inline int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldsw_le_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldl_le_data_ra(env, addr, ra);
-}
-
-static inline uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldq_le_data_ra(env, addr, ra);
-}
-
-static inline void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                     uint32_t val, int mmu_idx, uintptr_t ra)
-{
-    cpu_stb_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stw_be_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stl_be_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint64_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stq_be_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stw_le_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stl_le_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint64_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stq_le_data_ra(env, addr, val, ra);
-}
-
 #else
 
 /* Needed for TCG_OVERSIZED_GUEST */
@@ -XXX,XX +XXX,XX @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, uintptr_t mmu_idx,
     return &env_tlb(env)->f[mmu_idx].table[tlb_index(env, mmu_idx, addr)];
 }
 
-uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                            int mmu_idx, uintptr_t ra);
-int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                       int mmu_idx, uintptr_t ra);
-
-uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra);
-int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra);
-uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-
-uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra);
-int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra);
-uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-
-void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                       int mmu_idx, uintptr_t retaddr);
-
-void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr);
-
-void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr);
-
 #endif /* defined(CONFIG_USER_ONLY) */
 
 #ifdef TARGET_WORDS_BIGENDIAN
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_ldsw_mmuidx_ra   cpu_ldsw_be_mmuidx_ra
 # define cpu_ldl_mmuidx_ra    cpu_ldl_be_mmuidx_ra
 # define cpu_ldq_mmuidx_ra    cpu_ldq_be_mmuidx_ra
+# define cpu_ldw_mmu          cpu_ldw_be_mmu
+# define cpu_ldl_mmu          cpu_ldl_be_mmu
+# define cpu_ldq_mmu          cpu_ldq_be_mmu
 # define cpu_stw_data         cpu_stw_be_data
 # define cpu_stl_data         cpu_stl_be_data
 # define cpu_stq_data         cpu_stq_be_data
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_stw_mmuidx_ra    cpu_stw_be_mmuidx_ra
 # define cpu_stl_mmuidx_ra    cpu_stl_be_mmuidx_ra
 # define cpu_stq_mmuidx_ra    cpu_stq_be_mmuidx_ra
+# define cpu_stw_mmu          cpu_stw_be_mmu
+# define cpu_stl_mmu          cpu_stl_be_mmu
+# define cpu_stq_mmu          cpu_stq_be_mmu
 #else
 # define cpu_lduw_data        cpu_lduw_le_data
 # define cpu_ldsw_data        cpu_ldsw_le_data
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_ldsw_mmuidx_ra   cpu_ldsw_le_mmuidx_ra
 # define cpu_ldl_mmuidx_ra    cpu_ldl_le_mmuidx_ra
 # define cpu_ldq_mmuidx_ra    cpu_ldq_le_mmuidx_ra
+# define cpu_ldw_mmu          cpu_ldw_le_mmu
+# define cpu_ldl_mmu          cpu_ldl_le_mmu
+# define cpu_ldq_mmu          cpu_ldq_le_mmu
 # define cpu_stw_data         cpu_stw_le_data
 # define cpu_stl_data         cpu_stl_le_data
 # define cpu_stq_data         cpu_stq_le_data
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_stw_mmuidx_ra    cpu_stw_le_mmuidx_ra
 # define cpu_stl_mmuidx_ra    cpu_stl_le_mmuidx_ra
 # define cpu_stq_mmuidx_ra    cpu_stq_le_mmuidx_ra
+# define cpu_stw_mmu          cpu_stw_le_mmu
+# define cpu_stl_mmu          cpu_stl_le_mmu
+# define cpu_stq_mmu          cpu_stq_le_mmu
 #endif
 
 uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr);
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
     cpu_loop_exit_atomic(env_cpu(env), retaddr);
 }
 
+/*
+ * Verify that we have passed the correct MemOp to the correct function.
+ *
+ * In the case of the helper_*_mmu functions, we will have done this by
+ * using the MemOp to look up the helper during code generation.
+ *
+ * In the case of the cpu_*_mmu functions, this is up to the caller.
+ * We could present one function to target code, and dispatch based on
+ * the MemOp, but so far we have worked hard to avoid an indirect function
+ * call along the memory path.
+ */
+static void validate_memop(MemOpIdx oi, MemOp expected)
+{
+#ifdef CONFIG_DEBUG_TCG
+    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
+    assert(have == expected);
+#endif
+}
+
 /*
  * Load Helpers
  *
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
 static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
                               MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_UB);
     return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
 }
 
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEUW);
     return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
                        full_le_lduw_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEUW);
     return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
                        full_be_lduw_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEUL);
     return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
                        full_le_ldul_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEUL);
     return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
                        full_be_ldul_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
 uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
                            MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEQ);
     return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
                        helper_le_ldq_mmu);
 }
@@ -XXX,XX +XXX,XX @@ uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
 uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
                            MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEQ);
     return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
                        helper_be_ldq_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
  */
 
 static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
-                                       int mmu_idx, uintptr_t retaddr,
-                                       MemOp op, FullLoadHelper *full_load)
+                                       MemOpIdx oi, uintptr_t retaddr,
+                                       FullLoadHelper *full_load)
 {
-    MemOpIdx oi = make_memop_idx(op, mmu_idx);
     uint64_t ret;
 
     trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-
     ret = full_load(env, addr, oi, retaddr);
-
     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-
     return ret;
 }
 
-uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                            int mmu_idx, uintptr_t ra)
+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr, MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_UB, full_ldub_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_ldub_mmu);
 }
 
-int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                       int mmu_idx, uintptr_t ra)
+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
+    return cpu_load_helper(env, addr, oi, ra, full_be_lduw_mmu);
 }
 
-uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra)
+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUW, full_be_lduw_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_be_ldul_mmu);
 }
 
-int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra)
+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
+    return cpu_load_helper(env, addr, oi, MO_BEQ, helper_be_ldq_mmu);
 }
 
-uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUL, full_be_ldul_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_le_lduw_mmu);
 }
 
-uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEQ, helper_be_ldq_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_le_ldul_mmu);
 }
 
-uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra)
+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUW, full_le_lduw_mmu);
-}
-
-int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra)
-{
-    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
-}
-
-uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
-{
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUL, full_le_ldul_mmu);
-}
-
-uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
-{
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEQ, helper_le_ldq_mmu);
-}
-
-uint32_t cpu_ldub_data_ra(CPUArchState *env, target_ulong ptr,
-                          uintptr_t retaddr)
-{
-    return cpu_ldub_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-int cpu_ldsb_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
-{
-    return cpu_ldsb_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_lduw_be_data_ra(CPUArchState *env, target_ulong ptr,
-                             uintptr_t retaddr)
-{
-    return cpu_lduw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-int cpu_ldsw_be_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
-{
-    return cpu_ldsw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_ldl_be_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldl_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint64_t cpu_ldq_be_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldq_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_lduw_le_data_ra(CPUArchState *env, target_ulong ptr,
-                             uintptr_t retaddr)
-{
-    return cpu_lduw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-int cpu_ldsw_le_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
-{
-    return cpu_ldsw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_ldl_le_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldl_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint64_t cpu_ldq_le_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldq_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_ldub_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldub_data_ra(env, ptr, 0);
-}
-
-int cpu_ldsb_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldsb_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_lduw_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_lduw_be_data_ra(env, ptr, 0);
-}
-
-int cpu_ldsw_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldsw_be_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_ldl_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldl_be_data_ra(env, ptr, 0);
-}
-
-uint64_t cpu_ldq_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldq_be_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_lduw_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_lduw_le_data_ra(env, ptr, 0);
-}
-
-int cpu_ldsw_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldsw_le_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_ldl_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldl_le_data_ra(env, ptr, 0);
-}
-
-uint64_t cpu_ldq_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldq_le_data_ra(env, ptr, 0);
+    return cpu_load_helper(env, addr, oi, ra, helper_le_ldq_mmu);
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ store_memop(void *haddr, uint64_t val, MemOp op)
     }
 }
 
+static void full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                         MemOpIdx oi, uintptr_t retaddr);
+
 static void __attribute__((noinline))
 store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
                        uintptr_t retaddr, size_t size, uintptr_t mmu_idx,
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
         for (i = 0; i < size; ++i) {
             /* Big-endian extract.  */
             uint8_t val8 = val >> (((size - 1) * 8) - (i * 8));
-            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
+            full_stb_mmu(env, addr + i, val8, oi, retaddr);
         }
     } else {
         for (i = 0; i < size; ++i) {
             /* Little-endian extract.  */
             uint8_t val8 = val >> (i * 8);
-            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
+            full_stb_mmu(env, addr + i, val8, oi, retaddr);
         }
     }
 }
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
     store_memop(haddr, val, op);
 }
 
-void __attribute__((noinline))
-helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-                   MemOpIdx oi, uintptr_t retaddr)
+static void __attribute__((noinline))
+full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+             MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_UB);
     store_helper(env, addr, val, oi, retaddr, MO_UB);
 }
 
+void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
+                        MemOpIdx oi, uintptr_t retaddr)
+{
+    full_stb_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_le_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_LEUW);
+    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
+}
+
 void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
+    full_le_stw_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_be_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_BEUW);
+    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
 }
 
 void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
+    full_be_stw_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_le_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_LEUL);
+    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
 }
 
 void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
+    full_le_stl_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_be_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_BEUL);
+    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
 }
 
 void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
+    full_be_stl_mmu(env, addr, val, oi, retaddr);
 }
 
 void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEQ);
     store_helper(env, addr, val, oi, retaddr, MO_LEQ);
 }
 
 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEQ);
     store_helper(env, addr, val, oi, retaddr, MO_BEQ);
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
  * Store Helpers for cpu_ldst.h
  */
 
-static inline void QEMU_ALWAYS_INLINE
-cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
-                 int mmu_idx, uintptr_t retaddr, MemOp op)
+typedef void FullStoreHelper(CPUArchState *env, target_ulong addr,
+                             uint64_t val, MemOpIdx oi, uintptr_t retaddr);
+
+static inline void cpu_store_helper(CPUArchState *env, target_ulong addr,
+                                    uint64_t val, MemOpIdx oi, uintptr_t ra,
+                                    FullStoreHelper *full_store)
 {
-    MemOpIdx oi = make_memop_idx(op, mmu_idx);
-
     trace_guest_st_before_exec(env_cpu(env), addr, oi);
-
-    store_helper(env, addr, val, oi, retaddr, op);
-
+    full_store(env, addr, val, oi, ra);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                       int mmu_idx, uintptr_t retaddr)
+void cpu_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
+                 MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_UB);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_stb_mmu);
 }
 
-void cpu_stw_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stw_be_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUW);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stw_mmu);
 }
 
-void cpu_stl_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stl_be_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUL);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stl_mmu);
 }
 
-void cpu_stq_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stq_be_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEQ);
+    cpu_store_helper(env, addr, val, oi, retaddr, helper_be_stq_mmu);
 }
 
-void cpu_stw_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stw_le_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUW);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stw_mmu);
 }
 
-void cpu_stl_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stl_le_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUL);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stl_mmu);
 }
 
-void cpu_stq_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stq_le_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEQ);
+    cpu_store_helper(env, addr, val, oi, retaddr, helper_le_stq_mmu);
 }
 
-void cpu_stb_data_ra(CPUArchState *env, target_ulong ptr,
-                     uint32_t val, uintptr_t retaddr)
-{
-    cpu_stb_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stw_be_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stw_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stl_be_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stl_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stq_be_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    cpu_stq_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stw_le_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stw_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stl_le_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stl_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stq_le_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    cpu_stq_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stb_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stb_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stw_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stw_be_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stl_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stl_be_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stq_be_data(CPUArchState *env, target_ulong ptr, uint64_t val)
-{
-    cpu_stq_be_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stw_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stw_le_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stl_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stl_le_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
-{
-    cpu_stq_le_data_ra(env, ptr, val, 0);
-}
+#include "ldst_common.c.inc"
 
 /*
  * First set of functions passes in OI and RETADDR.
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ void *probe_access(CPUArchState *env, target_ulong addr, int size,
 
 /* The softmmu versions of these helpers are in cputlb.c.  */
 
-uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
+/*
+ * Verify that we have passed the correct MemOp to the correct function.
+ *
+ * We could present one function to target code, and dispatch based on
+ * the MemOp, but so far we have worked hard to avoid an indirect function
+ * call along the memory path.
+ */
+static void validate_memop(MemOpIdx oi, MemOp expected)
 {
-    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
-    uint32_t ret;
+#ifdef CONFIG_DEBUG_TCG
+    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
+    assert(have == expected);
+#endif
+}
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldub_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+static void *cpu_mmu_lookup(CPUArchState *env, target_ulong addr,
+                            MemOpIdx oi, uintptr_t ra, MMUAccessType type)
+{
+    MemOp mop = get_memop(oi);
+    int a_bits = get_alignment_bits(mop);
+    void *ret;
+
+    /* Enforce guest required alignment.  */
+    if (unlikely(addr & ((1 << a_bits) - 1))) {
+        cpu_loop_exit_sigbus(env_cpu(env), addr, type, ra);
+    }
+
+    ret = g2h(env_cpu(env), addr);
+    set_helper_retaddr(ra);
     return ret;
 }
 
-int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int8_t)cpu_ldub_data(env, ptr);
-}
+    void *haddr;
+    uint8_t ret;
 
-uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
-    uint32_t ret;
-
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = lduw_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_UB);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldub_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_be_data(env, ptr);
-}
+    void *haddr;
+    uint16_t ret;
 
-uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
-    uint32_t ret;
-
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldl_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_BEUW);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = lduw_be_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
+    void *haddr;
+    uint32_t ret;
+
+    validate_memop(oi, MO_BEUL);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldl_be_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
+    return ret;
+}
+
+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
+{
+    void *haddr;
     uint64_t ret;
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldq_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_BEQ);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldq_be_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
+    void *haddr;
+    uint16_t ret;
+
+    validate_memop(oi, MO_LEUW);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = lduw_le_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
+    return ret;
+}
+
+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
+{
+    void *haddr;
     uint32_t ret;
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = lduw_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_LEUL);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldl_le_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_le_data(env, ptr);
-}
-
-uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
-    uint32_t ret;
-
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldl_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-    return ret;
-}
-
-uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
+    void *haddr;
     uint64_t ret;
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldq_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_LEQ);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldq_le_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stb_mmu(CPUArchState *env, abi_ptr addr, uint8_t val,
+                 MemOpIdx oi, uintptr_t ra)
 {
-    uint32_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldub_data(env, ptr);
+    validate_memop(oi, MO_UB);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stb_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stw_be_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int8_t)cpu_ldub_data_ra(env, ptr, retaddr);
-}
+    void *haddr;
 
-uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-{
-    uint32_t ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_lduw_be_data(env, ptr);
+    validate_memop(oi, MO_BEUW);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stw_be_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stl_be_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_be_data_ra(env, ptr, retaddr);
-}
+    void *haddr;
 
-uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-{
-    uint32_t ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldl_be_data(env, ptr);
+    validate_memop(oi, MO_BEUL);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stl_be_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stq_be_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    uint64_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldq_be_data(env, ptr);
+    validate_memop(oi, MO_BEQ);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stq_be_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stw_le_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    uint32_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_lduw_le_data(env, ptr);
+    validate_memop(oi, MO_LEUW);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stw_le_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stl_le_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_le_data_ra(env, ptr, retaddr);
-}
+    void *haddr;
 
-uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-{
-    uint32_t ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldl_le_data(env, ptr);
+    validate_memop(oi, MO_LEUL);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stl_le_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stq_le_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    uint64_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldq_le_data(env, ptr);
-    clear_helper_retaddr();
-    return ret;
-}
-
-void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stb_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stw_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stl_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stq_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stw_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stl_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stq_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
-                     uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stb_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stw_be_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stl_be_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stq_be_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stw_le_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stl_le_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stq_le_data(env, ptr, val);
+    validate_memop(oi, MO_LEQ);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stq_le_p(haddr, val);
     clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr ptr)
     return ret;
 }
 
+#include "ldst_common.c.inc"
+
 /*
  * Do not allow unaligned operations to proceed.  Return the host address.
  *
diff --git a/accel/tcg/ldst_common.c.inc b/accel/tcg/ldst_common.c.inc
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/accel/tcg/ldst_common.c.inc
@@ -XXX,XX +XXX,XX @@
+/*
+ * Routines common to user and system emulation of load/store.
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                            int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+    return cpu_ldb_mmu(env, addr, oi, ra);
+}
+
+int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                       int mmu_idx, uintptr_t ra)
+{
+    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
+}
+
+uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                               int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
+    return cpu_ldw_be_mmu(env, addr, oi, ra);
+}
+
+int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                          int mmu_idx, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
+}
+
+uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
+    return cpu_ldl_be_mmu(env, addr, oi, ra);
+}
+
+uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
+    return cpu_ldq_be_mmu(env, addr, oi, ra);
+}
+
+uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                               int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
+    return cpu_ldw_le_mmu(env, addr, oi, ra);
+}
+
+int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                          int mmu_idx, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
+}
+
+uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
+    return cpu_ldl_le_mmu(env, addr, oi, ra);
+}
+
+uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
+    return cpu_ldq_le_mmu(env, addr, oi, ra);
+}
+
+void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                       int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+    cpu_stb_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
+    cpu_stw_be_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
+    cpu_stl_be_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
+    cpu_stq_be_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
+    cpu_stw_le_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
+    cpu_stl_le_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
+    cpu_stq_le_mmu(env, addr, val, oi, ra);
+}
+
+/*--------------------------*/
+
+uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldub_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return (int8_t)cpu_ldub_data_ra(env, addr, ra);
+}
+
+uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_lduw_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_be_data_ra(env, addr, ra);
+}
+
+uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldl_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldq_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_lduw_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_le_data_ra(env, addr, ra);
+}
+
+uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldl_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldq_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stb_data_ra(CPUArchState *env, abi_ptr addr,
+                     uint32_t val, uintptr_t ra)
+{
+    cpu_stb_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stw_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stl_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint64_t val, uintptr_t ra)
+{
+    cpu_stq_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stw_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stl_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint64_t val, uintptr_t ra)
+{
+    cpu_stq_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+/*--------------------------*/
+
+uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldub_data_ra(env, addr, 0);
+}
+
+int cpu_ldsb_data(CPUArchState *env, abi_ptr addr)
+{
+    return (int8_t)cpu_ldub_data(env, addr);
+}
+
+uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_lduw_be_data_ra(env, addr, 0);
+}
+
+int cpu_ldsw_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return (int16_t)cpu_lduw_be_data(env, addr);
+}
+
+uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldl_be_data_ra(env, addr, 0);
+}
+
+uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldq_be_data_ra(env, addr, 0);
+}
+
+uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_lduw_le_data_ra(env, addr, 0);
+}
+
+int cpu_ldsw_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return (int16_t)cpu_lduw_le_data(env, addr);
+}
+
+uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldl_le_data_ra(env, addr, 0);
+}
+
+uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldq_le_data_ra(env, addr, 0);
+}
+
+void cpu_stb_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stb_data_ra(env, addr, val, 0);
+}
+
+void cpu_stw_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stw_be_data_ra(env, addr, val, 0);
+}
+
+void cpu_stl_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stl_be_data_ra(env, addr, val, 0);
+}
+
+void cpu_stq_be_data(CPUArchState *env, abi_ptr addr, uint64_t val)
+{
+    cpu_stq_be_data_ra(env, addr, val, 0);
+}
+
+void cpu_stw_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stw_le_data_ra(env, addr, val, 0);
+}
+
+void cpu_stl_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stl_le_data_ra(env, addr, val, 0);
+}
+
+void cpu_stq_le_data(CPUArchState *env, abi_ptr addr, uint64_t val)
+{
+    cpu_stq_le_data_ra(env, addr, val, 0);
+}
-- 
2.25.1

The previous placement in tcg/tcg.h was not logical.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu_ldst.h       | 87 +++++++++++++++++++++++++++++++++++
 include/tcg/tcg.h             | 87 -----------------------------------
 target/arm/helper-a64.c       |  1 -
 target/m68k/op_helper.c       |  1 -
 target/ppc/mem_helper.c       |  1 -
 target/s390x/tcg/mem_helper.c |  1 -
 6 files changed, 87 insertions(+), 91 deletions(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -XXX,XX +XXX,XX @@
 #define CPU_LDST_H
 
 #include "exec/memopidx.h"
+#include "qemu/int128.h"
 
 #if defined(CONFIG_USER_ONLY)
 /* sparc32plus has 64bit long but 32bit space address
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
 void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
                     MemOpIdx oi, uintptr_t ra);
 
+uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
+                                 uint32_t cmpv, uint32_t newv,
+                                 MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
+                                    uint64_t cmpv, uint64_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
+                                    uint64_t cmpv, uint64_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+
+#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
+TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
+    (CPUArchState *env, target_ulong addr, TYPE val,  \
+     MemOpIdx oi, uintptr_t retaddr);
+
+#ifdef CONFIG_ATOMIC64
+#define GEN_ATOMIC_HELPER_ALL(NAME)          \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
+    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
+#else
+#define GEN_ATOMIC_HELPER_ALL(NAME)          \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
+#endif
+
+GEN_ATOMIC_HELPER_ALL(fetch_add)
+GEN_ATOMIC_HELPER_ALL(fetch_sub)
+GEN_ATOMIC_HELPER_ALL(fetch_and)
+GEN_ATOMIC_HELPER_ALL(fetch_or)
+GEN_ATOMIC_HELPER_ALL(fetch_xor)
+GEN_ATOMIC_HELPER_ALL(fetch_smin)
+GEN_ATOMIC_HELPER_ALL(fetch_umin)
+GEN_ATOMIC_HELPER_ALL(fetch_smax)
+GEN_ATOMIC_HELPER_ALL(fetch_umax)
+
+GEN_ATOMIC_HELPER_ALL(add_fetch)
+GEN_ATOMIC_HELPER_ALL(sub_fetch)
+GEN_ATOMIC_HELPER_ALL(and_fetch)
+GEN_ATOMIC_HELPER_ALL(or_fetch)
+GEN_ATOMIC_HELPER_ALL(xor_fetch)
+GEN_ATOMIC_HELPER_ALL(smin_fetch)
+GEN_ATOMIC_HELPER_ALL(umin_fetch)
+GEN_ATOMIC_HELPER_ALL(smax_fetch)
+GEN_ATOMIC_HELPER_ALL(umax_fetch)
+
+GEN_ATOMIC_HELPER_ALL(xchg)
+
+#undef GEN_ATOMIC_HELPER_ALL
+#undef GEN_ATOMIC_HELPER
+
+Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
+                                  Int128 cmpv, Int128 newv,
+                                  MemOpIdx oi, uintptr_t retaddr);
+Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
+                                  Int128 cmpv, Int128 newv,
+                                  MemOpIdx oi, uintptr_t retaddr);
+
+Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
+                             MemOpIdx oi, uintptr_t retaddr);
+Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
+                             MemOpIdx oi, uintptr_t retaddr);
+void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
+                           MemOpIdx oi, uintptr_t retaddr);
+void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
+                           MemOpIdx oi, uintptr_t retaddr);
+
 #if defined(CONFIG_USER_ONLY)
 
 extern __thread uintptr_t helper_retaddr;
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@
 #include "qemu/queue.h"
 #include "tcg/tcg-mo.h"
 #include "tcg-target.h"
-#include "qemu/int128.h"
 #include "tcg/tcg-cond.h"
 
