Series comparison

-[PULL 00/15] tcg patch queue
+[Qemu-devel] [PULL v2 00/21] tcg patch queue
-The following changes since commit ee26ce674a93c824713542cec3b6a9ca85459165:
+Changes since v1:
   * Added QEMU_ERROR to wrap __attribute__((error)) -- patch 12.
-  Merge remote-tracking branch 'remotes/jsnow/tags/python-pull-request' into staging (2021-10-12 16:08:33 -0700)
 r~
 The following changes since commit 77f7c747193662edfadeeb3118d63eed0eac51a6:
   Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2018-10-17' into staging (2018-10-18 13:40:19 +0100)
 are available in the Git repository at:
-  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20211013
+  https://github.com/rth7680/qemu.git tags/pull-tcg-20181018
-for you to fetch changes up to 76e366e728549b3324cc2dee6745d6a4f1af18e6:
+for you to fetch changes up to 403f290c0603f35f2d09c982bf5549b6d0803ec1:
-  tcg: Canonicalize alignment flags in MemOp (2021-10-13 09:14:35 -0700)
+  cputlb: read CPUTLBEntry.addr_write atomically (2018-10-18 19:46:53 -0700)
 ----------------------------------------------------------------
-Use MO_128 for 16-byte atomic memory operations.
+Queued tcg patches.
 Add cpu_ld/st_mmu memory primitives.
 Move helper_ld/st memory helpers out of tcg.h.
 Canonicalize alignment flags in MemOp.
 ----------------------------------------------------------------
-BALATON Zoltan (1):
+Emilio G. Cota (10):
-      memory: Log access direction for invalid accesses
+      tcg: access cpu->icount_decr.u16.high with atomics
       tcg: fix use of uninitialized variable under CONFIG_PROFILER
       tcg: plug holes in struct TCGProfile
       tcg: distribute tcg_time into TCG contexts
       target/alpha: remove tlb_flush from alpha_cpu_initfn
       target/unicore32: remove tlb_flush from uc32_init_fn
       exec: introduce tlb_init
       cputlb: fix assert_cpu_is_self macro
       cputlb: serialize tlb updates with env->tlb_lock
       cputlb: read CPUTLBEntry.addr_write atomically
-Richard Henderson (14):
+Richard Henderson (11):
-      target/arm: Use MO_128 for 16 byte atomics
+      tcg: Implement CPU_LOG_TB_NOCHAIN during expansion
-      target/i386: Use MO_128 for 16 byte atomics
+      tcg: Add tlb_index and tlb_entry helpers
-      target/ppc: Use MO_128 for 16 byte atomics
+      tcg: Split CONFIG_ATOMIC128
-      target/s390x: Use MO_128 for 16 byte atomics
+      target/i386: Convert to HAVE_CMPXCHG128
-      target/hexagon: Implement cpu_mmu_index
+      target/arm: Convert to HAVE_CMPXCHG128
-      accel/tcg: Add cpu_{ld,st}*_mmu interfaces
+      target/arm: Check HAVE_CMPXCHG128 at translate time
-      accel/tcg: Move cpu_atomic decls to exec/cpu_ldst.h
+      target/ppc: Convert to HAVE_CMPXCHG128 and HAVE_ATOMIC128
-      target/mips: Use cpu_*_data_ra for msa load/store
+      target/s390x: Convert to HAVE_CMPXCHG128 and HAVE_ATOMIC128
-      target/mips: Use 8-byte memory ops for msa load/store
+      target/s390x: Split do_cdsg, do_lpq, do_stpq
-      target/s390x: Use cpu_*_mmu instead of helper_*_mmu
+      target/s390x: Skip wout, cout helpers if op helper does not return
-      target/sparc: Use cpu_*_mmu instead of helper_*_mmu
+      target/s390x: Check HAVE_ATOMIC128 and HAVE_CMPXCHG128 at translate
       target/arm: Use cpu_*_mmu instead of helper_*_mmu
       tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
       tcg: Canonicalize alignment flags in MemOp
- docs/devel/loads-stores.rst   |  52 +++++-
+ accel/tcg/atomic_template.h      |  20 +++-
- include/exec/cpu_ldst.h       | 332 ++++++++++++++++++-----------------
+ accel/tcg/softmmu_template.h     |  64 +++++-----
- include/tcg/tcg-ldst.h        |  74 ++++++++
+ include/exec/cpu-defs.h          |   3 +
- include/tcg/tcg.h             | 158 -----------------
+ include/exec/cpu_ldst.h          |  30 ++++-
- target/hexagon/cpu.h          |   9 +
+ include/exec/cpu_ldst_template.h |  25 ++--
- accel/tcg/cputlb.c            | 393 ++++++++++++++----------------------------
+ include/exec/exec-all.h          |   8 ++
- accel/tcg/user-exec.c         | 385 +++++++++++++++++------------------------
+ include/qemu/atomic128.h         | 153 ++++++++++++++++++++++++
- softmmu/memory.c              |  20 +--
+ include/qemu/compiler.h          |  11 ++
- target/arm/helper-a64.c       |  61 ++-----
+ include/qemu/timer.h             |   1 -
- target/arm/m_helper.c         |   6 +-
+ target/ppc/helper.h              |   2 +-
- target/i386/tcg/mem_helper.c  |   2 +-
+ tcg/tcg.h                        |  20 ++--
- target/m68k/op_helper.c       |   1 -
+ accel/tcg/cpu-exec.c             |   2 +-
- target/mips/tcg/msa_helper.c  | 389 ++++++++++-------------------------------
+ accel/tcg/cputlb.c               | 235 +++++++++++++++++++-----------------
- target/ppc/mem_helper.c       |   1 -
+ accel/tcg/tcg-all.c              |   2 +-
- target/ppc/translate.c        |  12 +-
+ accel/tcg/translate-all.c        |   2 +-
- target/s390x/tcg/mem_helper.c |  13 +-
+ accel/tcg/user-exec.c            |   5 +-
- target/sparc/ldst_helper.c    |  14 +-
+ cpus.c                           |   3 +-
- tcg/tcg-op.c                  |   7 +-
+ exec.c                           |   1 +
- tcg/tcg.c                     |   1 +
+ monitor.c                        |  13 +-
- tcg/tci.c                     |   1 +
+ qom/cpu.c                        |   2 +-
- accel/tcg/ldst_common.c.inc   | 307 +++++++++++++++++++++++++++++++++
+ target/alpha/cpu.c               |   1 -
-files changed, 1032 insertions(+), 1206 deletions(-)
+ target/arm/helper-a64.c          | 251 +++++++++++++++++++--------------------
- create mode 100644 include/tcg/tcg-ldst.h
+ target/arm/translate-a64.c       |  38 +++---
- create mode 100644 accel/tcg/ldst_common.c.inc
+ target/i386/mem_helper.c         |   9 +-
  target/ppc/mem_helper.c          |  33 ++++-
  target/ppc/translate.c           | 115 +++++++++---------
  target/s390x/mem_helper.c        | 202 +++++++++++++++----------------
  target/s390x/translate.c         |  45 +++++--
  target/unicore32/cpu.c           |   2 -
  tcg/tcg-op.c                     |   9 +-
  tcg/tcg.c                        |  25 +++-
  configure                        |  19 +++
 files changed, 839 insertions(+), 512 deletions(-)
  create mode 100644 include/qemu/atomic128.h

-[PULL 15/15] tcg: Canonicalize alignment flags in MemOp
+[Qemu-devel] [PULL v2 01/21] tcg: Implement CPU_LOG_TB_NOCHAIN during expansion
-Having observed e.g. al8+leq in dumps, canonicalize to al+leq.
+Rather than test NOCHAIN before linking, do not emit the
 goto_tb opcode at all.  We already do this for goto_ptr.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- tcg/tcg-op.c | 7 ++++++-
+ accel/tcg/cpu-exec.c | 2 +-
-file changed, 6 insertions(+), 1 deletion(-)
+ tcg/tcg-op.c         | 9 ++++++++-
 files changed, 9 insertions(+), 2 deletions(-)
+diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
+index XXXXXXX..XXXXXXX 100644
+--- a/accel/tcg/cpu-exec.c
++++ b/accel/tcg/cpu-exec.c
+@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_find(CPUState *cpu,
+     }
+ #endif
+     /* See if we can patch the calling TB. */
+-    if (last_tb && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
++    if (last_tb) {
+         tb_add_jump(last_tb, tb_exit, tb);
+     }
+     return tb;
 diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
 index XXXXXXX..XXXXXXX 100644
 --- a/tcg/tcg-op.c
 +++ b/tcg/tcg-op.c
-@@ -XXX,XX +XXX,XX @@ void tcg_gen_lookup_and_goto_ptr(void)
+@@ -XXX,XX +XXX,XX @@ void tcg_gen_exit_tb(TranslationBlock *tb, unsigned idx)
- static inline MemOp tcg_canonicalize_memop(MemOp op, bool is64, bool st)
+            seen this numbered exit before, via tcg_gen_goto_tb.  */
- {
+         tcg_debug_assert(tcg_ctx->goto_tb_issue_mask & (1 << idx));
-     /* Trigger the asserts within as early as possible.  */
+ #endif
--    (void)get_alignment_bits(op);
++        /* When not chaining, exit without indicating a link.  */
-+    unsigned a_bits = get_alignment_bits(op);
++        if (qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
-+
++            val = 0;
-+    /* Prefer MO_ALIGN+MO_XX over MO_ALIGN_XX+MO_XX */
++        }
-+    if (a_bits == (op & MO_SIZE)) {
+     } else {
-+        op = (op & ~MO_AMASK) | MO_ALIGN;
+         /* This is an exit via the exitreq label.  */
          tcg_debug_assert(idx == TB_EXIT_REQUESTED);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_goto_tb(unsigned idx)
      tcg_debug_assert((tcg_ctx->goto_tb_issue_mask & (1 << idx)) == 0);
      tcg_ctx->goto_tb_issue_mask |= 1 << idx;
  #endif
 -    tcg_gen_op1i(INDEX_op_goto_tb, idx);
 +    /* When not chaining, we simply fall through to the "fallback" exit.  */
 +    if (!qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
 +        tcg_gen_op1i(INDEX_op_goto_tb, idx);
 +    }
+ }
-     switch (op & MO_SIZE) {
-     case MO_8:
+ void tcg_gen_lookup_and_goto_ptr(void)
 --
-.25.1
+.17.2

-New patch
+[Qemu-devel] [PULL v2 02/21] tcg: access cpu->icount_decr.u16.high with atomics
+From: "Emilio G. Cota" <cota@braap.org>
+Consistently access u16.high with atomics to avoid
+undefined behaviour in MTTCG.
+Note that icount_decr.u16.low is only used in icount mode,
+so regular accesses to it are OK.
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Emilio G. Cota <cota@braap.org>
+Message-Id: <20181010144853.13005-2-cota@braap.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+---
+ accel/tcg/tcg-all.c       | 2 +-
+ accel/tcg/translate-all.c | 2 +-
+ qom/cpu.c                 | 2 +-
+files changed, 3 insertions(+), 3 deletions(-)
+diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
+index XXXXXXX..XXXXXXX 100644
+--- a/accel/tcg/tcg-all.c
++++ b/accel/tcg/tcg-all.c
+@@ -XXX,XX +XXX,XX @@ static void tcg_handle_interrupt(CPUState *cpu, int mask)
+     if (!qemu_cpu_is_self(cpu)) {
+         qemu_cpu_kick(cpu);
+     } else {
+-        cpu->icount_decr.u16.high = -1;
++        atomic_set(&cpu->icount_decr.u16.high, -1);
+         if (use_icount &&
+             !cpu->can_do_io
+             && (mask & ~old_mask) != 0) {
+diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
+index XXXXXXX..XXXXXXX 100644
+--- a/accel/tcg/translate-all.c
++++ b/accel/tcg/translate-all.c
+@@ -XXX,XX +XXX,XX @@ void cpu_interrupt(CPUState *cpu, int mask)
+ {
+     g_assert(qemu_mutex_iothread_locked());
+     cpu->interrupt_request |= mask;
+-    cpu->icount_decr.u16.high = -1;
++    atomic_set(&cpu->icount_decr.u16.high, -1);
+ }
+ /*
+diff --git a/qom/cpu.c b/qom/cpu.c
+index XXXXXXX..XXXXXXX 100644
+--- a/qom/cpu.c
++++ b/qom/cpu.c
+@@ -XXX,XX +XXX,XX @@ static void cpu_common_reset(CPUState *cpu)
+     cpu->mem_io_pc = 0;
+     cpu->mem_io_vaddr = 0;
+     cpu->icount_extra = 0;
+-    cpu->icount_decr.u32 = 0;
++    atomic_set(&cpu->icount_decr.u32, 0);
+     cpu->can_do_io = 1;
+     cpu->exception_index = -1;
+     cpu->crash_occurred = false;
+--
+.17.2

-New patch
+[Qemu-devel] [PULL v2 03/21] tcg: fix use of uninitialized variable under CONFIG_PROFILER
+From: "Emilio G. Cota" <cota@braap.org>
+We forgot to initialize n in commit 15fa08f845 ("tcg: Dynamically
+allocate TCGOps", 2017-12-29).
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Emilio G. Cota <cota@braap.org>
+Message-Id: <20181010144853.13005-3-cota@braap.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+---
+ tcg/tcg.c | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/tcg/tcg.c b/tcg/tcg.c
+index XXXXXXX..XXXXXXX 100644
+--- a/tcg/tcg.c
++++ b/tcg/tcg.c
+@@ -XXX,XX +XXX,XX @@ int tcg_gen_code(TCGContext *s, TranslationBlock *tb)
+ #ifdef CONFIG_PROFILER
+     {
+-        int n;
++        int n = 0;
+         QTAILQ_FOREACH(op, &s->ops, link) {
+             n++;
+--
+.17.2

-[PULL 03/15] target/i386: Use MO_128 for 16 byte atomics
+[Qemu-devel] [PULL v2 04/21] tcg: plug holes in struct TCGProfile
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+From: "Emilio G. Cota" <cota@braap.org>
 This plugs two 4-byte holes in 64-bit.
 Signed-off-by: Emilio G. Cota <cota@braap.org>
 Message-Id: <20181010144853.13005-4-cota@braap.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/i386/tcg/mem_helper.c | 2 +-
+ tcg/tcg.h | 2 +-
 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/i386/tcg/mem_helper.c b/target/i386/tcg/mem_helper.c
+diff --git a/tcg/tcg.h b/tcg/tcg.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/i386/tcg/mem_helper.c
+--- a/tcg/tcg.h
-+++ b/target/i386/tcg/mem_helper.c
++++ b/tcg/tcg.h
-@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
+@@ -XXX,XX +XXX,XX @@ typedef struct TCGProfile {
-         Int128 newv = int128_make128(env->regs[R_EBX], env->regs[R_ECX]);
+     int64_t tb_count;
+     int64_t op_count; /* total insn count */
-         int mem_idx = cpu_mmu_index(env, false);
+     int op_count_max; /* max insn per TB */
--        MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+-    int64_t temp_count;
-+        MemOpIdx oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
+     int temp_count_max;
-         Int128 oldv = cpu_atomic_cmpxchgo_le_mmu(env, a0, cmpv, newv, oi, ra);
++    int64_t temp_count;
+     int64_t del_op_count;
-         if (int128_eq(oldv, cmpv)) {
+     int64_t code_in_len;
      int64_t code_out_len;
 --
-.25.1
+.17.2

-New patch
+[Qemu-devel] [PULL v2 05/21] tcg: distribute tcg_time into TCG contexts
+From: "Emilio G. Cota" <cota@braap.org>
+When we implemented per-vCPU TCG contexts, we forgot to also
+distribute the tcg_time counter, which has remained as a global
+accessed without any serialization, leading to potentially missed
+counts.
+Fix it by distributing the field over the TCG contexts, embedding
+it into TCGProfile with a field called "cpu_exec_time", which is more
+descriptive than "tcg_time". Add a function to query this value
+directly, and for completeness, fill in the field in
+tcg_profile_snapshot, even though its callers do not use it.
+Signed-off-by: Emilio G. Cota <cota@braap.org>
+Message-Id: <20181010144853.13005-5-cota@braap.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+---
+ include/qemu/timer.h |  1 -
+ tcg/tcg.h            |  2 ++
+ cpus.c               |  3 ++-
+ monitor.c            | 13 ++++++++++---
+ tcg/tcg.c            | 23 +++++++++++++++++++++++
+files changed, 37 insertions(+), 5 deletions(-)
+diff --git a/include/qemu/timer.h b/include/qemu/timer.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/qemu/timer.h
++++ b/include/qemu/timer.h
+@@ -XXX,XX +XXX,XX @@ static inline int64_t profile_getclock(void)
+     return get_clock();
+ }
+-extern int64_t tcg_time;
+ extern int64_t dev_time;
+ #endif
+diff --git a/tcg/tcg.h b/tcg/tcg.h
+index XXXXXXX..XXXXXXX 100644
+--- a/tcg/tcg.h
++++ b/tcg/tcg.h
+@@ -XXX,XX +XXX,XX @@ typedef struct TCGOp {
+ QEMU_BUILD_BUG_ON(NB_OPS > (1 << 8));
+ typedef struct TCGProfile {
++    int64_t cpu_exec_time;
+     int64_t tb_count1;
+     int64_t tb_count;
+     int64_t op_count; /* total insn count */
+@@ -XXX,XX +XXX,XX @@ int tcg_check_temp_count(void);
+ #define tcg_check_temp_count() 0
+ #endif
++int64_t tcg_cpu_exec_time(void);
+ void tcg_dump_info(FILE *f, fprintf_function cpu_fprintf);
+ void tcg_dump_op_count(FILE *f, fprintf_function cpu_fprintf);
+diff --git a/cpus.c b/cpus.c
+index XXXXXXX..XXXXXXX 100644
+--- a/cpus.c
++++ b/cpus.c
+@@ -XXX,XX +XXX,XX @@ static int tcg_cpu_exec(CPUState *cpu)
+     ret = cpu_exec(cpu);
+     cpu_exec_end(cpu);
+ #ifdef CONFIG_PROFILER
+-    tcg_time += profile_getclock() - ti;
++    atomic_set(&tcg_ctx->prof.cpu_exec_time,
++               tcg_ctx->prof.cpu_exec_time + profile_getclock() - ti);
+ #endif
+     return ret;
+ }
+diff --git a/monitor.c b/monitor.c
+index XXXXXXX..XXXXXXX 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -XXX,XX +XXX,XX @@
+ #include "sysemu/cpus.h"
+ #include "sysemu/iothread.h"
+ #include "qemu/cutils.h"
++#include "tcg/tcg.h"
+ #if defined(TARGET_S390X)
+ #include "hw/s390x/storage-keys.h"
+@@ -XXX,XX +XXX,XX @@ static void hmp_info_numa(Monitor *mon, const QDict *qdict)
+ #ifdef CONFIG_PROFILER
+-int64_t tcg_time;
+ int64_t dev_time;
+ static void hmp_info_profile(Monitor *mon, const QDict *qdict)
+ {
++    static int64_t last_cpu_exec_time;
++    int64_t cpu_exec_time;
++    int64_t delta;
++
++    cpu_exec_time = tcg_cpu_exec_time();
++    delta = cpu_exec_time - last_cpu_exec_time;
++
+     monitor_printf(mon, "async time  %" PRId64 " (%0.3f)\n",
+                    dev_time, dev_time / (double)NANOSECONDS_PER_SECOND);
+     monitor_printf(mon, "qemu time   %" PRId64 " (%0.3f)\n",
+-                   tcg_time, tcg_time / (double)NANOSECONDS_PER_SECOND);
+-    tcg_time = 0;
++                   delta, delta / (double)NANOSECONDS_PER_SECOND);
++    last_cpu_exec_time = cpu_exec_time;
+     dev_time = 0;
+ }
+ #else
+diff --git a/tcg/tcg.c b/tcg/tcg.c
+index XXXXXXX..XXXXXXX 100644
+--- a/tcg/tcg.c
++++ b/tcg/tcg.c
+@@ -XXX,XX +XXX,XX @@
+ /* Define to jump the ELF file used to communicate with GDB.  */
+ #undef DEBUG_JIT
++#include "qemu/error-report.h"
+ #include "qemu/cutils.h"
+ #include "qemu/host-utils.h"
+ #include "qemu/timer.h"
+@@ -XXX,XX +XXX,XX @@ void tcg_profile_snapshot(TCGProfile *prof, bool counters, bool table)
+         const TCGProfile *orig = &s->prof;
+         if (counters) {
++            PROF_ADD(prof, orig, cpu_exec_time);
+             PROF_ADD(prof, orig, tb_count1);
+             PROF_ADD(prof, orig, tb_count);
+             PROF_ADD(prof, orig, op_count);
+@@ -XXX,XX +XXX,XX @@ void tcg_dump_op_count(FILE *f, fprintf_function cpu_fprintf)
+                     prof.table_op_count[i]);
+     }
+ }
++
++int64_t tcg_cpu_exec_time(void)
++{
++    unsigned int n_ctxs = atomic_read(&n_tcg_ctxs);
++    unsigned int i;
++    int64_t ret = 0;
++
++    for (i = 0; i < n_ctxs; i++) {
++        const TCGContext *s = atomic_read(&tcg_ctxs[i]);
++        const TCGProfile *prof = &s->prof;
++
++        ret += atomic_read(&prof->cpu_exec_time);
++    }
++    return ret;
++}
+ #else
+ void tcg_dump_op_count(FILE *f, fprintf_function cpu_fprintf)
+ {
+     cpu_fprintf(f, "[TCG profiler not compiled]\n");
+ }
++
++int64_t tcg_cpu_exec_time(void)
++{
++    error_report("%s: TCG profiler not compiled", __func__);
++    exit(EXIT_FAILURE);
++}
+ #endif
+--
+.17.2

-New patch
+[Qemu-devel] [PULL v2 06/21] target/alpha: remove tlb_flush from alpha_cpu_initfn
+From: "Emilio G. Cota" <cota@braap.org>
+As far as I can tell tlb_flush does not need to be called
+this early. tlb_flush is eventually called after the CPU
+has been realized.
+This change paves the way to the introduction of tlb_init,
+which will be called from cpu_exec_realizefn.
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Emilio G. Cota <cota@braap.org>
+Message-Id: <20181009174557.16125-2-cota@braap.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+---
+ target/alpha/cpu.c | 1 -
+file changed, 1 deletion(-)
+diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/alpha/cpu.c
++++ b/target/alpha/cpu.c
+@@ -XXX,XX +XXX,XX @@ static void alpha_cpu_initfn(Object *obj)
+     CPUAlphaState *env = &cpu->env;
+     cs->env_ptr = env;
+-    tlb_flush(cs);
+     env->lock_addr = -1;
+ #if defined(CONFIG_USER_ONLY)
+--
+.17.2

-[PULL 12/15] target/sparc: Use cpu_*_mmu instead of helper_*_mmu
+[Qemu-devel] [PULL v2 07/21] target/unicore32: remove tlb_flush from uc32_init_fn
-The helper_*_mmu functions were the only thing available
+From: "Emilio G. Cota" <cota@braap.org>
 when this code was written.  This could have been adjusted
 when we added cpu_*_mmuidx_ra, but now we can most easily
 use the newest set of interfaces.
-Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
+As far as I can tell tlb_flush does not need to be called
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+this early. tlb_flush is eventually called after the CPU
 has been realized.
 This change paves the way to the introduction of tlb_init,
 which will be called from cpu_exec_realizefn.
 Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Emilio G. Cota <cota@braap.org>
 Message-Id: <20181009174557.16125-3-cota@braap.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/sparc/ldst_helper.c | 14 +++++++-------
+ target/unicore32/cpu.c | 2 --
-file changed, 7 insertions(+), 7 deletions(-)
+file changed, 2 deletions(-)
-diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
+diff --git a/target/unicore32/cpu.c b/target/unicore32/cpu.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/ldst_helper.c
+--- a/target/unicore32/cpu.c
-+++ b/target/sparc/ldst_helper.c
++++ b/target/unicore32/cpu.c
-@@ -XXX,XX +XXX,XX @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr,
+@@ -XXX,XX +XXX,XX @@ static void uc32_cpu_initfn(Object *obj)
-             oi = make_memop_idx(memop, idx);
+     env->uncached_asr = ASR_MODE_PRIV;
-             switch (size) {
+     env->regs[31] = 0x03000000;
-             case 1:
+ #endif
--                ret = helper_ret_ldub_mmu(env, addr, oi, GETPC());
+-
-+                ret = cpu_ldb_mmu(env, addr, oi, GETPC());
+-    tlb_flush(cs);
-                 break;
+ }
-             case 2:
-                 if (asi & 8) {
+ static const VMStateDescription vmstate_uc32_cpu = {
 -                    ret = helper_le_lduw_mmu(env, addr, oi, GETPC());
 +                    ret = cpu_ldw_le_mmu(env, addr, oi, GETPC());
                  } else {
 -                    ret = helper_be_lduw_mmu(env, addr, oi, GETPC());
 +                    ret = cpu_ldw_be_mmu(env, addr, oi, GETPC());
                  }
                  break;
              case 4:
                  if (asi & 8) {
 -                    ret = helper_le_ldul_mmu(env, addr, oi, GETPC());
 +                    ret = cpu_ldl_le_mmu(env, addr, oi, GETPC());
                  } else {
 -                    ret = helper_be_ldul_mmu(env, addr, oi, GETPC());
 +                    ret = cpu_ldl_be_mmu(env, addr, oi, GETPC());
                  }
                  break;
              case 8:
                  if (asi & 8) {
 -                    ret = helper_le_ldq_mmu(env, addr, oi, GETPC());
 +                    ret = cpu_ldq_le_mmu(env, addr, oi, GETPC());
                  } else {
 -                    ret = helper_be_ldq_mmu(env, addr, oi, GETPC());
 +                    ret = cpu_ldq_be_mmu(env, addr, oi, GETPC());
                  }
                  break;
              default:
 --
-.25.1
+.17.2