 /* XXX: make safe guess about sizes */
@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 #endif
 #endif /* CONFIG_SOFTMMU */
 
-uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
-                                 uint32_t cmpv, uint32_t newv,
-                                 MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
-                                    uint64_t cmpv, uint64_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
-                                    uint64_t cmpv, uint64_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-
-#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
-TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
-    (CPUArchState *env, target_ulong addr, TYPE val,  \
-     MemOpIdx oi, uintptr_t retaddr);
-
-#ifdef CONFIG_ATOMIC64
-#define GEN_ATOMIC_HELPER_ALL(NAME)          \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
-    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
-#else
-#define GEN_ATOMIC_HELPER_ALL(NAME)          \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
-#endif
-
-GEN_ATOMIC_HELPER_ALL(fetch_add)
-GEN_ATOMIC_HELPER_ALL(fetch_sub)
-GEN_ATOMIC_HELPER_ALL(fetch_and)
-GEN_ATOMIC_HELPER_ALL(fetch_or)
-GEN_ATOMIC_HELPER_ALL(fetch_xor)
-GEN_ATOMIC_HELPER_ALL(fetch_smin)
-GEN_ATOMIC_HELPER_ALL(fetch_umin)
-GEN_ATOMIC_HELPER_ALL(fetch_smax)
-GEN_ATOMIC_HELPER_ALL(fetch_umax)
-
-GEN_ATOMIC_HELPER_ALL(add_fetch)
-GEN_ATOMIC_HELPER_ALL(sub_fetch)
-GEN_ATOMIC_HELPER_ALL(and_fetch)
-GEN_ATOMIC_HELPER_ALL(or_fetch)
-GEN_ATOMIC_HELPER_ALL(xor_fetch)
-GEN_ATOMIC_HELPER_ALL(smin_fetch)
-GEN_ATOMIC_HELPER_ALL(umin_fetch)
-GEN_ATOMIC_HELPER_ALL(smax_fetch)
-GEN_ATOMIC_HELPER_ALL(umax_fetch)
-
-GEN_ATOMIC_HELPER_ALL(xchg)
-
-#undef GEN_ATOMIC_HELPER_ALL
-#undef GEN_ATOMIC_HELPER
-
-Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
-                                  Int128 cmpv, Int128 newv,
-                                  MemOpIdx oi, uintptr_t retaddr);
-Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
-                                  Int128 cmpv, Int128 newv,
-                                  MemOpIdx oi, uintptr_t retaddr);
-
-Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
-                             MemOpIdx oi, uintptr_t retaddr);
-Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
-                             MemOpIdx oi, uintptr_t retaddr);
-void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-                           MemOpIdx oi, uintptr_t retaddr);
-void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-                           MemOpIdx oi, uintptr_t retaddr);
-
 #ifdef CONFIG_DEBUG_TCG
 void tcg_assert_listed_vecop(TCGOpcode);
 #else
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "qemu/int128.h"
 #include "qemu/atomic128.h"
-#include "tcg/tcg.h"
 #include "fpu/softfloat.h"
 #include <zlib.h> /* For crc32 */
 
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "semihosting/semihost.h"
-#include "tcg/tcg.h"
 
 #if !defined(CONFIG_USER_ONLY)
 
diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "helper_regs.h"
 #include "exec/cpu_ldst.h"
-#include "tcg/tcg.h"
 #include "internal.h"
 #include "qemu/atomic128.h"
 
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "qemu/int128.h"
 #include "qemu/atomic128.h"
-#include "tcg/tcg.h"
 #include "trace.h"
 
 #if !defined(CONFIG_USER_ONLY)
-- 
2.25.1

We should not have been using the helper_ret_* set of
functions, as they are supposed to be private to tcg.
Nor should we have been using the plain cpu_*_data set
of functions, as they do not handle unwinding properly.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/msa_helper.c | 420 +++++++++++------------------------
 1 file changed, 135 insertions(+), 285 deletions(-)

diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/msa_helper.c
+++ b/target/mips/tcg/msa_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_b(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_BYTE)
-#if !defined(CONFIG_USER_ONLY)
+    uintptr_t ra = GETPC();
+
 #if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
-    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
-    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
-    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
-    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
-    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
-    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
-    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
-    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
-    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
-    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
-    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
-    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
-    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
-    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
-    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
+    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
+    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
+    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
+    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
+    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
+    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
+    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
+    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
+    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (8  << DF_BYTE), ra);
+    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (9  << DF_BYTE), ra);
+    pwd->b[10] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
+    pwd->b[11] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
+    pwd->b[12] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
+    pwd->b[13] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
+    pwd->b[14] = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
+    pwd->b[15] = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
 #else
-    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
-    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
-    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
-    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
-    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
-    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
-    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
-    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
-    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
-    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
-    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
-    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
-    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
-    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
-    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
-    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->b[0]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
-    pwd->b[1]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
-    pwd->b[2]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
-    pwd->b[3]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
-    pwd->b[4]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
-    pwd->b[5]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
-    pwd->b[6]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
-    pwd->b[7]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
-    pwd->b[8]  = cpu_ldub_data(env, addr + (8  << DF_BYTE));
-    pwd->b[9]  = cpu_ldub_data(env, addr + (9  << DF_BYTE));
-    pwd->b[10] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
-    pwd->b[11] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
-    pwd->b[12] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
-    pwd->b[13] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
-    pwd->b[14] = cpu_ldub_data(env, addr + (14 << DF_BYTE));
-    pwd->b[15] = cpu_ldub_data(env, addr + (15 << DF_BYTE));
-#else
-    pwd->b[0]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
-    pwd->b[1]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
-    pwd->b[2]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
-    pwd->b[3]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
-    pwd->b[4]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
-    pwd->b[5]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
-    pwd->b[6]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
-    pwd->b[7]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
-    pwd->b[8]  = cpu_ldub_data(env, addr + (15 << DF_BYTE));
-    pwd->b[9]  = cpu_ldub_data(env, addr + (14 << DF_BYTE));
-    pwd->b[10] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
-    pwd->b[11] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
-    pwd->b[12] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
-    pwd->b[13] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
-    pwd->b[14] = cpu_ldub_data(env, addr + (9 << DF_BYTE));
-    pwd->b[15] = cpu_ldub_data(env, addr + (8 << DF_BYTE));
-#endif
+    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
+    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
+    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
+    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
+    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
+    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
+    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
+    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
+    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
+    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
+    pwd->b[10] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
+    pwd->b[11] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
+    pwd->b[12] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
+    pwd->b[13] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
+    pwd->b[14] = cpu_ldub_data_ra(env, addr + (9 << DF_BYTE), ra);
+    pwd->b[15] = cpu_ldub_data_ra(env, addr + (8 << DF_BYTE), ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_HALF)
-#if !defined(CONFIG_USER_ONLY)
+    uintptr_t ra = GETPC();
+
 #if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
-    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
-    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
-    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
-    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
-    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
-    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
-    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
+    pwd->h[0] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
+    pwd->h[1] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
+    pwd->h[2] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
+    pwd->h[3] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
+    pwd->h[4] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
+    pwd->h[5] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
+    pwd->h[6] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
+    pwd->h[7] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
 #else
-    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
-    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
-    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
-    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
-    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
-    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
-    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
-    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->h[0] = cpu_lduw_data(env, addr + (0 << DF_HALF));
-    pwd->h[1] = cpu_lduw_data(env, addr + (1 << DF_HALF));
-    pwd->h[2] = cpu_lduw_data(env, addr + (2 << DF_HALF));
-    pwd->h[3] = cpu_lduw_data(env, addr + (3 << DF_HALF));
-    pwd->h[4] = cpu_lduw_data(env, addr + (4 << DF_HALF));
-    pwd->h[5] = cpu_lduw_data(env, addr + (5 << DF_HALF));
-    pwd->h[6] = cpu_lduw_data(env, addr + (6 << DF_HALF));
-    pwd->h[7] = cpu_lduw_data(env, addr + (7 << DF_HALF));
-#else
-    pwd->h[0] = cpu_lduw_data(env, addr + (3 << DF_HALF));
-    pwd->h[1] = cpu_lduw_data(env, addr + (2 << DF_HALF));
-    pwd->h[2] = cpu_lduw_data(env, addr + (1 << DF_HALF));
-    pwd->h[3] = cpu_lduw_data(env, addr + (0 << DF_HALF));
-    pwd->h[4] = cpu_lduw_data(env, addr + (7 << DF_HALF));
-    pwd->h[5] = cpu_lduw_data(env, addr + (6 << DF_HALF));
-    pwd->h[6] = cpu_lduw_data(env, addr + (5 << DF_HALF));
-    pwd->h[7] = cpu_lduw_data(env, addr + (4 << DF_HALF));
-#endif
+    pwd->h[0] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
+    pwd->h[1] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
+    pwd->h[2] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
+    pwd->h[3] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
+    pwd->h[4] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
+    pwd->h[5] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
+    pwd->h[6] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
+    pwd->h[7] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_WORD)
-#if !defined(CONFIG_USER_ONLY)
+    uintptr_t ra = GETPC();
+
 #if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
-    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
-    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
-    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
+    pwd->w[0] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
+    pwd->w[1] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
+    pwd->w[2] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
+    pwd->w[3] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
 #else
-    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
-    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
-    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
-    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->w[0] = cpu_ldl_data(env, addr + (0 << DF_WORD));
-    pwd->w[1] = cpu_ldl_data(env, addr + (1 << DF_WORD));
-    pwd->w[2] = cpu_ldl_data(env, addr + (2 << DF_WORD));
-    pwd->w[3] = cpu_ldl_data(env, addr + (3 << DF_WORD));
-#else
-    pwd->w[0] = cpu_ldl_data(env, addr + (1 << DF_WORD));
-    pwd->w[1] = cpu_ldl_data(env, addr + (0 << DF_WORD));
-    pwd->w[2] = cpu_ldl_data(env, addr + (3 << DF_WORD));
-    pwd->w[3] = cpu_ldl_data(env, addr + (2 << DF_WORD));
-#endif
+    pwd->w[0] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
+    pwd->w[1] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
+    pwd->w[2] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
+    pwd->w[3] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_DOUBLE)
-#if !defined(CONFIG_USER_ONLY)
-    pwd->d[0] = helper_ret_ldq_mmu(env, addr + (0 << DF_DOUBLE), oi, GETPC());
-    pwd->d[1] = helper_ret_ldq_mmu(env, addr + (1 << DF_DOUBLE), oi, GETPC());
-#else
-    pwd->d[0] = cpu_ldq_data(env, addr + (0 << DF_DOUBLE));
-    pwd->d[1] = cpu_ldq_data(env, addr + (1 << DF_DOUBLE));
-#endif
+    uintptr_t ra = GETPC();
+
+    pwd->d[0] = cpu_ldq_data_ra(env, addr + (0 << DF_DOUBLE), ra);
+    pwd->d[1] = cpu_ldq_data_ra(env, addr + (1 << DF_DOUBLE), ra);
 }
 
 #define MSA_PAGESPAN(x) \
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_b(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
+
+    ensure_writable_pages(env, addr, mmu_idx, ra);
 
-    MEMOP_IDX(DF_BYTE)
-    ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
 #if !defined(HOST_WORDS_BIGENDIAN)
-    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[0],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[1],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[2],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[3],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[4],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[5],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[6],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[7],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[8],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[9],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[10], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[11], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[12], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[13], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[14], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[15], oi, GETPC());
+    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[0], ra);
+    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[1], ra);
+    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[2], ra);
+    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[3], ra);
+    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[4], ra);
+    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[5], ra);
+    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[6], ra);
+    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[7], ra);
+    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[8], ra);
+    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[9], ra);
+    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[10], ra);
+    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[11], ra);
+    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[12], ra);
+    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[13], ra);
+    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[14], ra);
+    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[15], ra);
 #else
-    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[0],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[1],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[2],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[3],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[4],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[5],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[6],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[7],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[8],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[9],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[10], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[11], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[12], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[13], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[14], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[15], oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[0]);
-    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[1]);
-    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[2]);
-    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[3]);
-    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[4]);
-    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[5]);
-    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[6]);
-    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[7]);
-    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[8]);
-    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[9]);
-    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[10]);
-    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[11]);
-    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[12]);
-    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[13]);
-    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[14]);
-    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[15]);
-#else
-    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[0]);
-    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[1]);
-    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[2]);
-    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[3]);
-    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[4]);
-    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[5]);
-    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[6]);
-    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[7]);
-    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[8]);
-    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[9]);
-    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[10]);
-    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[11]);
-    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[12]);
-    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[13]);
-    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[14]);
-    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[15]);
-#endif
+    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[0], ra);
+    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[1], ra);
+    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[2], ra);
+    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[3], ra);
+    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[4], ra);
+    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[5], ra);
+    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[6], ra);
+    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[7], ra);
+    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[8], ra);
+    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[9], ra);
+    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[10], ra);
+    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[11], ra);
+    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[12], ra);
+    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[13], ra);
+    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[14], ra);
+    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[15], ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
+
+    ensure_writable_pages(env, addr, mmu_idx, ra);
 
-    MEMOP_IDX(DF_HALF)
-    ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
 #if !defined(HOST_WORDS_BIGENDIAN)
-    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[0], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[1], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[2], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[3], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[4], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[5], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[6], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[7], oi, GETPC());
+    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[0], ra);
+    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[1], ra);
+    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[2], ra);
+    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[3], ra);
+    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[4], ra);
+    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[5], ra);
+    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[6], ra);
+    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[7], ra);
 #else
-    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[0], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[1], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[2], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[3], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[4], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[5], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[6], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[7], oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[0]);
-    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[1]);
-    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[2]);
-    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[3]);
-    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[4]);
-    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[5]);
-    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[6]);
-    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[7]);
-#else
-    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[0]);
-    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[1]);
-    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[2]);
-    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[3]);
-    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[4]);
-    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[5]);
-    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[6]);
-    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[7]);
-#endif
+    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[0], ra);
+    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[1], ra);
+    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[2], ra);
+    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[3], ra);
+    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[4], ra);
+    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[5], ra);
+    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[6], ra);
+    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[7], ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
+
+    ensure_writable_pages(env, addr, mmu_idx, ra);
 
-    MEMOP_IDX(DF_WORD)
-    ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
 #if !defined(HOST_WORDS_BIGENDIAN)
-    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[0], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[1], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[2], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[3], oi, GETPC());
+    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[0], ra);
+    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[1], ra);
+    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[2], ra);
+    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[3], ra);
 #else
-    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[0], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[1], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[2], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[3], oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[0]);
-    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[1]);
-    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[2]);
-    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[3]);
-#else
-    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[0]);
-    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[1]);
-    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[2]);
-    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[3]);
-#endif
+    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[0], ra);
+    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[1], ra);
+    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[2], ra);
+    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[3], ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
 
-    MEMOP_IDX(DF_DOUBLE)
     ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
-    helper_ret_stq_mmu(env, addr + (0 << DF_DOUBLE), pwd->d[0], oi, GETPC());
-    helper_ret_stq_mmu(env, addr + (1 << DF_DOUBLE), pwd->d[1], oi, GETPC());
-#else
-    cpu_stq_data(env, addr + (0 << DF_DOUBLE), pwd->d[0]);
-    cpu_stq_data(env, addr + (1 << DF_DOUBLE), pwd->d[1]);
-#endif
+
+    cpu_stq_data_ra(env, addr + (0 << DF_DOUBLE), pwd->d[0], ra);
+    cpu_stq_data_ra(env, addr + (1 << DF_DOUBLE), pwd->d[1], ra);
 }
-- 
2.25.1

Rather than use 4-16 separate operations, use 2 operations
plus some byte reordering as necessary.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/msa_helper.c | 201 +++++++++++++----------------------
 1 file changed, 71 insertions(+), 130 deletions(-)

The helper_*_mmu functions were the only thing available
when this code was written.  This could have been adjusted
when we added cpu_*_mmuidx_ra, but now we can most easily
use the newest set of interfaces.

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/tcg/mem_helper.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ static void do_access_memset(CPUS390XState *env, vaddr vaddr, char *haddr,
          * page. This is especially relevant to speed up TLB_NOTDIRTY.
          */
         g_assert(size > 0);
-        helper_ret_stb_mmu(env, vaddr, byte, oi, ra);
+        cpu_stb_mmu(env, vaddr, byte, oi, ra);
         haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
         if (likely(haddr)) {
             memset(haddr + 1, byte, size - 1);
         } else {
             for (i = 1; i < size; i++) {
-                helper_ret_stb_mmu(env, vaddr + i, byte, oi, ra);
+                cpu_stb_mmu(env, vaddr + i, byte, oi, ra);
             }
         }
     }
@@ -XXX,XX +XXX,XX @@ static uint8_t do_access_get_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
      * Do a single access and test if we can then get access to the
      * page. This is especially relevant to speed up TLB_NOTDIRTY.
      */
-    byte = helper_ret_ldub_mmu(env, vaddr + offset, oi, ra);
+    byte = cpu_ldb_mmu(env, vaddr + offset, oi, ra);
     *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_LOAD, mmu_idx);
     return byte;
 #endif
@@ -XXX,XX +XXX,XX @@ static void do_access_set_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
      * Do a single access and test if we can then get access to the
      * page. This is especially relevant to speed up TLB_NOTDIRTY.
      */
-    helper_ret_stb_mmu(env, vaddr + offset, byte, oi, ra);
+    cpu_stb_mmu(env, vaddr + offset, byte, oi, ra);
     *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
 #endif
 }
-- 
2.25.1

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -XXX,XX +XXX,XX @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr,
             oi = make_memop_idx(memop, idx);
             switch (size) {
             case 1:
-                ret = helper_ret_ldub_mmu(env, addr, oi, GETPC());
+                ret = cpu_ldb_mmu(env, addr, oi, GETPC());
                 break;
             case 2:
                 if (asi & 8) {
-                    ret = helper_le_lduw_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldw_le_mmu(env, addr, oi, GETPC());
                 } else {
-                    ret = helper_be_lduw_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldw_be_mmu(env, addr, oi, GETPC());
                 }
                 break;
             case 4:
                 if (asi & 8) {
-                    ret = helper_le_ldul_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldl_le_mmu(env, addr, oi, GETPC());
                 } else {
-                    ret = helper_be_ldul_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldl_be_mmu(env, addr, oi, GETPC());
                 }
                 break;
             case 8:
                 if (asi & 8) {
-                    ret = helper_le_ldq_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldq_le_mmu(env, addr, oi, GETPC());
                 } else {
-                    ret = helper_be_ldq_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldq_be_mmu(env, addr, oi, GETPC());
                 }
                 break;
             default:
-- 
2.25.1

Cc: qemu-arm@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper-a64.c | 52 +++++++----------------------------------
 target/arm/m_helper.c   |  6 ++---
 2 files changed, 11 insertions(+), 47 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
     uintptr_t ra = GETPC();
     uint64_t o0, o1;
     bool success;
-
-#ifdef CONFIG_USER_ONLY
-    /* ??? Enforce alignment.  */
-    uint64_t *haddr = g2h(env_cpu(env), addr);
-
-    set_helper_retaddr(ra);
-    o0 = ldq_le_p(haddr + 0);
-    o1 = ldq_le_p(haddr + 1);
-    oldv = int128_make128(o0, o1);
-
-    success = int128_eq(oldv, cmpv);
-    if (success) {
-        stq_le_p(haddr + 0, int128_getlo(newv));
-        stq_le_p(haddr + 1, int128_gethi(newv));
-    }
-    clear_helper_retaddr();
-#else
     int mem_idx = cpu_mmu_index(env, false);
     MemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
     MemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
 
-    o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
-    o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
+    o0 = cpu_ldq_le_mmu(env, addr + 0, oi0, ra);
+    o1 = cpu_ldq_le_mmu(env, addr + 8, oi1, ra);
     oldv = int128_make128(o0, o1);
 
     success = int128_eq(oldv, cmpv);
     if (success) {
-        helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
-        helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
+        cpu_stq_le_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
+        cpu_stq_le_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
     }
-#endif
 
     return !success;
 }
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
     uintptr_t ra = GETPC();
     uint64_t o0, o1;
     bool success;
-
-#ifdef CONFIG_USER_ONLY
-    /* ??? Enforce alignment.  */
-    uint64_t *haddr = g2h(env_cpu(env), addr);
-
-    set_helper_retaddr(ra);
-    o1 = ldq_be_p(haddr + 0);
-    o0 = ldq_be_p(haddr + 1);
-    oldv = int128_make128(o0, o1);
-
-    success = int128_eq(oldv, cmpv);
-    if (success) {
-        stq_be_p(haddr + 0, int128_gethi(newv));
-        stq_be_p(haddr + 1, int128_getlo(newv));
-    }
-    clear_helper_retaddr();
-#else
     int mem_idx = cpu_mmu_index(env, false);
     MemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
     MemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
 
-    o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
-    o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
+    o1 = cpu_ldq_be_mmu(env, addr + 0, oi0, ra);
+    o0 = cpu_ldq_be_mmu(env, addr + 8, oi1, ra);
     oldv = int128_make128(o0, o1);
 
     success = int128_eq(oldv, cmpv);
     if (success) {
-        helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
-        helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
+        cpu_stq_be_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
+        cpu_stq_be_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
     }
-#endif
 
     return !success;
 }
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -XXX,XX +XXX,XX @@ static bool do_v7m_function_return(ARMCPU *cpu)
          * do them as secure, so work out what MMU index that is.
          */
         mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);
-        oi = make_memop_idx(MO_LE, arm_to_core_mmu_idx(mmu_idx));
-        newpc = helper_le_ldul_mmu(env, frameptr, oi, 0);
-        newpsr = helper_le_ldul_mmu(env, frameptr + 4, oi, 0);
+        oi = make_memop_idx(MO_LEUL, arm_to_core_mmu_idx(mmu_idx));
+        newpc = cpu_ldl_le_mmu(env, frameptr, oi, 0);
+        newpsr = cpu_ldl_le_mmu(env, frameptr + 4, oi, 0);
 
         /* Consistency checks on new IPSR */
         newpsr_exc = newpsr & XPSR_EXCP;
-- 
2.25.1

These functions have been replaced by cpu_*_mmu as the
most proper interface to use from target code.