-[PULL 11/15] target/s390x: Use cpu_*_mmu instead of helper_*_mmu
+[Qemu-devel] [PULL v2 08/21] exec: introduce tlb_init
-The helper_*_mmu functions were the only thing available
+From: "Emilio G. Cota" <cota@braap.org>
 when this code was written.  This could have been adjusted
 when we added cpu_*_mmuidx_ra, but now we can most easily
 use the newest set of interfaces.
-Reviewed-by: David Hildenbrand <david@redhat.com>
+Paves the way for the addition of a per-TLB lock.
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Emilio G. Cota <cota@braap.org>
 Message-Id: <20181009174557.16125-4-cota@braap.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/s390x/tcg/mem_helper.c | 8 ++++----
+ include/exec/exec-all.h | 8 ++++++++
-file changed, 4 insertions(+), 4 deletions(-)
+ accel/tcg/cputlb.c      | 4 ++++
  exec.c                  | 1 +
 files changed, 13 insertions(+)
-diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
+diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/mem_helper.c
+--- a/include/exec/exec-all.h
-+++ b/target/s390x/tcg/mem_helper.c
++++ b/include/exec/exec-all.h
-@@ -XXX,XX +XXX,XX @@ static void do_access_memset(CPUS390XState *env, vaddr vaddr, char *haddr,
+@@ -XXX,XX +XXX,XX @@ void cpu_address_space_init(CPUState *cpu, int asidx,
-          * page. This is especially relevant to speed up TLB_NOTDIRTY.
-          */
+ #if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
-         g_assert(size > 0);
+ /* cputlb.c */
--        helper_ret_stb_mmu(env, vaddr, byte, oi, ra);
++/**
-+        cpu_stb_mmu(env, vaddr, byte, oi, ra);
++ * tlb_init - initialize a CPU's TLB
-         haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
++ * @cpu: CPU whose TLB should be initialized
-         if (likely(haddr)) {
++ */
-             memset(haddr + 1, byte, size - 1);
++void tlb_init(CPUState *cpu);
-         } else {
+ /**
-             for (i = 1; i < size; i++) {
+  * tlb_flush_page:
--                helper_ret_stb_mmu(env, vaddr + i, byte, oi, ra);
+  * @cpu: CPU whose TLB should be flushed
-+                cpu_stb_mmu(env, vaddr + i, byte, oi, ra);
+@@ -XXX,XX +XXX,XX @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
-             }
+ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
-         }
+                  uintptr_t retaddr);
  #else
 +static inline void tlb_init(CPUState *cpu)
 +{
 +}
  static inline void tlb_flush_page(CPUState *cpu, target_ulong addr)
  {
  }
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
  QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
  #define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
 +void tlb_init(CPUState *cpu)
 +{
 +}
 +
  /* flush_all_helper: run fn across all cpus
   *
   * If the wait flag is set then the src cpu's helper will be queued as
 diff --git a/exec.c b/exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/exec.c
 +++ b/exec.c
@@ -XXX,XX +XXX,XX @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
          tcg_target_initialized = true;
          cc->tcg_initialize();
      }
-@@ -XXX,XX +XXX,XX @@ static uint8_t do_access_get_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
++    tlb_init(cpu);
-      * Do a single access and test if we can then get access to the
-      * page. This is especially relevant to speed up TLB_NOTDIRTY.
+ #ifndef CONFIG_USER_ONLY
-      */
+     if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
 -    byte = helper_ret_ldub_mmu(env, vaddr + offset, oi, ra);
 +    byte = cpu_ldb_mmu(env, vaddr + offset, oi, ra);
      *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_LOAD, mmu_idx);
      return byte;
  #endif
@@ -XXX,XX +XXX,XX @@ static void do_access_set_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
       * Do a single access and test if we can then get access to the
       * page. This is especially relevant to speed up TLB_NOTDIRTY.
       */
 -    helper_ret_stb_mmu(env, vaddr + offset, byte, oi, ra);
 +    cpu_stb_mmu(env, vaddr + offset, byte, oi, ra);
      *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
  #endif
  }
 --
-.25.1
+.17.2

-[PULL 06/15] target/hexagon: Implement cpu_mmu_index
+[Qemu-devel] [PULL v2 09/21] cputlb: fix assert_cpu_is_self macro
-The function is trivial for user-only, but still must be present.
+From: "Emilio G. Cota" <cota@braap.org>
-Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Signed-off-by: Emilio G. Cota <cota@braap.org>
 Message-Id: <20181009174557.16125-5-cota@braap.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/hexagon/cpu.h | 9 +++++++++
+ accel/tcg/cputlb.c | 4 ++--
-file changed, 9 insertions(+)
+file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/hexagon/cpu.h b/target/hexagon/cpu.h
+diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/hexagon/cpu.h
+--- a/accel/tcg/cputlb.c
-+++ b/target/hexagon/cpu.h
++++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ static inline void cpu_get_tb_cpu_state(CPUHexagonState *env, target_ulong *pc,
+@@ -XXX,XX +XXX,XX @@
- #endif
+     } \
- }
+ } while (0)
-+static inline int cpu_mmu_index(CPUHexagonState *env, bool ifetch)
+-#define assert_cpu_is_self(this_cpu) do {                         \
-+{
++#define assert_cpu_is_self(cpu) do {                              \
-+#ifdef CONFIG_USER_ONLY
+         if (DEBUG_TLB_GATE) {                                     \
-+    return MMU_USER_IDX;
+-            g_assert(!cpu->created || qemu_cpu_is_self(cpu));     \
-+#else
++            g_assert(!(cpu)->created || qemu_cpu_is_self(cpu));   \
-+#error System mode not supported on Hexagon yet
+         }                                                         \
-+#endif
+     } while (0)
 +}
 +
  typedef struct CPUHexagonState CPUArchState;
  typedef HexagonCPU ArchCPU;
 --
-.25.1
+.17.2

-New patch
+[Qemu-devel] [PULL v2 10/21] cputlb: serialize tlb updates with env->tlb_lock
+From: "Emilio G. Cota" <cota@braap.org>
 Currently we rely on atomic operations for cross-CPU invalidations.
 There are two cases that these atomics miss: cross-CPU invalidations
 can race with either (1) vCPU threads flushing their TLB, which
 happens via memset, or (2) vCPUs calling tlb_reset_dirty on their TLB,
 which updates .addr_write with a regular store. This results in
 undefined behaviour, since we're mixing regular and atomic ops
 on concurrent accesses.
 Fix it by using tlb_lock, a per-vCPU lock. All updaters of tlb_table
 and the corresponding victim cache now hold the lock.
 The readers that do not hold tlb_lock must use atomic reads when
 reading .addr_write, since this field can be updated by other threads;
 the conversion to atomic reads is done in the next patch.
 Note that an alternative fix would be to expand the use of atomic ops.
 However, in the case of TLB flushes this would have a huge performance
 impact, since (1) TLB flushes can happen very frequently and (2) we
 currently use a full memory barrier to flush each TLB entry, and a TLB
 has many entries. Instead, acquiring the lock is barely slower than a
 full memory barrier since it is uncontended, and with a single lock
 acquisition we can flush the entire TLB.
 Tested-by: Alex Bennée <alex.bennee@linaro.org>
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Signed-off-by: Emilio G. Cota <cota@braap.org>
 Message-Id: <20181009174557.16125-6-cota@braap.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
  include/exec/cpu-defs.h |   3 +
  accel/tcg/cputlb.c      | 155 ++++++++++++++++++++++------------------
 files changed, 87 insertions(+), 71 deletions(-)
 diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/cpu-defs.h
 +++ b/include/exec/cpu-defs.h
@@ -XXX,XX +XXX,XX @@
  #endif
  #include "qemu/host-utils.h"
 +#include "qemu/thread.h"
  #include "qemu/queue.h"
  #ifdef CONFIG_TCG
  #include "tcg-target.h"
@@ -XXX,XX +XXX,XX @@ typedef struct CPUIOTLBEntry {
  #define CPU_COMMON_TLB \
      /* The meaning of the MMU modes is defined in the target code. */   \
 +    /* tlb_lock serializes updates to tlb_table and tlb_v_table */      \
 +    QemuSpin tlb_lock;                                                  \
      CPUTLBEntry tlb_table[NB_MMU_MODES][CPU_TLB_SIZE];                  \
      CPUTLBEntry tlb_v_table[NB_MMU_MODES][CPU_VTLB_SIZE];               \
      CPUIOTLBEntry iotlb[NB_MMU_MODES][CPU_TLB_SIZE];                    \
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
  void tlb_init(CPUState *cpu)
  {
 +    CPUArchState *env = cpu->env_ptr;
 +
 +    qemu_spin_init(&env->tlb_lock);
  }
  /* flush_all_helper: run fn across all cpus
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_nocheck(CPUState *cpu)
      atomic_set(&env->tlb_flush_count, env->tlb_flush_count + 1);
      tlb_debug("(count: %zu)\n", tlb_flush_count());
 +    /*
 +     * tlb_table/tlb_v_table updates from any thread must hold tlb_lock.
 +     * However, updates from the owner thread (as is the case here; see the
 +     * above assert_cpu_is_self) do not need atomic_set because all reads
 +     * that do not hold the lock are performed by the same owner thread.
 +     */
 +    qemu_spin_lock(&env->tlb_lock);
      memset(env->tlb_table, -1, sizeof(env->tlb_table));
      memset(env->tlb_v_table, -1, sizeof(env->tlb_v_table));
 +    qemu_spin_unlock(&env->tlb_lock);
 +
      cpu_tb_jmp_cache_clear(cpu);
      env->vtlb_index = 0;
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
      tlb_debug("start: mmu_idx:0x%04lx\n", mmu_idx_bitmask);
 +    qemu_spin_lock(&env->tlb_lock);
      for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
          if (test_bit(mmu_idx, &mmu_idx_bitmask)) {
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
              memset(env->tlb_v_table[mmu_idx], -1, sizeof(env->tlb_v_table[0]));
          }
      }
 +    qemu_spin_unlock(&env->tlb_lock);
      cpu_tb_jmp_cache_clear(cpu);
@@ -XXX,XX +XXX,XX @@ static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
             tlb_hit_page(tlb_entry->addr_code, page);
  }
 -static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong page)
 +/* Called with tlb_lock held */
 +static inline void tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
 +                                          target_ulong page)
  {
      if (tlb_hit_page_anyprot(tlb_entry, page)) {
          memset(tlb_entry, -1, sizeof(*tlb_entry));
      }
  }
 -static inline void tlb_flush_vtlb_page(CPUArchState *env, int mmu_idx,
 -                                       target_ulong page)
 +/* Called with tlb_lock held */
 +static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
 +                                              target_ulong page)
  {
      int k;
 +
 +    assert_cpu_is_self(ENV_GET_CPU(env));
      for (k = 0; k < CPU_VTLB_SIZE; k++) {
 -        tlb_flush_entry(&env->tlb_v_table[mmu_idx][k], page);
 +        tlb_flush_entry_locked(&env->tlb_v_table[mmu_idx][k], page);
      }
  }
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
      addr &= TARGET_PAGE_MASK;
      i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 +    qemu_spin_lock(&env->tlb_lock);
      for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
 -        tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
 -        tlb_flush_vtlb_page(env, mmu_idx, addr);
 +        tlb_flush_entry_locked(&env->tlb_table[mmu_idx][i], addr);
 +        tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
      }
 +    qemu_spin_unlock(&env->tlb_lock);
      tb_flush_jmp_cache(cpu, addr);
  }
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
      tlb_debug("page:%d addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
                page, addr, mmu_idx_bitmap);
 +    qemu_spin_lock(&env->tlb_lock);
      for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
          if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
 -            tlb_flush_entry(&env->tlb_table[mmu_idx][page], addr);
 -            tlb_flush_vtlb_page(env, mmu_idx, addr);
 +            tlb_flush_entry_locked(&env->tlb_table[mmu_idx][page], addr);
 +            tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
          }
      }
 +    qemu_spin_unlock(&env->tlb_lock);
      tb_flush_jmp_cache(cpu, addr);
  }
@@ -XXX,XX +XXX,XX @@ void tlb_unprotect_code(ram_addr_t ram_addr)
   * most usual is detecting writes to code regions which may invalidate
   * generated code.
   *
 - * Because we want other vCPUs to respond to changes straight away we
 - * update the te->addr_write field atomically. If the TLB entry has
 - * been changed by the vCPU in the mean time we skip the update.
 + * Other vCPUs might be reading their TLBs during guest execution, so we update
 + * te->addr_write with atomic_set. We don't need to worry about this for
 + * oversized guests as MTTCG is disabled for them.
   *
 - * As this function uses atomic accesses we also need to ensure
 - * updates to tlb_entries follow the same access rules. We don't need
 - * to worry about this for oversized guests as MTTCG is disabled for
 - * them.
 + * Called with tlb_lock held.
   */
 -
 -static void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start,
 -                           uintptr_t length)
 +static void tlb_reset_dirty_range_locked(CPUTLBEntry *tlb_entry,
 +                                         uintptr_t start, uintptr_t length)
  {
 -#if TCG_OVERSIZED_GUEST
      uintptr_t addr = tlb_entry->addr_write;
      if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
          addr &= TARGET_PAGE_MASK;
          addr += tlb_entry->addend;
          if ((addr - start) < length) {
 +#if TCG_OVERSIZED_GUEST
              tlb_entry->addr_write |= TLB_NOTDIRTY;
 -        }
 -    }
  #else
 -    /* paired with atomic_mb_set in tlb_set_page_with_attrs */
 -    uintptr_t orig_addr = atomic_mb_read(&tlb_entry->addr_write);
 -    uintptr_t addr = orig_addr;
 -
 -    if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
 -        addr &= TARGET_PAGE_MASK;
 -        addr += atomic_read(&tlb_entry->addend);
 -        if ((addr - start) < length) {
 -            uintptr_t notdirty_addr = orig_addr | TLB_NOTDIRTY;
 -            atomic_cmpxchg(&tlb_entry->addr_write, orig_addr, notdirty_addr);
 +            atomic_set(&tlb_entry->addr_write,
 +                       tlb_entry->addr_write | TLB_NOTDIRTY);
 +#endif
          }
      }
 -#endif
  }
 -/* For atomic correctness when running MTTCG we need to use the right
 - * primitives when copying entries */
 -static inline void copy_tlb_helper(CPUTLBEntry *d, CPUTLBEntry *s,
 -                                   bool atomic_set)
 +/*
 + * Called with tlb_lock held.
 + * Called only from the vCPU context, i.e. the TLB's owner thread.
 + */
 +static inline void copy_tlb_helper_locked(CPUTLBEntry *d, const CPUTLBEntry *s)
  {
 -#if TCG_OVERSIZED_GUEST
      *d = *s;
 -#else
 -    if (atomic_set) {
 -        d->addr_read = s->addr_read;
 -        d->addr_code = s->addr_code;
 -        atomic_set(&d->addend, atomic_read(&s->addend));
 -        /* Pairs with flag setting in tlb_reset_dirty_range */
 -        atomic_mb_set(&d->addr_write, atomic_read(&s->addr_write));
 -    } else {
 -        d->addr_read = s->addr_read;
 -        d->addr_write = atomic_read(&s->addr_write);
 -        d->addr_code = s->addr_code;
 -        d->addend = atomic_read(&s->addend);
 -    }
 -#endif
  }
  /* This is a cross vCPU call (i.e. another vCPU resetting the flags of
 - * the target vCPU). As such care needs to be taken that we don't
 - * dangerously race with another vCPU update. The only thing actually
 - * updated is the target TLB entry ->addr_write flags.
 + * the target vCPU).
 + * We must take tlb_lock to avoid racing with another vCPU update. The only
 + * thing actually updated is the target TLB entry ->addr_write flags.
   */
  void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
  {
@@ -XXX,XX +XXX,XX @@ void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
      int mmu_idx;
      env = cpu->env_ptr;
 +    qemu_spin_lock(&env->tlb_lock);
      for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
          unsigned int i;
          for (i = 0; i < CPU_TLB_SIZE; i++) {
 -            tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
 -                                  start1, length);
 +            tlb_reset_dirty_range_locked(&env->tlb_table[mmu_idx][i], start1,
 +                                         length);
          }
          for (i = 0; i < CPU_VTLB_SIZE; i++) {
 -            tlb_reset_dirty_range(&env->tlb_v_table[mmu_idx][i],
 -                                  start1, length);
 +            tlb_reset_dirty_range_locked(&env->tlb_v_table[mmu_idx][i], start1,
 +                                         length);
          }
      }
 +    qemu_spin_unlock(&env->tlb_lock);
  }
 -static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
 +/* Called with tlb_lock held */
 +static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
 +                                         target_ulong vaddr)
  {
      if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
          tlb_entry->addr_write = vaddr;
@@ -XXX,XX +XXX,XX @@ void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
      vaddr &= TARGET_PAGE_MASK;
      i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 +    qemu_spin_lock(&env->tlb_lock);
      for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
 -        tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
 +        tlb_set_dirty1_locked(&env->tlb_table[mmu_idx][i], vaddr);
      }
      for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
          int k;
          for (k = 0; k < CPU_VTLB_SIZE; k++) {
 -            tlb_set_dirty1(&env->tlb_v_table[mmu_idx][k], vaddr);
 +            tlb_set_dirty1_locked(&env->tlb_v_table[mmu_idx][k], vaddr);
          }
      }
 +    qemu_spin_unlock(&env->tlb_lock);
  }
  /* Our TLB does not support large pages, so remember the area covered by
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
          addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
      }
 -    /* Make sure there's no cached translation for the new page.  */
 -    tlb_flush_vtlb_page(env, mmu_idx, vaddr_page);
 -
      code_address = address;
      iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page,
                                              paddr_page, xlat, prot, &address);
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
      index = (vaddr_page >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
      te = &env->tlb_table[mmu_idx][index];
 +    /*
 +     * Hold the TLB lock for the rest of the function. We could acquire/release
 +     * the lock several times in the function, but it is faster to amortize the
 +     * acquisition cost by acquiring it just once. Note that this leads to
 +     * a longer critical section, but this is not a concern since the TLB lock
 +     * is unlikely to be contended.
 +     */
 +    qemu_spin_lock(&env->tlb_lock);
 +
 +    /* Make sure there's no cached translation for the new page.  */
 +    tlb_flush_vtlb_page_locked(env, mmu_idx, vaddr_page);
 +
      /*
       * Only evict the old entry to the victim tlb if it's for a
       * different page; otherwise just overwrite the stale data.
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
          CPUTLBEntry *tv = &env->tlb_v_table[mmu_idx][vidx];
          /* Evict the old entry into the victim tlb.  */
 -        copy_tlb_helper(tv, te, true);
 +        copy_tlb_helper_locked(tv, te);
          env->iotlb_v[mmu_idx][vidx] = env->iotlb[mmu_idx][index];
      }
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
          }
      }
 -    /* Pairs with flag setting in tlb_reset_dirty_range */
 -    copy_tlb_helper(te, &tn, true);
 -    /* atomic_mb_set(&te->addr_write, write_address); */
 +    copy_tlb_helper_locked(te, &tn);
 +    qemu_spin_unlock(&env->tlb_lock);
  }
  /* Add a new TLB entry, but without specifying the memory
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
                             size_t elt_ofs, target_ulong page)
  {
      size_t vidx;
 +
 +    assert_cpu_is_self(ENV_GET_CPU(env));
      for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
          CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx];
          target_ulong cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
              /* Found entry in victim tlb, swap tlb and iotlb.  */
              CPUTLBEntry tmptlb, *tlb = &env->tlb_table[mmu_idx][index];
 -            copy_tlb_helper(&tmptlb, tlb, false);
 -            copy_tlb_helper(tlb, vtlb, true);
 -            copy_tlb_helper(vtlb, &tmptlb, true);
 +            qemu_spin_lock(&env->tlb_lock);
 +            copy_tlb_helper_locked(&tmptlb, tlb);
 +            copy_tlb_helper_locked(tlb, vtlb);
 +            copy_tlb_helper_locked(vtlb, &tmptlb);
 +            qemu_spin_unlock(&env->tlb_lock);
              CPUIOTLBEntry tmpio, *io = &env->iotlb[mmu_idx][index];
              CPUIOTLBEntry *vio = &env->iotlb_v[mmu_idx][vidx];
 --
 .17.2