Hide these declarations from code that should not use them.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg-ldst.h | 74 ++++++++++++++++++++++++++++++++++++++++++
 include/tcg/tcg.h      | 71 ----------------------------------------
 accel/tcg/cputlb.c     |  1 +
 tcg/tcg.c              |  1 +
 tcg/tci.c              |  1 +
 5 files changed, 77 insertions(+), 71 deletions(-)
 create mode 100644 include/tcg/tcg-ldst.h

diff --git a/include/tcg/tcg-ldst.h b/include/tcg/tcg-ldst.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/tcg/tcg-ldst.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Memory helpers that will be used by TCG generated code.
+ *
+ * Copyright (c) 2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef TCG_LDST_H
+#define TCG_LDST_H 1
+
+#ifdef CONFIG_SOFTMMU
+
+/* Value zero-extended to tcg register size.  */
+tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
+                                     MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
+                           MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
+                           MemOpIdx oi, uintptr_t retaddr);
+
+/* Value sign-extended to tcg register size.  */
+tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
+                                     MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+
+void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
+                        MemOpIdx oi, uintptr_t retaddr);
+void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+
+#endif /* CONFIG_SOFTMMU */
+#endif /* TCG_LDST_H */
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
      :  (target_long)dup_const(VECE, C))
 #endif
 
-/*
- * Memory helpers that will be used by TCG generated code.
- */
-#ifdef CONFIG_SOFTMMU
-/* Value zero-extended to tcg register size.  */
-tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
-                                     MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           MemOpIdx oi, uintptr_t retaddr);
-
-/* Value sign-extended to tcg register size.  */
-tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
-                                     MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-
-void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-                        MemOpIdx oi, uintptr_t retaddr);
-void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-
-/* Temporary aliases until backends are converted.  */
-#ifdef TARGET_WORDS_BIGENDIAN
-# define helper_ret_ldsw_mmu  helper_be_ldsw_mmu
-# define helper_ret_lduw_mmu  helper_be_lduw_mmu
-# define helper_ret_ldsl_mmu  helper_be_ldsl_mmu
-# define helper_ret_ldul_mmu  helper_be_ldul_mmu
-# define helper_ret_ldl_mmu   helper_be_ldul_mmu
-# define helper_ret_ldq_mmu   helper_be_ldq_mmu
-# define helper_ret_stw_mmu   helper_be_stw_mmu
-# define helper_ret_stl_mmu   helper_be_stl_mmu
-# define helper_ret_stq_mmu   helper_be_stq_mmu
-#else
-# define helper_ret_ldsw_mmu  helper_le_ldsw_mmu
-# define helper_ret_lduw_mmu  helper_le_lduw_mmu
-# define helper_ret_ldsl_mmu  helper_le_ldsl_mmu
-# define helper_ret_ldul_mmu  helper_le_ldul_mmu
-# define helper_ret_ldl_mmu   helper_le_ldul_mmu
-# define helper_ret_ldq_mmu   helper_le_ldq_mmu
-# define helper_ret_stw_mmu   helper_le_stw_mmu
-# define helper_ret_stl_mmu   helper_le_stl_mmu
-# define helper_ret_stq_mmu   helper_le_stq_mmu
-#endif
-#endif /* CONFIG_SOFTMMU */
-
 #ifdef CONFIG_DEBUG_TCG
 void tcg_assert_listed_vecop(TCGOpcode);
 #else
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@
 #ifdef CONFIG_PLUGIN
 #include "qemu/plugin-memory.h"
 #endif
+#include "tcg/tcg-ldst.h"
 
 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
 /* #define DEBUG_TLB */
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@
 
 #include "elf.h"
 #include "exec/log.h"
+#include "tcg/tcg-ldst.h"
 #include "tcg-internal.h"
 
 #ifdef CONFIG_TCG_INTERPRETER
diff --git a/tcg/tci.c b/tcg/tci.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -XXX,XX +XXX,XX @@
 #include "tcg/tcg.h"           /* MAX_OPC_PARAM_IARGS */
 #include "exec/cpu_ldst.h"
 #include "tcg/tcg-op.h"
+#include "tcg/tcg-ldst.h"
 #include "qemu/compiler.h"
 #include <ffi.h>
 
-- 
2.25.1

To be called from tcg generated code on hosts that support
unaligned accesses natively, in response to an access that
is supposed to be aligned.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg-ldst.h |  5 +++++
 accel/tcg/user-exec.c  | 11 +++++++++++
 2 files changed, 16 insertions(+)

diff --git a/include/tcg/tcg-ldst.h b/include/tcg/tcg-ldst.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg-ldst.h
+++ b/include/tcg/tcg-ldst.h
@@ -XXX,XX +XXX,XX @@ void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                        MemOpIdx oi, uintptr_t retaddr);
 
+#else
+
+void QEMU_NORETURN helper_unaligned_ld(CPUArchState *env, target_ulong addr);
+void QEMU_NORETURN helper_unaligned_st(CPUArchState *env, target_ulong addr);
+
 #endif /* CONFIG_SOFTMMU */
 #endif /* TCG_LDST_H */
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "qemu/atomic128.h"
 #include "trace/trace-root.h"
+#include "tcg/tcg-ldst.h"
 #include "internal.h"
 
 __thread uintptr_t helper_retaddr;
@@ -XXX,XX +XXX,XX @@ static void validate_memop(MemOpIdx oi, MemOp expected)
 #endif
 }
 
+void helper_unaligned_ld(CPUArchState *env, target_ulong addr)
+{
+    cpu_loop_exit_sigbus(env_cpu(env), addr, MMU_DATA_LOAD, GETPC());
+}
+
+void helper_unaligned_st(CPUArchState *env, target_ulong addr)
+{
+    cpu_loop_exit_sigbus(env_cpu(env), addr, MMU_DATA_STORE, GETPC());
+}
+
 static void *cpu_mmu_lookup(CPUArchState *env, target_ulong addr,
                             MemOpIdx oi, uintptr_t ra, MMUAccessType type)
 {
-- 
2.25.1

Since the prctl constants are supposed to be generic, supply
any that are not provided by the host.

Split out subroutines for PR_GET_FP_MODE, PR_SET_FP_MODE,
PR_GET_VL, PR_SET_VL, PR_RESET_KEYS, PR_SET_TAGGED_ADDR_CTRL,
PR_GET_TAGGED_ADDR_CTRL.  Return EINVAL for guests that do
not support these options rather than pass them on to the host.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/aarch64/target_prctl.h    | 160 ++++++++++
 linux-user/aarch64/target_syscall.h  |  23 --
 linux-user/alpha/target_prctl.h      |   1 +
 linux-user/arm/target_prctl.h        |   1 +
 linux-user/cris/target_prctl.h       |   1 +
 linux-user/hexagon/target_prctl.h    |   1 +
 linux-user/hppa/target_prctl.h       |   1 +
 linux-user/i386/target_prctl.h       |   1 +
 linux-user/m68k/target_prctl.h       |   1 +
 linux-user/microblaze/target_prctl.h |   1 +
 linux-user/mips/target_prctl.h       |  88 ++++++
 linux-user/mips/target_syscall.h     |   6 -
 linux-user/mips64/target_prctl.h     |   1 +
 linux-user/mips64/target_syscall.h   |   6 -
 linux-user/nios2/target_prctl.h      |   1 +
 linux-user/openrisc/target_prctl.h   |   1 +
 linux-user/ppc/target_prctl.h        |   1 +
 linux-user/riscv/target_prctl.h      |   1 +
 linux-user/s390x/target_prctl.h      |   1 +
 linux-user/sh4/target_prctl.h        |   1 +
 linux-user/sparc/target_prctl.h      |   1 +
 linux-user/x86_64/target_prctl.h     |   1 +
 linux-user/xtensa/target_prctl.h     |   1 +
 linux-user/syscall.c                 | 433 +++++++++------------------
 24 files changed, 414 insertions(+), 320 deletions(-)
 create mode 100644 linux-user/aarch64/target_prctl.h
 create mode 100644 linux-user/alpha/target_prctl.h
 create mode 100644 linux-user/arm/target_prctl.h
 create mode 100644 linux-user/cris/target_prctl.h
 create mode 100644 linux-user/hexagon/target_prctl.h
 create mode 100644 linux-user/hppa/target_prctl.h
 create mode 100644 linux-user/i386/target_prctl.h
 create mode 100644 linux-user/m68k/target_prctl.h
 create mode 100644 linux-user/microblaze/target_prctl.h
 create mode 100644 linux-user/mips/target_prctl.h
 create mode 100644 linux-user/mips64/target_prctl.h
 create mode 100644 linux-user/nios2/target_prctl.h
 create mode 100644 linux-user/openrisc/target_prctl.h
 create mode 100644 linux-user/ppc/target_prctl.h
 create mode 100644 linux-user/riscv/target_prctl.h
 create mode 100644 linux-user/s390x/target_prctl.h
 create mode 100644 linux-user/sh4/target_prctl.h
 create mode 100644 linux-user/sparc/target_prctl.h
 create mode 100644 linux-user/x86_64/target_prctl.h
 create mode 100644 linux-user/xtensa/target_prctl.h

diff --git a/linux-user/aarch64/target_prctl.h b/linux-user/aarch64/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/aarch64/target_prctl.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * AArch64 specific prctl functions for linux-user
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef AARCH64_TARGET_PRCTL_H
+#define AARCH64_TARGET_PRCTL_H
+
+static abi_long do_prctl_get_vl(CPUArchState *env)
+{
+    ARMCPU *cpu = env_archcpu(env);
+    if (cpu_isar_feature(aa64_sve, cpu)) {
+        return ((cpu->env.vfp.zcr_el[1] & 0xf) + 1) * 16;
+    }
+    return -TARGET_EINVAL;
+}
+#define do_prctl_get_vl do_prctl_get_vl
+
+static abi_long do_prctl_set_vl(CPUArchState *env, abi_long arg2)
+{
+    /*
+     * We cannot support either PR_SVE_SET_VL_ONEXEC or PR_SVE_VL_INHERIT.
+     * Note the kernel definition of sve_vl_valid allows for VQ=512,
+     * i.e. VL=8192, even though the current architectural maximum is VQ=16.
+     */
+    if (cpu_isar_feature(aa64_sve, env_archcpu(env))
+        && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
+        ARMCPU *cpu = env_archcpu(env);
+        uint32_t vq, old_vq;
+
+        old_vq = (env->vfp.zcr_el[1] & 0xf) + 1;
+        vq = MAX(arg2 / 16, 1);
+        vq = MIN(vq, cpu->sve_max_vq);
+
+        if (vq < old_vq) {
+            aarch64_sve_narrow_vq(env, vq);
+        }
+        env->vfp.zcr_el[1] = vq - 1;
+        arm_rebuild_hflags(env);
+        return vq * 16;
+    }
+    return -TARGET_EINVAL;
+}
+#define do_prctl_set_vl do_prctl_set_vl
+
+static abi_long do_prctl_reset_keys(CPUArchState *env, abi_long arg2)
+{
+    ARMCPU *cpu = env_archcpu(env);
+
+    if (cpu_isar_feature(aa64_pauth, cpu)) {
+        int all = (PR_PAC_APIAKEY | PR_PAC_APIBKEY |
+                   PR_PAC_APDAKEY | PR_PAC_APDBKEY | PR_PAC_APGAKEY);
+        int ret = 0;
+        Error *err = NULL;
+
+        if (arg2 == 0) {
+            arg2 = all;
+        } else if (arg2 & ~all) {
+            return -TARGET_EINVAL;
+        }
+        if (arg2 & PR_PAC_APIAKEY) {
+            ret |= qemu_guest_getrandom(&env->keys.apia,
+                                        sizeof(ARMPACKey), &err);
+        }
+        if (arg2 & PR_PAC_APIBKEY) {
+            ret |= qemu_guest_getrandom(&env->keys.apib,
+                                        sizeof(ARMPACKey), &err);
+        }
+        if (arg2 & PR_PAC_APDAKEY) {
+            ret |= qemu_guest_getrandom(&env->keys.apda,
+                                        sizeof(ARMPACKey), &err);
+        }
+        if (arg2 & PR_PAC_APDBKEY) {
+            ret |= qemu_guest_getrandom(&env->keys.apdb,
+                                        sizeof(ARMPACKey), &err);
+        }
+        if (arg2 & PR_PAC_APGAKEY) {
+            ret |= qemu_guest_getrandom(&env->keys.apga,
+                                        sizeof(ARMPACKey), &err);
+        }
+        if (ret != 0) {
+            /*
+             * Some unknown failure in the crypto.  The best
+             * we can do is log it and fail the syscall.
+             * The real syscall cannot fail this way.
+             */
+            qemu_log_mask(LOG_UNIMP, "PR_PAC_RESET_KEYS: Crypto failure: %s",
+                          error_get_pretty(err));
+            error_free(err);
+            return -TARGET_EIO;
+        }
+        return 0;
+    }
+    return -TARGET_EINVAL;
+}
+#define do_prctl_reset_keys do_prctl_reset_keys
+
+static abi_long do_prctl_set_tagged_addr_ctrl(CPUArchState *env, abi_long arg2)
+{
+    abi_ulong valid_mask = PR_TAGGED_ADDR_ENABLE;
+    ARMCPU *cpu = env_archcpu(env);
+
+    if (cpu_isar_feature(aa64_mte, cpu)) {
+        valid_mask |= PR_MTE_TCF_MASK;
+        valid_mask |= PR_MTE_TAG_MASK;
+    }
+
+    if (arg2 & ~valid_mask) {
+        return -TARGET_EINVAL;
+    }
+    env->tagged_addr_enable = arg2 & PR_TAGGED_ADDR_ENABLE;
+
+    if (cpu_isar_feature(aa64_mte, cpu)) {
+        switch (arg2 & PR_MTE_TCF_MASK) {
+        case PR_MTE_TCF_NONE:
+        case PR_MTE_TCF_SYNC:
+        case PR_MTE_TCF_ASYNC:
+            break;
+        default:
+            return -EINVAL;
+        }
+
+        /*
+         * Write PR_MTE_TCF to SCTLR_EL1[TCF0].
+         * Note that the syscall values are consistent with hw.
+         */
+        env->cp15.sctlr_el[1] =
+            deposit64(env->cp15.sctlr_el[1], 38, 2, arg2 >> PR_MTE_TCF_SHIFT);
+
+        /*
+         * Write PR_MTE_TAG to GCR_EL1[Exclude].
+         * Note that the syscall uses an include mask,
+         * and hardware uses an exclude mask -- invert.
+         */
+        env->cp15.gcr_el1 =
+            deposit64(env->cp15.gcr_el1, 0, 16, ~arg2 >> PR_MTE_TAG_SHIFT);
+        arm_rebuild_hflags(env);
+    }
+    return 0;
+}
+#define do_prctl_set_tagged_addr_ctrl do_prctl_set_tagged_addr_ctrl
+
+static abi_long do_prctl_get_tagged_addr_ctrl(CPUArchState *env)
+{
+    ARMCPU *cpu = env_archcpu(env);
+    abi_long ret = 0;
+
+    if (env->tagged_addr_enable) {
+        ret |= PR_TAGGED_ADDR_ENABLE;
+    }
+    if (cpu_isar_feature(aa64_mte, cpu)) {
+        /* See do_prctl_set_tagged_addr_ctrl. */
+        ret |= extract64(env->cp15.sctlr_el[1], 38, 2) << PR_MTE_TCF_SHIFT;
+        ret = deposit64(ret, PR_MTE_TAG_SHIFT, 16, ~env->cp15.gcr_el1);
+    }
+    return ret;
+}
+#define do_prctl_get_tagged_addr_ctrl do_prctl_get_tagged_addr_ctrl
+
+#endif /* AARCH64_TARGET_PRCTL_H */
diff --git a/linux-user/aarch64/target_syscall.h b/linux-user/aarch64/target_syscall.h
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/aarch64/target_syscall.h
+++ b/linux-user/aarch64/target_syscall.h
@@ -XXX,XX +XXX,XX @@ struct target_pt_regs {
 #define TARGET_MCL_FUTURE  2
 #define TARGET_MCL_ONFAULT 4
 
-#define TARGET_PR_SVE_SET_VL  50
-#define TARGET_PR_SVE_GET_VL  51
-
-#define TARGET_PR_PAC_RESET_KEYS 54
-# define TARGET_PR_PAC_APIAKEY   (1 << 0)
-# define TARGET_PR_PAC_APIBKEY   (1 << 1)
-# define TARGET_PR_PAC_APDAKEY   (1 << 2)
-# define TARGET_PR_PAC_APDBKEY   (1 << 3)
-# define TARGET_PR_PAC_APGAKEY   (1 << 4)
-
-#define TARGET_PR_SET_TAGGED_ADDR_CTRL 55
-#define TARGET_PR_GET_TAGGED_ADDR_CTRL 56
-# define TARGET_PR_TAGGED_ADDR_ENABLE  (1UL << 0)
-/* MTE tag check fault modes */
-# define TARGET_PR_MTE_TCF_SHIFT       1
-# define TARGET_PR_MTE_TCF_NONE        (0UL << TARGET_PR_MTE_TCF_SHIFT)
-# define TARGET_PR_MTE_TCF_SYNC        (1UL << TARGET_PR_MTE_TCF_SHIFT)
-# define TARGET_PR_MTE_TCF_ASYNC       (2UL << TARGET_PR_MTE_TCF_SHIFT)
-# define TARGET_PR_MTE_TCF_MASK        (3UL << TARGET_PR_MTE_TCF_SHIFT)
-/* MTE tag inclusion mask */
-# define TARGET_PR_MTE_TAG_SHIFT       3
-# define TARGET_PR_MTE_TAG_MASK        (0xffffUL << TARGET_PR_MTE_TAG_SHIFT)
-
 #endif /* AARCH64_TARGET_SYSCALL_H */
diff --git a/linux-user/alpha/target_prctl.h b/linux-user/alpha/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/alpha/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/arm/target_prctl.h b/linux-user/arm/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/arm/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/cris/target_prctl.h b/linux-user/cris/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/cris/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/hexagon/target_prctl.h b/linux-user/hexagon/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/hexagon/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/hppa/target_prctl.h b/linux-user/hppa/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/hppa/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/i386/target_prctl.h b/linux-user/i386/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/i386/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/m68k/target_prctl.h b/linux-user/m68k/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/m68k/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/microblaze/target_prctl.h b/linux-user/microblaze/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/microblaze/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/mips/target_prctl.h b/linux-user/mips/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/mips/target_prctl.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * MIPS specific prctl functions for linux-user
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef MIPS_TARGET_PRCTL_H
+#define MIPS_TARGET_PRCTL_H
+
+static abi_long do_prctl_get_fp_mode(CPUArchState *env)
+{
+    abi_long ret = 0;
+
+    if (env->CP0_Status & (1 << CP0St_FR)) {
+        ret |= PR_FP_MODE_FR;
+    }
+    if (env->CP0_Config5 & (1 << CP0C5_FRE)) {
+        ret |= PR_FP_MODE_FRE;
+    }
+    return ret;
+}
+#define do_prctl_get_fp_mode do_prctl_get_fp_mode
+
+static abi_long do_prctl_set_fp_mode(CPUArchState *env, abi_long arg2)
+{
+    bool old_fr = env->CP0_Status & (1 << CP0St_FR);
+    bool old_fre = env->CP0_Config5 & (1 << CP0C5_FRE);
+    bool new_fr = arg2 & PR_FP_MODE_FR;
+    bool new_fre = arg2 & PR_FP_MODE_FRE;
+    const unsigned int known_bits = PR_FP_MODE_FR | PR_FP_MODE_FRE;
+
+    /* If nothing to change, return right away, successfully.  */
+    if (old_fr == new_fr && old_fre == new_fre) {
+        return 0;
+    }
+    /* Check the value is valid */
+    if (arg2 & ~known_bits) {
+        return -TARGET_EOPNOTSUPP;
+    }
+    /* Setting FRE without FR is not supported.  */
+    if (new_fre && !new_fr) {
+        return -TARGET_EOPNOTSUPP;
+    }
+    if (new_fr && !(env->active_fpu.fcr0 & (1 << FCR0_F64))) {
+        /* FR1 is not supported */
+        return -TARGET_EOPNOTSUPP;
+    }
+    if (!new_fr && (env->active_fpu.fcr0 & (1 << FCR0_F64))
+        && !(env->CP0_Status_rw_bitmask & (1 << CP0St_FR))) {
+        /* cannot set FR=0 */
+        return -TARGET_EOPNOTSUPP;
+    }
+    if (new_fre && !(env->active_fpu.fcr0 & (1 << FCR0_FREP))) {
+        /* Cannot set FRE=1 */
+        return -TARGET_EOPNOTSUPP;
+    }
+
+    int i;
+    fpr_t *fpr = env->active_fpu.fpr;
+    for (i = 0; i < 32 ; i += 2) {
+        if (!old_fr && new_fr) {
+            fpr[i].w[!FP_ENDIAN_IDX] = fpr[i + 1].w[FP_ENDIAN_IDX];
+        } else if (old_fr && !new_fr) {
+            fpr[i + 1].w[FP_ENDIAN_IDX] = fpr[i].w[!FP_ENDIAN_IDX];
+        }
+    }
+
+    if (new_fr) {
+        env->CP0_Status |= (1 << CP0St_FR);
+        env->hflags |= MIPS_HFLAG_F64;
+    } else {
+        env->CP0_Status &= ~(1 << CP0St_FR);
+        env->hflags &= ~MIPS_HFLAG_F64;
+    }
+    if (new_fre) {
+        env->CP0_Config5 |= (1 << CP0C5_FRE);
+        if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
+            env->hflags |= MIPS_HFLAG_FRE;
+        }
+    } else {
+        env->CP0_Config5 &= ~(1 << CP0C5_FRE);
+        env->hflags &= ~MIPS_HFLAG_FRE;
+    }
+
+    return 0;
+}
+#define do_prctl_set_fp_mode do_prctl_set_fp_mode
+
+#endif /* MIPS_TARGET_PRCTL_H */
diff --git a/linux-user/mips/target_syscall.h b/linux-user/mips/target_syscall.h
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/mips/target_syscall.h
+++ b/linux-user/mips/target_syscall.h
@@ -XXX,XX +XXX,XX @@ static inline abi_ulong target_shmlba(CPUMIPSState *env)
     return 0x40000;
 }
 