-[PULL 07/15] accel/tcg: Add cpu_{ld,st}*_mmu interfaces
+[Qemu-devel] [PULL v2 11/21] tcg: Add tlb_index and tlb_entry helpers
-These functions are much closer to the softmmu helper
+Isolate the computation of an index from an address into a
-functions, in that they take the complete MemOpIdx,
+helper before we change that function.
 and from that they may enforce required alignment.
-The previous cpu_ldst.h functions did not have alignment info,
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-and so did not enforce it.  Retain this by adding MO_UNALN to
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-the MemOp that we create in calling the new functions.
+[ cota: convert tlb_vaddr_to_host; use atomic_read on addr_write ]
 Signed-off-by: Emilio G. Cota <cota@braap.org>
 Message-Id: <20181009175129.17888-2-cota@braap.org>
 ---
  accel/tcg/softmmu_template.h     | 64 +++++++++++++++++---------------
  include/exec/cpu_ldst.h          | 19 ++++++++--
  include/exec/cpu_ldst_template.h | 25 +++++++------
  accel/tcg/cputlb.c               | 60 ++++++++++++++----------------
 files changed, 90 insertions(+), 78 deletions(-)
-Note that we are not yet enforcing alignment for user-only,
+diff --git a/accel/tcg/softmmu_template.h b/accel/tcg/softmmu_template.h
 but we now have the information with which to do so.
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
  docs/devel/loads-stores.rst |  52 ++++-
  include/exec/cpu_ldst.h     | 245 ++++++++--------------
  accel/tcg/cputlb.c          | 392 ++++++++++++------------------------
  accel/tcg/user-exec.c       | 385 +++++++++++++++--------------------
  accel/tcg/ldst_common.c.inc | 307 ++++++++++++++++++++++++++++
 files changed, 717 insertions(+), 664 deletions(-)
  create mode 100644 accel/tcg/ldst_common.c.inc
 diff --git a/docs/devel/loads-stores.rst b/docs/devel/loads-stores.rst
 index XXXXXXX..XXXXXXX 100644
---- a/docs/devel/loads-stores.rst
+--- a/accel/tcg/softmmu_template.h
-+++ b/docs/devel/loads-stores.rst
++++ b/accel/tcg/softmmu_template.h
-@@ -XXX,XX +XXX,XX @@ Regexes for git grep
+@@ -XXX,XX +XXX,XX @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env,
-  - ``\<ldn_\([hbl]e\)?_p\>``
+ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
-  - ``\<stn_\([hbl]e\)?_p\>``
+                             TCGMemOpIdx oi, uintptr_t retaddr)
+ {
--``cpu_{ld,st}*_mmuidx_ra``
+-    unsigned mmu_idx = get_mmuidx(oi);
--~~~~~~~~~~~~~~~~~~~~~~~~~~
+-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-+``cpu_{ld,st}*_mmu``
+-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
-+~~~~~~~~~~~~~~~~~~~~
++    uintptr_t mmu_idx = get_mmuidx(oi);
++    uintptr_t index = tlb_index(env, mmu_idx, addr);
--These functions operate on a guest virtual address plus a context,
++    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
--known as a "mmu index" or ``mmuidx``, which controls how that virtual
++    target_ulong tlb_addr = entry->ADDR_READ;
--address is translated.  The meaning of the indexes are target specific,
+     unsigned a_bits = get_alignment_bits(get_memop(oi));
--but specifying a particular index might be necessary if, for instance,
+     uintptr_t haddr;
--the helper requires an "always as non-privileged" access rather that
+     DATA_TYPE res;
--the default access for the current state of the guest CPU.
+@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
-+These functions operate on a guest virtual address, plus a context
+             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,
-+known as a "mmu index" which controls how that virtual address is
+                      mmu_idx, retaddr);
-+translated, plus a ``MemOp`` which contains alignment requirements
+         }
-+among other things.  The ``MemOp`` and mmu index are combined into
+-        tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
-+a single argument of type ``MemOpIdx``.
++        tlb_addr = entry->ADDR_READ;
-+
+     }
-+The meaning of the indexes are target specific, but specifying a
-+particular index might be necessary if, for instance, the helper
+     /* Handle an IO access.  */
-+requires a "always as non-privileged" access rather than the
+@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
-+default access for the current state of the guest CPU.
+         return res;
+     }
- These functions may cause a guest CPU exception to be taken
- (e.g. for an alignment fault or MMU fault) which will result in
+-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
-@@ -XXX,XX +XXX,XX @@ function, which is a return address into the generated code [#gpc]_.
++    haddr = addr + entry->addend;
+ #if DATA_SIZE == 1
- Function names follow the pattern:
+     res = glue(glue(ld, LSUFFIX), _p)((uint8_t *)haddr);
+ #else
-+load: ``cpu_ld{size}{end}_mmu(env, ptr, oi, retaddr)``
+@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
-+
+ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr,
-+store: ``cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)``
+                             TCGMemOpIdx oi, uintptr_t retaddr)
-+
+ {
-+``size``
+-    unsigned mmu_idx = get_mmuidx(oi);
-+ - ``b`` : 8 bits
+-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-+ - ``w`` : 16 bits
+-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
-+ - ``l`` : 32 bits
++    uintptr_t mmu_idx = get_mmuidx(oi);
-+ - ``q`` : 64 bits
++    uintptr_t index = tlb_index(env, mmu_idx, addr);
-+
++    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
-+``end``
++    target_ulong tlb_addr = entry->ADDR_READ;
-+ - (empty) : for target endian, or 8 bit sizes
+     unsigned a_bits = get_alignment_bits(get_memop(oi));
-+ - ``_be`` : big endian
+     uintptr_t haddr;
-+ - ``_le`` : little endian
+     DATA_TYPE res;
-+
+@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr,
-+Regexes for git grep:
+             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,
-+ - ``\<cpu_ld[bwlq](_[bl]e)\?_mmu\>``
+                      mmu_idx, retaddr);
-+ - ``\<cpu_st[bwlq](_[bl]e)\?_mmu\>``
+         }
-+
+-        tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
-+
++        tlb_addr = entry->ADDR_READ;
-+``cpu_{ld,st}*_mmuidx_ra``
+     }
-+~~~~~~~~~~~~~~~~~~~~~~~~~~
-+
+     /* Handle an IO access.  */
-+These functions work like the ``cpu_{ld,st}_mmu`` functions except
+@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr,
-+that the ``mmuidx`` parameter is not combined with a ``MemOp``,
+         return res;
-+and therefore there is no required alignment supplied or enforced.
+     }
-+
-+Function names follow the pattern:
+-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
-+
++    haddr = addr + entry->addend;
- load: ``cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmuidx, retaddr)``
+     res = glue(glue(ld, LSUFFIX), _be_p)((uint8_t *)haddr);
+     return res;
- store: ``cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmuidx, retaddr)``
+ }
-@@ -XXX,XX +XXX,XX @@ of the guest CPU, as determined by ``cpu_mmu_index(env, false)``.
+@@ -XXX,XX +XXX,XX @@ static inline void glue(io_write, SUFFIX)(CPUArchState *env,
+ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
- These are generally the preferred way to do accesses by guest
+                        TCGMemOpIdx oi, uintptr_t retaddr)
- virtual address from helper functions, unless the access should
+ {
--be performed with a context other than the default.
+-    unsigned mmu_idx = get_mmuidx(oi);
-+be performed with a context other than the default, or alignment
+-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-+should be enforced for the access.
+-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
++    uintptr_t mmu_idx = get_mmuidx(oi);
- Function names follow the pattern:
++    uintptr_t index = tlb_index(env, mmu_idx, addr);
++    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
 +    target_ulong tlb_addr = entry->addr_write;
      unsigned a_bits = get_alignment_bits(get_memop(oi));
      uintptr_t haddr;
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
              tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
          }
 -        tlb_addr = env->tlb_table[mmu_idx][index].addr_write & ~TLB_INVALID_MASK;
 +        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
      }
      /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
      if (DATA_SIZE > 1
          && unlikely((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1
                       >= TARGET_PAGE_SIZE)) {
 -        int i, index2;
 -        target_ulong page2, tlb_addr2;
 +        int i;
 +        target_ulong page2;
 +        CPUTLBEntry *entry2;
      do_unaligned_access:
          /* Ensure the second page is in the TLB.  Note that the first page
             is already guaranteed to be filled, and that the second page
             cannot evict the first.  */
          page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
 -        index2 = (page2 >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 -        tlb_addr2 = env->tlb_table[mmu_idx][index2].addr_write;
 -        if (!tlb_hit_page(tlb_addr2, page2)
 +        entry2 = tlb_entry(env, mmu_idx, page2);
 +        if (!tlb_hit_page(entry2->addr_write, page2)
              && !VICTIM_TLB_HIT(addr_write, page2)) {
              tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
          return;
      }
 -    haddr = addr + env->tlb_table[mmu_idx][index].addend;
 +    haddr = addr + entry->addend;
  #if DATA_SIZE == 1
      glue(glue(st, SUFFIX), _p)((uint8_t *)haddr, val);
  #else
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
  void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
                         TCGMemOpIdx oi, uintptr_t retaddr)
  {
 -    unsigned mmu_idx = get_mmuidx(oi);
 -    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 -    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
 +    uintptr_t mmu_idx = get_mmuidx(oi);
 +    uintptr_t index = tlb_index(env, mmu_idx, addr);
 +    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
 +    target_ulong tlb_addr = entry->addr_write;
      unsigned a_bits = get_alignment_bits(get_memop(oi));
      uintptr_t haddr;
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
              tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
          }
 -        tlb_addr = env->tlb_table[mmu_idx][index].addr_write & ~TLB_INVALID_MASK;
 +        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
      }
      /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
      if (DATA_SIZE > 1
          && unlikely((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1
                       >= TARGET_PAGE_SIZE)) {
 -        int i, index2;
 -        target_ulong page2, tlb_addr2;
 +        int i;
 +        target_ulong page2;
 +        CPUTLBEntry *entry2;
      do_unaligned_access:
          /* Ensure the second page is in the TLB.  Note that the first page
             is already guaranteed to be filled, and that the second page
             cannot evict the first.  */
          page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
 -        index2 = (page2 >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 -        tlb_addr2 = env->tlb_table[mmu_idx][index2].addr_write;
 -        if (!tlb_hit_page(tlb_addr2, page2)
 +        entry2 = tlb_entry(env, mmu_idx, page2);
 +        if (!tlb_hit_page(entry2->addr_write, page2)
              && !VICTIM_TLB_HIT(addr_write, page2)) {
              tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
          return;
      }
 -    haddr = addr + env->tlb_table[mmu_idx][index].addend;
 +    haddr = addr + entry->addend;
      glue(glue(st, SUFFIX), _be_p)((uint8_t *)haddr, val);
  }
  #endif /* DATA_SIZE > 1 */
 diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/cpu_ldst.h
 +++ b/include/exec/cpu_ldst.h
-@@ -XXX,XX +XXX,XX @@
+@@ -XXX,XX +XXX,XX @@ extern __thread uintptr_t helper_retaddr;
-  * load:  cpu_ld{sign}{size}{end}_{mmusuffix}(env, ptr)
+ /* The memory helpers for tcg-generated code need tcg_target_long etc.  */
-  *        cpu_ld{sign}{size}{end}_{mmusuffix}_ra(env, ptr, retaddr)
+ #include "tcg.h"
-  *        cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmu_idx, retaddr)
-+ *        cpu_ld{sign}{size}{end}_mmu(env, ptr, oi, retaddr)
++/* Find the TLB index corresponding to the mmu_idx + address pair.  */
-  *
++static inline uintptr_t tlb_index(CPUArchState *env, uintptr_t mmu_idx,
-  * store: cpu_st{size}{end}_{mmusuffix}(env, ptr, val)
++                                  target_ulong addr)
-  *        cpu_st{size}{end}_{mmusuffix}_ra(env, ptr, val, retaddr)
++{
-  *        cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmu_idx, retaddr)
++    return (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-+ *        cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)
++}
   *
   * sign is:
   * (empty): for 32 and 64 bit sizes
@@ -XXX,XX +XXX,XX @@
   * The "mmuidx" suffix carries an extra mmu_idx argument that specifies
   * the index to use; the "data" and "code" suffixes take the index from
   * cpu_mmu_index().
 + *
 + * The "mmu" suffix carries the full MemOpIdx, with both mmu_idx and the
 + * MemOp including alignment requirements.  The alignment will be enforced.
   */
  #ifndef CPU_LDST_H
  #define CPU_LDST_H
 +#include "exec/memopidx.h"
 +
++/* Find the TLB entry corresponding to the mmu_idx + address pair.  */
++static inline CPUTLBEntry *tlb_entry(CPUArchState *env, uintptr_t mmu_idx,
++                                     target_ulong addr)
++{
++    return &env->tlb_table[mmu_idx][tlb_index(env, mmu_idx, addr)];
++}
++
+ #ifdef MMU_MODE0_SUFFIX
+ #define CPU_MMU_INDEX 0
+ #define MEMSUFFIX MMU_MODE0_SUFFIX
+@@ -XXX,XX +XXX,XX @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
  #if defined(CONFIG_USER_ONLY)
- /* sparc32plus has 64bit long but 32bit space address
+     return g2h(addr);
-  * this can make bad result with g2h() and h2g()
+ #else
-@@ -XXX,XX +XXX,XX @@ typedef target_ulong abi_ptr;
+-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+-    CPUTLBEntry *tlbentry = &env->tlb_table[mmu_idx][index];
- uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr);
++    CPUTLBEntry *tlbentry = tlb_entry(env, mmu_idx, addr);
- int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr);
+     abi_ptr tlb_addr;
--
+     uintptr_t haddr;
- uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr);
- int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr);
+@@ -XXX,XX +XXX,XX @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
- uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr);
+         return NULL;
- uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr);
+     }
--
- uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr);
+-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
- int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr);
++    haddr = addr + tlbentry->addend;
- uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr);
+     return (void *)haddr;
-@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr);
+ #endif /* defined(CONFIG_USER_ONLY) */
  uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 -
  uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 -
  uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
  void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 -
  void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
  void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
  void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
 -
  void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
  void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
  void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
  void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
                       uint32_t val, uintptr_t ra);
 -
  void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
                          uint32_t val, uintptr_t ra);
  void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
                          uint32_t val, uintptr_t ra);
  void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
                          uint64_t val, uintptr_t ra);
 -
  void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
                          uint32_t val, uintptr_t ra);
  void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
  void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
                          uint64_t val, uintptr_t ra);
 +uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                            int mmu_idx, uintptr_t ra);
 +int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                       int mmu_idx, uintptr_t ra);
 +uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                               int mmu_idx, uintptr_t ra);
 +int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                          int mmu_idx, uintptr_t ra);
 +uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                              int mmu_idx, uintptr_t ra);
 +uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                              int mmu_idx, uintptr_t ra);
 +uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                               int mmu_idx, uintptr_t ra);
 +int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                          int mmu_idx, uintptr_t ra);
 +uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                              int mmu_idx, uintptr_t ra);
 +uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
 +                              int mmu_idx, uintptr_t ra);
 +
 +void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
 +                       int mmu_idx, uintptr_t ra);
 +void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra);
 +void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra);
 +void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
 +                          int mmu_idx, uintptr_t ra);
 +void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra);
 +void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra);
 +void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
 +                          int mmu_idx, uintptr_t ra);
 +
 +uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr ptr, MemOpIdx oi, uintptr_t ra);
 +uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr ptr,
 +                        MemOpIdx oi, uintptr_t ra);
 +uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr ptr,
 +                        MemOpIdx oi, uintptr_t ra);
 +uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr ptr,
 +                        MemOpIdx oi, uintptr_t ra);
 +uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr ptr,
 +                        MemOpIdx oi, uintptr_t ra);
 +uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr ptr,
 +                        MemOpIdx oi, uintptr_t ra);
 +uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr ptr,
 +                        MemOpIdx oi, uintptr_t ra);
 +
 +void cpu_stb_mmu(CPUArchState *env, abi_ptr ptr, uint8_t val,
 +                 MemOpIdx oi, uintptr_t ra);
 +void cpu_stw_be_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
 +                    MemOpIdx oi, uintptr_t ra);
 +void cpu_stl_be_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
 +                    MemOpIdx oi, uintptr_t ra);
 +void cpu_stq_be_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
 +                    MemOpIdx oi, uintptr_t ra);
 +void cpu_stw_le_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
 +                    MemOpIdx oi, uintptr_t ra);
 +void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
 +                    MemOpIdx oi, uintptr_t ra);
 +void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
 +                    MemOpIdx oi, uintptr_t ra);
 +
  #if defined(CONFIG_USER_ONLY)
  extern __thread uintptr_t helper_retaddr;
@@ -XXX,XX +XXX,XX @@ static inline void clear_helper_retaddr(void)
      helper_retaddr = 0;
  }
+diff --git a/include/exec/cpu_ldst_template.h b/include/exec/cpu_ldst_template.h
--/*
+index XXXXXXX..XXXXXXX 100644
-- * Provide the same *_mmuidx_ra interface as for softmmu.
+--- a/include/exec/cpu_ldst_template.h
-- * The mmu_idx argument is ignored.
++++ b/include/exec/cpu_ldst_template.h
-- */
+@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
--
+                                                   target_ulong ptr,
--static inline uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                                                   uintptr_t retaddr)
--                                          int mmu_idx, uintptr_t ra)
+ {
--{
+-    int page_index;
--    return cpu_ldub_data_ra(env, addr, ra);
++    CPUTLBEntry *entry;
--}
+     RES_TYPE res;
--
+     target_ulong addr;
--static inline int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+     int mmu_idx;
--                                     int mmu_idx, uintptr_t ra)
+@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
--{
+ #endif
--    return cpu_ldsb_data_ra(env, addr, ra);
--}
+     addr = ptr;
--
+-    page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
--static inline uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+     mmu_idx = CPU_MMU_INDEX;
--                                             int mmu_idx, uintptr_t ra)
+-    if (unlikely(env->tlb_table[mmu_idx][page_index].ADDR_READ !=
--{
++    entry = tlb_entry(env, mmu_idx, addr);
--    return cpu_lduw_be_data_ra(env, addr, ra);
++    if (unlikely(entry->ADDR_READ !=
--}
+                  (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
--
+         oi = make_memop_idx(SHIFT, mmu_idx);
--static inline int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+         res = glue(glue(helper_ret_ld, URETSUFFIX), MMUSUFFIX)(env, addr,
--                                        int mmu_idx, uintptr_t ra)
+                                                             oi, retaddr);
--{
+     } else {
--    return cpu_ldsw_be_data_ra(env, addr, ra);
+-        uintptr_t hostaddr = addr + env->tlb_table[mmu_idx][page_index].addend;
--}
++        uintptr_t hostaddr = addr + entry->addend;
--
+         res = glue(glue(ld, USUFFIX), _p)((uint8_t *)hostaddr);
--static inline uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+     }
--                                            int mmu_idx, uintptr_t ra)
+     return res;
--{
+@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_lds, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
--    return cpu_ldl_be_data_ra(env, addr, ra);
+                                                   target_ulong ptr,
--}
+                                                   uintptr_t retaddr)
--
+ {
--static inline uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+-    int res, page_index;
--                                            int mmu_idx, uintptr_t ra)
++    CPUTLBEntry *entry;
--{
++    int res;
--    return cpu_ldq_be_data_ra(env, addr, ra);
+     target_ulong addr;
--}
+     int mmu_idx;
--
+     TCGMemOpIdx oi;
--static inline uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_lds, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
--                                             int mmu_idx, uintptr_t ra)
+ #endif
--{
--    return cpu_lduw_le_data_ra(env, addr, ra);
+     addr = ptr;
--}
+-    page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
--
+     mmu_idx = CPU_MMU_INDEX;
--static inline int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+-    if (unlikely(env->tlb_table[mmu_idx][page_index].ADDR_READ !=
--                                        int mmu_idx, uintptr_t ra)
++    entry = tlb_entry(env, mmu_idx, addr);
--{
++    if (unlikely(entry->ADDR_READ !=
--    return cpu_ldsw_le_data_ra(env, addr, ra);
+                  (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
--}
+         oi = make_memop_idx(SHIFT, mmu_idx);
--
+         res = (DATA_STYPE)glue(glue(helper_ret_ld, SRETSUFFIX),
--static inline uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                                MMUSUFFIX)(env, addr, oi, retaddr);
--                                            int mmu_idx, uintptr_t ra)
+     } else {
--{
+-        uintptr_t hostaddr = addr + env->tlb_table[mmu_idx][page_index].addend;
--    return cpu_ldl_le_data_ra(env, addr, ra);
++        uintptr_t hostaddr = addr + entry->addend;
--}
+         res = glue(glue(lds, SUFFIX), _p)((uint8_t *)hostaddr);
--
+     }
--static inline uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+     return res;
--                                            int mmu_idx, uintptr_t ra)
+@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
--{
+                                                  target_ulong ptr,
--    return cpu_ldq_le_data_ra(env, addr, ra);
+                                                  RES_TYPE v, uintptr_t retaddr)
--}
+ {
--
+-    int page_index;
--static inline void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
++    CPUTLBEntry *entry;
--                                     uint32_t val, int mmu_idx, uintptr_t ra)
+     target_ulong addr;
--{
+     int mmu_idx;
--    cpu_stb_data_ra(env, addr, val, ra);
+     TCGMemOpIdx oi;
--}
+@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
--
+ #endif
--static inline void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                                        uint32_t val, int mmu_idx,
+     addr = ptr;
--                                        uintptr_t ra)
+-    page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
--{
+     mmu_idx = CPU_MMU_INDEX;
--    cpu_stw_be_data_ra(env, addr, val, ra);
+-    if (unlikely(env->tlb_table[mmu_idx][page_index].addr_write !=
--}
++    entry = tlb_entry(env, mmu_idx, addr);
--
++    if (unlikely(entry->addr_write !=
--static inline void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                  (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
--                                        uint32_t val, int mmu_idx,
+         oi = make_memop_idx(SHIFT, mmu_idx);
--                                        uintptr_t ra)
+         glue(glue(helper_ret_st, SUFFIX), MMUSUFFIX)(env, addr, v, oi,
--{
+                                                      retaddr);
--    cpu_stl_be_data_ra(env, addr, val, ra);
+     } else {
--}
+-        uintptr_t hostaddr = addr + env->tlb_table[mmu_idx][page_index].addend;
--
++        uintptr_t hostaddr = addr + entry->addend;
--static inline void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+         glue(glue(st, SUFFIX), _p)((uint8_t *)hostaddr, v);
--                                        uint64_t val, int mmu_idx,
+     }
 -                                        uintptr_t ra)
 -{
 -    cpu_stq_be_data_ra(env, addr, val, ra);
 -}
 -
 -static inline void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                                        uint32_t val, int mmu_idx,
 -                                        uintptr_t ra)
 -{
 -    cpu_stw_le_data_ra(env, addr, val, ra);
 -}
 -
 -static inline void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                                        uint32_t val, int mmu_idx,
 -                                        uintptr_t ra)
 -{
 -    cpu_stl_le_data_ra(env, addr, val, ra);
 -}
 -
 -static inline void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                                        uint64_t val, int mmu_idx,
 -                                        uintptr_t ra)
 -{
 -    cpu_stq_le_data_ra(env, addr, val, ra);
 -}
 -
  #else
  /* Needed for TCG_OVERSIZED_GUEST */
@@ -XXX,XX +XXX,XX @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, uintptr_t mmu_idx,
      return &env_tlb(env)->f[mmu_idx].table[tlb_index(env, mmu_idx, addr)];
  }
--uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                            int mmu_idx, uintptr_t ra);
--int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                       int mmu_idx, uintptr_t ra);
--
--uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                               int mmu_idx, uintptr_t ra);
--int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                          int mmu_idx, uintptr_t ra);
--uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--
--uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                               int mmu_idx, uintptr_t ra);
--int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                          int mmu_idx, uintptr_t ra);
--uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
--                              int mmu_idx, uintptr_t ra);
--
--void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                       int mmu_idx, uintptr_t retaddr);
--
--void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
--                          int mmu_idx, uintptr_t retaddr);
--
--void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
--                          int mmu_idx, uintptr_t retaddr);
--void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
--                          int mmu_idx, uintptr_t retaddr);
--
- #endif /* defined(CONFIG_USER_ONLY) */
- #ifdef TARGET_WORDS_BIGENDIAN
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_ldsw_mmuidx_ra   cpu_ldsw_be_mmuidx_ra
- # define cpu_ldl_mmuidx_ra    cpu_ldl_be_mmuidx_ra
- # define cpu_ldq_mmuidx_ra    cpu_ldq_be_mmuidx_ra
-+# define cpu_ldw_mmu          cpu_ldw_be_mmu
-+# define cpu_ldl_mmu          cpu_ldl_be_mmu
-+# define cpu_ldq_mmu          cpu_ldq_be_mmu
- # define cpu_stw_data         cpu_stw_be_data
- # define cpu_stl_data         cpu_stl_be_data
- # define cpu_stq_data         cpu_stq_be_data
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_stw_mmuidx_ra    cpu_stw_be_mmuidx_ra
- # define cpu_stl_mmuidx_ra    cpu_stl_be_mmuidx_ra
- # define cpu_stq_mmuidx_ra    cpu_stq_be_mmuidx_ra
-+# define cpu_stw_mmu          cpu_stw_be_mmu
-+# define cpu_stl_mmu          cpu_stl_be_mmu
-+# define cpu_stq_mmu          cpu_stq_be_mmu
- #else
- # define cpu_lduw_data        cpu_lduw_le_data
- # define cpu_ldsw_data        cpu_ldsw_le_data
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_ldsw_mmuidx_ra   cpu_ldsw_le_mmuidx_ra
- # define cpu_ldl_mmuidx_ra    cpu_ldl_le_mmuidx_ra
- # define cpu_ldq_mmuidx_ra    cpu_ldq_le_mmuidx_ra
-+# define cpu_ldw_mmu          cpu_ldw_le_mmu
-+# define cpu_ldl_mmu          cpu_ldl_le_mmu
-+# define cpu_ldq_mmu          cpu_ldq_le_mmu
- # define cpu_stw_data         cpu_stw_le_data
- # define cpu_stl_data         cpu_stl_le_data
- # define cpu_stq_data         cpu_stq_le_data
-@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
- # define cpu_stw_mmuidx_ra    cpu_stw_le_mmuidx_ra
- # define cpu_stl_mmuidx_ra    cpu_stl_le_mmuidx_ra
- # define cpu_stq_mmuidx_ra    cpu_stq_le_mmuidx_ra
-+# define cpu_stw_mmu          cpu_stw_le_mmu
-+# define cpu_stl_mmu          cpu_stl_le_mmu
-+# define cpu_stq_mmu          cpu_stq_le_mmu
- #endif
- uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr);
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
+@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
+ {
+     CPUArchState *env = cpu->env_ptr;
+     target_ulong addr = (target_ulong) data.target_ptr;
+-    int i;
+     int mmu_idx;
+     assert_cpu_is_self(cpu);
+@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
+     }
+     addr &= TARGET_PAGE_MASK;
+-    i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+     qemu_spin_lock(&env->tlb_lock);
+     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
+-        tlb_flush_entry_locked(&env->tlb_table[mmu_idx][i], addr);
++        tlb_flush_entry_locked(tlb_entry(env, mmu_idx, addr), addr);
+         tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
+     }
+     qemu_spin_unlock(&env->tlb_lock);
+@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
+     target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
+     target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
+     unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
+-    int page = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+     int mmu_idx;
+     assert_cpu_is_self(cpu);
+-    tlb_debug("page:%d addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
+-              page, addr, mmu_idx_bitmap);
++    tlb_debug("flush page addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
++              addr, mmu_idx_bitmap);
+     qemu_spin_lock(&env->tlb_lock);
+     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
+         if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
+-            tlb_flush_entry_locked(&env->tlb_table[mmu_idx][page], addr);
++            tlb_flush_entry_locked(tlb_entry(env, mmu_idx, addr), addr);
+             tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
+         }
+     }
+@@ -XXX,XX +XXX,XX @@ static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
+ void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
+ {
+     CPUArchState *env = cpu->env_ptr;
+-    int i;
+     int mmu_idx;
+     assert_cpu_is_self(cpu);
+     vaddr &= TARGET_PAGE_MASK;
+-    i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+     qemu_spin_lock(&env->tlb_lock);
+     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
+-        tlb_set_dirty1_locked(&env->tlb_table[mmu_idx][i], vaddr);
++        tlb_set_dirty1_locked(tlb_entry(env, mmu_idx, vaddr), vaddr);
+     }
+     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
+@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
+     iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page,
+                                             paddr_page, xlat, prot, &address);
+-    index = (vaddr_page >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+-    te = &env->tlb_table[mmu_idx][index];
++    index = tlb_index(env, mmu_idx, vaddr_page);
++    te = tlb_entry(env, mmu_idx, vaddr_page);
+     /*
+      * Hold the TLB lock for the rest of the function. We could acquire/release
+@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
+          * repeat the MMU check here. This tlb_fill() call might
+          * longjump out if this access should cause a guest exception.
+          */
+-        int index;
++        CPUTLBEntry *entry;
+         target_ulong tlb_addr;
+         tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
+-        index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+-        tlb_addr = env->tlb_table[mmu_idx][index].addr_read;
++        entry = tlb_entry(env, mmu_idx, addr);
++        tlb_addr = entry->addr_read;
+         if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
+             /* RAM access */
+-            uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
++            uintptr_t haddr = addr + entry->addend;
+             return ldn_p((void *)haddr, size);
+         }
+@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
+          * repeat the MMU check here. This tlb_fill() call might
+          * longjump out if this access should cause a guest exception.
+          */
+-        int index;
++        CPUTLBEntry *entry;
+         target_ulong tlb_addr;
+         tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
+-        index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+-        tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
++        entry = tlb_entry(env, mmu_idx, addr);
++        tlb_addr = entry->addr_write;
+         if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
+             /* RAM access */
+-            uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
++            uintptr_t haddr = addr + entry->addend;
+             stn_p((void *)haddr, size, val);
+             return;
+@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
+  */
+ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
+ {
+-    int mmu_idx, index;
++    uintptr_t mmu_idx = cpu_mmu_index(env, true);
++    uintptr_t index = tlb_index(env, mmu_idx, addr);
++    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+     void *p;
+-    index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+-    mmu_idx = cpu_mmu_index(env, true);
+-    if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) {
++    if (unlikely(!tlb_hit(entry->addr_code, addr))) {
+         if (!VICTIM_TLB_HIT(addr_code, addr)) {
+             tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
+         }
+-        assert(tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr));
++        assert(tlb_hit(entry->addr_code, addr));
+     }
+-    if (unlikely(env->tlb_table[mmu_idx][index].addr_code &
+-                 (TLB_RECHECK | TLB_MMIO))) {
++    if (unlikely(entry->addr_code & (TLB_RECHECK | TLB_MMIO))) {
+         /*
+          * Return -1 if we can't translate and execute from an entire
+          * page of RAM here, which will cause us to execute by loading
+@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
+         return -1;
+     }
+-    p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend);
++    p = (void *)((uintptr_t)addr + entry->addend);
+     return qemu_ram_addr_from_host_nofail(p);
+ }
+@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
+ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
+                  uintptr_t retaddr)
+ {
+-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
++    uintptr_t index = tlb_index(env, mmu_idx, addr);
++    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+-    if (!tlb_hit(tlb_addr, addr)) {
++    if (!tlb_hit(entry->addr_write, addr)) {
+         /* TLB entry is for a different page */
+         if (!VICTIM_TLB_HIT(addr_write, addr)) {
+             tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
 @@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
-     cpu_loop_exit_atomic(env_cpu(env), retaddr);
+                                NotDirtyInfo *ndi)
- }
+ {
+     size_t mmu_idx = get_mmuidx(oi);
-+/*
+-    size_t index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-+ * Verify that we have passed the correct MemOp to the correct function.
+-    CPUTLBEntry *tlbe = &env->tlb_table[mmu_idx][index];
-+ *
++    uintptr_t index = tlb_index(env, mmu_idx, addr);
-+ * In the case of the helper_*_mmu functions, we will have done this by
++    CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
-+ * using the MemOp to look up the helper during code generation.
+     target_ulong tlb_addr = tlbe->addr_write;
-+ *
+     TCGMemOp mop = get_memop(oi);
-+ * In the case of the cpu_*_mmu functions, this is up to the caller.
+     int a_bits = get_alignment_bits(mop);
 + * We could present one function to target code, and dispatch based on
 + * the MemOp, but so far we have worked hard to avoid an indirect function
 + * call along the memory path.
 + */
 +static void validate_memop(MemOpIdx oi, MemOp expected)
 +{
 +#ifdef CONFIG_DEBUG_TCG
 +    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
 +    assert(have == expected);
 +#endif
 +}
 +
  /*
   * Load Helpers
   *
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
  static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
                                MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_UB);
      return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
  }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
  static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
                                   MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_LEUW);
      return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
                         full_le_lduw_mmu);
  }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
  static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
                                   MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_BEUW);
      return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
                         full_be_lduw_mmu);
  }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
  static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
                                   MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_LEUL);
      return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
                         full_le_ldul_mmu);
  }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
  static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
                                   MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_BEUL);
      return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
                         full_be_ldul_mmu);
  }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
  uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
                             MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_LEQ);
      return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
                         helper_le_ldq_mmu);
  }
@@ -XXX,XX +XXX,XX @@ uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
  uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
                             MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_BEQ);
      return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
                         helper_be_ldq_mmu);
  }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
   */
  static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
 -                                       int mmu_idx, uintptr_t retaddr,
 -                                       MemOp op, FullLoadHelper *full_load)
 +                                       MemOpIdx oi, uintptr_t retaddr,
 +                                       FullLoadHelper *full_load)
  {
 -    MemOpIdx oi = make_memop_idx(op, mmu_idx);
      uint64_t ret;
      trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 -
      ret = full_load(env, addr, oi, retaddr);
 -
      qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
 -
      return ret;
  }
 -uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                            int mmu_idx, uintptr_t ra)
 +uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr, MemOpIdx oi, uintptr_t ra)
  {
 -    return cpu_load_helper(env, addr, mmu_idx, ra, MO_UB, full_ldub_mmu);
 +    return cpu_load_helper(env, addr, oi, ra, full_ldub_mmu);
  }
 -int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                       int mmu_idx, uintptr_t ra)
 +uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
 +    return cpu_load_helper(env, addr, oi, ra, full_be_lduw_mmu);
  }
 -uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                               int mmu_idx, uintptr_t ra)
 +uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUW, full_be_lduw_mmu);
 +    return cpu_load_helper(env, addr, oi, ra, full_be_ldul_mmu);
  }
 -int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                          int mmu_idx, uintptr_t ra)
 +uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
 +    return cpu_load_helper(env, addr, oi, MO_BEQ, helper_be_ldq_mmu);
  }
 -uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                              int mmu_idx, uintptr_t ra)
 +uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUL, full_be_ldul_mmu);
 +    return cpu_load_helper(env, addr, oi, ra, full_le_lduw_mmu);
  }
 -uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                              int mmu_idx, uintptr_t ra)
 +uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEQ, helper_be_ldq_mmu);
 +    return cpu_load_helper(env, addr, oi, ra, full_le_ldul_mmu);
  }
 -uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                               int mmu_idx, uintptr_t ra)
 +uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUW, full_le_lduw_mmu);
 -}
 -
 -int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                          int mmu_idx, uintptr_t ra)
 -{
 -    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
 -}
 -
 -uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                              int mmu_idx, uintptr_t ra)
 -{
 -    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUL, full_le_ldul_mmu);
 -}
 -
 -uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 -                              int mmu_idx, uintptr_t ra)
 -{
 -    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEQ, helper_le_ldq_mmu);
 -}
 -
 -uint32_t cpu_ldub_data_ra(CPUArchState *env, target_ulong ptr,
 -                          uintptr_t retaddr)
 -{
 -    return cpu_ldub_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -int cpu_ldsb_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
 -{
 -    return cpu_ldsb_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -uint32_t cpu_lduw_be_data_ra(CPUArchState *env, target_ulong ptr,
 -                             uintptr_t retaddr)
 -{
 -    return cpu_lduw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -int cpu_ldsw_be_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
 -{
 -    return cpu_ldsw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -uint32_t cpu_ldl_be_data_ra(CPUArchState *env, target_ulong ptr,
 -                            uintptr_t retaddr)
 -{
 -    return cpu_ldl_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -uint64_t cpu_ldq_be_data_ra(CPUArchState *env, target_ulong ptr,
 -                            uintptr_t retaddr)
 -{
 -    return cpu_ldq_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -uint32_t cpu_lduw_le_data_ra(CPUArchState *env, target_ulong ptr,
 -                             uintptr_t retaddr)
 -{
 -    return cpu_lduw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -int cpu_ldsw_le_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
 -{
 -    return cpu_ldsw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -uint32_t cpu_ldl_le_data_ra(CPUArchState *env, target_ulong ptr,
 -                            uintptr_t retaddr)
 -{
 -    return cpu_ldl_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -uint64_t cpu_ldq_le_data_ra(CPUArchState *env, target_ulong ptr,
 -                            uintptr_t retaddr)
 -{
 -    return cpu_ldq_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -uint32_t cpu_ldub_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldub_data_ra(env, ptr, 0);
 -}
 -
 -int cpu_ldsb_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldsb_data_ra(env, ptr, 0);
 -}
 -
 -uint32_t cpu_lduw_be_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_lduw_be_data_ra(env, ptr, 0);
 -}
 -
 -int cpu_ldsw_be_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldsw_be_data_ra(env, ptr, 0);
 -}
 -
 -uint32_t cpu_ldl_be_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldl_be_data_ra(env, ptr, 0);
 -}
 -
 -uint64_t cpu_ldq_be_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldq_be_data_ra(env, ptr, 0);
 -}
 -
 -uint32_t cpu_lduw_le_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_lduw_le_data_ra(env, ptr, 0);
 -}
 -
 -int cpu_ldsw_le_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldsw_le_data_ra(env, ptr, 0);
 -}
 -
 -uint32_t cpu_ldl_le_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldl_le_data_ra(env, ptr, 0);
 -}
 -
 -uint64_t cpu_ldq_le_data(CPUArchState *env, target_ulong ptr)
 -{
 -    return cpu_ldq_le_data_ra(env, ptr, 0);
 +    return cpu_load_helper(env, addr, oi, ra, helper_le_ldq_mmu);
  }
  /*
@@ -XXX,XX +XXX,XX @@ store_memop(void *haddr, uint64_t val, MemOp op)
      }
  }
 +static void full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +                         MemOpIdx oi, uintptr_t retaddr);
 +
  static void __attribute__((noinline))
  store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
                         uintptr_t retaddr, size_t size, uintptr_t mmu_idx,
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
          for (i = 0; i < size; ++i) {
              /* Big-endian extract.  */
              uint8_t val8 = val >> (((size - 1) * 8) - (i * 8));
 -            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
 +            full_stb_mmu(env, addr + i, val8, oi, retaddr);
          }
      } else {
          for (i = 0; i < size; ++i) {
              /* Little-endian extract.  */
              uint8_t val8 = val >> (i * 8);
 -            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
 +            full_stb_mmu(env, addr + i, val8, oi, retaddr);
          }
      }
  }
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
      store_memop(haddr, val, op);
  }
 -void __attribute__((noinline))
 -helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
 -                   MemOpIdx oi, uintptr_t retaddr)
 +static void __attribute__((noinline))
 +full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +             MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_UB);
      store_helper(env, addr, val, oi, retaddr, MO_UB);
  }
 +void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
 +                        MemOpIdx oi, uintptr_t retaddr)
 +{
 +    full_stb_mmu(env, addr, val, oi, retaddr);
 +}
 +
 +static void full_le_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +                            MemOpIdx oi, uintptr_t retaddr)
 +{
 +    validate_memop(oi, MO_LEUW);
 +    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
 +}
 +
  void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
                         MemOpIdx oi, uintptr_t retaddr)
  {
 -    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
 +    full_le_stw_mmu(env, addr, val, oi, retaddr);
 +}
 +
 +static void full_be_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +                            MemOpIdx oi, uintptr_t retaddr)
 +{
 +    validate_memop(oi, MO_BEUW);
 +    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
  }
  void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
                         MemOpIdx oi, uintptr_t retaddr)
  {
 -    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
 +    full_be_stw_mmu(env, addr, val, oi, retaddr);
 +}
 +
 +static void full_le_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +                            MemOpIdx oi, uintptr_t retaddr)
 +{
 +    validate_memop(oi, MO_LEUL);
 +    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
  }
  void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
                         MemOpIdx oi, uintptr_t retaddr)
  {
 -    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
 +    full_le_stl_mmu(env, addr, val, oi, retaddr);
 +}
 +
 +static void full_be_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +                            MemOpIdx oi, uintptr_t retaddr)
 +{
 +    validate_memop(oi, MO_BEUL);
 +    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
  }
  void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
                         MemOpIdx oi, uintptr_t retaddr)
  {
 -    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
 +    full_be_stl_mmu(env, addr, val, oi, retaddr);
  }
  void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                         MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_LEQ);
      store_helper(env, addr, val, oi, retaddr, MO_LEQ);
  }
  void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                         MemOpIdx oi, uintptr_t retaddr)
  {
 +    validate_memop(oi, MO_BEQ);
      store_helper(env, addr, val, oi, retaddr, MO_BEQ);
  }
@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
   * Store Helpers for cpu_ldst.h
   */
 -static inline void QEMU_ALWAYS_INLINE
 -cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
 -                 int mmu_idx, uintptr_t retaddr, MemOp op)
 +typedef void FullStoreHelper(CPUArchState *env, target_ulong addr,
 +                             uint64_t val, MemOpIdx oi, uintptr_t retaddr);
 +
 +static inline void cpu_store_helper(CPUArchState *env, target_ulong addr,
 +                                    uint64_t val, MemOpIdx oi, uintptr_t ra,
 +                                    FullStoreHelper *full_store)
  {
 -    MemOpIdx oi = make_memop_idx(op, mmu_idx);
 -
      trace_guest_st_before_exec(env_cpu(env), addr, oi);
 -
 -    store_helper(env, addr, val, oi, retaddr, op);
 -
 +    full_store(env, addr, val, oi, ra);
      qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
 -void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
 -                       int mmu_idx, uintptr_t retaddr)
 +void cpu_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
 +                 MemOpIdx oi, uintptr_t retaddr)
  {
 -    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_UB);
 +    cpu_store_helper(env, addr, val, oi, retaddr, full_stb_mmu);
  }
 -void cpu_stw_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
 -                          int mmu_idx, uintptr_t retaddr)
 +void cpu_stw_be_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
 +                    MemOpIdx oi, uintptr_t retaddr)
  {
 -    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUW);
 +    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stw_mmu);
  }
 -void cpu_stl_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
 -                          int mmu_idx, uintptr_t retaddr)
 +void cpu_stl_be_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 +                    MemOpIdx oi, uintptr_t retaddr)
  {
 -    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUL);
 +    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stl_mmu);
  }
 -void cpu_stq_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
 -                          int mmu_idx, uintptr_t retaddr)
 +void cpu_stq_be_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +                    MemOpIdx oi, uintptr_t retaddr)
  {
 -    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEQ);
 +    cpu_store_helper(env, addr, val, oi, retaddr, helper_be_stq_mmu);
  }
 -void cpu_stw_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
 -                          int mmu_idx, uintptr_t retaddr)
 +void cpu_stw_le_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
 +                    MemOpIdx oi, uintptr_t retaddr)
  {
 -    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUW);
 +    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stw_mmu);
  }
 -void cpu_stl_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
 -                          int mmu_idx, uintptr_t retaddr)
 +void cpu_stl_le_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 +                    MemOpIdx oi, uintptr_t retaddr)
  {
 -    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUL);
 +    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stl_mmu);
  }
 -void cpu_stq_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
 -                          int mmu_idx, uintptr_t retaddr)
 +void cpu_stq_le_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 +                    MemOpIdx oi, uintptr_t retaddr)
  {
 -    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEQ);
 +    cpu_store_helper(env, addr, val, oi, retaddr, helper_le_stq_mmu);
  }
 -void cpu_stb_data_ra(CPUArchState *env, target_ulong ptr,
 -                     uint32_t val, uintptr_t retaddr)
 -{
 -    cpu_stb_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -void cpu_stw_be_data_ra(CPUArchState *env, target_ulong ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    cpu_stw_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -void cpu_stl_be_data_ra(CPUArchState *env, target_ulong ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    cpu_stl_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -void cpu_stq_be_data_ra(CPUArchState *env, target_ulong ptr,
 -                        uint64_t val, uintptr_t retaddr)
 -{
 -    cpu_stq_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -void cpu_stw_le_data_ra(CPUArchState *env, target_ulong ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    cpu_stw_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -void cpu_stl_le_data_ra(CPUArchState *env, target_ulong ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    cpu_stl_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -void cpu_stq_le_data_ra(CPUArchState *env, target_ulong ptr,
 -                        uint64_t val, uintptr_t retaddr)
 -{
 -    cpu_stq_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
 -}
 -
 -void cpu_stb_data(CPUArchState *env, target_ulong ptr, uint32_t val)
 -{
 -    cpu_stb_data_ra(env, ptr, val, 0);
 -}
 -
 -void cpu_stw_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
 -{
 -    cpu_stw_be_data_ra(env, ptr, val, 0);
 -}
 -
 -void cpu_stl_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
 -{
 -    cpu_stl_be_data_ra(env, ptr, val, 0);
 -}
 -
 -void cpu_stq_be_data(CPUArchState *env, target_ulong ptr, uint64_t val)
 -{
 -    cpu_stq_be_data_ra(env, ptr, val, 0);
 -}
 -
 -void cpu_stw_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
 -{
 -    cpu_stw_le_data_ra(env, ptr, val, 0);
 -}
 -
 -void cpu_stl_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
 -{
 -    cpu_stl_le_data_ra(env, ptr, val, 0);
 -}
 -
 -void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
 -{
 -    cpu_stq_le_data_ra(env, ptr, val, 0);
 -}
 +#include "ldst_common.c.inc"
  /*
   * First set of functions passes in OI and RETADDR.
 diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/user-exec.c
 +++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ int cpu_signal_handler(int host_signum, void *pinfo,
  /* The softmmu versions of these helpers are in cputlb.c.  */
 -uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
 +/*
 + * Verify that we have passed the correct MemOp to the correct function.
 + *
 + * We could present one function to target code, and dispatch based on
 + * the MemOp, but so far we have worked hard to avoid an indirect function
 + * call along the memory path.
 + */
 +static void validate_memop(MemOpIdx oi, MemOp expected)
  {
 -    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
 -    uint32_t ret;
 +#ifdef CONFIG_DEBUG_TCG
 +    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
 +    assert(have == expected);
 +#endif
 +}
 -    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
 -    ret = ldub_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
 +static void *cpu_mmu_lookup(CPUArchState *env, target_ulong addr,
 +                            MemOpIdx oi, uintptr_t ra, MMUAccessType type)
 +{
 +    void *ret;
 +
 +    /* TODO: Enforce guest required alignment.  */
 +
 +    ret = g2h(env_cpu(env), addr);
 +    set_helper_retaddr(ra);
      return ret;
  }
 -int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
 +uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr,
 +                    MemOpIdx oi, uintptr_t ra)
  {
 -    return (int8_t)cpu_ldub_data(env, ptr);
 -}
 +    void *haddr;
 +    uint8_t ret;
 -uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
 -    uint32_t ret;
 -
 -    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
 -    ret = lduw_be_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
 +    validate_memop(oi, MO_UB);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
 +    ret = ldub_p(haddr);
 +    clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
 -int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
 +uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return (int16_t)cpu_lduw_be_data(env, ptr);
 -}
 +    void *haddr;
 +    uint16_t ret;
 -uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
 -    uint32_t ret;
 -
 -    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
 -    ret = ldl_be_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
 +    validate_memop(oi, MO_BEUW);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
 +    ret = lduw_be_p(haddr);
 +    clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
 -uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
 +uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
 +    void *haddr;
 +    uint32_t ret;
 +
 +    validate_memop(oi, MO_BEUL);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
 +    ret = ldl_be_p(haddr);
 +    clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
 +    return ret;
 +}
 +
 +uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
 +{
 +    void *haddr;
      uint64_t ret;
 -    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
 -    ret = ldq_be_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
 +    validate_memop(oi, MO_BEQ);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
 +    ret = ldq_be_p(haddr);
 +    clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
 -uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
 +uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
 +    void *haddr;
 +    uint16_t ret;
 +
 +    validate_memop(oi, MO_LEUW);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
 +    ret = lduw_le_p(haddr);
 +    clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
 +    return ret;
 +}
 +
 +uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
 +{
 +    void *haddr;
      uint32_t ret;
 -    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
 -    ret = lduw_le_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
 +    validate_memop(oi, MO_LEUL);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
 +    ret = ldl_le_p(haddr);
 +    clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
 -int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
 +uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
 +                        MemOpIdx oi, uintptr_t ra)
  {
 -    return (int16_t)cpu_lduw_le_data(env, ptr);
 -}
 -
 -uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
 -    uint32_t ret;
 -
 -    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
 -    ret = ldl_le_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
 -    return ret;
 -}
 -
 -uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
 +    void *haddr;
      uint64_t ret;
 -    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
 -    ret = ldq_le_p(g2h(env_cpu(env), ptr));
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
 +    validate_memop(oi, MO_LEQ);
 +    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
 +    ret = ldq_le_p(haddr);
 +    clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
      return ret;
  }
 -uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 +void cpu_stb_mmu(CPUArchState *env, abi_ptr addr, uint8_t val,
 +                 MemOpIdx oi, uintptr_t ra)
  {
 -    uint32_t ret;
 +    void *haddr;
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldub_data(env, ptr);
 +    validate_memop(oi, MO_UB);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
 +    stb_p(haddr, val);
      clear_helper_retaddr();
 -    return ret;
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
 -int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 +void cpu_stw_be_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
 +                    MemOpIdx oi, uintptr_t ra)
  {
 -    return (int8_t)cpu_ldub_data_ra(env, ptr, retaddr);
 -}
 +    void *haddr;
 -uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 -{
 -    uint32_t ret;
 -
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_lduw_be_data(env, ptr);
 +    validate_memop(oi, MO_BEUW);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
 +    stw_be_p(haddr, val);
      clear_helper_retaddr();
 -    return ret;
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
 -int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 +void cpu_stl_be_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
 +                    MemOpIdx oi, uintptr_t ra)
  {
 -    return (int16_t)cpu_lduw_be_data_ra(env, ptr, retaddr);
 -}
 +    void *haddr;
 -uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 -{
 -    uint32_t ret;
 -
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldl_be_data(env, ptr);
 +    validate_memop(oi, MO_BEUL);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
 +    stl_be_p(haddr, val);
      clear_helper_retaddr();
 -    return ret;
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
 -uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 +void cpu_stq_be_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
 +                    MemOpIdx oi, uintptr_t ra)
  {
 -    uint64_t ret;
 +    void *haddr;
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldq_be_data(env, ptr);
 +    validate_memop(oi, MO_BEQ);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
 +    stq_be_p(haddr, val);
      clear_helper_retaddr();
 -    return ret;
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
 -uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 +void cpu_stw_le_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
 +                    MemOpIdx oi, uintptr_t ra)
  {
 -    uint32_t ret;
 +    void *haddr;
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_lduw_le_data(env, ptr);
 +    validate_memop(oi, MO_LEUW);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
 +    stw_le_p(haddr, val);
      clear_helper_retaddr();
 -    return ret;
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
 -int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 +void cpu_stl_le_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
 +                    MemOpIdx oi, uintptr_t ra)
  {
 -    return (int16_t)cpu_lduw_le_data_ra(env, ptr, retaddr);
 -}
 +    void *haddr;
 -uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 -{
 -    uint32_t ret;
 -
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldl_le_data(env, ptr);
 +    validate_memop(oi, MO_LEUL);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
 +    stl_le_p(haddr, val);
      clear_helper_retaddr();
 -    return ret;
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
 -uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
 +void cpu_stq_le_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
 +                    MemOpIdx oi, uintptr_t ra)
  {
 -    uint64_t ret;
 +    void *haddr;
 -    set_helper_retaddr(retaddr);
 -    ret = cpu_ldq_le_data(env, ptr);
 -    clear_helper_retaddr();
 -    return ret;
 -}
 -
 -void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
 -
 -    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
 -    stb_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 -}
 -
 -void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
 -
 -    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
 -    stw_be_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 -}
 -
 -void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
 -
 -    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
 -    stl_be_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 -}
 -
 -void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
 -
 -    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
 -    stq_be_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 -}
 -
 -void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
 -
 -    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
 -    stw_le_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 -}
 -
 -void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
 -
 -    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
 -    stl_le_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 -}
 -
 -void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
 -{
 -    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
 -
 -    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
 -    stq_le_p(g2h(env_cpu(env), ptr), val);
 -    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
 -}
 -
 -void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
 -                     uint32_t val, uintptr_t retaddr)
 -{
 -    set_helper_retaddr(retaddr);
 -    cpu_stb_data(env, ptr, val);
 -    clear_helper_retaddr();
 -}
 -
 -void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    set_helper_retaddr(retaddr);
 -    cpu_stw_be_data(env, ptr, val);
 -    clear_helper_retaddr();
 -}
 -
 -void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    set_helper_retaddr(retaddr);
 -    cpu_stl_be_data(env, ptr, val);
 -    clear_helper_retaddr();
 -}
 -
 -void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
 -                        uint64_t val, uintptr_t retaddr)
 -{
 -    set_helper_retaddr(retaddr);
 -    cpu_stq_be_data(env, ptr, val);
 -    clear_helper_retaddr();
 -}
 -
 -void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    set_helper_retaddr(retaddr);
 -    cpu_stw_le_data(env, ptr, val);
 -    clear_helper_retaddr();
 -}
 -
 -void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
 -                        uint32_t val, uintptr_t retaddr)
 -{
 -    set_helper_retaddr(retaddr);
 -    cpu_stl_le_data(env, ptr, val);
 -    clear_helper_retaddr();
 -}
 -
 -void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
 -                        uint64_t val, uintptr_t retaddr)
 -{
 -    set_helper_retaddr(retaddr);
 -    cpu_stq_le_data(env, ptr, val);
 +    validate_memop(oi, MO_LEQ);
 +    trace_guest_st_before_exec(env_cpu(env), addr, oi);
 +    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
 +    stq_le_p(haddr, val);
      clear_helper_retaddr();
 +    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
  }
  uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr ptr)
      return ret;
  }
 +#include "ldst_common.c.inc"
 +
  /*
   * Do not allow unaligned operations to proceed.  Return the host address.
   *
 diff --git a/accel/tcg/ldst_common.c.inc b/accel/tcg/ldst_common.c.inc
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/accel/tcg/ldst_common.c.inc
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Routines common to user and system emulation of load/store.
 + *
 + *  Copyright (c) 2003 Fabrice Bellard
 + *
 + * SPDX-License-Identifier: GPL-2.0-or-later
 + *
 + * This work is licensed under the terms of the GNU GPL, version 2 or later.
 + * See the COPYING file in the top-level directory.
 + */
 +
 +uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                            int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
 +    return cpu_ldb_mmu(env, addr, oi, ra);
 +}
 +
 +int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                       int mmu_idx, uintptr_t ra)
 +{
 +    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
 +}
 +
 +uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                               int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
 +    return cpu_ldw_be_mmu(env, addr, oi, ra);
 +}
 +
 +int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
 +}
 +
 +uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                              int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
 +    return cpu_ldl_be_mmu(env, addr, oi, ra);
 +}
 +
 +uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                              int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
 +    return cpu_ldq_be_mmu(env, addr, oi, ra);
 +}
 +
 +uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                               int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
 +    return cpu_ldw_le_mmu(env, addr, oi, ra);
 +}
 +
 +int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
 +}
 +
 +uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                              int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
 +    return cpu_ldl_le_mmu(env, addr, oi, ra);
 +}
 +
 +uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
 +                              int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
 +    return cpu_ldq_le_mmu(env, addr, oi, ra);
 +}
 +
 +void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
 +                       int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
 +    cpu_stb_mmu(env, addr, val, oi, ra);
 +}
 +
 +void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
 +    cpu_stw_be_mmu(env, addr, val, oi, ra);
 +}
 +
 +void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
 +    cpu_stl_be_mmu(env, addr, val, oi, ra);
 +}
 +
 +void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
 +    cpu_stq_be_mmu(env, addr, val, oi, ra);
 +}
 +
 +void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
 +    cpu_stw_le_mmu(env, addr, val, oi, ra);
 +}
 +
 +void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
 +    cpu_stl_le_mmu(env, addr, val, oi, ra);
 +}
 +
 +void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 +                          int mmu_idx, uintptr_t ra)
 +{
 +    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
 +    cpu_stq_le_mmu(env, addr, val, oi, ra);
 +}
 +
 +/*--------------------------*/
 +
 +uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return cpu_ldub_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
 +}
 +
 +int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return (int8_t)cpu_ldub_data_ra(env, addr, ra);
 +}
 +
 +uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return cpu_lduw_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
 +}
 +
 +int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return (int16_t)cpu_lduw_be_data_ra(env, addr, ra);
 +}
 +
 +uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return cpu_ldl_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
 +}
 +
 +uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return cpu_ldq_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
 +}
 +
 +uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return cpu_lduw_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
 +}
 +
 +int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return (int16_t)cpu_lduw_le_data_ra(env, addr, ra);
 +}
 +
 +uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return cpu_ldl_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
 +}
 +
 +uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
 +{
 +    return cpu_ldq_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
 +}
 +
 +void cpu_stb_data_ra(CPUArchState *env, abi_ptr addr,
 +                     uint32_t val, uintptr_t ra)
 +{
 +    cpu_stb_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
 +}
 +
 +void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr addr,
 +                        uint32_t val, uintptr_t ra)
 +{
 +    cpu_stw_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
 +}
 +
 +void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr addr,
 +                        uint32_t val, uintptr_t ra)
 +{
 +    cpu_stl_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
 +}
 +
 +void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr addr,
 +                        uint64_t val, uintptr_t ra)
 +{
 +    cpu_stq_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
 +}
 +
 +void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr addr,
 +                        uint32_t val, uintptr_t ra)
 +{
 +    cpu_stw_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
 +}
 +
 +void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr addr,
 +                        uint32_t val, uintptr_t ra)
 +{
 +    cpu_stl_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
 +}
 +
 +void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr addr,
 +                        uint64_t val, uintptr_t ra)
 +{
 +    cpu_stq_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
 +}
 +
 +/*--------------------------*/
 +
 +uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return cpu_ldub_data_ra(env, addr, 0);
 +}
 +
 +int cpu_ldsb_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return (int8_t)cpu_ldub_data(env, addr);
 +}
 +
 +uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return cpu_lduw_be_data_ra(env, addr, 0);
 +}
 +
 +int cpu_ldsw_be_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return (int16_t)cpu_lduw_be_data(env, addr);
 +}
 +
 +uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return cpu_ldl_be_data_ra(env, addr, 0);
 +}
 +
 +uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return cpu_ldq_be_data_ra(env, addr, 0);
 +}
 +
 +uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return cpu_lduw_le_data_ra(env, addr, 0);
 +}
 +
 +int cpu_ldsw_le_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return (int16_t)cpu_lduw_le_data(env, addr);
 +}
 +
 +uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return cpu_ldl_le_data_ra(env, addr, 0);
 +}
 +
 +uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr addr)
 +{
 +    return cpu_ldq_le_data_ra(env, addr, 0);
 +}
 +
 +void cpu_stb_data(CPUArchState *env, abi_ptr addr, uint32_t val)
 +{
 +    cpu_stb_data_ra(env, addr, val, 0);
 +}
 +
 +void cpu_stw_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
 +{
 +    cpu_stw_be_data_ra(env, addr, val, 0);
 +}
 +
 +void cpu_stl_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
 +{
 +    cpu_stl_be_data_ra(env, addr, val, 0);
 +}
 +
 +void cpu_stq_be_data(CPUArchState *env, abi_ptr addr, uint64_t val)
 +{
 +    cpu_stq_be_data_ra(env, addr, val, 0);
 +}
 +
 +void cpu_stw_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
 +{
 +    cpu_stw_le_data_ra(env, addr, val, 0);
 +}
 +
 +void cpu_stl_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
 +{
 +    cpu_stl_le_data_ra(env, addr, val, 0);
 +}
 +
 +void cpu_stq_le_data(CPUArchState *env, abi_ptr addr, uint64_t val)
 +{
 +    cpu_stq_le_data_ra(env, addr, val, 0);
 +}
 --
-.25.1
+.17.2