-/* MIPS-specific prctl() options */
-#define TARGET_PR_SET_FP_MODE  45
-#define TARGET_PR_GET_FP_MODE  46
-#define TARGET_PR_FP_MODE_FR   (1 << 0)
-#define TARGET_PR_FP_MODE_FRE  (1 << 1)
-
 #endif /* MIPS_TARGET_SYSCALL_H */
diff --git a/linux-user/mips64/target_prctl.h b/linux-user/mips64/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/mips64/target_prctl.h
@@ -0,0 +1 @@
+#include "../mips/target_prctl.h"
diff --git a/linux-user/mips64/target_syscall.h b/linux-user/mips64/target_syscall.h
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/mips64/target_syscall.h
+++ b/linux-user/mips64/target_syscall.h
@@ -XXX,XX +XXX,XX @@ static inline abi_ulong target_shmlba(CPUMIPSState *env)
     return 0x40000;
 }
 
-/* MIPS-specific prctl() options */
-#define TARGET_PR_SET_FP_MODE  45
-#define TARGET_PR_GET_FP_MODE  46
-#define TARGET_PR_FP_MODE_FR   (1 << 0)
-#define TARGET_PR_FP_MODE_FRE  (1 << 1)
-
 #endif /* MIPS64_TARGET_SYSCALL_H */
diff --git a/linux-user/nios2/target_prctl.h b/linux-user/nios2/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/nios2/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/openrisc/target_prctl.h b/linux-user/openrisc/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/openrisc/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/ppc/target_prctl.h b/linux-user/ppc/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/ppc/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/riscv/target_prctl.h b/linux-user/riscv/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/riscv/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/s390x/target_prctl.h b/linux-user/s390x/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/s390x/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/sh4/target_prctl.h b/linux-user/sh4/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/sh4/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/sparc/target_prctl.h b/linux-user/sparc/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/sparc/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/x86_64/target_prctl.h b/linux-user/x86_64/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/x86_64/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/xtensa/target_prctl.h b/linux-user/xtensa/target_prctl.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/xtensa/target_prctl.h
@@ -0,0 +1 @@
+/* No special prctl support required. */
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -XXX,XX +XXX,XX @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
     return ret;
 }
 #endif /* defined(TARGET_ABI32 */
-
 #endif /* defined(TARGET_I386) */
 
+/*
+ * These constants are generic.  Supply any that are missing from the host.
+ */
+#ifndef PR_SET_NAME
+# define PR_SET_NAME    15
+# define PR_GET_NAME    16
+#endif
+#ifndef PR_SET_FP_MODE
+# define PR_SET_FP_MODE 45
+# define PR_GET_FP_MODE 46
+# define PR_FP_MODE_FR   (1 << 0)
+# define PR_FP_MODE_FRE  (1 << 1)
+#endif
+#ifndef PR_SVE_SET_VL
+# define PR_SVE_SET_VL  50
+# define PR_SVE_GET_VL  51
+# define PR_SVE_VL_LEN_MASK  0xffff
+# define PR_SVE_VL_INHERIT   (1 << 17)
+#endif
+#ifndef PR_PAC_RESET_KEYS
+# define PR_PAC_RESET_KEYS  54
+# define PR_PAC_APIAKEY   (1 << 0)
+# define PR_PAC_APIBKEY   (1 << 1)
+# define PR_PAC_APDAKEY   (1 << 2)
+# define PR_PAC_APDBKEY   (1 << 3)
+# define PR_PAC_APGAKEY   (1 << 4)
+#endif
+#ifndef PR_SET_TAGGED_ADDR_CTRL
+# define PR_SET_TAGGED_ADDR_CTRL 55
+# define PR_GET_TAGGED_ADDR_CTRL 56
+# define PR_TAGGED_ADDR_ENABLE  (1UL << 0)
+#endif
+#ifndef PR_MTE_TCF_SHIFT
+# define PR_MTE_TCF_SHIFT       1
+# define PR_MTE_TCF_NONE        (0UL << PR_MTE_TCF_SHIFT)
+# define PR_MTE_TCF_SYNC        (1UL << PR_MTE_TCF_SHIFT)
+# define PR_MTE_TCF_ASYNC       (2UL << PR_MTE_TCF_SHIFT)
+# define PR_MTE_TCF_MASK        (3UL << PR_MTE_TCF_SHIFT)
+# define PR_MTE_TAG_SHIFT       3
+# define PR_MTE_TAG_MASK        (0xffffUL << PR_MTE_TAG_SHIFT)
+#endif
+
+#include "target_prctl.h"
+
+static abi_long do_prctl_inval0(CPUArchState *env)
+{
+    return -TARGET_EINVAL;
+}
+
+static abi_long do_prctl_inval1(CPUArchState *env, abi_long arg2)
+{
+    return -TARGET_EINVAL;
+}
+
+#ifndef do_prctl_get_fp_mode
+#define do_prctl_get_fp_mode do_prctl_inval0
+#endif
+#ifndef do_prctl_set_fp_mode
+#define do_prctl_set_fp_mode do_prctl_inval1
+#endif
+#ifndef do_prctl_get_vl
+#define do_prctl_get_vl do_prctl_inval0
+#endif
+#ifndef do_prctl_set_vl
+#define do_prctl_set_vl do_prctl_inval1
+#endif
+#ifndef do_prctl_reset_keys
+#define do_prctl_reset_keys do_prctl_inval1
+#endif
+#ifndef do_prctl_set_tagged_addr_ctrl
+#define do_prctl_set_tagged_addr_ctrl do_prctl_inval1
+#endif
+#ifndef do_prctl_get_tagged_addr_ctrl
+#define do_prctl_get_tagged_addr_ctrl do_prctl_inval0
+#endif
+
+static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
+                         abi_long arg3, abi_long arg4, abi_long arg5)
+{
+    abi_long ret;
+
+    switch (option) {
+    case PR_GET_PDEATHSIG:
+        {
+            int deathsig;
+            ret = get_errno(prctl(PR_GET_PDEATHSIG, &deathsig,
+                                  arg3, arg4, arg5));
+            if (!is_error(ret) && arg2 && put_user_s32(deathsig, arg2)) {
+                return -TARGET_EFAULT;
+            }
+            return ret;
+        }
+    case PR_GET_NAME:
+        {
+            void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
+            if (!name) {
+                return -TARGET_EFAULT;
+            }
+            ret = get_errno(prctl(PR_GET_NAME, (uintptr_t)name,
+                                  arg3, arg4, arg5));
+            unlock_user(name, arg2, 16);
+            return ret;
+        }
+    case PR_SET_NAME:
+        {
+            void *name = lock_user(VERIFY_READ, arg2, 16, 1);
+            if (!name) {
+                return -TARGET_EFAULT;
+            }
+            ret = get_errno(prctl(PR_SET_NAME, (uintptr_t)name,
+                                  arg3, arg4, arg5));
+            unlock_user(name, arg2, 0);
+            return ret;
+        }
+    case PR_GET_FP_MODE:
+        return do_prctl_get_fp_mode(env);
+    case PR_SET_FP_MODE:
+        return do_prctl_set_fp_mode(env, arg2);
+    case PR_SVE_GET_VL:
+        return do_prctl_get_vl(env);
+    case PR_SVE_SET_VL:
+        return do_prctl_set_vl(env, arg2);
+    case PR_PAC_RESET_KEYS:
+        if (arg3 || arg4 || arg5) {
+            return -TARGET_EINVAL;
+        }
+        return do_prctl_reset_keys(env, arg2);
+    case PR_SET_TAGGED_ADDR_CTRL:
+        if (arg3 || arg4 || arg5) {
+            return -TARGET_EINVAL;
+        }
+        return do_prctl_set_tagged_addr_ctrl(env, arg2);
+    case PR_GET_TAGGED_ADDR_CTRL:
+        if (arg2 || arg3 || arg4 || arg5) {
+            return -TARGET_EINVAL;
+        }
+        return do_prctl_get_tagged_addr_ctrl(env);
+    case PR_GET_SECCOMP:
+    case PR_SET_SECCOMP:
+        /* Disable seccomp to prevent the target disabling syscalls we need. */
+        return -TARGET_EINVAL;
+    default:
+        /* Most prctl options have no pointer arguments */
+        return get_errno(prctl(option, arg2, arg3, arg4, arg5));
+    }
+}
+
 #define NEW_STACK_SIZE 0x40000
 
 
@@ -XXX,XX +XXX,XX @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         return ret;
 #endif
     case TARGET_NR_prctl:
-        switch (arg1) {
-        case PR_GET_PDEATHSIG:
-        {
-            int deathsig;
-            ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
-            if (!is_error(ret) && arg2
-                && put_user_s32(deathsig, arg2)) {
-                return -TARGET_EFAULT;
-            }
-            return ret;
-        }
-#ifdef PR_GET_NAME
-        case PR_GET_NAME:
-        {
-            void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
-            if (!name) {
-                return -TARGET_EFAULT;
-            }
-            ret = get_errno(prctl(arg1, (unsigned long)name,
-                                  arg3, arg4, arg5));
-            unlock_user(name, arg2, 16);
-            return ret;
-        }
-        case PR_SET_NAME:
-        {
-            void *name = lock_user(VERIFY_READ, arg2, 16, 1);
-            if (!name) {
-                return -TARGET_EFAULT;
-            }
-            ret = get_errno(prctl(arg1, (unsigned long)name,
-                                  arg3, arg4, arg5));
-            unlock_user(name, arg2, 0);
-            return ret;
-        }
-#endif
-#ifdef TARGET_MIPS
-        case TARGET_PR_GET_FP_MODE:
-        {
-            CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
-            ret = 0;
-            if (env->CP0_Status & (1 << CP0St_FR)) {
-                ret |= TARGET_PR_FP_MODE_FR;
-            }
-            if (env->CP0_Config5 & (1 << CP0C5_FRE)) {
-                ret |= TARGET_PR_FP_MODE_FRE;
-            }
-            return ret;
-        }
-        case TARGET_PR_SET_FP_MODE:
-        {
-            CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
-            bool old_fr = env->CP0_Status & (1 << CP0St_FR);
-            bool old_fre = env->CP0_Config5 & (1 << CP0C5_FRE);
-            bool new_fr = arg2 & TARGET_PR_FP_MODE_FR;
-            bool new_fre = arg2 & TARGET_PR_FP_MODE_FRE;
-
-            const unsigned int known_bits = TARGET_PR_FP_MODE_FR |
-                                            TARGET_PR_FP_MODE_FRE;
-
-            /* If nothing to change, return right away, successfully.  */
-            if (old_fr == new_fr && old_fre == new_fre) {
-                return 0;
-            }
-            /* Check the value is valid */
-            if (arg2 & ~known_bits) {
-                return -TARGET_EOPNOTSUPP;
-            }
-            /* Setting FRE without FR is not supported.  */
-            if (new_fre && !new_fr) {
-                return -TARGET_EOPNOTSUPP;
-            }
-            if (new_fr && !(env->active_fpu.fcr0 & (1 << FCR0_F64))) {
-                /* FR1 is not supported */
-                return -TARGET_EOPNOTSUPP;
-            }
-            if (!new_fr && (env->active_fpu.fcr0 & (1 << FCR0_F64))
-                && !(env->CP0_Status_rw_bitmask & (1 << CP0St_FR))) {
-                /* cannot set FR=0 */
-                return -TARGET_EOPNOTSUPP;
-            }
-            if (new_fre && !(env->active_fpu.fcr0 & (1 << FCR0_FREP))) {
-                /* Cannot set FRE=1 */
-                return -TARGET_EOPNOTSUPP;
-            }
-
-            int i;
-            fpr_t *fpr = env->active_fpu.fpr;
-            for (i = 0; i < 32 ; i += 2) {
-                if (!old_fr && new_fr) {
-                    fpr[i].w[!FP_ENDIAN_IDX] = fpr[i + 1].w[FP_ENDIAN_IDX];
-                } else if (old_fr && !new_fr) {
-                    fpr[i + 1].w[FP_ENDIAN_IDX] = fpr[i].w[!FP_ENDIAN_IDX];
-                }
-            }
-
-            if (new_fr) {
-                env->CP0_Status |= (1 << CP0St_FR);
-                env->hflags |= MIPS_HFLAG_F64;
-            } else {
-                env->CP0_Status &= ~(1 << CP0St_FR);
-                env->hflags &= ~MIPS_HFLAG_F64;
-            }
-            if (new_fre) {
-                env->CP0_Config5 |= (1 << CP0C5_FRE);
-                if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
-                    env->hflags |= MIPS_HFLAG_FRE;
-                }
-            } else {
-                env->CP0_Config5 &= ~(1 << CP0C5_FRE);
-                env->hflags &= ~MIPS_HFLAG_FRE;
-            }
-
-            return 0;
-        }
-#endif /* MIPS */
-#ifdef TARGET_AARCH64
-        case TARGET_PR_SVE_SET_VL:
-            /*
-             * We cannot support either PR_SVE_SET_VL_ONEXEC or
-             * PR_SVE_VL_INHERIT.  Note the kernel definition
-             * of sve_vl_valid allows for VQ=512, i.e. VL=8192,
-             * even though the current architectural maximum is VQ=16.
-             */
-            ret = -TARGET_EINVAL;
-            if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
-                && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
-                CPUARMState *env = cpu_env;
-                ARMCPU *cpu = env_archcpu(env);
-                uint32_t vq, old_vq;
-
-                old_vq = (env->vfp.zcr_el[1] & 0xf) + 1;
-                vq = MAX(arg2 / 16, 1);
-                vq = MIN(vq, cpu->sve_max_vq);
-
-                if (vq < old_vq) {
-                    aarch64_sve_narrow_vq(env, vq);
-                }
-                env->vfp.zcr_el[1] = vq - 1;
-                arm_rebuild_hflags(env);
-                ret = vq * 16;
-            }
-            return ret;
-        case TARGET_PR_SVE_GET_VL:
-            ret = -TARGET_EINVAL;
-            {
-                ARMCPU *cpu = env_archcpu(cpu_env);
-                if (cpu_isar_feature(aa64_sve, cpu)) {
-                    ret = ((cpu->env.vfp.zcr_el[1] & 0xf) + 1) * 16;
-                }
-            }
-            return ret;
-        case TARGET_PR_PAC_RESET_KEYS:
-            {
-                CPUARMState *env = cpu_env;
-                ARMCPU *cpu = env_archcpu(env);
-
-                if (arg3 || arg4 || arg5) {
-                    return -TARGET_EINVAL;
-                }
-                if (cpu_isar_feature(aa64_pauth, cpu)) {
-                    int all = (TARGET_PR_PAC_APIAKEY | TARGET_PR_PAC_APIBKEY |
-                               TARGET_PR_PAC_APDAKEY | TARGET_PR_PAC_APDBKEY |
-                               TARGET_PR_PAC_APGAKEY);
-                    int ret = 0;
-                    Error *err = NULL;
-
-                    if (arg2 == 0) {
-                        arg2 = all;
-                    } else if (arg2 & ~all) {
-                        return -TARGET_EINVAL;
-                    }
-                    if (arg2 & TARGET_PR_PAC_APIAKEY) {
-                        ret |= qemu_guest_getrandom(&env->keys.apia,
-                                                    sizeof(ARMPACKey), &err);
-                    }
-                    if (arg2 & TARGET_PR_PAC_APIBKEY) {
-                        ret |= qemu_guest_getrandom(&env->keys.apib,
-                                                    sizeof(ARMPACKey), &err);
-                    }
-                    if (arg2 & TARGET_PR_PAC_APDAKEY) {
-                        ret |= qemu_guest_getrandom(&env->keys.apda,
-                                                    sizeof(ARMPACKey), &err);
-                    }
-                    if (arg2 & TARGET_PR_PAC_APDBKEY) {
-                        ret |= qemu_guest_getrandom(&env->keys.apdb,
-                                                    sizeof(ARMPACKey), &err);
-                    }
-                    if (arg2 & TARGET_PR_PAC_APGAKEY) {
-                        ret |= qemu_guest_getrandom(&env->keys.apga,
-                                                    sizeof(ARMPACKey), &err);
-                    }
-                    if (ret != 0) {
-                        /*
-                         * Some unknown failure in the crypto.  The best
-                         * we can do is log it and fail the syscall.
-                         * The real syscall cannot fail this way.
-                         */
-                        qemu_log_mask(LOG_UNIMP,
-                                      "PR_PAC_RESET_KEYS: Crypto failure: %s",
-                                      error_get_pretty(err));
-                        error_free(err);
-                        return -TARGET_EIO;
-                    }
-                    return 0;
-                }
-            }
-            return -TARGET_EINVAL;
-        case TARGET_PR_SET_TAGGED_ADDR_CTRL:
-            {
-                abi_ulong valid_mask = TARGET_PR_TAGGED_ADDR_ENABLE;
-                CPUARMState *env = cpu_env;
-                ARMCPU *cpu = env_archcpu(env);
-
-                if (cpu_isar_feature(aa64_mte, cpu)) {
-                    valid_mask |= TARGET_PR_MTE_TCF_MASK;
-                    valid_mask |= TARGET_PR_MTE_TAG_MASK;
-                }
-
-                if ((arg2 & ~valid_mask) || arg3 || arg4 || arg5) {
-                    return -TARGET_EINVAL;
-                }
-                env->tagged_addr_enable = arg2 & TARGET_PR_TAGGED_ADDR_ENABLE;
-
-                if (cpu_isar_feature(aa64_mte, cpu)) {
-                    switch (arg2 & TARGET_PR_MTE_TCF_MASK) {
-                    case TARGET_PR_MTE_TCF_NONE:
-                    case TARGET_PR_MTE_TCF_SYNC:
-                    case TARGET_PR_MTE_TCF_ASYNC:
-                        break;
-                    default:
-                        return -EINVAL;
-                    }
-
-                    /*
-                     * Write PR_MTE_TCF to SCTLR_EL1[TCF0].
-                     * Note that the syscall values are consistent with hw.
-                     */
-                    env->cp15.sctlr_el[1] =
-                        deposit64(env->cp15.sctlr_el[1], 38, 2,
-                                  arg2 >> TARGET_PR_MTE_TCF_SHIFT);
-
-                    /*
-                     * Write PR_MTE_TAG to GCR_EL1[Exclude].
-                     * Note that the syscall uses an include mask,
-                     * and hardware uses an exclude mask -- invert.
-                     */
-                    env->cp15.gcr_el1 =
-                        deposit64(env->cp15.gcr_el1, 0, 16,
-                                  ~arg2 >> TARGET_PR_MTE_TAG_SHIFT);
-                    arm_rebuild_hflags(env);
-                }
-                return 0;
-            }
-        case TARGET_PR_GET_TAGGED_ADDR_CTRL:
-            {
-                abi_long ret = 0;
-                CPUARMState *env = cpu_env;
-                ARMCPU *cpu = env_archcpu(env);
-
-                if (arg2 || arg3 || arg4 || arg5) {
-                    return -TARGET_EINVAL;
-                }
-                if (env->tagged_addr_enable) {
-                    ret |= TARGET_PR_TAGGED_ADDR_ENABLE;
-                }
-                if (cpu_isar_feature(aa64_mte, cpu)) {
-                    /* See above. */
-                    ret |= (extract64(env->cp15.sctlr_el[1], 38, 2)
-                            << TARGET_PR_MTE_TCF_SHIFT);
-                    ret = deposit64(ret, TARGET_PR_MTE_TAG_SHIFT, 16,
-                                    ~env->cp15.gcr_el1);
-                }
-                return ret;
-            }
-#endif /* AARCH64 */
-        case PR_GET_SECCOMP:
-        case PR_SET_SECCOMP:
-            /* Disable seccomp to prevent the target disabling syscalls we
-             * need. */
-            return -TARGET_EINVAL;
-        default:
-            /* Most prctl options have no pointer arguments */
-            return get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
-        }
+        return do_prctl(cpu_env, arg1, arg2, arg3, arg4, arg5);
         break;
 #ifdef TARGET_NR_arch_prctl
     case TARGET_NR_arch_prctl:
-- 
2.25.1

Create a list of subcodes that we want to pass on, a list of
subcodes that should not be passed on because they would affect
the running qemu itself, and a list that probably could be
implemented but require extra work. Do not pass on unknown subcodes.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/syscall.c | 56 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 52 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -XXX,XX +XXX,XX @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
 # define PR_MTE_TAG_SHIFT       3
 # define PR_MTE_TAG_MASK        (0xffffUL << PR_MTE_TAG_SHIFT)
 #endif
+#ifndef PR_SET_IO_FLUSHER
+# define PR_SET_IO_FLUSHER 57
+# define PR_GET_IO_FLUSHER 58
+#endif
+#ifndef PR_SET_SYSCALL_USER_DISPATCH
+# define PR_SET_SYSCALL_USER_DISPATCH 59
+#endif
 
 #include "target_prctl.h"
 
@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
             return -TARGET_EINVAL;
         }
         return do_prctl_get_tagged_addr_ctrl(env);
+
+    case PR_GET_DUMPABLE:
+    case PR_SET_DUMPABLE:
+    case PR_GET_KEEPCAPS:
+    case PR_SET_KEEPCAPS:
+    case PR_GET_TIMING:
+    case PR_SET_TIMING:
+    case PR_GET_TIMERSLACK:
+    case PR_SET_TIMERSLACK:
+    case PR_MCE_KILL:
+    case PR_MCE_KILL_GET:
+    case PR_GET_NO_NEW_PRIVS:
+    case PR_SET_NO_NEW_PRIVS:
+    case PR_GET_IO_FLUSHER:
+    case PR_SET_IO_FLUSHER:
+        /* Some prctl options have no pointer arguments and we can pass on. */
+        return get_errno(prctl(option, arg2, arg3, arg4, arg5));
+
+    case PR_GET_CHILD_SUBREAPER:
+    case PR_SET_CHILD_SUBREAPER:
+    case PR_GET_SPECULATION_CTRL:
+    case PR_SET_SPECULATION_CTRL:
+    case PR_GET_TID_ADDRESS:
+        /* TODO */
+        return -TARGET_EINVAL;
+
+    case PR_GET_FPEXC:
+    case PR_SET_FPEXC:
+        /* Was used for SPE on PowerPC. */
+        return -TARGET_EINVAL;
+
+    case PR_GET_ENDIAN:
+    case PR_SET_ENDIAN:
+    case PR_GET_FPEMU:
+    case PR_SET_FPEMU:
+    case PR_SET_MM:
     case PR_GET_SECCOMP:
     case PR_SET_SECCOMP:
-        /* Disable seccomp to prevent the target disabling syscalls we need. */
-        return -TARGET_EINVAL;
+    case PR_SET_SYSCALL_USER_DISPATCH:
+    case PR_GET_THP_DISABLE:
+    case PR_SET_THP_DISABLE:
+    case PR_GET_TSC:
+    case PR_SET_TSC:
+    case PR_GET_UNALIGN:
+    case PR_SET_UNALIGN:
     default:
-        /* Most prctl options have no pointer arguments */
-        return get_errno(prctl(option, arg2, arg3, arg4, arg5));
+        /* Disable to prevent the target disabling stuff we need. */
+        return -TARGET_EINVAL;
     }
 }
 
-- 
2.25.1

This reverts commit 1b36e4f5a5de585210ea95f2257839c2312be28f.