-[PULL 14/15] tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
+[Qemu-devel] [PULL v2 12/21] tcg: Split CONFIG_ATOMIC128
-These functions have been replaced by cpu_*_mmu as the
+GCC7+ will no longer advertise support for 16-byte __atomic operations
-most proper interface to use from target code.
+if only cmpxchg is supported, as for x86_64.  Fortunately, x86_64 still
 has support for __sync_compare_and_swap_16 and we can make use of that.
 AArch64 does not have, nor ever has had such support, so open-code it.
-Hide these declarations from code that should not use them.
+Reviewed-by: Emilio G. Cota <cota@braap.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/tcg/tcg-ldst.h | 74 ++++++++++++++++++++++++++++++++++++++++++
+ accel/tcg/atomic_template.h |  20 ++++-
- include/tcg/tcg.h      | 71 ----------------------------------------
+ include/qemu/atomic128.h    | 153 ++++++++++++++++++++++++++++++++++++
- accel/tcg/cputlb.c     |  1 +
+ include/qemu/compiler.h     |  11 +++
- tcg/tcg.c              |  1 +
+ tcg/tcg.h                   |  16 ++--
- tcg/tci.c              |  1 +
+ accel/tcg/cputlb.c          |   3 +-
-files changed, 77 insertions(+), 71 deletions(-)
+ accel/tcg/user-exec.c       |   5 +-
- create mode 100644 include/tcg/tcg-ldst.h
+ configure                   |  19 +++++
 files changed, 213 insertions(+), 14 deletions(-)
  create mode 100644 include/qemu/atomic128.h
-diff --git a/include/tcg/tcg-ldst.h b/include/tcg/tcg-ldst.h
+diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/atomic_template.h
 +++ b/accel/tcg/atomic_template.h
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
      DATA_TYPE ret;
      ATOMIC_TRACE_RMW;
 +#if DATA_SIZE == 16
 +    ret = atomic16_cmpxchg(haddr, cmpv, newv);
 +#else
      ret = atomic_cmpxchg__nocheck(haddr, cmpv, newv);
 +#endif
      ATOMIC_MMU_CLEANUP;
      return ret;
  }
  #if DATA_SIZE >= 16
 +#if HAVE_ATOMIC128
  ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr EXTRA_ARGS)
  {
      ATOMIC_MMU_DECLS;
      DATA_TYPE val, *haddr = ATOMIC_MMU_LOOKUP;
      ATOMIC_TRACE_LD;
 -    __atomic_load(haddr, &val, __ATOMIC_RELAXED);
 +    val = atomic16_read(haddr);
      ATOMIC_MMU_CLEANUP;
      return val;
  }
@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr,
      DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
      ATOMIC_TRACE_ST;
 -    __atomic_store(haddr, &val, __ATOMIC_RELAXED);
 +    atomic16_set(haddr, val);
      ATOMIC_MMU_CLEANUP;
  }
 +#endif
  #else
  ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr,
                             ABI_TYPE val EXTRA_ARGS)
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
      DATA_TYPE ret;
      ATOMIC_TRACE_RMW;
 +#if DATA_SIZE == 16
 +    ret = atomic16_cmpxchg(haddr, BSWAP(cmpv), BSWAP(newv));
 +#else
      ret = atomic_cmpxchg__nocheck(haddr, BSWAP(cmpv), BSWAP(newv));
 +#endif
      ATOMIC_MMU_CLEANUP;
      return BSWAP(ret);
  }
  #if DATA_SIZE >= 16
 +#if HAVE_ATOMIC128
  ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr EXTRA_ARGS)
  {
      ATOMIC_MMU_DECLS;
      DATA_TYPE val, *haddr = ATOMIC_MMU_LOOKUP;
      ATOMIC_TRACE_LD;
 -    __atomic_load(haddr, &val, __ATOMIC_RELAXED);
 +    val = atomic16_read(haddr);
      ATOMIC_MMU_CLEANUP;
      return BSWAP(val);
  }
@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr,
      ATOMIC_TRACE_ST;
      val = BSWAP(val);
 -    __atomic_store(haddr, &val, __ATOMIC_RELAXED);
 +    atomic16_set(haddr, val);
      ATOMIC_MMU_CLEANUP;
  }
 +#endif
  #else
  ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr,
                             ABI_TYPE val EXTRA_ARGS)
 diff --git a/include/qemu/atomic128.h b/include/qemu/atomic128.h
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
-+++ b/include/tcg/tcg-ldst.h
++++ b/include/qemu/atomic128.h
 @@ -XXX,XX +XXX,XX @@
 +/*
-+ * Memory helpers that will be used by TCG generated code.
++ * Simple interface for 128-bit atomic operations.
 + *
-+ * Copyright (c) 2008 Fabrice Bellard
++ * Copyright (C) 2018 Linaro, Ltd.
 + *
-+ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
-+ * of this software and associated documentation files (the "Software"), to deal
++ * See the COPYING file in the top-level directory.
-+ * in the Software without restriction, including without limitation the rights
++ *
-+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++ * See docs/devel/atomics.txt for discussion about the guarantees each
-+ * copies of the Software, and to permit persons to whom the Software is
++ * atomic primitive is meant to provide.
 + * furnished to do so, subject to the following conditions:
 + *
 + * The above copyright notice and this permission notice shall be included in
 + * all copies or substantial portions of the Software.
 + *
 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
 + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 + * THE SOFTWARE.
 + */
 +
-+#ifndef TCG_LDST_H
++#ifndef QEMU_ATOMIC128_H
-+#define TCG_LDST_H 1
++#define QEMU_ATOMIC128_H
 +
-+#ifdef CONFIG_SOFTMMU
++/*
-+
++ * GCC is a house divided about supporting large atomic operations.
-+/* Value zero-extended to tcg register size.  */
++ *
-+tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
++ * For hosts that only have large compare-and-swap, a legalistic reading
-+                                     MemOpIdx oi, uintptr_t retaddr);
++ * of the C++ standard means that one cannot implement __atomic_read on
-+tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
++ * read-only memory, and thus all atomic operations must synchronize
-+                                    MemOpIdx oi, uintptr_t retaddr);
++ * through libatomic.
-+tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
++ *
-+                                    MemOpIdx oi, uintptr_t retaddr);
++ * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80878
-+uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
++ *
-+                           MemOpIdx oi, uintptr_t retaddr);
++ * This interpretation is not especially helpful for QEMU.
-+tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
++ * For softmmu, all RAM is always read/write from the hypervisor.
-+                                    MemOpIdx oi, uintptr_t retaddr);
++ * For user-only, if the guest doesn't implement such an __atomic_read
-+tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
++ * then the host need not worry about it either.
-+                                    MemOpIdx oi, uintptr_t retaddr);
++ *
-+uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
++ * Moreover, using libatomic is not an option, because its interface is
-+                           MemOpIdx oi, uintptr_t retaddr);
++ * built for std::atomic<T>, and requires that *all* accesses to such an
-+
++ * object go through the library.  In our case we do not have an object
-+/* Value sign-extended to tcg register size.  */
++ * in the C/C++ sense, but a view of memory as seen by the guest.
-+tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
++ * The guest may issue a large atomic operation and then access those
-+                                     MemOpIdx oi, uintptr_t retaddr);
++ * pieces using word-sized accesses.  From the hypervisor, we have no
-+tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
++ * way to connect those two actions.
-+                                    MemOpIdx oi, uintptr_t retaddr);
++ *
-+tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
++ * Therefore, special case each platform.
-+                                    MemOpIdx oi, uintptr_t retaddr);
++ */
-+tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
++
-+                                    MemOpIdx oi, uintptr_t retaddr);
++#if defined(CONFIG_ATOMIC128)
-+tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
++static inline Int128 atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new)
-+                                    MemOpIdx oi, uintptr_t retaddr);
++{
-+
++    return atomic_cmpxchg__nocheck(ptr, cmp, new);
-+void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
++}
-+                        MemOpIdx oi, uintptr_t retaddr);
++# define HAVE_CMPXCHG128 1
-+void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
++#elif defined(CONFIG_CMPXCHG128)
-+                       MemOpIdx oi, uintptr_t retaddr);
++static inline Int128 atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new)
-+void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
++{
-+                       MemOpIdx oi, uintptr_t retaddr);
++    return __sync_val_compare_and_swap_16(ptr, cmp, new);
-+void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
++}
-+                       MemOpIdx oi, uintptr_t retaddr);
++# define HAVE_CMPXCHG128 1
-+void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
++#elif defined(__aarch64__)
-+                       MemOpIdx oi, uintptr_t retaddr);
++/* Through gcc 8, aarch64 has no support for 128-bit at all.  */
-+void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
++static inline Int128 atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new)
-+                       MemOpIdx oi, uintptr_t retaddr);
++{
-+void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
++    uint64_t cmpl = int128_getlo(cmp), cmph = int128_gethi(cmp);
-+                       MemOpIdx oi, uintptr_t retaddr);
++    uint64_t newl = int128_getlo(new), newh = int128_gethi(new);
-+
++    uint64_t oldl, oldh;
-+#endif /* CONFIG_SOFTMMU */
++    uint32_t tmp;
-+#endif /* TCG_LDST_H */
++
-diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
++    asm("0: ldaxp %[oldl], %[oldh], %[mem]\n\t"
 +        "cmp %[oldl], %[cmpl]\n\t"
 +        "ccmp %[oldh], %[cmph], #0, eq\n\t"
 +        "b.ne 1f\n\t"
 +        "stlxp %w[tmp], %[newl], %[newh], %[mem]\n\t"
 +        "cbnz %w[tmp], 0b\n"
 +        "1:"
 +        : [mem] "+m"(*ptr), [tmp] "=&r"(tmp),
 +          [oldl] "=&r"(oldl), [oldh] "=r"(oldh)
 +        : [cmpl] "r"(cmpl), [cmph] "r"(cmph),
 +          [newl] "r"(newl), [newh] "r"(newh)
 +        : "memory", "cc");
 +
 +    return int128_make128(oldl, oldh);
 +}
 +# define HAVE_CMPXCHG128 1
 +#else
 +/* Fallback definition that must be optimized away, or error.  */
 +Int128 QEMU_ERROR("unsupported atomic")
 +    atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new);
 +# define HAVE_CMPXCHG128 0
 +#endif /* Some definition for HAVE_CMPXCHG128 */
 +
 +
 +#if defined(CONFIG_ATOMIC128)
 +static inline Int128 atomic16_read(Int128 *ptr)
 +{
 +    return atomic_read__nocheck(ptr);
 +}
 +
 +static inline void atomic16_set(Int128 *ptr, Int128 val)
 +{
 +    atomic_set__nocheck(ptr, val);
 +}
 +
 +# define HAVE_ATOMIC128 1
 +#elif !defined(CONFIG_USER_ONLY) && defined(__aarch64__)
 +/* We can do better than cmpxchg for AArch64.  */
 +static inline Int128 atomic16_read(Int128 *ptr)
 +{
 +    uint64_t l, h;
 +    uint32_t tmp;
 +
 +    /* The load must be paired with the store to guarantee not tearing.  */
 +    asm("0: ldxp %[l], %[h], %[mem]\n\t"
 +        "stxp %w[tmp], %[l], %[h], %[mem]\n\t"
 +        "cbnz %w[tmp], 0b"
 +        : [mem] "+m"(*ptr), [tmp] "=r"(tmp), [l] "=r"(l), [h] "=r"(h));
 +
 +    return int128_make128(l, h);
 +}
 +
 +static inline void atomic16_set(Int128 *ptr, Int128 val)
 +{
 +    uint64_t l = int128_getlo(val), h = int128_gethi(val);
 +    uint64_t t1, t2;
 +
 +    /* Load into temporaries to acquire the exclusive access lock.  */
 +    asm("0: ldxp %[t1], %[t2], %[mem]\n\t"
 +        "stxp %w[t1], %[l], %[h], %[mem]\n\t"
 +        "cbnz %w[t1], 0b"
 +        : [mem] "+m"(*ptr), [t1] "=&r"(t1), [t2] "=&r"(t2)
 +        : [l] "r"(l), [h] "r"(h));
 +}
 +
 +# define HAVE_ATOMIC128 1
 +#elif !defined(CONFIG_USER_ONLY) && HAVE_CMPXCHG128
 +static inline Int128 atomic16_read(Int128 *ptr)
 +{
 +    /* Maybe replace 0 with 0, returning the old value.  */
 +    return atomic16_cmpxchg(ptr, 0, 0);
 +}
 +
 +static inline void atomic16_set(Int128 *ptr, Int128 val)
 +{
 +    Int128 old = *ptr, cmp;
 +    do {
 +        cmp = old;
 +        old = atomic16_cmpxchg(ptr, cmp, val);
 +    } while (old != cmp);
 +}
 +
 +# define HAVE_ATOMIC128 1
 +#else
 +/* Fallback definitions that must be optimized away, or error.  */
 +Int128 QEMU_ERROR("unsupported atomic") atomic16_read(Int128 *ptr);
 +void QEMU_ERROR("unsupported atomic") atomic16_set(Int128 *ptr, Int128 val);
 +# define HAVE_ATOMIC128 0
 +#endif /* Some definition for HAVE_ATOMIC128 */
 +
 +#endif /* QEMU_ATOMIC128_H */
 diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
 index XXXXXXX..XXXXXXX 100644
---- a/include/tcg/tcg.h
+--- a/include/qemu/compiler.h
-+++ b/include/tcg/tcg.h
++++ b/include/qemu/compiler.h
-@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
+@@ -XXX,XX +XXX,XX @@
-      :  (target_long)dup_const(VECE, C))
+ # define QEMU_FLATTEN
  #endif
--/*
++/*
-- * Memory helpers that will be used by TCG generated code.
++ * If __attribute__((error)) is present, use it to produce an error at
-- */
++ * compile time.  Otherwise, one must wait for the linker to diagnose
--#ifdef CONFIG_SOFTMMU
++ * the missing symbol.
--/* Value zero-extended to tcg register size.  */
++ */
--tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
++#if __has_attribute(error)
--                                     MemOpIdx oi, uintptr_t retaddr);
++# define QEMU_ERROR(X) __attribute__((error(X)))
--tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
++#else
--                                    MemOpIdx oi, uintptr_t retaddr);
++# define QEMU_ERROR(X)
--tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
++#endif
--                                    MemOpIdx oi, uintptr_t retaddr);
++
--uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
+ /* Implement C11 _Generic via GCC builtins.  Example:
--                           MemOpIdx oi, uintptr_t retaddr);
+  *
--tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
+  *    QEMU_GENERIC(x, (float, sinf), (long double, sinl), sin) (x)
--                                    MemOpIdx oi, uintptr_t retaddr);
+diff --git a/tcg/tcg.h b/tcg/tcg.h
--tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
+index XXXXXXX..XXXXXXX 100644
--                                    MemOpIdx oi, uintptr_t retaddr);
+--- a/tcg/tcg.h
--uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
++++ b/tcg/tcg.h
--                           MemOpIdx oi, uintptr_t retaddr);
+@@ -XXX,XX +XXX,XX @@
  #include "qemu/queue.h"
  #include "tcg-mo.h"
  #include "tcg-target.h"
 +#include "qemu/int128.h"
  /* XXX: make safe guess about sizes */
  #define MAX_OP_PER_INSTR 266
@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER_ALL(xchg)
  #undef GEN_ATOMIC_HELPER
  #endif /* CONFIG_SOFTMMU */
 -#ifdef CONFIG_ATOMIC128
 -#include "qemu/int128.h"
 -
--/* Value sign-extended to tcg register size.  */
+-/* These aren't really a "proper" helpers because TCG cannot manage Int128.
--tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
+-   However, use the same format as the others, for use by the backends. */
--                                     MemOpIdx oi, uintptr_t retaddr);
++/*
--tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
++ * These aren't really a "proper" helpers because TCG cannot manage Int128.
--                                    MemOpIdx oi, uintptr_t retaddr);
++ * However, use the same format as the others, for use by the backends.
--tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
++ *
--                                    MemOpIdx oi, uintptr_t retaddr);
++ * The cmpxchg functions are only defined if HAVE_CMPXCHG128;
--tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
++ * the ld/st functions are only defined if HAVE_ATOMIC128,
--                                    MemOpIdx oi, uintptr_t retaddr);
++ * as defined by <qemu/atomic128.h>.
--tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
++ */
--                                    MemOpIdx oi, uintptr_t retaddr);
+ Int128 helper_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
                                       Int128 cmpv, Int128 newv,
                                       TCGMemOpIdx oi, uintptr_t retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
  void helper_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
                                TCGMemOpIdx oi, uintptr_t retaddr);
 -#endif /* CONFIG_ATOMIC128 */
 -
--void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
+ #endif /* TCG_H */
 -                        MemOpIdx oi, uintptr_t retaddr);
 -void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
 -                       MemOpIdx oi, uintptr_t retaddr);
 -void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 -                       MemOpIdx oi, uintptr_t retaddr);
 -void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 -                       MemOpIdx oi, uintptr_t retaddr);
 -void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
 -                       MemOpIdx oi, uintptr_t retaddr);
 -void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
 -                       MemOpIdx oi, uintptr_t retaddr);
 -void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 -                       MemOpIdx oi, uintptr_t retaddr);
 -
 -/* Temporary aliases until backends are converted.  */
 -#ifdef TARGET_WORDS_BIGENDIAN
 -# define helper_ret_ldsw_mmu  helper_be_ldsw_mmu
 -# define helper_ret_lduw_mmu  helper_be_lduw_mmu
 -# define helper_ret_ldsl_mmu  helper_be_ldsl_mmu
 -# define helper_ret_ldul_mmu  helper_be_ldul_mmu
 -# define helper_ret_ldl_mmu   helper_be_ldul_mmu
 -# define helper_ret_ldq_mmu   helper_be_ldq_mmu
 -# define helper_ret_stw_mmu   helper_be_stw_mmu
 -# define helper_ret_stl_mmu   helper_be_stl_mmu
 -# define helper_ret_stq_mmu   helper_be_stq_mmu
 -#else
 -# define helper_ret_ldsw_mmu  helper_le_ldsw_mmu
 -# define helper_ret_lduw_mmu  helper_le_lduw_mmu
 -# define helper_ret_ldsl_mmu  helper_le_ldsl_mmu
 -# define helper_ret_ldul_mmu  helper_le_ldul_mmu
 -# define helper_ret_ldl_mmu   helper_le_ldul_mmu
 -# define helper_ret_ldq_mmu   helper_le_ldq_mmu
 -# define helper_ret_stw_mmu   helper_le_stw_mmu
 -# define helper_ret_stl_mmu   helper_le_stl_mmu
 -# define helper_ret_stq_mmu   helper_le_stq_mmu
 -#endif
 -#endif /* CONFIG_SOFTMMU */
 -
  #ifdef CONFIG_DEBUG_TCG
  void tcg_assert_listed_vecop(TCGOpcode);
  #else
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
 @@ -XXX,XX +XXX,XX @@
- #ifdef CONFIG_PLUGIN
+ #include "exec/log.h"
- #include "qemu/plugin-memory.h"
+ #include "exec/helper-proto.h"
- #endif
+ #include "qemu/atomic.h"
-+#include "tcg/tcg-ldst.h"
++#include "qemu/atomic128.h"
  /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
  /* #define DEBUG_TLB */
-diff --git a/tcg/tcg.c b/tcg/tcg.c
+@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
  #include "atomic_template.h"
  #endif
 -#ifdef CONFIG_ATOMIC128
 +#if HAVE_CMPXCHG128 || HAVE_ATOMIC128
  #define DATA_SIZE 16
  #include "atomic_template.h"
  #endif
 diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
 index XXXXXXX..XXXXXXX 100644
---- a/tcg/tcg.c
+--- a/accel/tcg/user-exec.c
-+++ b/tcg/tcg.c
++++ b/accel/tcg/user-exec.c
 @@ -XXX,XX +XXX,XX @@
- #include "elf.h"
- #include "exec/log.h"
-+#include "tcg/tcg-ldst.h"
- #include "tcg-internal.h"
- #ifdef CONFIG_TCG_INTERPRETER
-diff --git a/tcg/tci.c b/tcg/tci.c
-index XXXXXXX..XXXXXXX 100644
---- a/tcg/tci.c
-+++ b/tcg/tci.c
-@@ -XXX,XX +XXX,XX @@
- #include "tcg/tcg.h"           /* MAX_OPC_PARAM_IARGS */
  #include "exec/cpu_ldst.h"
- #include "tcg/tcg-op.h"
+ #include "translate-all.h"
-+#include "tcg/tcg-ldst.h"
+ #include "exec/helper-proto.h"
- #include "qemu/compiler.h"
++#include "qemu/atomic128.h"
- #include <ffi.h>
+ #undef EAX
  #undef ECX
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
  /* The following is only callable from other helpers, and matches up
     with the softmmu version.  */
 -#ifdef CONFIG_ATOMIC128
 +#if HAVE_ATOMIC128 || HAVE_CMPXCHG128
  #undef EXTRA_ARGS
  #undef ATOMIC_NAME
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
  #define DATA_SIZE 16
  #include "atomic_template.h"
 -#endif /* CONFIG_ATOMIC128 */
 +#endif
 diff --git a/configure b/configure
 index XXXXXXX..XXXXXXX 100755
 --- a/configure
 +++ b/configure
@@ -XXX,XX +XXX,XX @@ EOF
    fi
  fi
 +cmpxchg128=no
 +if test "$int128" = yes -a "$atomic128" = no; then
 +  cat > $TMPC << EOF
 +int main(void)
 +{
 +  unsigned __int128 x = 0, y = 0;
 +  __sync_val_compare_and_swap_16(&x, y, x);
 +  return 0;
 +}
 +EOF
 +  if compile_prog "" "" ; then
 +    cmpxchg128=yes
 +  fi
 +fi
 +
  #########################################
  # See if 64-bit atomic operations are supported.
  # Note that without __atomic builtins, we can only
@@ -XXX,XX +XXX,XX @@ if test "$atomic128" = "yes" ; then
    echo "CONFIG_ATOMIC128=y" >> $config_host_mak
  fi
 +if test "$cmpxchg128" = "yes" ; then
 +  echo "CONFIG_CMPXCHG128=y" >> $config_host_mak
 +fi
 +
  if test "$atomic64" = "yes" ; then
    echo "CONFIG_ATOMIC64=y" >> $config_host_mak
  fi
 --
-.25.1
+.17.2