Despite a comment saying why cpu_common_props cannot be placed in
a file that is compiled once, it was moved anyway.  Revert that.

Since then, Property is not defined in hw/core/cpu.h, so it is now
easier to declare a function to install the properties rather than
the Property array itself.

Cc: Eduardo Habkost <ehabkost@redhat.com>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/core/cpu.h |  1 +
 cpu.c                 | 21 +++++++++++++++++++++
 hw/core/cpu-common.c  | 17 +----------------
 3 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
     GCC_FMT_ATTR(2, 3);
 
 /* $(top_srcdir)/cpu.c */
+void cpu_class_init_props(DeviceClass *dc);
 void cpu_exec_initfn(CPUState *cpu);
 void cpu_exec_realizefn(CPUState *cpu, Error **errp);
 void cpu_exec_unrealizefn(CPUState *cpu);
diff --git a/cpu.c b/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/cpu.c
+++ b/cpu.c
@@ -XXX,XX +XXX,XX @@ void cpu_exec_unrealizefn(CPUState *cpu)
     cpu_list_remove(cpu);
 }
 
+static Property cpu_common_props[] = {
+#ifndef CONFIG_USER_ONLY
+    /*
+     * Create a memory property for softmmu CPU object,
+     * so users can wire up its memory. (This can't go in hw/core/cpu.c
+     * because that file is compiled only once for both user-mode
+     * and system builds.) The default if no link is set up is to use
+     * the system address space.
+     */
+    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
+                     MemoryRegion *),
+#endif
+    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+void cpu_class_init_props(DeviceClass *dc)
+{
+    device_class_set_props(dc, cpu_common_props);
+}
+
 void cpu_exec_initfn(CPUState *cpu)
 {
     cpu->as = NULL;
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -XXX,XX +XXX,XX @@ static int64_t cpu_common_get_arch_id(CPUState *cpu)
     return cpu->cpu_index;
 }
 
-static Property cpu_common_props[] = {
-#ifndef CONFIG_USER_ONLY
-    /* Create a memory property for softmmu CPU object,
-     * so users can wire up its memory. (This can't go in hw/core/cpu.c
-     * because that file is compiled only once for both user-mode
-     * and system builds.) The default if no link is set up is to use
-     * the system address space.
-     */
-    DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
-                     MemoryRegion *),
-#endif
-    DEFINE_PROP_BOOL("start-powered-off", CPUState, start_powered_off, false),
-    DEFINE_PROP_END_OF_LIST(),
-};
-
 static void cpu_class_init(ObjectClass *klass, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
@@ -XXX,XX +XXX,XX @@ static void cpu_class_init(ObjectClass *klass, void *data)
     dc->realize = cpu_common_realizefn;
     dc->unrealize = cpu_common_unrealizefn;
     dc->reset = cpu_common_reset;
-    device_class_set_props(dc, cpu_common_props);
+    cpu_class_init_props(dc);
     /*
      * Reason: CPUs still need special care by board code: wiring up
      * IRQs, adding reset handlers, halting non-first CPUs, ...
-- 
2.25.1

This requires extra work for each target, but adds the
common syscall code, and the necessary flag in CPUState.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/hw/core/cpu.h                     |  3 +++
 linux-user/generic/target_prctl_unalign.h | 27 +++++++++++++++++++++++
 cpu.c                                     | 20 ++++++++++++-----
 linux-user/syscall.c                      | 13 +++++++++--
 4 files changed, 56 insertions(+), 7 deletions(-)
 create mode 100644 linux-user/generic/target_prctl_unalign.h

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -XXX,XX +XXX,XX @@ struct CPUState {
 
     bool ignore_memory_transaction_failures;
 
+    /* Used for user-only emulation of prctl(PR_SET_UNALIGN). */
+    bool prctl_unalign_sigbus;
+
     struct hax_vcpu_state *hax_vcpu;
 
     struct hvf_vcpu_state *hvf;
diff --git a/linux-user/generic/target_prctl_unalign.h b/linux-user/generic/target_prctl_unalign.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/linux-user/generic/target_prctl_unalign.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Generic prctl unalign functions for linux-user
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef GENERIC_TARGET_PRCTL_UNALIGN_H
+#define GENERIC_TARGET_PRCTL_UNALIGN_H
+
+static abi_long do_prctl_get_unalign(CPUArchState *env, target_long arg2)
+{
+    CPUState *cs = env_cpu(env);
+    uint32_t res = PR_UNALIGN_NOPRINT;
+    if (cs->prctl_unalign_sigbus) {
+        res |= PR_UNALIGN_SIGBUS;
+    }
+    return put_user_u32(res, arg2);
+}
+#define do_prctl_get_unalign do_prctl_get_unalign
+
+static abi_long do_prctl_set_unalign(CPUArchState *env, target_long arg2)
+{
+    env_cpu(env)->prctl_unalign_sigbus = arg2 & PR_UNALIGN_SIGBUS;
+    return 0;
+}
+#define do_prctl_set_unalign do_prctl_set_unalign
+
+#endif /* GENERIC_TARGET_PRCTL_UNALIGN_H */
diff --git a/cpu.c b/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/cpu.c
+++ b/cpu.c
@@ -XXX,XX +XXX,XX @@ void cpu_exec_unrealizefn(CPUState *cpu)
     cpu_list_remove(cpu);
 }
 
+/*
+ * This can't go in hw/core/cpu.c because that file is compiled only
+ * once for both user-mode and system builds.
+ */
 static Property cpu_common_props[] = {
-#ifndef CONFIG_USER_ONLY
+#ifdef CONFIG_USER_ONLY
     /*
-     * Create a memory property for softmmu CPU object,
-     * so users can wire up its memory. (This can't go in hw/core/cpu.c
-     * because that file is compiled only once for both user-mode
-     * and system builds.) The default if no link is set up is to use
+     * Create a property for the user-only object, so users can
+     * adjust prctl(PR_SET_UNALIGN) from the command-line.
+     * Has no effect if the target does not support the feature.
+     */
+    DEFINE_PROP_BOOL("prctl-unalign-sigbus", CPUState,
+                     prctl_unalign_sigbus, false),
+#else
+    /*
+     * Create a memory property for softmmu CPU object, so users can
+     * wire up its memory.  The default if no link is set up is to use
      * the system address space.
      */
     DEFINE_PROP_LINK("memory", CPUState, memory, TYPE_MEMORY_REGION,
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl_inval1(CPUArchState *env, abi_long arg2)
 #ifndef do_prctl_get_tagged_addr_ctrl
 #define do_prctl_get_tagged_addr_ctrl do_prctl_inval0
 #endif
+#ifndef do_prctl_get_unalign
+#define do_prctl_get_unalign do_prctl_inval1
+#endif
+#ifndef do_prctl_set_unalign
+#define do_prctl_set_unalign do_prctl_inval1
+#endif
 
 static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
                          abi_long arg3, abi_long arg4, abi_long arg5)
@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
         }
         return do_prctl_get_tagged_addr_ctrl(env);
 
+    case PR_GET_UNALIGN:
+        return do_prctl_get_unalign(env, arg2);
+    case PR_SET_UNALIGN:
+        return do_prctl_set_unalign(env, arg2);
+
     case PR_GET_DUMPABLE:
     case PR_SET_DUMPABLE:
     case PR_GET_KEEPCAPS:
@@ -XXX,XX +XXX,XX @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
     case PR_SET_THP_DISABLE:
     case PR_GET_TSC:
     case PR_SET_TSC:
-    case PR_GET_UNALIGN:
-    case PR_SET_UNALIGN:
     default:
         /* Disable to prevent the target disabling stuff we need. */
         return -TARGET_EINVAL;
-- 
2.25.1

Pass in the context to each mini-helper, instead of an
incorrectly named "flags".  Separate gen_load_fp and
gen_store_fp, away from the integer helpers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/alpha/translate.c | 83 +++++++++++++++++++++++++++-------------
 1 file changed, 57 insertions(+), 26 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ static inline DisasJumpType gen_invalid(DisasContext *ctx)
     return gen_excp(ctx, EXCP_OPCDEC, 0);
 }
 
-static inline void gen_qemu_ldf(TCGv t0, TCGv t1, int flags)
+static void gen_ldf(DisasContext *ctx, TCGv dest, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
-    tcg_gen_qemu_ld_i32(tmp32, t1, flags, MO_LEUL);
-    gen_helper_memory_to_f(t0, tmp32);
+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
+    gen_helper_memory_to_f(dest, tmp32);
     tcg_temp_free_i32(tmp32);
 }
 
-static inline void gen_qemu_ldg(TCGv t0, TCGv t1, int flags)
+static void gen_ldg(DisasContext *ctx, TCGv dest, TCGv addr)
 {
     TCGv tmp = tcg_temp_new();
-    tcg_gen_qemu_ld_i64(tmp, t1, flags, MO_LEQ);
-    gen_helper_memory_to_g(t0, tmp);
+    tcg_gen_qemu_ld_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
+    gen_helper_memory_to_g(dest, tmp);
     tcg_temp_free(tmp);
 }
 
-static inline void gen_qemu_lds(TCGv t0, TCGv t1, int flags)
+static void gen_lds(DisasContext *ctx, TCGv dest, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
-    tcg_gen_qemu_ld_i32(tmp32, t1, flags, MO_LEUL);
-    gen_helper_memory_to_s(t0, tmp32);
+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
+    gen_helper_memory_to_s(dest, tmp32);
     tcg_temp_free_i32(tmp32);
 }
 
+static void gen_ldt(DisasContext *ctx, TCGv dest, TCGv addr)
+{
+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, MO_LEQ);
+}
+
+static void gen_load_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
+                        void (*func)(DisasContext *, TCGv, TCGv))
+{
+    /* Loads to $f31 are prefetches, which we can treat as nops. */
+    if (likely(ra != 31)) {
+        TCGv addr = tcg_temp_new();
+        tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
+        func(ctx, cpu_fir[ra], addr);
+        tcg_temp_free(addr);
+    }
+}
+
 static inline void gen_qemu_ldl_l(TCGv t0, TCGv t1, int flags)
 {
     tcg_gen_qemu_ld_i64(t0, t1, flags, MO_LESL);
@@ -XXX,XX +XXX,XX @@ static inline void gen_load_mem(DisasContext *ctx,
     tcg_temp_free(tmp);
 }
 
-static inline void gen_qemu_stf(TCGv t0, TCGv t1, int flags)
+static void gen_stf(DisasContext *ctx, TCGv src, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
-    gen_helper_f_to_memory(tmp32, t0);
-    tcg_gen_qemu_st_i32(tmp32, t1, flags, MO_LEUL);
+    gen_helper_f_to_memory(tmp32, addr);
+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
     tcg_temp_free_i32(tmp32);
 }
 
-static inline void gen_qemu_stg(TCGv t0, TCGv t1, int flags)
+static void gen_stg(DisasContext *ctx, TCGv src, TCGv addr)
 {
     TCGv tmp = tcg_temp_new();
-    gen_helper_g_to_memory(tmp, t0);
-    tcg_gen_qemu_st_i64(tmp, t1, flags, MO_LEQ);
+    gen_helper_g_to_memory(tmp, src);
+    tcg_gen_qemu_st_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
     tcg_temp_free(tmp);
 }
 
-static inline void gen_qemu_sts(TCGv t0, TCGv t1, int flags)
+static void gen_sts(DisasContext *ctx, TCGv src, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
-    gen_helper_s_to_memory(tmp32, t0);
-    tcg_gen_qemu_st_i32(tmp32, t1, flags, MO_LEUL);
+    gen_helper_s_to_memory(tmp32, src);
+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
     tcg_temp_free_i32(tmp32);
 }
 
+static void gen_stt(DisasContext *ctx, TCGv src, TCGv addr)
+{
+    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, MO_LEQ);
+}
+
+static void gen_store_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
+                         void (*func)(DisasContext *, TCGv, TCGv))
+{
+    TCGv addr = tcg_temp_new();
+    tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
+    func(ctx, load_fpr(ctx, ra), addr);
+    tcg_temp_free(addr);
+}
+
 static inline void gen_store_mem(DisasContext *ctx,
                                  void (*tcg_gen_qemu_store)(TCGv t0, TCGv t1,
                                                             int flags),
@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
     case 0x20:
         /* LDF */
         REQUIRE_FEN;
-        gen_load_mem(ctx, &gen_qemu_ldf, ra, rb, disp16, 1, 0);
+        gen_load_fp(ctx, ra, rb, disp16, gen_ldf);
         break;
     case 0x21:
         /* LDG */
         REQUIRE_FEN;
-        gen_load_mem(ctx, &gen_qemu_ldg, ra, rb, disp16, 1, 0);
+        gen_load_fp(ctx, ra, rb, disp16, gen_ldg);
         break;
     case 0x22:
         /* LDS */
         REQUIRE_FEN;
-        gen_load_mem(ctx, &gen_qemu_lds, ra, rb, disp16, 1, 0);
+        gen_load_fp(ctx, ra, rb, disp16, gen_lds);
         break;
     case 0x23:
         /* LDT */
         REQUIRE_FEN;
-        gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 1, 0);
+        gen_load_fp(ctx, ra, rb, disp16, gen_ldt);
         break;
     case 0x24:
         /* STF */
         REQUIRE_FEN;
-        gen_store_mem(ctx, &gen_qemu_stf, ra, rb, disp16, 1, 0);
+        gen_store_fp(ctx, ra, rb, disp16, gen_stf);
         break;
     case 0x25:
         /* STG */
         REQUIRE_FEN;
-        gen_store_mem(ctx, &gen_qemu_stg, ra, rb, disp16, 1, 0);
+        gen_store_fp(ctx, ra, rb, disp16, gen_stg);
         break;
     case 0x26:
         /* STS */
         REQUIRE_FEN;
-        gen_store_mem(ctx, &gen_qemu_sts, ra, rb, disp16, 1, 0);
+        gen_store_fp(ctx, ra, rb, disp16, gen_sts);
         break;
     case 0x27:
         /* STT */
         REQUIRE_FEN;
-        gen_store_mem(ctx, &tcg_gen_qemu_st64, ra, rb, disp16, 1, 0);
+        gen_store_fp(ctx, ra, rb, disp16, gen_stt);
         break;
     case 0x28:
         /* LDL */
-- 
2.25.1

Pass in the MemOp instead of a callback.
Drop the fp argument; add a locked argument.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/alpha/translate.c | 104 +++++++++++++++------------------------
 1 file changed, 40 insertions(+), 64 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_load_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
     }
 }
 
-static inline void gen_qemu_ldl_l(TCGv t0, TCGv t1, int flags)
+static void gen_load_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
+                         MemOp op, bool clear, bool locked)
 {
-    tcg_gen_qemu_ld_i64(t0, t1, flags, MO_LESL);
-    tcg_gen_mov_i64(cpu_lock_addr, t1);
-    tcg_gen_mov_i64(cpu_lock_value, t0);
-}
-
-static inline void gen_qemu_ldq_l(TCGv t0, TCGv t1, int flags)
-{
-    tcg_gen_qemu_ld_i64(t0, t1, flags, MO_LEQ);
-    tcg_gen_mov_i64(cpu_lock_addr, t1);
-    tcg_gen_mov_i64(cpu_lock_value, t0);
-}
-
-static inline void gen_load_mem(DisasContext *ctx,
-                                void (*tcg_gen_qemu_load)(TCGv t0, TCGv t1,
-                                                          int flags),
-                                int ra, int rb, int32_t disp16, bool fp,
-                                bool clear)
-{
-    TCGv tmp, addr, va;
+    TCGv addr, dest;
 
     /* LDQ_U with ra $31 is UNOP.  Other various loads are forms of
        prefetches, which we can treat as nops.  No worries about
@@ -XXX,XX +XXX,XX @@ static inline void gen_load_mem(DisasContext *ctx,
         return;
     }
 
-    tmp = tcg_temp_new();
-    addr = load_gpr(ctx, rb);
-
-    if (disp16) {
-        tcg_gen_addi_i64(tmp, addr, disp16);
-        addr = tmp;
-    }
+    addr = tcg_temp_new();
+    tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
     if (clear) {
-        tcg_gen_andi_i64(tmp, addr, ~0x7);
-        addr = tmp;
+        tcg_gen_andi_i64(addr, addr, ~0x7);
     }
 
-    va = (fp ? cpu_fir[ra] : ctx->ir[ra]);
-    tcg_gen_qemu_load(va, addr, ctx->mem_idx);
+    dest = ctx->ir[ra];
+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, op);
 
-    tcg_temp_free(tmp);
+    if (locked) {
+        tcg_gen_mov_i64(cpu_lock_addr, addr);
+        tcg_gen_mov_i64(cpu_lock_value, dest);
+    }
+    tcg_temp_free(addr);
 }
 
 static void gen_stf(DisasContext *ctx, TCGv src, TCGv addr)
@@ -XXX,XX +XXX,XX @@ static void gen_store_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
     tcg_temp_free(addr);
 }
 
-static inline void gen_store_mem(DisasContext *ctx,
-                                 void (*tcg_gen_qemu_store)(TCGv t0, TCGv t1,
-                                                            int flags),
-                                 int ra, int rb, int32_t disp16, bool fp,
-                                 bool clear)
+static void gen_store_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
+                          MemOp op, bool clear)
 {
-    TCGv tmp, addr, va;
+    TCGv addr, src;
 
-    tmp = tcg_temp_new();
-    addr = load_gpr(ctx, rb);
-
-    if (disp16) {
-        tcg_gen_addi_i64(tmp, addr, disp16);
-        addr = tmp;
-    }
+    addr = tcg_temp_new();
+    tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
     if (clear) {
-        tcg_gen_andi_i64(tmp, addr, ~0x7);
-        addr = tmp;
+        tcg_gen_andi_i64(addr, addr, ~0x7);
     }
 
-    va = (fp ? load_fpr(ctx, ra) : load_gpr(ctx, ra));
-    tcg_gen_qemu_store(va, addr, ctx->mem_idx);
+    src = load_gpr(ctx, ra);
+    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, op);
 
-    tcg_temp_free(tmp);
+    tcg_temp_free(addr);
 }
 
 static DisasJumpType gen_store_conditional(DisasContext *ctx, int ra, int rb,
@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
     case 0x0A:
         /* LDBU */
         REQUIRE_AMASK(BWX);
-        gen_load_mem(ctx, &tcg_gen_qemu_ld8u, ra, rb, disp16, 0, 0);
+        gen_load_int(ctx, ra, rb, disp16, MO_UB, 0, 0);
         break;
     case 0x0B:
         /* LDQ_U */
-        gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 0, 1);
+        gen_load_int(ctx, ra, rb, disp16, MO_LEQ, 1, 0);
         break;
     case 0x0C:
         /* LDWU */
         REQUIRE_AMASK(BWX);
-        gen_load_mem(ctx, &tcg_gen_qemu_ld16u, ra, rb, disp16, 0, 0);
+        gen_load_int(ctx, ra, rb, disp16, MO_LEUW, 0, 0);
         break;
     case 0x0D:
         /* STW */
         REQUIRE_AMASK(BWX);
-        gen_store_mem(ctx, &tcg_gen_qemu_st16, ra, rb, disp16, 0, 0);
+        gen_store_int(ctx, ra, rb, disp16, MO_LEUW, 0);
         break;
     case 0x0E:
         /* STB */
         REQUIRE_AMASK(BWX);
-        gen_store_mem(ctx, &tcg_gen_qemu_st8, ra, rb, disp16, 0, 0);
+        gen_store_int(ctx, ra, rb, disp16, MO_UB, 0);
         break;
     case 0x0F:
         /* STQ_U */
-        gen_store_mem(ctx, &tcg_gen_qemu_st64, ra, rb, disp16, 0, 1);
+        gen_store_int(ctx, ra, rb, disp16, MO_LEQ, 1);
         break;
 
     case 0x10:
@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
                 break;
             case 0x2:
                 /* Longword physical access with lock (hw_ldl_l/p) */
-                gen_qemu_ldl_l(va, addr, MMU_PHYS_IDX);
+                tcg_gen_qemu_ld_i64(va, addr, MMU_PHYS_IDX, MO_LESL);
+                tcg_gen_mov_i64(cpu_lock_addr, addr);
+                tcg_gen_mov_i64(cpu_lock_value, va);
                 break;
             case 0x3:
                 /* Quadword physical access with lock (hw_ldq_l/p) */
-                gen_qemu_ldq_l(va, addr, MMU_PHYS_IDX);
+                tcg_gen_qemu_ld_i64(va, addr, MMU_PHYS_IDX, MO_LEQ);
+                tcg_gen_mov_i64(cpu_lock_addr, addr);
+                tcg_gen_mov_i64(cpu_lock_value, va);
                 break;
             case 0x4:
                 /* Longword virtual PTE fetch (hw_ldl/v) */
@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(DisasContext *ctx, uint32_t insn)
         break;
     case 0x28:
         /* LDL */
-        gen_load_mem(ctx, &tcg_gen_qemu_ld32s, ra, rb, disp16, 0, 0);
+        gen_load_int(ctx, ra, rb, disp16, MO_LESL, 0, 0);
         break;
     case 0x29:
         /* LDQ */
-        gen_load_mem(ctx, &tcg_gen_qemu_ld64, ra, rb, disp16, 0, 0);
+        gen_load_int(ctx, ra, rb, disp16, MO_LEQ, 0, 0);
         break;
     case 0x2A:
         /* LDL_L */
-        gen_load_mem(ctx, &gen_qemu_ldl_l, ra, rb, disp16, 0, 0);
+        gen_load_int(ctx, ra, rb, disp16, MO_LESL, 0, 1);
         break;
     case 0x2B:
         /* LDQ_L */
-        gen_load_mem(ctx, &gen_qemu_ldq_l, ra, rb, disp16, 0, 0);
+        gen_load_int(ctx, ra, rb, disp16, MO_LEQ, 0, 1);
         break;
     case 0x2C:
         /* STL */
-        gen_store_mem(ctx, &tcg_gen_qemu_st32, ra, rb, disp16, 0, 0);
+        gen_store_int(ctx, ra, rb, disp16, MO_LEUL, 0);
         break;
     case 0x2D:
         /* STQ */
-        gen_store_mem(ctx, &tcg_gen_qemu_st64, ra, rb, disp16, 0, 0);
+        gen_store_int(ctx, ra, rb, disp16, MO_LEQ, 0);
         break;
     case 0x2E:
         /* STL_C */
-- 
2.25.1