-[PULL 08/15] accel/tcg: Move cpu_atomic decls to exec/cpu_ldst.h
+[Qemu-devel] [PULL v2 13/21] target/i386: Convert to HAVE_CMPXCHG128
-The previous placement in tcg/tcg.h was not logical.
+Reviewed-by: Emilio G. Cota <cota@braap.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- include/exec/cpu_ldst.h       | 87 +++++++++++++++++++++++++++++++++++
+ target/i386/mem_helper.c | 9 ++++-----
- include/tcg/tcg.h             | 87 -----------------------------------
+file changed, 4 insertions(+), 5 deletions(-)
  target/arm/helper-a64.c       |  1 -
  target/m68k/op_helper.c       |  1 -
  target/ppc/mem_helper.c       |  1 -
  target/s390x/tcg/mem_helper.c |  1 -
 files changed, 87 insertions(+), 91 deletions(-)
-diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
+diff --git a/target/i386/mem_helper.c b/target/i386/mem_helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu_ldst.h
+--- a/target/i386/mem_helper.c
-+++ b/include/exec/cpu_ldst.h
++++ b/target/i386/mem_helper.c
@@ -XXX,XX +XXX,XX @@
  #define CPU_LDST_H
  #include "exec/memopidx.h"
 +#include "qemu/int128.h"
  #if defined(CONFIG_USER_ONLY)
  /* sparc32plus has 64bit long but 32bit space address
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
  void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
                      MemOpIdx oi, uintptr_t ra);
 +uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
 +                                 uint32_t cmpv, uint32_t newv,
 +                                 MemOpIdx oi, uintptr_t retaddr);
 +uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
 +                                    uint32_t cmpv, uint32_t newv,
 +                                    MemOpIdx oi, uintptr_t retaddr);
 +uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
 +                                    uint32_t cmpv, uint32_t newv,
 +                                    MemOpIdx oi, uintptr_t retaddr);
 +uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
 +                                    uint64_t cmpv, uint64_t newv,
 +                                    MemOpIdx oi, uintptr_t retaddr);
 +uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
 +                                    uint32_t cmpv, uint32_t newv,
 +                                    MemOpIdx oi, uintptr_t retaddr);
 +uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
 +                                    uint32_t cmpv, uint32_t newv,
 +                                    MemOpIdx oi, uintptr_t retaddr);
 +uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
 +                                    uint64_t cmpv, uint64_t newv,
 +                                    MemOpIdx oi, uintptr_t retaddr);
 +
 +#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
 +TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
 +    (CPUArchState *env, target_ulong addr, TYPE val,  \
 +     MemOpIdx oi, uintptr_t retaddr);
 +
 +#ifdef CONFIG_ATOMIC64
 +#define GEN_ATOMIC_HELPER_ALL(NAME)          \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
 +    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
 +    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
 +#else
 +#define GEN_ATOMIC_HELPER_ALL(NAME)          \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
 +    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
 +#endif
 +
 +GEN_ATOMIC_HELPER_ALL(fetch_add)
 +GEN_ATOMIC_HELPER_ALL(fetch_sub)
 +GEN_ATOMIC_HELPER_ALL(fetch_and)
 +GEN_ATOMIC_HELPER_ALL(fetch_or)
 +GEN_ATOMIC_HELPER_ALL(fetch_xor)
 +GEN_ATOMIC_HELPER_ALL(fetch_smin)
 +GEN_ATOMIC_HELPER_ALL(fetch_umin)
 +GEN_ATOMIC_HELPER_ALL(fetch_smax)
 +GEN_ATOMIC_HELPER_ALL(fetch_umax)
 +
 +GEN_ATOMIC_HELPER_ALL(add_fetch)
 +GEN_ATOMIC_HELPER_ALL(sub_fetch)
 +GEN_ATOMIC_HELPER_ALL(and_fetch)
 +GEN_ATOMIC_HELPER_ALL(or_fetch)
 +GEN_ATOMIC_HELPER_ALL(xor_fetch)
 +GEN_ATOMIC_HELPER_ALL(smin_fetch)
 +GEN_ATOMIC_HELPER_ALL(umin_fetch)
 +GEN_ATOMIC_HELPER_ALL(smax_fetch)
 +GEN_ATOMIC_HELPER_ALL(umax_fetch)
 +
 +GEN_ATOMIC_HELPER_ALL(xchg)
 +
 +#undef GEN_ATOMIC_HELPER_ALL
 +#undef GEN_ATOMIC_HELPER
 +
 +Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
 +                                  Int128 cmpv, Int128 newv,
 +                                  MemOpIdx oi, uintptr_t retaddr);
 +Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
 +                                  Int128 cmpv, Int128 newv,
 +                                  MemOpIdx oi, uintptr_t retaddr);
 +
 +Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
 +                             MemOpIdx oi, uintptr_t retaddr);
 +Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
 +                             MemOpIdx oi, uintptr_t retaddr);
 +void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
 +                           MemOpIdx oi, uintptr_t retaddr);
 +void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
 +                           MemOpIdx oi, uintptr_t retaddr);
 +
  #if defined(CONFIG_USER_ONLY)
  extern __thread uintptr_t helper_retaddr;
 diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/tcg/tcg.h
 +++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@
  #include "qemu/queue.h"
  #include "tcg/tcg-mo.h"
  #include "tcg-target.h"
 -#include "qemu/int128.h"
  #include "tcg/tcg-cond.h"
  /* XXX: make safe guess about sizes */
@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
  #endif
  #endif /* CONFIG_SOFTMMU */
 -uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
 -                                 uint32_t cmpv, uint32_t newv,
 -                                 MemOpIdx oi, uintptr_t retaddr);
 -uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
 -                                    uint32_t cmpv, uint32_t newv,
 -                                    MemOpIdx oi, uintptr_t retaddr);
 -uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
 -                                    uint32_t cmpv, uint32_t newv,
 -                                    MemOpIdx oi, uintptr_t retaddr);
 -uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
 -                                    uint64_t cmpv, uint64_t newv,
 -                                    MemOpIdx oi, uintptr_t retaddr);
 -uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
 -                                    uint32_t cmpv, uint32_t newv,
 -                                    MemOpIdx oi, uintptr_t retaddr);
 -uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
 -                                    uint32_t cmpv, uint32_t newv,
 -                                    MemOpIdx oi, uintptr_t retaddr);
 -uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
 -                                    uint64_t cmpv, uint64_t newv,
 -                                    MemOpIdx oi, uintptr_t retaddr);
 -
 -#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
 -TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
 -    (CPUArchState *env, target_ulong addr, TYPE val,  \
 -     MemOpIdx oi, uintptr_t retaddr);
 -
 -#ifdef CONFIG_ATOMIC64
 -#define GEN_ATOMIC_HELPER_ALL(NAME)          \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
 -    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
 -    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
 -#else
 -#define GEN_ATOMIC_HELPER_ALL(NAME)          \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
 -    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
 -#endif
 -
 -GEN_ATOMIC_HELPER_ALL(fetch_add)
 -GEN_ATOMIC_HELPER_ALL(fetch_sub)
 -GEN_ATOMIC_HELPER_ALL(fetch_and)
 -GEN_ATOMIC_HELPER_ALL(fetch_or)
 -GEN_ATOMIC_HELPER_ALL(fetch_xor)
 -GEN_ATOMIC_HELPER_ALL(fetch_smin)
 -GEN_ATOMIC_HELPER_ALL(fetch_umin)
 -GEN_ATOMIC_HELPER_ALL(fetch_smax)
 -GEN_ATOMIC_HELPER_ALL(fetch_umax)
 -
 -GEN_ATOMIC_HELPER_ALL(add_fetch)
 -GEN_ATOMIC_HELPER_ALL(sub_fetch)
 -GEN_ATOMIC_HELPER_ALL(and_fetch)
 -GEN_ATOMIC_HELPER_ALL(or_fetch)
 -GEN_ATOMIC_HELPER_ALL(xor_fetch)
 -GEN_ATOMIC_HELPER_ALL(smin_fetch)
 -GEN_ATOMIC_HELPER_ALL(umin_fetch)
 -GEN_ATOMIC_HELPER_ALL(smax_fetch)
 -GEN_ATOMIC_HELPER_ALL(umax_fetch)
 -
 -GEN_ATOMIC_HELPER_ALL(xchg)
 -
 -#undef GEN_ATOMIC_HELPER_ALL
 -#undef GEN_ATOMIC_HELPER
 -
 -Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
 -                                  Int128 cmpv, Int128 newv,
 -                                  MemOpIdx oi, uintptr_t retaddr);
 -Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
 -                                  Int128 cmpv, Int128 newv,
 -                                  MemOpIdx oi, uintptr_t retaddr);
 -
 -Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
 -                             MemOpIdx oi, uintptr_t retaddr);
 -Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
 -                             MemOpIdx oi, uintptr_t retaddr);
 -void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
 -                           MemOpIdx oi, uintptr_t retaddr);
 -void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
 -                           MemOpIdx oi, uintptr_t retaddr);
 -
  #ifdef CONFIG_DEBUG_TCG
  void tcg_assert_listed_vecop(TCGOpcode);
  #else
 diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper-a64.c
 +++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@
  #include "exec/cpu_ldst.h"
  #include "qemu/int128.h"
  #include "qemu/atomic128.h"
 -#include "tcg/tcg.h"
  #include "fpu/softfloat.h"
  #include <zlib.h> /* For crc32 */
 diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/m68k/op_helper.c
 +++ b/target/m68k/op_helper.c
 @@ -XXX,XX +XXX,XX @@
  #include "exec/exec-all.h"
  #include "exec/cpu_ldst.h"
- #include "semihosting/semihost.h"
--#include "tcg/tcg.h"
- #if !defined(CONFIG_USER_ONLY)
-diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/mem_helper.c
-+++ b/target/ppc/mem_helper.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/helper-proto.h"
- #include "helper_regs.h"
- #include "exec/cpu_ldst.h"
--#include "tcg/tcg.h"
- #include "internal.h"
- #include "qemu/atomic128.h"
-diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/mem_helper.c
-+++ b/target/s390x/tcg/mem_helper.c
-@@ -XXX,XX +XXX,XX @@
- #include "exec/cpu_ldst.h"
  #include "qemu/int128.h"
- #include "qemu/atomic128.h"
++#include "qemu/atomic128.h"
--#include "tcg/tcg.h"
+ #include "tcg.h"
- #include "trace.h"
+ void helper_cmpxchg8b_unlocked(CPUX86State *env, target_ulong a0)
- #if !defined(CONFIG_USER_ONLY)
+@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
      if ((a0 & 0xf) != 0) {
          raise_exception_ra(env, EXCP0D_GPF, ra);
 -    } else {
 -#ifndef CONFIG_ATOMIC128
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -#else
 +    } else if (HAVE_CMPXCHG128) {
          int eflags = cpu_cc_compute_all(env, CC_OP);
          Int128 cmpv = int128_make128(env->regs[R_EAX], env->regs[R_EDX]);
@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
              eflags &= ~CC_Z;
          }
          CC_SRC = eflags;
 -#endif
 +    } else {
 +        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
      }
  }
  #endif
 --
-.25.1
+.17.2