Leave TARGET_ALIGNED_ONLY set, but use the new CPUState
flag to set MO_UNALN for the instructions that the kernel
handles in the unaligned trap.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/alpha/target_prctl.h |  2 +-
 target/alpha/cpu.h              |  5 +++++
 target/alpha/translate.c        | 31 ++++++++++++++++++++++---------
 3 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/linux-user/alpha/target_prctl.h b/linux-user/alpha/target_prctl.h
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/alpha/target_prctl.h
+++ b/linux-user/alpha/target_prctl.h
@@ -1 +1 @@
-/* No special prctl support required. */
+#include "../generic/target_prctl_unalign.h"
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -XXX,XX +XXX,XX @@ enum {
 #define ENV_FLAG_TB_MASK \
     (ENV_FLAG_PAL_MODE | ENV_FLAG_PS_USER | ENV_FLAG_FEN)
 
+#define TB_FLAG_UNALIGN       (1u << 1)
+
 static inline int cpu_mmu_index(CPUAlphaState *env, bool ifetch)
 {
     int ret = env->flags & ENV_FLAG_PS_USER ? MMU_USER_IDX : MMU_KERNEL_IDX;
@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUAlphaState *env, target_ulong *pc,
     *pc = env->pc;
     *cs_base = 0;
     *pflags = env->flags & ENV_FLAG_TB_MASK;
+#ifdef CONFIG_USER_ONLY
+    *pflags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
+#endif
 }
 
 #ifdef CONFIG_USER_ONLY
diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext DisasContext;
 struct DisasContext {
     DisasContextBase base;
 
-#ifndef CONFIG_USER_ONLY
+#ifdef CONFIG_USER_ONLY
+    MemOp unalign;
+#else
     uint64_t palbr;
 #endif
     uint32_t tbflags;
@@ -XXX,XX +XXX,XX @@ struct DisasContext {
     TCGv sink;
 };
 
+#ifdef CONFIG_USER_ONLY
+#define UNALIGN(C)  (C)->unalign
+#else
+#define UNALIGN(C)  0
+#endif
+
 /* Target-specific return values from translate_one, indicating the
    state of the TB.  Note that DISAS_NEXT indicates that we are not
    exiting the TB.  */
@@ -XXX,XX +XXX,XX @@ static inline DisasJumpType gen_invalid(DisasContext *ctx)
 static void gen_ldf(DisasContext *ctx, TCGv dest, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
-    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
     gen_helper_memory_to_f(dest, tmp32);
     tcg_temp_free_i32(tmp32);
 }
@@ -XXX,XX +XXX,XX @@ static void gen_ldf(DisasContext *ctx, TCGv dest, TCGv addr)
 static void gen_ldg(DisasContext *ctx, TCGv dest, TCGv addr)
 {
     TCGv tmp = tcg_temp_new();
-    tcg_gen_qemu_ld_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
+    tcg_gen_qemu_ld_i64(tmp, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
     gen_helper_memory_to_g(dest, tmp);
     tcg_temp_free(tmp);
 }
@@ -XXX,XX +XXX,XX @@ static void gen_ldg(DisasContext *ctx, TCGv dest, TCGv addr)
 static void gen_lds(DisasContext *ctx, TCGv dest, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
-    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
+    tcg_gen_qemu_ld_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
     gen_helper_memory_to_s(dest, tmp32);
     tcg_temp_free_i32(tmp32);
 }
 
 static void gen_ldt(DisasContext *ctx, TCGv dest, TCGv addr)
 {
-    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, MO_LEQ);
+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
 }
 
 static void gen_load_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
@@ -XXX,XX +XXX,XX @@ static void gen_load_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
     tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
     if (clear) {
         tcg_gen_andi_i64(addr, addr, ~0x7);
+    } else if (!locked) {
+        op |= UNALIGN(ctx);
     }
 
     dest = ctx->ir[ra];
@@ -XXX,XX +XXX,XX @@ static void gen_stf(DisasContext *ctx, TCGv src, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
     gen_helper_f_to_memory(tmp32, addr);
-    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
     tcg_temp_free_i32(tmp32);
 }
 
@@ -XXX,XX +XXX,XX @@ static void gen_stg(DisasContext *ctx, TCGv src, TCGv addr)
 {
     TCGv tmp = tcg_temp_new();
     gen_helper_g_to_memory(tmp, src);
-    tcg_gen_qemu_st_i64(tmp, addr, ctx->mem_idx, MO_LEQ);
+    tcg_gen_qemu_st_i64(tmp, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
     tcg_temp_free(tmp);
 }
 
@@ -XXX,XX +XXX,XX @@ static void gen_sts(DisasContext *ctx, TCGv src, TCGv addr)
 {
     TCGv_i32 tmp32 = tcg_temp_new_i32();
     gen_helper_s_to_memory(tmp32, src);
-    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL);
+    tcg_gen_qemu_st_i32(tmp32, addr, ctx->mem_idx, MO_LEUL | UNALIGN(ctx));
     tcg_temp_free_i32(tmp32);
 }
 
 static void gen_stt(DisasContext *ctx, TCGv src, TCGv addr)
 {
-    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, MO_LEQ);
+    tcg_gen_qemu_st_i64(src, addr, ctx->mem_idx, MO_LEQ | UNALIGN(ctx));
 }
 
 static void gen_store_fp(DisasContext *ctx, int ra, int rb, int32_t disp16,
@@ -XXX,XX +XXX,XX @@ static void gen_store_int(DisasContext *ctx, int ra, int rb, int32_t disp16,
     tcg_gen_addi_i64(addr, load_gpr(ctx, rb), disp16);
     if (clear) {
         tcg_gen_andi_i64(addr, addr, ~0x7);
+    } else {
+        op |= UNALIGN(ctx);
     }
 
     src = load_gpr(ctx, ra);
@@ -XXX,XX +XXX,XX @@ static void alpha_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
 
 #ifdef CONFIG_USER_ONLY
     ctx->ir = cpu_std_ir;
+    ctx->unalign = (ctx->tbflags & TB_FLAG_UNALIGN ? MO_UNALN : MO_ALIGN);
 #else
     ctx->palbr = env->palbr;
     ctx->ir = (ctx->tbflags & ENV_FLAG_PAL_MODE ? cpu_pal_ir : cpu_std_ir);
-- 
2.25.1

Leave TARGET_ALIGNED_ONLY set, but use the new CPUState
flag to set MO_UNALN for the instructions that the kernel
handles in the unaligned trap.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/hppa/target_prctl.h |  2 +-
 target/hppa/cpu.h              |  5 ++++-
 target/hppa/translate.c        | 19 +++++++++++++++----
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/linux-user/hppa/target_prctl.h b/linux-user/hppa/target_prctl.h
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/hppa/target_prctl.h
+++ b/linux-user/hppa/target_prctl.h
@@ -1 +1 @@
-/* No special prctl support required. */
+#include "../generic/target_prctl_unalign.h"
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline target_ulong hppa_form_gva(CPUHPPAState *env, uint64_t spc,
     return hppa_form_gva_psw(env->psw, spc, off);
 }
 
-/* Since PSW_{I,CB} will never need to be in tb->flags, reuse them.
+/*
+ * Since PSW_{I,CB} will never need to be in tb->flags, reuse them.
  * TB_FLAG_SR_SAME indicates that SR4 through SR7 all contain the
  * same value.
  */
 #define TB_FLAG_SR_SAME     PSW_I
 #define TB_FLAG_PRIV_SHIFT  8
+#define TB_FLAG_UNALIGN     0x400
 
 static inline void cpu_get_tb_cpu_state(CPUHPPAState *env, target_ulong *pc,
                                         target_ulong *cs_base,
@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUHPPAState *env, target_ulong *pc,
 #ifdef CONFIG_USER_ONLY
     *pc = env->iaoq_f & -4;
     *cs_base = env->iaoq_b & -4;
+    flags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
 #else
     /* ??? E, T, H, L, B, P bits need to be here, when implemented.  */
     flags |= env->psw & (PSW_W | PSW_C | PSW_D);
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
     int mmu_idx;
     int privilege;
     bool psw_n_nonzero;
+
+#ifdef CONFIG_USER_ONLY
+    MemOp unalign;
+#endif
 } DisasContext;
 
+#ifdef CONFIG_USER_ONLY
+#define UNALIGN(C)  (C)->unalign
+#else
+#define UNALIGN(C)  0
+#endif
+
 /* Note that ssm/rsm instructions number PSW_W and PSW_E differently.  */
 static int expand_sm_imm(DisasContext *ctx, int val)
 {
@@ -XXX,XX +XXX,XX @@ static void do_load_32(DisasContext *ctx, TCGv_i32 dest, unsigned rb,
 
     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
              ctx->mmu_idx == MMU_PHYS_IDX);
-    tcg_gen_qemu_ld_reg(dest, addr, ctx->mmu_idx, mop);
+    tcg_gen_qemu_ld_reg(dest, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
     if (modify) {
         save_gpr(ctx, rb, ofs);
     }
@@ -XXX,XX +XXX,XX @@ static void do_load_64(DisasContext *ctx, TCGv_i64 dest, unsigned rb,
 
     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
              ctx->mmu_idx == MMU_PHYS_IDX);
-    tcg_gen_qemu_ld_i64(dest, addr, ctx->mmu_idx, mop);
+    tcg_gen_qemu_ld_i64(dest, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
     if (modify) {
         save_gpr(ctx, rb, ofs);
     }
@@ -XXX,XX +XXX,XX @@ static void do_store_32(DisasContext *ctx, TCGv_i32 src, unsigned rb,
 
     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
              ctx->mmu_idx == MMU_PHYS_IDX);
-    tcg_gen_qemu_st_i32(src, addr, ctx->mmu_idx, mop);
+    tcg_gen_qemu_st_i32(src, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
     if (modify) {
         save_gpr(ctx, rb, ofs);
     }
@@ -XXX,XX +XXX,XX @@ static void do_store_64(DisasContext *ctx, TCGv_i64 src, unsigned rb,
 
     form_gva(ctx, &addr, &ofs, rb, rx, scale, disp, sp, modify,
              ctx->mmu_idx == MMU_PHYS_IDX);
-    tcg_gen_qemu_st_i64(src, addr, ctx->mmu_idx, mop);
+    tcg_gen_qemu_st_i64(src, addr, ctx->mmu_idx, mop | UNALIGN(ctx));
     if (modify) {
         save_gpr(ctx, rb, ofs);
     }
@@ -XXX,XX +XXX,XX @@ static void hppa_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     ctx->mmu_idx = MMU_USER_IDX;
     ctx->iaoq_f = ctx->base.pc_first | MMU_USER_IDX;
     ctx->iaoq_b = ctx->base.tb->cs_base | MMU_USER_IDX;
+    ctx->unalign = (ctx->tb_flags & TB_FLAG_UNALIGN ? MO_UNALN : MO_ALIGN);
 #else
     ctx->privilege = (ctx->tb_flags >> TB_FLAG_PRIV_SHIFT) & 3;
     ctx->mmu_idx = (ctx->tb_flags & PSW_D ? ctx->privilege : MMU_PHYS_IDX);
-- 
2.25.1

Leave TARGET_ALIGNED_ONLY set, but use the new CPUState
flag to set MO_UNALN for the instructions that the kernel
handles in the unaligned trap.

The Linux kernel does not handle all memory operations: no
floating-point and no MAC.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 linux-user/sh4/target_prctl.h |  2 +-
 target/sh4/cpu.h              |  4 +++
 target/sh4/translate.c        | 50 ++++++++++++++++++++++++-----------
 3 files changed, 39 insertions(+), 17 deletions(-)

diff --git a/linux-user/sh4/target_prctl.h b/linux-user/sh4/target_prctl.h
index XXXXXXX..XXXXXXX 100644
--- a/linux-user/sh4/target_prctl.h
+++ b/linux-user/sh4/target_prctl.h
@@ -1 +1 @@
-/* No special prctl support required. */
+#include "../generic/target_prctl_unalign.h"
diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -XXX,XX +XXX,XX @@
 #define DELAY_SLOT_RTE         (1 << 2)
 
 #define TB_FLAG_PENDING_MOVCA  (1 << 3)
+#define TB_FLAG_UNALIGN        (1 << 4)
 
 #define GUSA_SHIFT             4
 #ifdef CONFIG_USER_ONLY
@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUSH4State *env, target_ulong *pc,
             | (env->sr & ((1u << SR_MD) | (1u << SR_RB)))      /* Bits 29-30 */
             | (env->sr & (1u << SR_FD))                        /* Bit 15 */
             | (env->movcal_backup ? TB_FLAG_PENDING_MOVCA : 0); /* Bit 3 */
+#ifdef CONFIG_USER_ONLY
+    *flags |= TB_FLAG_UNALIGN * !env_cpu(env)->prctl_unalign_sigbus;
+#endif
 }
 
 #endif /* SH4_CPU_H */
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
 
 #if defined(CONFIG_USER_ONLY)
 #define IS_USER(ctx) 1
+#define UNALIGN(C)   (ctx->tbflags & TB_FLAG_UNALIGN ? MO_UNALN : 0)
 #else
 #define IS_USER(ctx) (!(ctx->tbflags & (1u << SR_MD)))
+#define UNALIGN(C)   0
 #endif
 
 /* Target-specific values for ctx->base.is_jmp.  */
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_addi_i32(addr, REG(B11_8), B3_0 * 4);
-            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
+                                MO_TEUL | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 4);
-            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
+            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
+                                MO_TESL | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_UB);
 	return;
     case 0x2001:		/* mov.w Rm,@Rn */
-        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUW);
+        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
+                            MO_TEUW | UNALIGN(ctx));
 	return;
     case 0x2002:		/* mov.l Rm,@Rn */
-        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
+        tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
+                            MO_TEUL | UNALIGN(ctx));
 	return;
     case 0x6000:		/* mov.b @Rm,Rn */
         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
 	return;
     case 0x6001:		/* mov.w @Rm,Rn */
-        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
+                            MO_TESW | UNALIGN(ctx));
 	return;
     case 0x6002:		/* mov.l @Rm,Rn */
-        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
+                            MO_TESL | UNALIGN(ctx));
 	return;
     case 0x2004:		/* mov.b Rm,@-Rn */
 	{
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_subi_i32(addr, REG(B11_8), 2);
-            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
+                                MO_TEUW | UNALIGN(ctx));
 	    tcg_gen_mov_i32(REG(B11_8), addr);
 	    tcg_temp_free(addr);
 	}
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
-            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
+                                MO_TEUL | UNALIGN(ctx));
 	    tcg_gen_mov_i32(REG(B11_8), addr);
         tcg_temp_free(addr);
 	}
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 1);
 	return;
     case 0x6005:		/* mov.w @Rm+,Rn */
-        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
+                            MO_TESW | UNALIGN(ctx));
 	if ( B11_8 != B7_4 )
 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
 	return;
     case 0x6006:		/* mov.l @Rm+,Rn */
-        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
+        tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
+                            MO_TESL | UNALIGN(ctx));
 	if ( B11_8 != B7_4 )
 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
-            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
+                                MO_TEUW | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
-            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
+            tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
+                                MO_TEUL | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
-            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
+            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
+                                MO_TESW | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
-            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
+            tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
+                                MO_TESL | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
-            tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
+            tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx,
+                                MO_TEUW | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
@@ -XXX,XX +XXX,XX @@ static void _decode_opc(DisasContext * ctx)
 	{
 	    TCGv addr = tcg_temp_new();
 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
-            tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
+            tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx,
+                                MO_TESW | UNALIGN(ctx));
 	    tcg_temp_free(addr);
 	}
 	return;
-- 
2.25.1

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/i386/tcg-target.h     |   2 -
 tcg/i386/tcg-target.c.inc | 103 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 98 insertions(+), 7 deletions(-)

diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -XXX,XX +XXX,XX @@ static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
 
 #define TCG_TARGET_HAS_MEMORY_BSWAP  have_movbe
 
-#ifdef CONFIG_SOFTMMU
 #define TCG_TARGET_NEED_LDST_LABELS
-#endif
 #define TCG_TARGET_NEED_POOL_LABELS
 
 #endif
diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
  * THE SOFTWARE.
  */
 
+#include "../tcg-ldst.c.inc"
 #include "../tcg-pool.c.inc"
 
 #ifdef CONFIG_DEBUG_TCG
@@ -XXX,XX +XXX,XX @@ static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
 #define OPC_VZEROUPPER  (0x77 | P_EXT)
 #define OPC_XCHG_ax_r32	(0x90)
 
-#define OPC_GRP3_Ev	(0xf7)
-#define OPC_GRP5	(0xff)
+#define OPC_GRP3_Eb     (0xf6)
+#define OPC_GRP3_Ev     (0xf7)
+#define OPC_GRP5        (0xff)
 #define OPC_GRP14       (0x73 | P_EXT | P_DATA16)
 
 /* Group 1 opcode extensions for 0x80-0x83.
@@ -XXX,XX +XXX,XX @@ static bool tcg_target_const_match(int64_t val, TCGType type, int ct)
 #define SHIFT_SAR 7
 
 /* Group 3 opcode extensions for 0xf6, 0xf7.  To be used with OPC_GRP3.  */
+#define EXT3_TESTi 0
 #define EXT3_NOT   2
 #define EXT3_NEG   3
 #define EXT3_MUL   4
@@ -XXX,XX +XXX,XX @@ static void tcg_out_nopn(TCGContext *s, int n)
 }
 
 #if defined(CONFIG_SOFTMMU)
-#include "../tcg-ldst.c.inc"
-
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
  *                                     int mmu_idx, uintptr_t ra)
  */
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
     tcg_out_jmp(s, qemu_st_helpers[opc & (MO_BSWAP | MO_SIZE)]);
     return true;
 }
-#elif TCG_TARGET_REG_BITS == 32
+#else
+
+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addrlo,
+                                   TCGReg addrhi, unsigned a_bits)
+{
+    unsigned a_mask = (1 << a_bits) - 1;
+    TCGLabelQemuLdst *label;
+
+    /*
+     * We are expecting a_bits to max out at 7, so we can usually use testb.
+     * For i686, we have to use testl for %esi/%edi.
+     */
+    if (a_mask <= 0xff && (TCG_TARGET_REG_BITS == 64 || addrlo < 4)) {
+        tcg_out_modrm(s, OPC_GRP3_Eb | P_REXB_RM, EXT3_TESTi, addrlo);
+        tcg_out8(s, a_mask);
+    } else {
+        tcg_out_modrm(s, OPC_GRP3_Ev, EXT3_TESTi, addrlo);
+        tcg_out32(s, a_mask);
+    }
+
+    /* jne slow_path */
+    tcg_out_opc(s, OPC_JCC_long + JCC_JNE, 0, 0, 0);
+
+    label = new_ldst_label(s);
+    label->is_ld = is_ld;
+    label->addrlo_reg = addrlo;
+    label->addrhi_reg = addrhi;
+    label->raddr = tcg_splitwx_to_rx(s->code_ptr + 4);
+    label->label_ptr[0] = s->code_ptr;
+
+    s->code_ptr += 4;
+}
+
+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    /* resolve label address */
+    tcg_patch32(l->label_ptr[0], s->code_ptr - l->label_ptr[0] - 4);
+
+    if (TCG_TARGET_REG_BITS == 32) {
+        int ofs = 0;
+
+        tcg_out_st(s, TCG_TYPE_PTR, TCG_AREG0, TCG_REG_ESP, ofs);
+        ofs += 4;
+
+        tcg_out_st(s, TCG_TYPE_I32, l->addrlo_reg, TCG_REG_ESP, ofs);
+        ofs += 4;
+        if (TARGET_LONG_BITS == 64) {
+            tcg_out_st(s, TCG_TYPE_I32, l->addrhi_reg, TCG_REG_ESP, ofs);
+            ofs += 4;
+        }
+
+        tcg_out_pushi(s, (uintptr_t)l->raddr);
+    } else {
+        tcg_out_mov(s, TCG_TYPE_TL, tcg_target_call_iarg_regs[1],
+                    l->addrlo_reg);
+        tcg_out_mov(s, TCG_TYPE_PTR, tcg_target_call_iarg_regs[0], TCG_AREG0);
+
+        tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_RAX, (uintptr_t)l->raddr);
+        tcg_out_push(s, TCG_REG_RAX);
+    }
+
+    /* "Tail call" to the helper, with the return address back inline. */
+    tcg_out_jmp(s, (const void *)(l->is_ld ? helper_unaligned_ld
+                                  : helper_unaligned_st));
+    return true;
+}
+
+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
+#if TCG_TARGET_REG_BITS == 32
 # define x86_guest_base_seg     0
 # define x86_guest_base_index   -1
 # define x86_guest_base_offset  guest_base
@@ -XXX,XX +XXX,XX @@ static inline int setup_guest_base_seg(void)
     return 0;
 }
 # endif
+#endif
 #endif /* SOFTMMU */
 
 static void tcg_out_qemu_ld_direct(TCGContext *s, TCGReg datalo, TCGReg datahi,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
 #if defined(CONFIG_SOFTMMU)
     int mem_index;
     tcg_insn_unit *label_ptr[2];
+#else
+    unsigned a_bits;
 #endif
 
     datalo = *args++;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is64)
     add_qemu_ldst_label(s, true, is64, oi, datalo, datahi, addrlo, addrhi,
                         s->code_ptr, label_ptr);
 #else
+    a_bits = get_alignment_bits(opc);
+    if (a_bits) {
+        tcg_out_test_alignment(s, true, addrlo, addrhi, a_bits);
+    }
+
     tcg_out_qemu_ld_direct(s, datalo, datahi, addrlo, x86_guest_base_index,
                            x86_guest_base_offset, x86_guest_base_seg,
                            is64, opc);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
 #if defined(CONFIG_SOFTMMU)
     int mem_index;
     tcg_insn_unit *label_ptr[2];
+#else
+    unsigned a_bits;
 #endif
 
     datalo = *args++;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is64)
     add_qemu_ldst_label(s, false, is64, oi, datalo, datahi, addrlo, addrhi,
                         s->code_ptr, label_ptr);
 #else
+    a_bits = get_alignment_bits(opc);
+    if (a_bits) {
+        tcg_out_test_alignment(s, false, addrlo, addrhi, a_bits);
+    }
+
     tcg_out_qemu_st_direct(s, datalo, datahi, addrlo, x86_guest_base_index,
                            x86_guest_base_offset, x86_guest_base_seg, opc);
 #endif
-- 
2.25.1

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/aarch64/tcg-target.h     |  2 -
 tcg/aarch64/tcg-target.c.inc | 91 +++++++++++++++++++++++++++++-------
 2 files changed, 74 insertions(+), 19 deletions(-)

diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
 
 void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
 
-#ifdef CONFIG_SOFTMMU
 #define TCG_TARGET_NEED_LDST_LABELS
-#endif
 #define TCG_TARGET_NEED_POOL_LABELS
 
 #endif /* AARCH64_TCG_TARGET_H */
diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/aarch64/tcg-target.c.inc
+++ b/tcg/aarch64/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
  * See the COPYING file in the top-level directory for details.
  */
 
+#include "../tcg-ldst.c.inc"
 #include "../tcg-pool.c.inc"
 #include "qemu/bitops.h"
 
@@ -XXX,XX +XXX,XX @@ typedef enum {
     I3404_ANDI      = 0x12000000,
     I3404_ORRI      = 0x32000000,
     I3404_EORI      = 0x52000000,
+    I3404_ANDSI     = 0x72000000,
 
     /* Move wide immediate instructions.  */
     I3405_MOVN      = 0x12800000,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_goto_long(TCGContext *s, const tcg_insn_unit *target)
     if (offset == sextract64(offset, 0, 26)) {
         tcg_out_insn(s, 3206, B, offset);
     } else {
-        tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_TMP, (intptr_t)target);
-        tcg_out_insn(s, 3207, BR, TCG_REG_TMP);
+        /* Choose X9 as a call-clobbered non-LR temporary. */
+        tcg_out_movi(s, TCG_TYPE_I64, TCG_REG_X9, (intptr_t)target);
+        tcg_out_insn(s, 3207, BR, TCG_REG_X9);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static void tcg_out_cltz(TCGContext *s, TCGType ext, TCGReg d,
     }
 }
 
-#ifdef CONFIG_SOFTMMU
-#include "../tcg-ldst.c.inc"
+static void tcg_out_adr(TCGContext *s, TCGReg rd, const void *target)
+{
+    ptrdiff_t offset = tcg_pcrel_diff(s, target);
+    tcg_debug_assert(offset == sextract64(offset, 0, 21));
+    tcg_out_insn(s, 3406, ADR, rd, offset);
+}
 
+#ifdef CONFIG_SOFTMMU
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
  *                                     MemOpIdx oi, uintptr_t ra)
  */
@@ -XXX,XX +XXX,XX @@ static void * const qemu_st_helpers[MO_SIZE + 1] = {
 #endif
 };
 
-static inline void tcg_out_adr(TCGContext *s, TCGReg rd, const void *target)
-{
-    ptrdiff_t offset = tcg_pcrel_diff(s, target);
-    tcg_debug_assert(offset == sextract64(offset, 0, 21));
-    tcg_out_insn(s, 3406, ADR, rd, offset);
-}
-
 static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
 {
     MemOpIdx oi = lb->oi;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_tlb_read(TCGContext *s, TCGReg addr_reg, MemOp opc,
     tcg_out_insn(s, 3202, B_C, TCG_COND_NE, 0);
 }
 
+#else
+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addr_reg,
+                                   unsigned a_bits)
+{
+    unsigned a_mask = (1 << a_bits) - 1;
+    TCGLabelQemuLdst *label = new_ldst_label(s);
+
+    label->is_ld = is_ld;
+    label->addrlo_reg = addr_reg;
+
+    /* tst addr, #mask */
+    tcg_out_logicali(s, I3404_ANDSI, 0, TCG_REG_XZR, addr_reg, a_mask);
+
+    label->label_ptr[0] = s->code_ptr;
+
+    /* b.ne slow_path */
+    tcg_out_insn(s, 3202, B_C, TCG_COND_NE, 0);
+
+    label->raddr = tcg_splitwx_to_rx(s->code_ptr);
+}
+
+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    if (!reloc_pc19(l->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
+        return false;
+    }
+
+    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_X1, l->addrlo_reg);
+    tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_X0, TCG_AREG0);
+
+    /* "Tail call" to the helper, with the return address back inline. */
+    tcg_out_adr(s, TCG_REG_LR, l->raddr);
+    tcg_out_goto_long(s, (const void *)(l->is_ld ? helper_unaligned_ld
+                                        : helper_unaligned_st));
+    return true;
+}
+
+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
 #endif /* CONFIG_SOFTMMU */
 
 static void tcg_out_qemu_ld_direct(TCGContext *s, MemOp memop, TCGType ext,
                                    TCGReg data_r, TCGReg addr_r,
                                    TCGType otype, TCGReg off_r)
 {
-    /* Byte swapping is left to middle-end expansion. */
-    tcg_debug_assert((memop & MO_BSWAP) == 0);
-
     switch (memop & MO_SSIZE) {
     case MO_UB:
         tcg_out_ldst_r(s, I3312_LDRB, data_r, addr_r, otype, off_r);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp memop,
                                    TCGReg data_r, TCGReg addr_r,
                                    TCGType otype, TCGReg off_r)
 {
-    /* Byte swapping is left to middle-end expansion. */
-    tcg_debug_assert((memop & MO_BSWAP) == 0);
-
     switch (memop & MO_SIZE) {
     case MO_8:
         tcg_out_ldst_r(s, I3312_STRB, data_r, addr_r, otype, off_r);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
 {
     MemOp memop = get_memop(oi);
     const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
+
+    /* Byte swapping is left to middle-end expansion. */
+    tcg_debug_assert((memop & MO_BSWAP) == 0);
+
 #ifdef CONFIG_SOFTMMU
     unsigned mem_index = get_mmuidx(oi);
     tcg_insn_unit *label_ptr;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
     add_qemu_ldst_label(s, true, oi, ext, data_reg, addr_reg,
                         s->code_ptr, label_ptr);
 #else /* !CONFIG_SOFTMMU */
+    unsigned a_bits = get_alignment_bits(memop);
+    if (a_bits) {
+        tcg_out_test_alignment(s, true, addr_reg, a_bits);
+    }
     if (USE_GUEST_BASE) {
         tcg_out_qemu_ld_direct(s, memop, ext, data_reg,
                                TCG_REG_GUEST_BASE, otype, addr_reg);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
 {
     MemOp memop = get_memop(oi);
     const TCGType otype = TARGET_LONG_BITS == 64 ? TCG_TYPE_I64 : TCG_TYPE_I32;
+
+    /* Byte swapping is left to middle-end expansion. */
+    tcg_debug_assert((memop & MO_BSWAP) == 0);
+
 #ifdef CONFIG_SOFTMMU
     unsigned mem_index = get_mmuidx(oi);
     tcg_insn_unit *label_ptr;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, TCGReg data_reg, TCGReg addr_reg,
     add_qemu_ldst_label(s, false, oi, (memop & MO_SIZE)== MO_64,
                         data_reg, addr_reg, s->code_ptr, label_ptr);
 #else /* !CONFIG_SOFTMMU */
+    unsigned a_bits = get_alignment_bits(memop);
+    if (a_bits) {
+        tcg_out_test_alignment(s, false, addr_reg, a_bits);
+    }
     if (USE_GUEST_BASE) {
         tcg_out_qemu_st_direct(s, memop, data_reg,
                                TCG_REG_GUEST_BASE, otype, addr_reg);
-- 
2.25.1

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/ppc/tcg-target.h     |  2 -
 tcg/ppc/tcg-target.c.inc | 98 ++++++++++++++++++++++++++++++++++++----
 2 files changed, 90 insertions(+), 10 deletions(-)

diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -XXX,XX +XXX,XX @@ void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
 #define TCG_TARGET_DEFAULT_MO (0)
 #define TCG_TARGET_HAS_MEMORY_BSWAP     1
 
-#ifdef CONFIG_SOFTMMU
 #define TCG_TARGET_NEED_LDST_LABELS
-#endif
 #define TCG_TARGET_NEED_POOL_LABELS
 
 #endif
diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
 
 #include "elf.h"
 #include "../tcg-pool.c.inc"
+#include "../tcg-ldst.c.inc"
 
 /*
  * Standardize on the _CALL_FOO symbols used by GCC:
@@ -XXX,XX +XXX,XX @@ void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
     }
 }
 
-static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
+static void tcg_out_call_int(TCGContext *s, int lk,
+                             const tcg_insn_unit *target)
 {
 #ifdef _CALL_AIX
     /* Look through the descriptor.  If the branch is in range, and we
@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
 
     if (in_range_b(diff) && toc == (uint32_t)toc) {
         tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_TMP1, toc);
-        tcg_out_b(s, LK, tgt);
+        tcg_out_b(s, lk, tgt);
     } else {
         /* Fold the low bits of the constant into the addresses below.  */
         intptr_t arg = (intptr_t)target;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
         tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_R0, TCG_REG_TMP1, ofs);
         tcg_out32(s, MTSPR | RA(TCG_REG_R0) | CTR);
         tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_R2, TCG_REG_TMP1, ofs + SZP);
-        tcg_out32(s, BCCTR | BO_ALWAYS | LK);
+        tcg_out32(s, BCCTR | BO_ALWAYS | lk);
     }
 #elif defined(_CALL_ELF) && _CALL_ELF == 2
     intptr_t diff;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
 
     diff = tcg_pcrel_diff(s, target);
     if (in_range_b(diff)) {
-        tcg_out_b(s, LK, target);
+        tcg_out_b(s, lk, target);
     } else {
         tcg_out32(s, MTSPR | RS(TCG_REG_R12) | CTR);
-        tcg_out32(s, BCCTR | BO_ALWAYS | LK);
+        tcg_out32(s, BCCTR | BO_ALWAYS | lk);
     }
 #else
-    tcg_out_b(s, LK, target);
+    tcg_out_b(s, lk, target);
 #endif
 }
 
+static void tcg_out_call(TCGContext *s, const tcg_insn_unit *target)
+{
+    tcg_out_call_int(s, LK, target);
+}
+
 static const uint32_t qemu_ldx_opc[(MO_SSIZE + MO_BSWAP) + 1] = {
     [MO_UB] = LBZX,
     [MO_UW] = LHZX,
@@ -XXX,XX +XXX,XX @@ static const uint32_t qemu_exts_opc[4] = {
 };
 
 #if defined (CONFIG_SOFTMMU)
-#include "../tcg-ldst.c.inc"
-
 /* helper signature: helper_ld_mmu(CPUState *env, target_ulong addr,
  *                                 int mmu_idx, uintptr_t ra)
  */
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
     tcg_out_b(s, 0, lb->raddr);
     return true;
 }
+#else
+
+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addrlo,
+                                   TCGReg addrhi, unsigned a_bits)
+{
+    unsigned a_mask = (1 << a_bits) - 1;
+    TCGLabelQemuLdst *label = new_ldst_label(s);
+
+    label->is_ld = is_ld;
+    label->addrlo_reg = addrlo;
+    label->addrhi_reg = addrhi;
+
+    /* We are expecting a_bits to max out at 7, much lower than ANDI. */
+    tcg_debug_assert(a_bits < 16);
+    tcg_out32(s, ANDI | SAI(addrlo, TCG_REG_R0, a_mask));
+
+    label->label_ptr[0] = s->code_ptr;
+    tcg_out32(s, BC | BI(0, CR_EQ) | BO_COND_FALSE | LK);
+
+    label->raddr = tcg_splitwx_to_rx(s->code_ptr);
+}
+
+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    if (!reloc_pc14(l->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
+        return false;
+    }
+
+    if (TCG_TARGET_REG_BITS < TARGET_LONG_BITS) {
+        TCGReg arg = TCG_REG_R4;
+#ifdef TCG_TARGET_CALL_ALIGN_ARGS
+        arg |= 1;
+#endif
+        if (l->addrlo_reg != arg) {
+            tcg_out_mov(s, TCG_TYPE_I32, arg, l->addrhi_reg);
+            tcg_out_mov(s, TCG_TYPE_I32, arg + 1, l->addrlo_reg);
+        } else if (l->addrhi_reg != arg + 1) {
+            tcg_out_mov(s, TCG_TYPE_I32, arg + 1, l->addrlo_reg);
+            tcg_out_mov(s, TCG_TYPE_I32, arg, l->addrhi_reg);
+        } else {
+            tcg_out_mov(s, TCG_TYPE_I32, TCG_REG_R0, arg);
+            tcg_out_mov(s, TCG_TYPE_I32, arg, arg + 1);
+            tcg_out_mov(s, TCG_TYPE_I32, arg + 1, TCG_REG_R0);
+        }
+    } else {
+        tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_R4, l->addrlo_reg);
+    }
+    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_R3, TCG_AREG0);
+
+    /* "Tail call" to the helper, with the return address back inline. */
+    tcg_out_call_int(s, 0, (const void *)(l->is_ld ? helper_unaligned_ld
+                                          : helper_unaligned_st));
+    return true;
+}
+
+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
 #endif /* SOFTMMU */
 
 static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
 #ifdef CONFIG_SOFTMMU
     int mem_index;
     tcg_insn_unit *label_ptr;
+#else
+    unsigned a_bits;
 #endif
 
     datalo = *args++;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
 
     rbase = TCG_REG_R3;
 #else  /* !CONFIG_SOFTMMU */
+    a_bits = get_alignment_bits(opc);
+    if (a_bits) {
+        tcg_out_test_alignment(s, true, addrlo, addrhi, a_bits);
+    }
     rbase = guest_base ? TCG_GUEST_BASE_REG : 0;
     if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
         tcg_out_ext32u(s, TCG_REG_TMP1, addrlo);
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
 #ifdef CONFIG_SOFTMMU
     int mem_index;
     tcg_insn_unit *label_ptr;
+#else
+    unsigned a_bits;
 #endif
 
     datalo = *args++;
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
 
     rbase = TCG_REG_R3;
 #else  /* !CONFIG_SOFTMMU */
+    a_bits = get_alignment_bits(opc);
+    if (a_bits) {
+        tcg_out_test_alignment(s, false, addrlo, addrhi, a_bits);
+    }
     rbase = guest_base ? TCG_GUEST_BASE_REG : 0;
     if (TCG_TARGET_REG_BITS > TARGET_LONG_BITS) {
         tcg_out_ext32u(s, TCG_REG_TMP1, addrlo);
-- 
2.25.1

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/s390x/tcg-target.h     |  2 --
 tcg/s390x/tcg-target.c.inc | 59 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 57 insertions(+), 4 deletions(-)

diff --git a/tcg/s390x/tcg-target.h b/tcg/s390x/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.h
+++ b/tcg/s390x/tcg-target.h
@@ -XXX,XX +XXX,XX @@ static inline void tb_target_set_jmp_target(uintptr_t tc_ptr, uintptr_t jmp_rx,
     /* no need to flush icache explicitly */
 }
 
-#ifdef CONFIG_SOFTMMU
 #define TCG_TARGET_NEED_LDST_LABELS
-#endif
 #define TCG_TARGET_NEED_POOL_LABELS
 
 #endif
diff --git a/tcg/s390x/tcg-target.c.inc b/tcg/s390x/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/s390x/tcg-target.c.inc
+++ b/tcg/s390x/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
 #error "unsupported code generation mode"
 #endif
 
+#include "../tcg-ldst.c.inc"
 #include "../tcg-pool.c.inc"
 #include "elf.h"
 
@@ -XXX,XX +XXX,XX @@ typedef enum S390Opcode {
     RI_OIHL     = 0xa509,
     RI_OILH     = 0xa50a,
     RI_OILL     = 0xa50b,
+    RI_TMLL     = 0xa701,
 
     RIE_CGIJ    = 0xec7c,
     RIE_CGRJ    = 0xec64,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st_direct(TCGContext *s, MemOp opc, TCGReg data,
 }
 
 #if defined(CONFIG_SOFTMMU)
-#include "../tcg-ldst.c.inc"
-
 /* We're expecting to use a 20-bit negative offset on the tlb memory ops.  */
 QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
 QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -(1 << 19));
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *lb)
     return true;
 }
 #else
+static void tcg_out_test_alignment(TCGContext *s, bool is_ld,
+                                   TCGReg addrlo, unsigned a_bits)
+{
+    unsigned a_mask = (1 << a_bits) - 1;
+    TCGLabelQemuLdst *l = new_ldst_label(s);
+
+    l->is_ld = is_ld;
+    l->addrlo_reg = addrlo;
+
+    /* We are expecting a_bits to max out at 7, much lower than TMLL. */
+    tcg_debug_assert(a_bits < 16);
+    tcg_out_insn(s, RI, TMLL, addrlo, a_mask);
+
+    tcg_out16(s, RI_BRC | (7 << 4)); /* CC in {1,2,3} */
+    l->label_ptr[0] = s->code_ptr;
+    s->code_ptr += 1;
+
+    l->raddr = tcg_splitwx_to_rx(s->code_ptr);
+}
+
+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    if (!patch_reloc(l->label_ptr[0], R_390_PC16DBL,
+                     (intptr_t)tcg_splitwx_to_rx(s->code_ptr), 2)) {
+        return false;
+    }
+
+    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_R3, l->addrlo_reg);
+    tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_R2, TCG_AREG0);
+
+    /* "Tail call" to the helper, with the return address back inline. */
+    tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_R14, (uintptr_t)l->raddr);
+    tgen_gotoi(s, S390_CC_ALWAYS, (const void *)(l->is_ld ? helper_unaligned_ld
+                                                 : helper_unaligned_st));
+    return true;
+}
+
+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
 static void tcg_prepare_user_ldst(TCGContext *s, TCGReg *addr_reg,
                                   TCGReg *index_reg, tcg_target_long *disp)
 {
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
 #else
     TCGReg index_reg;
     tcg_target_long disp;
+    unsigned a_bits = get_alignment_bits(opc);
 
+    if (a_bits) {
+        tcg_out_test_alignment(s, true, addr_reg, a_bits);
+    }
     tcg_prepare_user_ldst(s, &addr_reg, &index_reg, &disp);
     tcg_out_qemu_ld_direct(s, opc, data_reg, addr_reg, index_reg, disp);
 #endif
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext* s, TCGReg data_reg, TCGReg addr_reg,
 #else
     TCGReg index_reg;
     tcg_target_long disp;
+    unsigned a_bits = get_alignment_bits(opc);
 
+    if (a_bits) {
+        tcg_out_test_alignment(s, false, addr_reg, a_bits);
+    }
     tcg_prepare_user_ldst(s, &addr_reg, &index_reg, &disp);
     tcg_out_qemu_st_direct(s, opc, data_reg, addr_reg, index_reg, disp);
 #endif
-- 
2.25.1

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/tci.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/tcg/tci.c b/tcg/tci.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -XXX,XX +XXX,XX @@ static bool tci_compare64(uint64_t u0, uint64_t u1, TCGCond condition)
 static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
                             MemOpIdx oi, const void *tb_ptr)
 {
-    MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
+    MemOp mop = get_memop(oi);
     uintptr_t ra = (uintptr_t)tb_ptr;
 
 #ifdef CONFIG_SOFTMMU
-    switch (mop) {
+    switch (mop & (MO_BSWAP | MO_SSIZE)) {
     case MO_UB:
         return helper_ret_ldub_mmu(env, taddr, oi, ra);
     case MO_SB:
@@ -XXX,XX +XXX,XX @@ static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
     }
 #else
     void *haddr = g2h(env_cpu(env), taddr);
+    unsigned a_mask = (1u << get_alignment_bits(mop)) - 1;
     uint64_t ret;
 
     set_helper_retaddr(ra);
-    switch (mop) {
+    if (taddr & a_mask) {
+        helper_unaligned_ld(env, taddr);
+    }
+    switch (mop & (MO_BSWAP | MO_SSIZE)) {
     case MO_UB:
         ret = ldub_p(haddr);
         break;
@@ -XXX,XX +XXX,XX @@ static uint64_t tci_qemu_ld(CPUArchState *env, target_ulong taddr,
 static void tci_qemu_st(CPUArchState *env, target_ulong taddr, uint64_t val,
                         MemOpIdx oi, const void *tb_ptr)
 {
-    MemOp mop = get_memop(oi) & (MO_BSWAP | MO_SSIZE);
+    MemOp mop = get_memop(oi);
     uintptr_t ra = (uintptr_t)tb_ptr;
 
 #ifdef CONFIG_SOFTMMU
-    switch (mop) {
+    switch (mop & (MO_BSWAP | MO_SIZE)) {
     case MO_UB:
         helper_ret_stb_mmu(env, taddr, val, oi, ra);
         break;
@@ -XXX,XX +XXX,XX @@ static void tci_qemu_st(CPUArchState *env, target_ulong taddr, uint64_t val,
     }
 #else
     void *haddr = g2h(env_cpu(env), taddr);
+    unsigned a_mask = (1u << get_alignment_bits(mop)) - 1;
 
     set_helper_retaddr(ra);
-    switch (mop) {
+    if (taddr & a_mask) {
+        helper_unaligned_st(env, taddr);
+    }
+    switch (mop & (MO_BSWAP | MO_SIZE)) {
     case MO_UB:
         stb_p(haddr, val);
         break;
-- 
2.25.1

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/riscv/tcg-target.h     |  2 --
 tcg/riscv/tcg-target.c.inc | 63 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 61 insertions(+), 4 deletions(-)

diff --git a/tcg/riscv/tcg-target.h b/tcg/riscv/tcg-target.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.h
+++ b/tcg/riscv/tcg-target.h
@@ -XXX,XX +XXX,XX @@ void tb_target_set_jmp_target(uintptr_t, uintptr_t, uintptr_t, uintptr_t);
 
 #define TCG_TARGET_DEFAULT_MO (0)
 
-#ifdef CONFIG_SOFTMMU
 #define TCG_TARGET_NEED_LDST_LABELS
-#endif
 #define TCG_TARGET_NEED_POOL_LABELS
 
 #define TCG_TARGET_HAS_MEMORY_BSWAP 0
diff --git a/tcg/riscv/tcg-target.c.inc b/tcg/riscv/tcg-target.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/tcg/riscv/tcg-target.c.inc
+++ b/tcg/riscv/tcg-target.c.inc
@@ -XXX,XX +XXX,XX @@
  * THE SOFTWARE.
  */
 
+#include "../tcg-ldst.c.inc"
 #include "../tcg-pool.c.inc"
 