-[PULL 13/15] target/arm: Use cpu_*_mmu instead of helper_*_mmu
+[Qemu-devel] [PULL v2 14/21] target/arm: Convert to HAVE_CMPXCHG128
-The helper_*_mmu functions were the only thing available
+Reviewed-by: Emilio G. Cota <cota@braap.org>
 when this code was written.  This could have been adjusted
 when we added cpu_*_mmuidx_ra, but now we can most easily
 use the newest set of interfaces.
 Cc: qemu-arm@nongnu.org
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/arm/helper-a64.c | 52 +++++++----------------------------------
+ target/arm/helper-a64.c | 259 +++++++++++++++++++++-------------------
- target/arm/m_helper.c   |  6 ++---
+file changed, 133 insertions(+), 126 deletions(-)
 files changed, 11 insertions(+), 47 deletions(-)
 diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper-a64.c
 +++ b/target/arm/helper-a64.c
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
+@@ -XXX,XX +XXX,XX @@
-     uintptr_t ra = GETPC();
+ #include "exec/exec-all.h"
-     uint64_t o0, o1;
+ #include "exec/cpu_ldst.h"
  #include "qemu/int128.h"
 +#include "qemu/atomic128.h"
  #include "tcg.h"
  #include "fpu/softfloat.h"
  #include <zlib.h> /* For crc32 */
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(crc32c_64)(uint64_t acc, uint64_t val, uint32_t bytes)
      return crc32c(acc, buf, bytes) ^ 0xffffffff;
  }
 -/* Returns 0 on success; 1 otherwise.  */
 -static uint64_t do_paired_cmpxchg64_le(CPUARMState *env, uint64_t addr,
 -                                       uint64_t new_lo, uint64_t new_hi,
 -                                       bool parallel, uintptr_t ra)
 +uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
 +                                     uint64_t new_lo, uint64_t new_hi)
  {
 -    Int128 oldv, cmpv, newv;
 +    Int128 cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
 +    Int128 newv = int128_make128(new_lo, new_hi);
 +    Int128 oldv;
 +    uintptr_t ra = GETPC();
 +    uint64_t o0, o1;
      bool success;
+-    cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
+-    newv = int128_make128(new_lo, new_hi);
+-
+-    if (parallel) {
+-#ifndef CONFIG_ATOMIC128
+-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+-#else
+-        int mem_idx = cpu_mmu_index(env, false);
+-        TCGMemOpIdx oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+-        oldv = helper_atomic_cmpxchgo_le_mmu(env, addr, cmpv, newv, oi, ra);
+-        success = int128_eq(oldv, cmpv);
+-#endif
+-    } else {
+-        uint64_t o0, o1;
+-
+ #ifdef CONFIG_USER_ONLY
+-        /* ??? Enforce alignment.  */
+-        uint64_t *haddr = g2h(addr);
++    /* ??? Enforce alignment.  */
++    uint64_t *haddr = g2h(addr);
+-        helper_retaddr = ra;
+-        o0 = ldq_le_p(haddr + 0);
+-        o1 = ldq_le_p(haddr + 1);
+-        oldv = int128_make128(o0, o1);
++    helper_retaddr = ra;
++    o0 = ldq_le_p(haddr + 0);
++    o1 = ldq_le_p(haddr + 1);
++    oldv = int128_make128(o0, o1);
+-        success = int128_eq(oldv, cmpv);
+-        if (success) {
+-            stq_le_p(haddr + 0, int128_getlo(newv));
+-            stq_le_p(haddr + 1, int128_gethi(newv));
+-        }
+-        helper_retaddr = 0;
+-#else
+-        int mem_idx = cpu_mmu_index(env, false);
+-        TCGMemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+-        TCGMemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
+-
+-        o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
+-        o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
+-        oldv = int128_make128(o0, o1);
+-
+-        success = int128_eq(oldv, cmpv);
+-        if (success) {
+-            helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
+-            helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
+-        }
+-#endif
++    success = int128_eq(oldv, cmpv);
++    if (success) {
++        stq_le_p(haddr + 0, int128_getlo(newv));
++        stq_le_p(haddr + 1, int128_gethi(newv));
+     }
++    helper_retaddr = 0;
++#else
++    int mem_idx = cpu_mmu_index(env, false);
++    TCGMemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
++    TCGMemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
++
++    o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
++    o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
++    oldv = int128_make128(o0, o1);
++
++    success = int128_eq(oldv, cmpv);
++    if (success) {
++        helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
++        helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
++    }
++#endif
+     return !success;
+ }
+-uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
+-                                              uint64_t new_lo, uint64_t new_hi)
+-{
+-    return do_paired_cmpxchg64_le(env, addr, new_lo, new_hi, false, GETPC());
+-}
+-
+ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
+                                               uint64_t new_lo, uint64_t new_hi)
+-{
+-    return do_paired_cmpxchg64_le(env, addr, new_lo, new_hi, true, GETPC());
+-}
+-
+-static uint64_t do_paired_cmpxchg64_be(CPUARMState *env, uint64_t addr,
+-                                       uint64_t new_lo, uint64_t new_hi,
+-                                       bool parallel, uintptr_t ra)
+ {
+     Int128 oldv, cmpv, newv;
++    uintptr_t ra = GETPC();
+     bool success;
++    int mem_idx;
++    TCGMemOpIdx oi;
+-    /* high and low need to be switched here because this is not actually a
+-     * 128bit store but two doublewords stored consecutively
+-     */
+-    cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
+-    newv = int128_make128(new_hi, new_lo);
+-
+-    if (parallel) {
+-#ifndef CONFIG_ATOMIC128
++    if (!HAVE_CMPXCHG128) {
+         cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+-#else
+-        int mem_idx = cpu_mmu_index(env, false);
+-        TCGMemOpIdx oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
+-        oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
+-        success = int128_eq(oldv, cmpv);
+-#endif
+-    } else {
+-        uint64_t o0, o1;
 -
 -#ifdef CONFIG_USER_ONLY
--    /* ??? Enforce alignment.  */
+-        /* ??? Enforce alignment.  */
--    uint64_t *haddr = g2h(env_cpu(env), addr);
+-        uint64_t *haddr = g2h(addr);
 -
--    set_helper_retaddr(ra);
+-        helper_retaddr = ra;
--    o0 = ldq_le_p(haddr + 0);
+-        o1 = ldq_be_p(haddr + 0);
--    o1 = ldq_le_p(haddr + 1);
+-        o0 = ldq_be_p(haddr + 1);
--    oldv = int128_make128(o0, o1);
+-        oldv = int128_make128(o0, o1);
 -
--    success = int128_eq(oldv, cmpv);
+-        success = int128_eq(oldv, cmpv);
--    if (success) {
+-        if (success) {
--        stq_le_p(haddr + 0, int128_getlo(newv));
+-            stq_be_p(haddr + 0, int128_gethi(newv));
--        stq_le_p(haddr + 1, int128_gethi(newv));
+-            stq_be_p(haddr + 1, int128_getlo(newv));
--    }
+-        }
--    clear_helper_retaddr();
+-        helper_retaddr = 0;
 -#else
-     int mem_idx = cpu_mmu_index(env, false);
+-        int mem_idx = cpu_mmu_index(env, false);
-     MemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+-        TCGMemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
-     MemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
+-        TCGMemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
+-
--    o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
+-        o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
--    o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
+-        o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
-+    o0 = cpu_ldq_le_mmu(env, addr + 0, oi0, ra);
+-        oldv = int128_make128(o0, o1);
-+    o1 = cpu_ldq_le_mmu(env, addr + 8, oi1, ra);
+-
-     oldv = int128_make128(o0, o1);
+-        success = int128_eq(oldv, cmpv);
+-        if (success) {
-     success = int128_eq(oldv, cmpv);
+-            helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
-     if (success) {
+-            helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
--        helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
+-        }
--        helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
+-#endif
 +        cpu_stq_le_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
 +        cpu_stq_le_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
      }
--#endif
++    mem_idx = cpu_mmu_index(env, false);
 +    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
 +
 +    cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
 +    newv = int128_make128(new_lo, new_hi);
 +    oldv = helper_atomic_cmpxchgo_le_mmu(env, addr, cmpv, newv, oi, ra);
 +
 +    success = int128_eq(oldv, cmpv);
      return !success;
  }
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
-     uintptr_t ra = GETPC();
+ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
-     uint64_t o0, o1;
+                                      uint64_t new_lo, uint64_t new_hi)
-     bool success;
+ {
--
+-    return do_paired_cmpxchg64_be(env, addr, new_lo, new_hi, false, GETPC());
--#ifdef CONFIG_USER_ONLY
++    /*
--    /* ??? Enforce alignment.  */
++     * High and low need to be switched here because this is not actually a
--    uint64_t *haddr = g2h(env_cpu(env), addr);
++     * 128bit store but two doublewords stored consecutively
--
++     */
--    set_helper_retaddr(ra);
++    Int128 cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
--    o1 = ldq_be_p(haddr + 0);
++    Int128 newv = int128_make128(new_lo, new_hi);
--    o0 = ldq_be_p(haddr + 1);
++    Int128 oldv;
--    oldv = int128_make128(o0, o1);
++    uintptr_t ra = GETPC();
--
++    uint64_t o0, o1;
--    success = int128_eq(oldv, cmpv);
++    bool success;
--    if (success) {
++
--        stq_be_p(haddr + 0, int128_gethi(newv));
++#ifdef CONFIG_USER_ONLY
--        stq_be_p(haddr + 1, int128_getlo(newv));
++    /* ??? Enforce alignment.  */
--    }
++    uint64_t *haddr = g2h(addr);
--    clear_helper_retaddr();
++
--#else
++    helper_retaddr = ra;
-     int mem_idx = cpu_mmu_index(env, false);
++    o1 = ldq_be_p(haddr + 0);
-     MemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
++    o0 = ldq_be_p(haddr + 1);
-     MemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
++    oldv = int128_make128(o0, o1);
++
--    o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
++    success = int128_eq(oldv, cmpv);
--    o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
++    if (success) {
-+    o1 = cpu_ldq_be_mmu(env, addr + 0, oi0, ra);
++        stq_be_p(haddr + 0, int128_gethi(newv));
-+    o0 = cpu_ldq_be_mmu(env, addr + 8, oi1, ra);
++        stq_be_p(haddr + 1, int128_getlo(newv));
-     oldv = int128_make128(o0, o1);
++    }
++    helper_retaddr = 0;
-     success = int128_eq(oldv, cmpv);
++#else
-     if (success) {
++    int mem_idx = cpu_mmu_index(env, false);
--        helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
++    TCGMemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
--        helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
++    TCGMemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
-+        cpu_stq_be_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
++
-+        cpu_stq_be_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
++    o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
-     }
++    o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
--#endif
++    oldv = int128_make128(o0, o1);
++
-     return !success;
++    success = int128_eq(oldv, cmpv);
- }
++    if (success) {
-diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
++        helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
-index XXXXXXX..XXXXXXX 100644
++        helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
---- a/target/arm/m_helper.c
++    }
-+++ b/target/arm/m_helper.c
++#endif
-@@ -XXX,XX +XXX,XX @@ static bool do_v7m_function_return(ARMCPU *cpu)
++
-          * do them as secure, so work out what MMU index that is.
++    return !success;
-          */
+ }
-         mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);
--        oi = make_memop_idx(MO_LE, arm_to_core_mmu_idx(mmu_idx));
+ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
--        newpc = helper_le_ldul_mmu(env, frameptr, oi, 0);
+-                                     uint64_t new_lo, uint64_t new_hi)
--        newpsr = helper_le_ldul_mmu(env, frameptr + 4, oi, 0);
++                                              uint64_t new_lo, uint64_t new_hi)
-+        oi = make_memop_idx(MO_LEUL, arm_to_core_mmu_idx(mmu_idx));
+ {
-+        newpc = cpu_ldl_le_mmu(env, frameptr, oi, 0);
+-    return do_paired_cmpxchg64_be(env, addr, new_lo, new_hi, true, GETPC());
-+        newpsr = cpu_ldl_le_mmu(env, frameptr + 4, oi, 0);
++    Int128 oldv, cmpv, newv;
++    uintptr_t ra = GETPC();
-         /* Consistency checks on new IPSR */
++    bool success;
-         newpsr_exc = newpsr & XPSR_EXCP;
++    int mem_idx;
 +    TCGMemOpIdx oi;
 +
 +    if (!HAVE_CMPXCHG128) {
 +        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 +    }
 +
 +    mem_idx = cpu_mmu_index(env, false);
 +    oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
 +
 +    /*
 +     * High and low need to be switched here because this is not actually a
 +     * 128bit store but two doublewords stored consecutively
 +     */
 +    cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
 +    newv = int128_make128(new_hi, new_lo);
 +    oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
 +
 +    success = int128_eq(oldv, cmpv);
 +    return !success;
  }
  /* Writes back the old data into Rs.  */
  void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
                                uint64_t new_lo, uint64_t new_hi)
  {
 -    uintptr_t ra = GETPC();
 -#ifndef CONFIG_ATOMIC128
 -    cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -#else
      Int128 oldv, cmpv, newv;
 +    uintptr_t ra = GETPC();
 +    int mem_idx;
 +    TCGMemOpIdx oi;
 +
 +    if (!HAVE_CMPXCHG128) {
 +        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 +    }
 +
 +    mem_idx = cpu_mmu_index(env, false);
 +    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
      cmpv = int128_make128(env->xregs[rs], env->xregs[rs + 1]);
      newv = int128_make128(new_lo, new_hi);
 -
 -    int mem_idx = cpu_mmu_index(env, false);
 -    TCGMemOpIdx oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
      oldv = helper_atomic_cmpxchgo_le_mmu(env, addr, cmpv, newv, oi, ra);
      env->xregs[rs] = int128_getlo(oldv);
      env->xregs[rs + 1] = int128_gethi(oldv);
 -#endif
  }
  void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
                                uint64_t new_hi, uint64_t new_lo)
  {
 -    uintptr_t ra = GETPC();
 -#ifndef CONFIG_ATOMIC128
 -    cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -#else
      Int128 oldv, cmpv, newv;
 +    uintptr_t ra = GETPC();
 +    int mem_idx;
 +    TCGMemOpIdx oi;
 +
 +    if (!HAVE_CMPXCHG128) {
 +        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 +    }
 +
 +    mem_idx = cpu_mmu_index(env, false);
 +    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
      cmpv = int128_make128(env->xregs[rs + 1], env->xregs[rs]);
      newv = int128_make128(new_lo, new_hi);
 -
 -    int mem_idx = cpu_mmu_index(env, false);
 -    TCGMemOpIdx oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
      oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
      env->xregs[rs + 1] = int128_getlo(oldv);
      env->xregs[rs] = int128_gethi(oldv);
 -#endif
  }
  /*
 --
-.25.1
+.17.2

-[PULL 02/15] target/arm: Use MO_128 for 16 byte atomics
+[Qemu-devel] [PULL v2 15/21] target/arm: Check HAVE_CMPXCHG128 at translate time
-Cc: qemu-arm@nongnu.org
+Reviewed-by: Emilio G. Cota <cota@braap.org>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/arm/helper-a64.c | 8 ++++----
+ target/arm/helper-a64.c    | 16 ++++------------
-file changed, 4 insertions(+), 4 deletions(-)
+ target/arm/translate-a64.c | 38 ++++++++++++++++++++++----------------
 files changed, 26 insertions(+), 28 deletions(-)
 diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper-a64.c
 +++ b/target/arm/helper-a64.c
 @@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
+     int mem_idx;
      TCGMemOpIdx oi;
 -    if (!HAVE_CMPXCHG128) {
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -    }
 +    assert(HAVE_CMPXCHG128);
      mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+     oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
 +    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
      cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
      newv = int128_make128(new_lo, new_hi);
 @@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
+     int mem_idx;
      TCGMemOpIdx oi;
 -    if (!HAVE_CMPXCHG128) {
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -    }
 +    assert(HAVE_CMPXCHG128);
      mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
+     oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
 +    oi = make_memop_idx(MO_BE | MO_128 | MO_ALIGN, mem_idx);
      /*
       * High and low need to be switched here because this is not actually a
 @@ -XXX,XX +XXX,XX @@ void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
+     int mem_idx;
      TCGMemOpIdx oi;
 -    if (!HAVE_CMPXCHG128) {
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -    }
 +    assert(HAVE_CMPXCHG128);
      mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+     oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
 +    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
      cmpv = int128_make128(env->xregs[rs], env->xregs[rs + 1]);
      newv = int128_make128(new_lo, new_hi);
 @@ -XXX,XX +XXX,XX @@ void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
+     int mem_idx;
      TCGMemOpIdx oi;
 -    if (!HAVE_CMPXCHG128) {
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -    }
 +    assert(HAVE_CMPXCHG128);
      mem_idx = cpu_mmu_index(env, false);
--    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+     oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
+index XXXXXXX..XXXXXXX 100644
-     cmpv = int128_make128(env->xregs[rs + 1], env->xregs[rs]);
+--- a/target/arm/translate-a64.c
-     newv = int128_make128(new_lo, new_hi);
++++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@
  #include "trace-tcg.h"
  #include "translate-a64.h"
 +#include "qemu/atomic128.h"
  static TCGv_i64 cpu_X[32];
  static TCGv_i64 cpu_pc;
@@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
                                         get_mem_index(s),
                                         MO_64 | MO_ALIGN | s->be_data);
              tcg_gen_setcond_i64(TCG_COND_NE, tmp, tmp, cpu_exclusive_val);
 -        } else if (s->be_data == MO_LE) {
 -            if (tb_cflags(s->base.tb) & CF_PARALLEL) {
 +        } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
 +            if (!HAVE_CMPXCHG128) {
 +                gen_helper_exit_atomic(cpu_env);
 +                s->base.is_jmp = DISAS_NORETURN;
 +            } else if (s->be_data == MO_LE) {
                  gen_helper_paired_cmpxchg64_le_parallel(tmp, cpu_env,
                                                          cpu_exclusive_addr,
                                                          cpu_reg(s, rt),
                                                          cpu_reg(s, rt2));
              } else {
 -                gen_helper_paired_cmpxchg64_le(tmp, cpu_env, cpu_exclusive_addr,
 -                                               cpu_reg(s, rt), cpu_reg(s, rt2));
 -            }
 -        } else {
 -            if (tb_cflags(s->base.tb) & CF_PARALLEL) {
                  gen_helper_paired_cmpxchg64_be_parallel(tmp, cpu_env,
                                                          cpu_exclusive_addr,
                                                          cpu_reg(s, rt),
                                                          cpu_reg(s, rt2));
 -            } else {
 -                gen_helper_paired_cmpxchg64_be(tmp, cpu_env, cpu_exclusive_addr,
 -                                               cpu_reg(s, rt), cpu_reg(s, rt2));
              }
 +        } else if (s->be_data == MO_LE) {
 +            gen_helper_paired_cmpxchg64_le(tmp, cpu_env, cpu_exclusive_addr,
 +                                           cpu_reg(s, rt), cpu_reg(s, rt2));
 +        } else {
 +            gen_helper_paired_cmpxchg64_be(tmp, cpu_env, cpu_exclusive_addr,
 +                                           cpu_reg(s, rt), cpu_reg(s, rt2));
          }
      } else {
          tcg_gen_atomic_cmpxchg_i64(tmp, cpu_exclusive_addr, cpu_exclusive_val,
@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
          }
          tcg_temp_free_i64(cmp);
      } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
 -        TCGv_i32 tcg_rs = tcg_const_i32(rs);
 -
 -        if (s->be_data == MO_LE) {
 -            gen_helper_casp_le_parallel(cpu_env, tcg_rs, addr, t1, t2);
 +        if (HAVE_CMPXCHG128) {
 +            TCGv_i32 tcg_rs = tcg_const_i32(rs);
 +            if (s->be_data == MO_LE) {
 +                gen_helper_casp_le_parallel(cpu_env, tcg_rs, addr, t1, t2);
 +            } else {
 +                gen_helper_casp_be_parallel(cpu_env, tcg_rs, addr, t1, t2);
 +            }
 +            tcg_temp_free_i32(tcg_rs);
          } else {
 -            gen_helper_casp_be_parallel(cpu_env, tcg_rs, addr, t1, t2);
 +            gen_helper_exit_atomic(cpu_env);
 +            s->base.is_jmp = DISAS_NORETURN;
          }
 -        tcg_temp_free_i32(tcg_rs);
      } else {
          TCGv_i64 d1 = tcg_temp_new_i64();
          TCGv_i64 d2 = tcg_temp_new_i64();
 --
-.25.1
+.17.2

-[PULL 04/15] target/ppc: Use MO_128 for 16 byte atomics
+[Qemu-devel] [PULL v2 16/21] target/ppc: Convert to HAVE_CMPXCHG128 and HAVE_ATOMIC128
-Cc: qemu-ppc@nongnu.org
+Reviewed-by: Emilio G. Cota <cota@braap.org>
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/ppc/translate.c | 12 +++++++-----
+ target/ppc/helper.h     |   2 +-
-file changed, 7 insertions(+), 5 deletions(-)
+ target/ppc/mem_helper.c |  33 ++++++++++--
  target/ppc/translate.c  | 115 +++++++++++++++++++++-------------------
 files changed, 88 insertions(+), 62 deletions(-)
+diff --git a/target/ppc/helper.h b/target/ppc/helper.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/ppc/helper.h
++++ b/target/ppc/helper.h
+@@ -XXX,XX +XXX,XX @@ DEF_HELPER_4(dscliq, void, env, fprp, fprp, i32)
+ DEF_HELPER_1(tbegin, void, env)
+ DEF_HELPER_FLAGS_1(fixup_thrm, TCG_CALL_NO_RWG, void, env)
+-#if defined(TARGET_PPC64) && defined(CONFIG_ATOMIC128)
++#ifdef TARGET_PPC64
+ DEF_HELPER_FLAGS_3(lq_le_parallel, TCG_CALL_NO_WG, i64, env, tl, i32)
+ DEF_HELPER_FLAGS_3(lq_be_parallel, TCG_CALL_NO_WG, i64, env, tl, i32)
+ DEF_HELPER_FLAGS_5(stq_le_parallel, TCG_CALL_NO_WG,
+diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/ppc/mem_helper.c
++++ b/target/ppc/mem_helper.c
+@@ -XXX,XX +XXX,XX @@
+ #include "exec/cpu_ldst.h"
+ #include "tcg.h"
+ #include "internal.h"
++#include "qemu/atomic128.h"
+ //#define DEBUG_OP
+@@ -XXX,XX +XXX,XX @@ target_ulong helper_lscbx(CPUPPCState *env, target_ulong addr, uint32_t reg,
+     return i;
+ }
+-#if defined(TARGET_PPC64) && defined(CONFIG_ATOMIC128)
++#ifdef TARGET_PPC64
+ uint64_t helper_lq_le_parallel(CPUPPCState *env, target_ulong addr,
+                                uint32_t opidx)
+ {
+-    Int128 ret = helper_atomic_ldo_le_mmu(env, addr, opidx, GETPC());
++    Int128 ret;
++
++    /* We will have raised EXCP_ATOMIC from the translator.  */
++    assert(HAVE_ATOMIC128);
++    ret = helper_atomic_ldo_le_mmu(env, addr, opidx, GETPC());
+     env->retxh = int128_gethi(ret);
+     return int128_getlo(ret);
+ }
+@@ -XXX,XX +XXX,XX @@ uint64_t helper_lq_le_parallel(CPUPPCState *env, target_ulong addr,
+ uint64_t helper_lq_be_parallel(CPUPPCState *env, target_ulong addr,
+                                uint32_t opidx)
+ {
+-    Int128 ret = helper_atomic_ldo_be_mmu(env, addr, opidx, GETPC());
++    Int128 ret;
++
++    /* We will have raised EXCP_ATOMIC from the translator.  */
++    assert(HAVE_ATOMIC128);
++    ret = helper_atomic_ldo_be_mmu(env, addr, opidx, GETPC());
+     env->retxh = int128_gethi(ret);
+     return int128_getlo(ret);
+ }
+@@ -XXX,XX +XXX,XX @@ uint64_t helper_lq_be_parallel(CPUPPCState *env, target_ulong addr,
+ void helper_stq_le_parallel(CPUPPCState *env, target_ulong addr,
+                             uint64_t lo, uint64_t hi, uint32_t opidx)
+ {
+-    Int128 val = int128_make128(lo, hi);
++    Int128 val;
++
++    /* We will have raised EXCP_ATOMIC from the translator.  */
++    assert(HAVE_ATOMIC128);
++    val = int128_make128(lo, hi);
+     helper_atomic_sto_le_mmu(env, addr, val, opidx, GETPC());
+ }
+ void helper_stq_be_parallel(CPUPPCState *env, target_ulong addr,
+                             uint64_t lo, uint64_t hi, uint32_t opidx)
+ {
+-    Int128 val = int128_make128(lo, hi);
++    Int128 val;
++
++    /* We will have raised EXCP_ATOMIC from the translator.  */
++    assert(HAVE_ATOMIC128);
++    val = int128_make128(lo, hi);
+     helper_atomic_sto_be_mmu(env, addr, val, opidx, GETPC());
+ }
+@@ -XXX,XX +XXX,XX @@ uint32_t helper_stqcx_le_parallel(CPUPPCState *env, target_ulong addr,
+ {
+     bool success = false;
++    /* We will have raised EXCP_ATOMIC from the translator.  */
++    assert(HAVE_CMPXCHG128);
++
+     if (likely(addr == env->reserve_addr)) {
+         Int128 oldv, cmpv, newv;
+@@ -XXX,XX +XXX,XX @@ uint32_t helper_stqcx_be_parallel(CPUPPCState *env, target_ulong addr,
+ {
+     bool success = false;
++    /* We will have raised EXCP_ATOMIC from the translator.  */
++    assert(HAVE_CMPXCHG128);
++
+     if (likely(addr == env->reserve_addr)) {
+         Int128 oldv, cmpv, newv;
 diff --git a/target/ppc/translate.c b/target/ppc/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/ppc/translate.c
 +++ b/target/ppc/translate.c
+@@ -XXX,XX +XXX,XX @@
+ #include "trace-tcg.h"
+ #include "exec/translator.h"
+ #include "exec/log.h"
++#include "qemu/atomic128.h"
+ #define CPU_SINGLE_STEP 0x1
+@@ -XXX,XX +XXX,XX @@ static void gen_lq(DisasContext *ctx)
+     hi = cpu_gpr[rd];
+     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
+-#ifdef CONFIG_ATOMIC128
+-        TCGv_i32 oi = tcg_temp_new_i32();
+-        if (ctx->le_mode) {
+-            tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
+-            gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
++        if (HAVE_ATOMIC128) {
++            TCGv_i32 oi = tcg_temp_new_i32();
++            if (ctx->le_mode) {
++                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
++                gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
++            } else {
++                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
++                gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
++            }
++            tcg_temp_free_i32(oi);
++            tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
+         } else {
+-            tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
+-            gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
++            /* Restart with exclusive lock.  */
++            gen_helper_exit_atomic(cpu_env);
++            ctx->base.is_jmp = DISAS_NORETURN;
+         }
+-        tcg_temp_free_i32(oi);
+-        tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
+-#else
+-        /* Restart with exclusive lock.  */
+-        gen_helper_exit_atomic(cpu_env);
+-        ctx->base.is_jmp = DISAS_NORETURN;
+-#endif
+     } else if (ctx->le_mode) {
+         tcg_gen_qemu_ld_i64(lo, EA, ctx->mem_idx, MO_LEQ);
+         gen_addr_add(ctx, EA, EA, 8);
 @@ -XXX,XX +XXX,XX @@ static void gen_std(DisasContext *ctx)
-             if (HAVE_ATOMIC128) {
+         hi = cpu_gpr[rs];
-                 TCGv_i32 oi = tcg_temp_new_i32();
-                 if (ctx->le_mode) {
+         if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
--                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
+-#ifdef CONFIG_ATOMIC128
-+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128,
+-            TCGv_i32 oi = tcg_temp_new_i32();
-+                                                        ctx->mem_idx));
+-            if (ctx->le_mode) {
-                     gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
+-                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
-                 } else {
+-                gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
--                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
++            if (HAVE_ATOMIC128) {
-+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128,
++                TCGv_i32 oi = tcg_temp_new_i32();
-+                                                        ctx->mem_idx));
++                if (ctx->le_mode) {
-                     gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
++                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
-                 }
++                    gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
-                 tcg_temp_free_i32(oi);
++                } else {
 +                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
 +                    gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
 +                }
 +                tcg_temp_free_i32(oi);
              } else {
 -                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
 -                gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
 +                /* Restart with exclusive lock.  */
 +                gen_helper_exit_atomic(cpu_env);
 +                ctx->base.is_jmp = DISAS_NORETURN;
              }
 -            tcg_temp_free_i32(oi);
 -#else
 -            /* Restart with exclusive lock.  */
 -            gen_helper_exit_atomic(cpu_env);
 -            ctx->base.is_jmp = DISAS_NORETURN;
 -#endif
          } else if (ctx->le_mode) {
              tcg_gen_qemu_st_i64(lo, EA, ctx->mem_idx, MO_LEQ);
              gen_addr_add(ctx, EA, EA, 8);
 @@ -XXX,XX +XXX,XX @@ static void gen_lqarx(DisasContext *ctx)
-         if (HAVE_ATOMIC128) {
+     hi = cpu_gpr[rd];
-             TCGv_i32 oi = tcg_temp_new_i32();
-             if (ctx->le_mode) {
+     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
--                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
+-#ifdef CONFIG_ATOMIC128
-+                tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128 | MO_ALIGN,
+-        TCGv_i32 oi = tcg_temp_new_i32();
-                                                     ctx->mem_idx));
+-        if (ctx->le_mode) {
-                 gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
+-            tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
-             } else {
+-                                                ctx->mem_idx));
--                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
+-            gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
-+                tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128 | MO_ALIGN,
++        if (HAVE_ATOMIC128) {
-                                                     ctx->mem_idx));
++            TCGv_i32 oi = tcg_temp_new_i32();
-                 gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
++            if (ctx->le_mode) {
-             }
++                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
 +                                                    ctx->mem_idx));
 +                gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
 +            } else {
 +                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
 +                                                    ctx->mem_idx));
 +                gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
 +            }
 +            tcg_temp_free_i32(oi);
 +            tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
          } else {
 -            tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
 -                                                ctx->mem_idx));
 -            gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
 +            /* Restart with exclusive lock.  */
 +            gen_helper_exit_atomic(cpu_env);
 +            ctx->base.is_jmp = DISAS_NORETURN;
 +            tcg_temp_free(EA);
 +            return;
          }
 -        tcg_temp_free_i32(oi);
 -        tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
 -#else
 -        /* Restart with exclusive lock.  */
 -        gen_helper_exit_atomic(cpu_env);
 -        ctx->base.is_jmp = DISAS_NORETURN;
 -        tcg_temp_free(EA);
 -        return;
 -#endif
      } else if (ctx->le_mode) {
          tcg_gen_qemu_ld_i64(lo, EA, ctx->mem_idx, MO_LEQ | MO_ALIGN_16);
          tcg_gen_mov_tl(cpu_reserve, EA);
 @@ -XXX,XX +XXX,XX @@ static void gen_stqcx_(DisasContext *ctx)
+     hi = cpu_gpr[rs];
      if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
-         if (HAVE_CMPXCHG128) {
+-        TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
--            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
+-#ifdef CONFIG_ATOMIC128
-+            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_128) | MO_ALIGN);
+-        if (ctx->le_mode) {
-             if (ctx->le_mode) {
+-            gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env, EA, lo, hi, oi);
-                 gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env,
++        if (HAVE_CMPXCHG128) {
-                                              EA, lo, hi, oi);
++            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
 +            if (ctx->le_mode) {
 +                gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env,
 +                                             EA, lo, hi, oi);
 +            } else {
 +                gen_helper_stqcx_be_parallel(cpu_crf[0], cpu_env,
 +                                             EA, lo, hi, oi);
 +            }
 +            tcg_temp_free_i32(oi);
          } else {
 -            gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env, EA, lo, hi, oi);
 +            /* Restart with exclusive lock.  */
 +            gen_helper_exit_atomic(cpu_env);
 +            ctx->base.is_jmp = DISAS_NORETURN;
          }
 -#else
 -        /* Restart with exclusive lock.  */
 -        gen_helper_exit_atomic(cpu_env);
 -        ctx->base.is_jmp = DISAS_NORETURN;
 -#endif
          tcg_temp_free(EA);
 -        tcg_temp_free_i32(oi);
      } else {
          TCGLabel *lab_fail = gen_new_label();
          TCGLabel *lab_over = gen_new_label();
 --
-.25.1
+.17.2

-[PULL 05/15] target/s390x: Use MO_128 for 16 byte atomics
+[Qemu-devel] [PULL v2 17/21] target/s390x: Convert to HAVE_CMPXCHG128 and HAVE_ATOMIC128
 Reviewed-by: David Hildenbrand <david@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/s390x/tcg/mem_helper.c | 4 ++--
+ target/s390x/mem_helper.c | 92 +++++++++++++++++----------------------
-file changed, 2 insertions(+), 2 deletions(-)
+file changed, 41 insertions(+), 51 deletions(-)
-diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
+diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/s390x/tcg/mem_helper.c
+--- a/target/s390x/mem_helper.c
-+++ b/target/s390x/tcg/mem_helper.c
++++ b/target/s390x/mem_helper.c
@@ -XXX,XX +XXX,XX @@
  #include "exec/exec-all.h"
  #include "exec/cpu_ldst.h"
  #include "qemu/int128.h"
 +#include "qemu/atomic128.h"
  #if !defined(CONFIG_USER_ONLY)
  #include "hw/s390x/storage-keys.h"
@@ -XXX,XX +XXX,XX @@ static void do_cdsg(CPUS390XState *env, uint64_t addr,
      bool fail;
      if (parallel) {
 -#ifndef CONFIG_ATOMIC128
 +#if !HAVE_CMPXCHG128
          cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
  #else
          int mem_idx = cpu_mmu_index(env, false);
 @@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
-     assert(HAVE_CMPXCHG128);
+ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
+                         uint64_t a2, bool parallel)
-     mem_idx = cpu_mmu_index(env, false);
+ {
--    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+-#if !defined(CONFIG_USER_ONLY) || defined(CONFIG_ATOMIC128)
-+    oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
+     uint32_t mem_idx = cpu_mmu_index(env, false);
-     oldv = cpu_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
+-#endif
-     fail = !int128_eq(oldv, cmpv);
+     uintptr_t ra = GETPC();
+     uint32_t fc = extract32(env->regs[0], 0, 8);
      uint32_t sc = extract32(env->regs[0], 8, 8);
 @@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
+     probe_write(env, a2, 0, mem_idx, ra);
+ #endif
+-    /* Note that the compare-and-swap is atomic, and the store is atomic, but
+-       the complete operation is not.  Therefore we do not need to assert serial
+-       context in order to implement this.  That said, restart early if we can't
+-       support either operation that is supposed to be atomic.  */
++    /*
++     * Note that the compare-and-swap is atomic, and the store is atomic,
++     * but the complete operation is not.  Therefore we do not need to
++     * assert serial context in order to implement this.  That said,
++     * restart early if we can't support either operation that is supposed
++     * to be atomic.
++     */
+     if (parallel) {
+-        int mask = 0;
+-#if !defined(CONFIG_ATOMIC64)
+-        mask = -8;
+-#elif !defined(CONFIG_ATOMIC128)
+-        mask = -16;
++        uint32_t max = 2;
++#ifdef CONFIG_ATOMIC64
++        max = 3;
+ #endif
+-        if (((4 << fc) | (1 << sc)) & mask) {
++        if ((HAVE_CMPXCHG128 ? 0 : fc + 2 > max) ||
++            (HAVE_ATOMIC128  ? 0 : sc > max)) {
+             cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+         }
+     }
+@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
+             Int128 cv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
+             Int128 ov;
+-            if (parallel) {
+-#ifdef CONFIG_ATOMIC128
+-                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+-                ov = helper_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
+-                cc = !int128_eq(ov, cv);
+-#else
+-                /* Note that we asserted !parallel above.  */
+-                g_assert_not_reached();
+-#endif
+-            } else {
++            if (!parallel) {
+                 uint64_t oh = cpu_ldq_data_ra(env, a1 + 0, ra);
+                 uint64_t ol = cpu_ldq_data_ra(env, a1 + 8, ra);
+@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                  cpu_stq_data_ra(env, a1 + 0, int128_gethi(nv), ra);
                  cpu_stq_data_ra(env, a1 + 8, int128_getlo(nv), ra);
-             } else if (HAVE_CMPXCHG128) {
++            } else if (HAVE_CMPXCHG128) {
--                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
++                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-+                MemOpIdx oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
++                ov = helper_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
-                 ov = cpu_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
++                cc = !int128_eq(ov, cv);
-                 cc = !int128_eq(ov, cv);
++            } else {
-             } else {
++                /* Note that we asserted !parallel above.  */
 +                g_assert_not_reached();
              }
              env->regs[r3 + 0] = int128_gethi(ov);
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
              cpu_stq_data_ra(env, a2, svh, ra);
              break;
          case 4:
 -            if (parallel) {
 -#ifdef CONFIG_ATOMIC128
 +            if (!parallel) {
 +                cpu_stq_data_ra(env, a2 + 0, svh, ra);
 +                cpu_stq_data_ra(env, a2 + 8, svl, ra);
 +            } else if (HAVE_ATOMIC128) {
                  TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
                  Int128 sv = int128_make128(svl, svh);
                  helper_atomic_sto_be_mmu(env, a2, sv, oi, ra);
 -#else
 +            } else {
                  /* Note that we asserted !parallel above.  */
                  g_assert_not_reached();
 -#endif
 -            } else {
 -                cpu_stq_data_ra(env, a2 + 0, svh, ra);
 -                cpu_stq_data_ra(env, a2 + 8, svl, ra);
              }
              break;
          default:
@@ -XXX,XX +XXX,XX @@ static uint64_t do_lpq(CPUS390XState *env, uint64_t addr, bool parallel)
      uintptr_t ra = GETPC();
      uint64_t hi, lo;
 -    if (parallel) {
 -#ifndef CONFIG_ATOMIC128
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -#else
 +    if (!parallel) {
 +        check_alignment(env, addr, 16, ra);
 +        hi = cpu_ldq_data_ra(env, addr + 0, ra);
 +        lo = cpu_ldq_data_ra(env, addr + 8, ra);
 +    } else if (HAVE_ATOMIC128) {
          int mem_idx = cpu_mmu_index(env, false);
          TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
          Int128 v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
          hi = int128_gethi(v);
          lo = int128_getlo(v);
 -#endif
      } else {
 -        check_alignment(env, addr, 16, ra);
 -
 -        hi = cpu_ldq_data_ra(env, addr + 0, ra);
 -        lo = cpu_ldq_data_ra(env, addr + 8, ra);
 +        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
      }
      env->retxl = lo;
@@ -XXX,XX +XXX,XX @@ static void do_stpq(CPUS390XState *env, uint64_t addr,
  {
      uintptr_t ra = GETPC();
 -    if (parallel) {
 -#ifndef CONFIG_ATOMIC128
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -#else
 -        int mem_idx = cpu_mmu_index(env, false);
 -        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
 -
 -        Int128 v = int128_make128(low, high);
 -        helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
 -#endif
 -    } else {
 +    if (!parallel) {
          check_alignment(env, addr, 16, ra);
 -
          cpu_stq_data_ra(env, addr + 0, high, ra);
          cpu_stq_data_ra(env, addr + 8, low, ra);
 +    } else if (HAVE_ATOMIC128) {
 +        int mem_idx = cpu_mmu_index(env, false);
 +        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
 +        Int128 v = int128_make128(low, high);
 +        helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
 +    } else {
 +        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
      }
  }
 --
-.25.1
+.17.2