 #ifdef CONFIG_DEBUG_TCG
@@ -XXX,XX +XXX,XX @@ static void tcg_out_mb(TCGContext *s, TCGArg a0)
  */
 
 #if defined(CONFIG_SOFTMMU)
-#include "../tcg-ldst.c.inc"
-
 /* helper signature: helper_ret_ld_mmu(CPUState *env, target_ulong addr,
  *                                     MemOpIdx oi, uintptr_t ra)
  */
@@ -XXX,XX +XXX,XX @@ static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
     tcg_out_goto(s, l->raddr);
     return true;
 }
+#else
+
+static void tcg_out_test_alignment(TCGContext *s, bool is_ld, TCGReg addr_reg,
+                                   unsigned a_bits)
+{
+    unsigned a_mask = (1 << a_bits) - 1;
+    TCGLabelQemuLdst *l = new_ldst_label(s);
+
+    l->is_ld = is_ld;
+    l->addrlo_reg = addr_reg;
+
+    /* We are expecting a_bits to max out at 7, so we can always use andi. */
+    tcg_debug_assert(a_bits < 12);
+    tcg_out_opc_imm(s, OPC_ANDI, TCG_REG_TMP1, addr_reg, a_mask);
+
+    l->label_ptr[0] = s->code_ptr;
+    tcg_out_opc_branch(s, OPC_BNE, TCG_REG_TMP1, TCG_REG_ZERO, 0);
+
+    l->raddr = tcg_splitwx_to_rx(s->code_ptr);
+}
+
+static bool tcg_out_fail_alignment(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    /* resolve label address */
+    if (!reloc_sbimm12(l->label_ptr[0], tcg_splitwx_to_rx(s->code_ptr))) {
+        return false;
+    }
+
+    tcg_out_mov(s, TCG_TYPE_TL, TCG_REG_A1, l->addrlo_reg);
+    tcg_out_mov(s, TCG_TYPE_PTR, TCG_REG_A0, TCG_AREG0);
+
+    /* tail call, with the return address back inline. */
+    tcg_out_movi(s, TCG_TYPE_PTR, TCG_REG_RA, (uintptr_t)l->raddr);
+    tcg_out_call_int(s, (const void *)(l->is_ld ? helper_unaligned_ld
+                                       : helper_unaligned_st), true);
+    return true;
+}
+
+static bool tcg_out_qemu_ld_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
+static bool tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
+{
+    return tcg_out_fail_alignment(s, l);
+}
+
 #endif /* CONFIG_SOFTMMU */
 
 static void tcg_out_qemu_ld_direct(TCGContext *s, TCGReg lo, TCGReg hi,
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     tcg_insn_unit *label_ptr[1];
+#else
+    unsigned a_bits;
 #endif
     TCGReg base = TCG_REG_TMP0;
 
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args, bool is_64)
         tcg_out_ext32u(s, base, addr_regl);
         addr_regl = base;
     }
+    a_bits = get_alignment_bits(opc);
+    if (a_bits) {
+        tcg_out_test_alignment(s, true, addr_regl, a_bits);
+    }
     if (guest_base != 0) {
         tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl);
     }
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
     MemOp opc;
 #if defined(CONFIG_SOFTMMU)
     tcg_insn_unit *label_ptr[1];
+#else
+    unsigned a_bits;
 #endif
     TCGReg base = TCG_REG_TMP0;
 
@@ -XXX,XX +XXX,XX @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
         tcg_out_ext32u(s, base, addr_regl);
         addr_regl = base;
     }
+    a_bits = get_alignment_bits(opc);
+    if (a_bits) {
+        tcg_out_test_alignment(s, false, addr_regl, a_bits);
+    }
     if (guest_base != 0) {
         tcg_out_opc_reg(s, OPC_ADD, base, TCG_GUEST_BASE_REG, addr_regl);
     }
-- 
2.25.1

A mostly generic test for unaligned access raising SIGBUS.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tests/tcg/multiarch/sigbus.c | 68 ++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 tests/tcg/multiarch/sigbus.c

diff --git a/tests/tcg/multiarch/sigbus.c b/tests/tcg/multiarch/sigbus.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/tests/tcg/multiarch/sigbus.c
@@ -XXX,XX +XXX,XX @@
+#define _GNU_SOURCE 1
+
+#include <assert.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <endian.h>
+
+
+unsigned long long x = 0x8877665544332211ull;
+void * volatile p = (void *)&x + 1;
+
+void sigbus(int sig, siginfo_t *info, void *uc)
+{
+    assert(sig == SIGBUS);
+    assert(info->si_signo == SIGBUS);
+#ifdef BUS_ADRALN
+    assert(info->si_code == BUS_ADRALN);
+#endif
+    assert(info->si_addr == p);
+    exit(EXIT_SUCCESS);
+}
+
+int main()
+{
+    struct sigaction sa = {
+        .sa_sigaction = sigbus,
+        .sa_flags = SA_SIGINFO
+    };
+    int allow_fail = 0;
+    int tmp;
+
+    tmp = sigaction(SIGBUS, &sa, NULL);
+    assert(tmp == 0);
+
+    /*
+     * Select an operation that's likely to enforce alignment.
+     * On many guests that support unaligned accesses by default,
+     * this is often an atomic operation.
+     */
+#if defined(__aarch64__)
+    asm volatile("ldxr %w0,[%1]" : "=r"(tmp) : "r"(p) : "memory");
+#elif defined(__alpha__)
+    asm volatile("ldl_l %0,0(%1)" : "=r"(tmp) : "r"(p) : "memory");
+#elif defined(__arm__)
+    asm volatile("ldrex %0,[%1]" : "=r"(tmp) : "r"(p) : "memory");
+#elif defined(__powerpc__)
+    asm volatile("lwarx %0,0,%1" : "=r"(tmp) : "r"(p) : "memory");
+#elif defined(__riscv_atomic)
+    asm volatile("lr.w %0,(%1)" : "=r"(tmp) : "r"(p) : "memory");
+#else
+    /* No insn known to fault unaligned -- try for a straight load. */
+    allow_fail = 1;
+    tmp = *(volatile int *)p;
+#endif
+
+    assert(allow_fail);
+
+    /*
+     * We didn't see a signal.
+     * We might as well validate the unaligned load worked.
+     */
+    if (BYTE_ORDER == LITTLE_ENDIAN) {
+        assert(tmp == 0x55443322);
+    } else {
+        assert(tmp == 0x77665544);
+    }
+    return EXIT_SUCCESS;
+}
-- 
2.25.1

Hi,

This new version removed the translate_fn() from patch 1 because it
wasn't removing the sign-extension for pentry as we thought it would.
A more detailed explanation is given in the commit msg of patch 1.

We're now retrieving the 'lowaddr' value from load_elf_ram_sym() and
using it when we're running a 32-bit CPU. This worked with 32 bit
'virt' machine booting with the -kernel option.

If this approach doesn't work for the Xvisor use case, IMO  we should
just filter kernel_load_addr bits directly as we were doing a handful of
versions ago.

Patches are based on current riscv-to-apply.next.

Changes from v9:
- patch 1:
  - removed the translate_fn() callback
  - return 'kernel_low' when running a 32-bit CPU
- v9 link: https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg04509.html

Daniel Henrique Barboza (3):
  hw/riscv: handle 32 bit CPUs kernel_addr in riscv_load_kernel()
  hw/riscv/boot.c: consolidate all kernel init in riscv_load_kernel()
  hw/riscv/boot.c: make riscv_load_initrd() static

-- 
2.39.1

load_elf_ram_sym() will sign-extend 32 bit addresses. If a 32 bit QEMU
guest happens to be running in a hypervisor that are using 64 bits to
encode its address, kernel_entry can be padded with '1's and create
problems [1].

Using a translate_fn() callback in load_elf_ram_sym() to filter the
padding from the address doesn't work. A more detailed explanation can
be found in [2]. The short version is that glue(load_elf, SZ), from
include/hw/elf_ops.h, will calculate 'pentry' (mapped into the
'kernel_load_base' var in riscv_load_Kernel()) before using
translate_fn(), and will not recalculate it after executing it. This
means that the callback does not prevent the padding from
kernel_load_base to appear.

Let's instead use a kernel_low var to capture the 'lowaddr' value from
load_elf_ram_sim(), and return it when we're dealing with 32 bit CPUs.

[1] https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg02281.html
[2] https://lists.gnu.org/archive/html/qemu-devel/2023-02/msg00099.html

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
 }
 
 target_ulong riscv_load_kernel(MachineState *machine,
+                               RISCVHartArrayState *harts,
                                target_ulong kernel_start_addr,
                                symbol_fn_t sym_cb)
 {
     const char *kernel_filename = machine->kernel_filename;
-    uint64_t kernel_load_base, kernel_entry;
+    uint64_t kernel_load_base, kernel_entry, kernel_low;
 
     g_assert(kernel_filename != NULL);
 
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_kernel(MachineState *machine,
      * the (expected) load address load address. This allows kernels to have
      * separate SBI and ELF entry points (used by FreeBSD, for example).
      */
-    if (load_elf_ram_sym(kernel_filename, NULL, NULL, NULL,
-                         NULL, &kernel_load_base, NULL, NULL, 0,
+    if (load_elf_ram_sym(kernel_filename, NULL, NULL, NULL, NULL,
+                         &kernel_load_base, &kernel_low, NULL, 0,
                          EM_RISCV, 1, 0, NULL, true, sym_cb) > 0) {
-        return kernel_load_base;
+        kernel_entry = kernel_load_base;
+
+        if (riscv_is_32bit(harts)) {
+            kernel_entry = kernel_low;
+        }
+
+        return kernel_entry;
     }
 
     if (load_uimage_as(kernel_filename, &kernel_entry, NULL, NULL,
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -XXX,XX +XXX,XX @@ static void microchip_icicle_kit_machine_init(MachineState *machine)
         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc.u_cpus,
                                                          firmware_end_addr);
 
-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
+        kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
+                                         kernel_start_addr, NULL);
 
         if (machine->initrd_filename) {
             riscv_load_initrd(machine, kernel_entry);
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -XXX,XX +XXX,XX @@ static void opentitan_board_init(MachineState *machine)
     }
 
     if (machine->kernel_filename) {
-        riscv_load_kernel(machine, memmap[IBEX_DEV_RAM].base, NULL);
+        riscv_load_kernel(machine, &s->soc.cpus,
+                          memmap[IBEX_DEV_RAM].base, NULL);
     }
 }
 
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -XXX,XX +XXX,XX @@ static void sifive_e_machine_init(MachineState *machine)
                           memmap[SIFIVE_E_DEV_MROM].base, &address_space_memory);
 
     if (machine->kernel_filename) {
-        riscv_load_kernel(machine, memmap[SIFIVE_E_DEV_DTIM].base, NULL);
+        riscv_load_kernel(machine, &s->soc.cpus,
+                          memmap[SIFIVE_E_DEV_DTIM].base, NULL);
     }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -XXX,XX +XXX,XX @@ static void sifive_u_machine_init(MachineState *machine)
         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc.u_cpus,
                                                          firmware_end_addr);
 
-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
+        kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
+                                         kernel_start_addr, NULL);
 
         if (machine->initrd_filename) {
             riscv_load_initrd(machine, kernel_entry);
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -XXX,XX +XXX,XX @@ static void spike_board_init(MachineState *machine)
         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
                                                          firmware_end_addr);
 
-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr,
+        kernel_entry = riscv_load_kernel(machine, &s->soc[0],
+                                         kernel_start_addr,
                                          htif_symbol_callback);
 
         if (machine->initrd_filename) {
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -XXX,XX +XXX,XX @@ static void virt_machine_done(Notifier *notifier, void *data)
         kernel_start_addr = riscv_calc_kernel_start_addr(&s->soc[0],
                                                          firmware_end_addr);
 
-        kernel_entry = riscv_load_kernel(machine, kernel_start_addr, NULL);
+        kernel_entry = riscv_load_kernel(machine, &s->soc[0],
+                                         kernel_start_addr, NULL);
 
         if (machine->initrd_filename) {
             riscv_load_initrd(machine, kernel_entry);
diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
                                  hwaddr firmware_load_addr,
                                  symbol_fn_t sym_cb);
 target_ulong riscv_load_kernel(MachineState *machine,
+                               RISCVHartArrayState *harts,
                                target_ulong firmware_end_addr,
                                symbol_fn_t sym_cb);
 void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
-- 
2.39.1

The microchip_icicle_kit, sifive_u, spike and virt boards are now doing
the same steps when '-kernel' is used:

- execute load_kernel()
- load init_rd()
- write kernel_cmdline

Let's fold everything inside riscv_load_kernel() to avoid code
repetition. To not change the behavior of boards that aren't calling
riscv_load_init(), add an 'load_initrd' flag to riscv_load_kernel() and
allow these boards to opt out from initrd loading.

Cc: Palmer Dabbelt <palmer@dabbelt.com>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
---
 hw/riscv/boot.c            | 21 ++++++++++++++++++---
 hw/riscv/microchip_pfsoc.c | 11 +----------
 hw/riscv/opentitan.c       |  3 ++-
 hw/riscv/sifive_e.c        |  3 ++-
 hw/riscv/sifive_u.c        | 11 +----------
 hw/riscv/spike.c           | 11 +----------
 hw/riscv/virt.c            | 11 +----------
 include/hw/riscv/boot.h    |  1 +
 8 files changed, 27 insertions(+), 45 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
 target_ulong riscv_load_kernel(MachineState *machine,
                                RISCVHartArrayState *harts,
                                target_ulong kernel_start_addr,
+                               bool load_initrd,
                                symbol_fn_t sym_cb)
 {
     const char *kernel_filename = machine->kernel_filename;
     uint64_t kernel_load_base, kernel_entry, kernel_low;
+    void *fdt = machine->fdt;
 
     g_assert(kernel_filename != NULL);
 
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_kernel(MachineState *machine,
             kernel_entry = kernel_low;
         }
 
-        return kernel_entry;
+        goto out;
     }
 
     if (load_uimage_as(kernel_filename, &kernel_entry, NULL, NULL,
                        NULL, NULL, NULL) > 0) {
-        return kernel_entry;
+        goto out;
     }
 
     if (load_image_targphys_as(kernel_filename, kernel_start_addr,
                                current_machine->ram_size, NULL) > 0) {
-        return kernel_start_addr;
+        kernel_entry = kernel_start_addr;
+        goto out;
     }
 
     error_report("could not load kernel '%s'", kernel_filename);
     exit(1);
+
+out:
+    if (load_initrd && machine->initrd_filename) {
+        riscv_load_initrd(machine, kernel_entry);
+    }
+
+    if (fdt && machine->kernel_cmdline && *machine->kernel_cmdline) {
+        qemu_fdt_setprop_string(fdt, "/chosen", "bootargs",
+                                machine->kernel_cmdline);
+    }
+
+    return kernel_entry;
 }
 
 void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -XXX,XX +XXX,XX @@ static void microchip_icicle_kit_machine_init(MachineState *machine)
                                                          firmware_end_addr);
 
         kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
-                                         kernel_start_addr, NULL);
-
-        if (machine->initrd_filename) {
-            riscv_load_initrd(machine, kernel_entry);
-        }
-
-        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
-            qemu_fdt_setprop_string(machine->fdt, "/chosen",
-                                    "bootargs", machine->kernel_cmdline);
-        }
+                                         kernel_start_addr, true, NULL);
 
         /* Compute the fdt load address in dram */
         fdt_load_addr = riscv_compute_fdt_addr(memmap[MICROCHIP_PFSOC_DRAM_LO].base,
diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -XXX,XX +XXX,XX @@ static void opentitan_board_init(MachineState *machine)
 
     if (machine->kernel_filename) {
         riscv_load_kernel(machine, &s->soc.cpus,
-                          memmap[IBEX_DEV_RAM].base, NULL);
+                          memmap[IBEX_DEV_RAM].base,
+                          false, NULL);
     }
 }
 
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -XXX,XX +XXX,XX @@ static void sifive_e_machine_init(MachineState *machine)
 
     if (machine->kernel_filename) {
         riscv_load_kernel(machine, &s->soc.cpus,
-                          memmap[SIFIVE_E_DEV_DTIM].base, NULL);
+                          memmap[SIFIVE_E_DEV_DTIM].base,
+                          false, NULL);
     }
 }
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -XXX,XX +XXX,XX @@ static void sifive_u_machine_init(MachineState *machine)
                                                          firmware_end_addr);
 
         kernel_entry = riscv_load_kernel(machine, &s->soc.u_cpus,
-                                         kernel_start_addr, NULL);
-
-        if (machine->initrd_filename) {
-            riscv_load_initrd(machine, kernel_entry);
-        }
-
-        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
-            qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
-                                    machine->kernel_cmdline);
-        }
+                                         kernel_start_addr, true, NULL);
     } else {
        /*
         * If dynamic firmware is used, it doesn't know where is the next mode
diff --git a/hw/riscv/spike.c b/hw/riscv/spike.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/spike.c
+++ b/hw/riscv/spike.c
@@ -XXX,XX +XXX,XX @@ static void spike_board_init(MachineState *machine)
 
         kernel_entry = riscv_load_kernel(machine, &s->soc[0],
                                          kernel_start_addr,
-                                         htif_symbol_callback);
-
-        if (machine->initrd_filename) {
-            riscv_load_initrd(machine, kernel_entry);
-        }
-
-        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
-            qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
-                                    machine->kernel_cmdline);
-        }
+                                         true, htif_symbol_callback);
     } else {
        /*
         * If dynamic firmware is used, it doesn't know where is the next mode
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -XXX,XX +XXX,XX @@ static void virt_machine_done(Notifier *notifier, void *data)
                                                          firmware_end_addr);
 
         kernel_entry = riscv_load_kernel(machine, &s->soc[0],
-                                         kernel_start_addr, NULL);
-
-        if (machine->initrd_filename) {
-            riscv_load_initrd(machine, kernel_entry);
-        }
-
-        if (machine->kernel_cmdline && *machine->kernel_cmdline) {
-            qemu_fdt_setprop_string(machine->fdt, "/chosen", "bootargs",
-                                    machine->kernel_cmdline);
-        }
+                                         kernel_start_addr, true, NULL);
     } else {
        /*
         * If dynamic firmware is used, it doesn't know where is the next mode
diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
 target_ulong riscv_load_kernel(MachineState *machine,
                                RISCVHartArrayState *harts,
                                target_ulong firmware_end_addr,
+                               bool load_initrd,
                                symbol_fn_t sym_cb);
 void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
 uint64_t riscv_compute_fdt_addr(hwaddr dram_start, uint64_t dram_size,
-- 
2.39.1

The only remaining caller is riscv_load_kernel_and_initrd() which
belongs to the same file.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
---
 hw/riscv/boot.c         | 80 ++++++++++++++++++++---------------------
 include/hw/riscv/boot.h |  1 -
 2 files changed, 40 insertions(+), 41 deletions(-)

diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/riscv/boot.c
+++ b/hw/riscv/boot.c
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_firmware(const char *firmware_filename,
     exit(1);
 }
 
+static void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
+{
+    const char *filename = machine->initrd_filename;
+    uint64_t mem_size = machine->ram_size;
+    void *fdt = machine->fdt;
+    hwaddr start, end;
+    ssize_t size;
+
+    g_assert(filename != NULL);
+
+    /*
+     * We want to put the initrd far enough into RAM that when the
+     * kernel is uncompressed it will not clobber the initrd. However
+     * on boards without much RAM we must ensure that we still leave
+     * enough room for a decent sized initrd, and on boards with large
+     * amounts of RAM we must avoid the initrd being so far up in RAM
+     * that it is outside lowmem and inaccessible to the kernel.
+     * So for boards with less  than 256MB of RAM we put the initrd
+     * halfway into RAM, and for boards with 256MB of RAM or more we put
+     * the initrd at 128MB.
+     */
+    start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
+
+    size = load_ramdisk(filename, start, mem_size - start);
+    if (size == -1) {
+        size = load_image_targphys(filename, start, mem_size - start);
+        if (size == -1) {
+            error_report("could not load ramdisk '%s'", filename);
+            exit(1);
+        }
+    }
+
+    /* Some RISC-V machines (e.g. opentitan) don't have a fdt. */
+    if (fdt) {
+        end = start + size;
+        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start);
+        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end);
+    }
+}
+
 target_ulong riscv_load_kernel(MachineState *machine,
                                RISCVHartArrayState *harts,
                                target_ulong kernel_start_addr,
@@ -XXX,XX +XXX,XX @@ out:
     return kernel_entry;
 }
 
-void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry)
-{
-    const char *filename = machine->initrd_filename;
-    uint64_t mem_size = machine->ram_size;
-    void *fdt = machine->fdt;
-    hwaddr start, end;
-    ssize_t size;
-
-    g_assert(filename != NULL);
-
-    /*
-     * We want to put the initrd far enough into RAM that when the
-     * kernel is uncompressed it will not clobber the initrd. However
-     * on boards without much RAM we must ensure that we still leave
-     * enough room for a decent sized initrd, and on boards with large
-     * amounts of RAM we must avoid the initrd being so far up in RAM
-     * that it is outside lowmem and inaccessible to the kernel.
-     * So for boards with less  than 256MB of RAM we put the initrd
-     * halfway into RAM, and for boards with 256MB of RAM or more we put
-     * the initrd at 128MB.
-     */
-    start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
-
-    size = load_ramdisk(filename, start, mem_size - start);
-    if (size == -1) {
-        size = load_image_targphys(filename, start, mem_size - start);
-        if (size == -1) {
-            error_report("could not load ramdisk '%s'", filename);
-            exit(1);
-        }
-    }
-
-    /* Some RISC-V machines (e.g. opentitan) don't have a fdt. */
-    if (fdt) {
-        end = start + size;
-        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-start", start);
-        qemu_fdt_setprop_cell(fdt, "/chosen", "linux,initrd-end", end);
-    }
-}
-
 /*
  * This function makes an assumption that the DRAM interval
  * 'dram_base' + 'dram_size' is contiguous.
diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/riscv/boot.h
+++ b/include/hw/riscv/boot.h
@@ -XXX,XX +XXX,XX @@ target_ulong riscv_load_kernel(MachineState *machine,
                                target_ulong firmware_end_addr,
                                bool load_initrd,
                                symbol_fn_t sym_cb);
-void riscv_load_initrd(MachineState *machine, uint64_t kernel_entry);
 uint64_t riscv_compute_fdt_addr(hwaddr dram_start, uint64_t dram_size,
                                 MachineState *ms);
 void riscv_load_fdt(hwaddr fdt_addr, void *fdt);
-- 
2.39.1