-[PULL 10/15] target/mips: Use 8-byte memory ops for msa load/store
+[Qemu-devel] [PULL v2 18/21] target/s390x: Split do_cdsg, do_lpq, do_stpq
-Rather than use 4-16 separate operations, use 2 operations
+Reviewed-by: David Hildenbrand <david@redhat.com>
 plus some byte reordering as necessary.
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/mips/tcg/msa_helper.c | 201 +++++++++++++----------------------
+ target/s390x/mem_helper.c | 128 ++++++++++++++++++--------------------
-file changed, 71 insertions(+), 130 deletions(-)
+file changed, 61 insertions(+), 67 deletions(-)
-diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
+diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/msa_helper.c
+--- a/target/s390x/mem_helper.c
-+++ b/target/mips/tcg/msa_helper.c
++++ b/target/s390x/mem_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ffint_u_df(CPUMIPSState *env, uint32_t df, uint32_t wd,
+@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(trXX)(CPUS390XState *env, uint32_t r1, uint32_t r2,
- #define MEMOP_IDX(DF)
+     return cc;
  }
 -static void do_cdsg(CPUS390XState *env, uint64_t addr,
 -                    uint32_t r1, uint32_t r3, bool parallel)
 +void HELPER(cdsg)(CPUS390XState *env, uint64_t addr,
 +                  uint32_t r1, uint32_t r3)
  {
      uintptr_t ra = GETPC();
      Int128 cmpv = int128_make128(env->regs[r1 + 1], env->regs[r1]);
      Int128 newv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
      Int128 oldv;
 +    uint64_t oldh, oldl;
      bool fail;
 -    if (parallel) {
 -#if !HAVE_CMPXCHG128
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -#else
 -        int mem_idx = cpu_mmu_index(env, false);
 -        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
 -        oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
 -        fail = !int128_eq(oldv, cmpv);
 -#endif
 -    } else {
 -        uint64_t oldh, oldl;
 +    check_alignment(env, addr, 16, ra);
 -        check_alignment(env, addr, 16, ra);
 +    oldh = cpu_ldq_data_ra(env, addr + 0, ra);
 +    oldl = cpu_ldq_data_ra(env, addr + 8, ra);
 -        oldh = cpu_ldq_data_ra(env, addr + 0, ra);
 -        oldl = cpu_ldq_data_ra(env, addr + 8, ra);
 -
 -        oldv = int128_make128(oldl, oldh);
 -        fail = !int128_eq(oldv, cmpv);
 -        if (fail) {
 -            newv = oldv;
 -        }
 -
 -        cpu_stq_data_ra(env, addr + 0, int128_gethi(newv), ra);
 -        cpu_stq_data_ra(env, addr + 8, int128_getlo(newv), ra);
 +    oldv = int128_make128(oldl, oldh);
 +    fail = !int128_eq(oldv, cmpv);
 +    if (fail) {
 +        newv = oldv;
      }
 +    cpu_stq_data_ra(env, addr + 0, int128_gethi(newv), ra);
 +    cpu_stq_data_ra(env, addr + 8, int128_getlo(newv), ra);
 +
      env->cc_op = fail;
      env->regs[r1] = int128_gethi(oldv);
      env->regs[r1 + 1] = int128_getlo(oldv);
  }
 -void HELPER(cdsg)(CPUS390XState *env, uint64_t addr,
 -                  uint32_t r1, uint32_t r3)
 -{
 -    do_cdsg(env, addr, r1, r3, false);
 -}
 -
  void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
                             uint32_t r1, uint32_t r3)
  {
 -    do_cdsg(env, addr, r1, r3, true);
 +    uintptr_t ra = GETPC();
 +    Int128 cmpv = int128_make128(env->regs[r1 + 1], env->regs[r1]);
 +    Int128 newv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
 +    int mem_idx;
 +    TCGMemOpIdx oi;
 +    Int128 oldv;
 +    bool fail;
 +
 +    if (!HAVE_CMPXCHG128) {
 +        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 +    }
 +
 +    mem_idx = cpu_mmu_index(env, false);
 +    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
 +    oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
 +    fail = !int128_eq(oldv, cmpv);
 +
 +    env->cc_op = fail;
 +    env->regs[r1] = int128_gethi(oldv);
 +    env->regs[r1 + 1] = int128_getlo(oldv);
  }
  static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(lra)(CPUS390XState *env, uint64_t addr)
  #endif
-+#ifdef TARGET_WORDS_BIGENDIAN
+ /* load pair from quadword */
-+static inline uint64_t bswap16x4(uint64_t x)
+-static uint64_t do_lpq(CPUS390XState *env, uint64_t addr, bool parallel)
-+{
++uint64_t HELPER(lpq)(CPUS390XState *env, uint64_t addr)
-+    uint64_t m = 0x00ff00ff00ff00ffull;
+ {
-+    return ((x & m) << 8) | ((x >> 8) & m);
+     uintptr_t ra = GETPC();
      uint64_t hi, lo;
 -    if (!parallel) {
 -        check_alignment(env, addr, 16, ra);
 -        hi = cpu_ldq_data_ra(env, addr + 0, ra);
 -        lo = cpu_ldq_data_ra(env, addr + 8, ra);
 -    } else if (HAVE_ATOMIC128) {
 +    check_alignment(env, addr, 16, ra);
 +    hi = cpu_ldq_data_ra(env, addr + 0, ra);
 +    lo = cpu_ldq_data_ra(env, addr + 8, ra);
 +
 +    env->retxl = lo;
 +    return hi;
 +}
 +
-+static inline uint64_t bswap32x2(uint64_t x)
++uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
 +{
-+    return ror64(bswap64(x), 32);
++    uintptr_t ra = GETPC();
 +    uint64_t hi, lo;
 +
 +    if (HAVE_ATOMIC128) {
          int mem_idx = cpu_mmu_index(env, false);
          TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
          Int128 v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
@@ -XXX,XX +XXX,XX @@ static uint64_t do_lpq(CPUS390XState *env, uint64_t addr, bool parallel)
      return hi;
  }
 -uint64_t HELPER(lpq)(CPUS390XState *env, uint64_t addr)
 -{
 -    return do_lpq(env, addr, false);
 -}
 -
 -uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
 -{
 -    return do_lpq(env, addr, true);
 -}
 -
  /* store pair to quadword */
 -static void do_stpq(CPUS390XState *env, uint64_t addr,
 -                    uint64_t low, uint64_t high, bool parallel)
 +void HELPER(stpq)(CPUS390XState *env, uint64_t addr,
 +                  uint64_t low, uint64_t high)
  {
      uintptr_t ra = GETPC();
 -    if (!parallel) {
 -        check_alignment(env, addr, 16, ra);
 -        cpu_stq_data_ra(env, addr + 0, high, ra);
 -        cpu_stq_data_ra(env, addr + 8, low, ra);
 -    } else if (HAVE_ATOMIC128) {
 +    check_alignment(env, addr, 16, ra);
 +    cpu_stq_data_ra(env, addr + 0, high, ra);
 +    cpu_stq_data_ra(env, addr + 8, low, ra);
 +}
-+#endif
 +
- void helper_msa_ld_b(CPUMIPSState *env, uint32_t wd,
++void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
-                      target_ulong addr)
++                           uint64_t low, uint64_t high)
- {
++{
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
++    uintptr_t ra = GETPC();
-     uintptr_t ra = GETPC();
++
-+    uint64_t d0, d1;
++    if (HAVE_ATOMIC128) {
+         int mem_idx = cpu_mmu_index(env, false);
--#if !defined(HOST_WORDS_BIGENDIAN)
+         TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
--    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
+         Int128 v = int128_make128(low, high);
--    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
+@@ -XXX,XX +XXX,XX @@ static void do_stpq(CPUS390XState *env, uint64_t addr,
--    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
+     }
 -    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
 -    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
 -    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
 -    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
 -    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
 -    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (8  << DF_BYTE), ra);
 -    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (9  << DF_BYTE), ra);
 -    pwd->b[10] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
 -    pwd->b[11] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
 -    pwd->b[12] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
 -    pwd->b[13] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
 -    pwd->b[14] = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
 -    pwd->b[15] = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
 -#else
 -    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
 -    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
 -    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
 -    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
 -    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
 -    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
 -    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
 -    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
 -    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
 -    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
 -    pwd->b[10] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
 -    pwd->b[11] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
 -    pwd->b[12] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
 -    pwd->b[13] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
 -    pwd->b[14] = cpu_ldub_data_ra(env, addr + (9 << DF_BYTE), ra);
 -    pwd->b[15] = cpu_ldub_data_ra(env, addr + (8 << DF_BYTE), ra);
 -#endif
 +    /* Load 8 bytes at a time.  Vector element ordering makes this LE.  */
 +    d0 = cpu_ldq_le_data_ra(env, addr + 0, ra);
 +    d1 = cpu_ldq_le_data_ra(env, addr + 8, ra);
 +    pwd->d[0] = d0;
 +    pwd->d[1] = d1;
  }
- void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
+-void HELPER(stpq)(CPUS390XState *env, uint64_t addr,
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
+-                  uint64_t low, uint64_t high)
- {
+-{
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+-    do_stpq(env, addr, low, high, false);
-     uintptr_t ra = GETPC();
+-}
-+    uint64_t d0, d1;
+-
+-void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
--#if !defined(HOST_WORDS_BIGENDIAN)
+-                           uint64_t low, uint64_t high)
--    pwd->h[0] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
+-{
--    pwd->h[1] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
+-    do_stpq(env, addr, low, high, true);
--    pwd->h[2] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
+-}
--    pwd->h[3] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
+-
--    pwd->h[4] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
+ /* Execute instruction.  This instruction executes an insn modified with
--    pwd->h[5] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
+    the contents of r1.  It does not change the executed instruction in memory;
--    pwd->h[6] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
+    it does not change the program counter.
 -    pwd->h[7] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
 -#else
 -    pwd->h[0] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
 -    pwd->h[1] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
 -    pwd->h[2] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
 -    pwd->h[3] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
 -    pwd->h[4] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
 -    pwd->h[5] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
 -    pwd->h[6] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
 -    pwd->h[7] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
 +    /*
 +     * Load 8 bytes at a time.  Use little-endian load, then for
 +     * big-endian target, we must then swap the four halfwords.
 +     */
 +    d0 = cpu_ldq_le_data_ra(env, addr + 0, ra);
 +    d1 = cpu_ldq_le_data_ra(env, addr + 8, ra);
 +#ifdef TARGET_WORDS_BIGENDIAN
 +    d0 = bswap16x4(d0);
 +    d1 = bswap16x4(d1);
  #endif
 +    pwd->d[0] = d0;
 +    pwd->d[1] = d1;
  }
  void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
  {
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      uintptr_t ra = GETPC();
 +    uint64_t d0, d1;
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    pwd->w[0] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
 -    pwd->w[1] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
 -    pwd->w[2] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
 -    pwd->w[3] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
 -#else
 -    pwd->w[0] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
 -    pwd->w[1] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
 -    pwd->w[2] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
 -    pwd->w[3] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
 +    /*
 +     * Load 8 bytes at a time.  Use little-endian load, then for
 +     * big-endian target, we must then bswap the two words.
 +     */
 +    d0 = cpu_ldq_le_data_ra(env, addr + 0, ra);
 +    d1 = cpu_ldq_le_data_ra(env, addr + 8, ra);
 +#ifdef TARGET_WORDS_BIGENDIAN
 +    d0 = bswap32x2(d0);
 +    d1 = bswap32x2(d1);
  #endif
 +    pwd->d[0] = d0;
 +    pwd->d[1] = d1;
  }
  void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
  {
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      uintptr_t ra = GETPC();
 +    uint64_t d0, d1;
 -    pwd->d[0] = cpu_ldq_data_ra(env, addr + (0 << DF_DOUBLE), ra);
 -    pwd->d[1] = cpu_ldq_data_ra(env, addr + (1 << DF_DOUBLE), ra);
 +    d0 = cpu_ldq_data_ra(env, addr + 0, ra);
 +    d1 = cpu_ldq_data_ra(env, addr + 8, ra);
 +    pwd->d[0] = d0;
 +    pwd->d[1] = d1;
  }
  #define MSA_PAGESPAN(x) \
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_b(CPUMIPSState *env, uint32_t wd,
      ensure_writable_pages(env, addr, mmu_idx, ra);
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[0], ra);
 -    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[1], ra);
 -    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[2], ra);
 -    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[3], ra);
 -    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[4], ra);
 -    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[5], ra);
 -    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[6], ra);
 -    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[7], ra);
 -    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[8], ra);
 -    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[9], ra);
 -    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[10], ra);
 -    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[11], ra);
 -    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[12], ra);
 -    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[13], ra);
 -    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[14], ra);
 -    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[15], ra);
 -#else
 -    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[0], ra);
 -    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[1], ra);
 -    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[2], ra);
 -    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[3], ra);
 -    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[4], ra);
 -    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[5], ra);
 -    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[6], ra);
 -    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[7], ra);
 -    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[8], ra);
 -    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[9], ra);
 -    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[10], ra);
 -    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[11], ra);
 -    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[12], ra);
 -    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[13], ra);
 -    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[14], ra);
 -    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[15], ra);
 -#endif
 +    /* Store 8 bytes at a time.  Vector element ordering makes this LE.  */
 +    cpu_stq_le_data_ra(env, addr + 0, pwd->d[0], ra);
 +    cpu_stq_le_data_ra(env, addr + 0, pwd->d[1], ra);
  }
  void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      int mmu_idx = cpu_mmu_index(env, false);
      uintptr_t ra = GETPC();
 +    uint64_t d0, d1;
      ensure_writable_pages(env, addr, mmu_idx, ra);
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[0], ra);
 -    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[1], ra);
 -    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[2], ra);
 -    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[3], ra);
 -    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[4], ra);
 -    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[5], ra);
 -    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[6], ra);
 -    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[7], ra);
 -#else
 -    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[0], ra);
 -    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[1], ra);
 -    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[2], ra);
 -    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[3], ra);
 -    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[4], ra);
 -    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[5], ra);
 -    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[6], ra);
 -    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[7], ra);
 +    /* Store 8 bytes at a time.  See helper_msa_ld_h. */
 +    d0 = pwd->d[0];
 +    d1 = pwd->d[1];
 +#ifdef TARGET_WORDS_BIGENDIAN
 +    d0 = bswap16x4(d0);
 +    d1 = bswap16x4(d1);
  #endif
 +    cpu_stq_le_data_ra(env, addr + 0, d0, ra);
 +    cpu_stq_le_data_ra(env, addr + 8, d1, ra);
  }
  void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      int mmu_idx = cpu_mmu_index(env, false);
      uintptr_t ra = GETPC();
 +    uint64_t d0, d1;
      ensure_writable_pages(env, addr, mmu_idx, ra);
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[0], ra);
 -    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[1], ra);
 -    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[2], ra);
 -    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[3], ra);
 -#else
 -    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[0], ra);
 -    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[1], ra);
 -    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[2], ra);
 -    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[3], ra);
 +    /* Store 8 bytes at a time.  See helper_msa_ld_w. */
 +    d0 = pwd->d[0];
 +    d1 = pwd->d[1];
 +#ifdef TARGET_WORDS_BIGENDIAN
 +    d0 = bswap32x2(d0);
 +    d1 = bswap32x2(d1);
  #endif
 +    cpu_stq_le_data_ra(env, addr + 0, d0, ra);
 +    cpu_stq_le_data_ra(env, addr + 8, d1, ra);
  }
  void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
      ensure_writable_pages(env, addr, mmu_idx, GETPC());
 -    cpu_stq_data_ra(env, addr + (0 << DF_DOUBLE), pwd->d[0], ra);
 -    cpu_stq_data_ra(env, addr + (1 << DF_DOUBLE), pwd->d[1], ra);
 +    cpu_stq_data_ra(env, addr + 0, pwd->d[0], ra);
 +    cpu_stq_data_ra(env, addr + 8, pwd->d[1], ra);
  }
 --
-.25.1
+.17.2

-[PULL 01/15] memory: Log access direction for invalid accesses
+[Qemu-devel] [PULL v2 19/21] target/s390x: Skip wout, cout helpers if op helper does not return
-From: BALATON Zoltan <balaton@eik.bme.hu>
+When op raises an exception, it may not have initialized the output
+temps that would be written back by wout or cout.
 In memory_region_access_valid() invalid accesses are logged to help
 debugging but the log message does not say if it was a read or write.
 Log that too to better identify the access causing the problem.
 Reviewed-by: David Hildenbrand <david@redhat.com>
-Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
-Message-Id: <20211011173616.F1DE0756022@zero.eik.bme.hu>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- softmmu/memory.c | 20 ++++++++++----------
+ target/s390x/translate.c | 20 +++++++++++++++-----
-file changed, 10 insertions(+), 10 deletions(-)
+file changed, 15 insertions(+), 5 deletions(-)
-diff --git a/softmmu/memory.c b/softmmu/memory.c
+diff --git a/target/s390x/translate.c b/target/s390x/translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/softmmu/memory.c
+--- a/target/s390x/translate.c
-+++ b/softmmu/memory.c
++++ b/target/s390x/translate.c
-@@ -XXX,XX +XXX,XX @@ bool memory_region_access_valid(MemoryRegion *mr,
+@@ -XXX,XX +XXX,XX @@ struct DisasInsn {
- {
-     if (mr->ops->valid.accepts
+     const char *name;
-         && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) {
--        qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr "
++    /* Pre-process arguments before HELP_OP.  */
--                                       "0x%" HWADDR_PRIX ", size %u, "
+     void (*help_in1)(DisasContext *, DisasFields *, DisasOps *);
--                                       "region '%s', reason: rejected\n",
+     void (*help_in2)(DisasContext *, DisasFields *, DisasOps *);
-+        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
+     void (*help_prep)(DisasContext *, DisasFields *, DisasOps *);
-+                      ", size %u, region '%s', reason: rejected\n",
++
-+                      is_write ? "write" : "read",
++    /*
-                       addr, size, memory_region_name(mr));
++     * Post-process output after HELP_OP.
-         return false;
++     * Note that these are not called if HELP_OP returns DISAS_NORETURN.
 +     */
      void (*help_wout)(DisasContext *, DisasFields *, DisasOps *);
      void (*help_cout)(DisasContext *, DisasOps *);
 +
 +    /* Implement the operation itself.  */
      DisasJumpType (*help_op)(DisasContext *, DisasOps *);
      uint64_t data;
@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
      if (insn->help_op) {
          ret = insn->help_op(s, &o);
      }
+-    if (insn->help_wout) {
-     if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
+-        insn->help_wout(s, &f, &o);
--        qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr "
+-    }
--                                       "0x%" HWADDR_PRIX ", size %u, "
+-    if (insn->help_cout) {
--                                       "region '%s', reason: unaligned\n",
+-        insn->help_cout(s, &o);
-+        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
++    if (ret != DISAS_NORETURN) {
-+                      ", size %u, region '%s', reason: unaligned\n",
++        if (insn->help_wout) {
-+                      is_write ? "write" : "read",
++            insn->help_wout(s, &f, &o);
-                       addr, size, memory_region_name(mr));
++        }
-         return false;
++        if (insn->help_cout) {
 +            insn->help_cout(s, &o);
 +        }
      }
-@@ -XXX,XX +XXX,XX @@ bool memory_region_access_valid(MemoryRegion *mr,
+     /* Free any temporaries created by the helpers.  */
      if (size > mr->ops->valid.max_access_size
          || size < mr->ops->valid.min_access_size) {
 -        qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr "
 -                                       "0x%" HWADDR_PRIX ", size %u, "
 -                                       "region '%s', reason: invalid size "
 -                                       "(min:%u max:%u)\n",
 +        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
 +                      ", size %u, region '%s', reason: invalid size "
 +                      "(min:%u max:%u)\n",
 +                      is_write ? "write" : "read",
                        addr, size, memory_region_name(mr),
                        mr->ops->valid.min_access_size,
                        mr->ops->valid.max_access_size);
 --
-.25.1
+.17.2

-[PULL 09/15] target/mips: Use cpu_*_data_ra for msa load/store
+[Qemu-devel] [PULL v2 20/21] target/s390x: Check HAVE_ATOMIC128 and HAVE_CMPXCHG128 at translate
-We should not have been using the helper_ret_* set of
+Reviewed-by: David Hildenbrand <david@redhat.com>
 functions, as they are supposed to be private to tcg.
 Nor should we have been using the plain cpu_*_data set
 of functions, as they do not handle unwinding properly.
 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
- target/mips/tcg/msa_helper.c | 420 +++++++++++------------------------
+ target/s390x/mem_helper.c | 40 +++++++++++++++++++--------------------
-file changed, 135 insertions(+), 285 deletions(-)
+ target/s390x/translate.c  | 25 +++++++++++++++++-------
 files changed, 38 insertions(+), 27 deletions(-)
-diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
+diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/mips/tcg/msa_helper.c
+--- a/target/s390x/mem_helper.c
-+++ b/target/mips/tcg/msa_helper.c
++++ b/target/s390x/mem_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_b(CPUMIPSState *env, uint32_t wd,
+@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
-                      target_ulong addr)
+     Int128 oldv;
      bool fail;
 -    if (!HAVE_CMPXCHG128) {
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -    }
 +    assert(HAVE_CMPXCHG128);
      mem_idx = cpu_mmu_index(env, false);
      oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
  {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+     uintptr_t ra = GETPC();
--    MEMOP_IDX(DF_BYTE)
+     uint64_t hi, lo;
--#if !defined(CONFIG_USER_ONLY)
++    int mem_idx;
-+    uintptr_t ra = GETPC();
++    TCGMemOpIdx oi;
 +    Int128 v;
 -    if (HAVE_ATOMIC128) {
 -        int mem_idx = cpu_mmu_index(env, false);
 -        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
 -        Int128 v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
 -        hi = int128_gethi(v);
 -        lo = int128_getlo(v);
 -    } else {
 -        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 -    }
 +    assert(HAVE_ATOMIC128);
 +
- #if !defined(HOST_WORDS_BIGENDIAN)
++    mem_idx = cpu_mmu_index(env, false);
--    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
++    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
--    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
++    v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
--    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
++    hi = int128_gethi(v);
--    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
++    lo = int128_getlo(v);
--    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
--    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
+     env->retxl = lo;
--    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
+     return hi;
--    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
+@@ -XXX,XX +XXX,XX @@ void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
--    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
+                            uint64_t low, uint64_t high)
--    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
+ {
--    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
+     uintptr_t ra = GETPC();
--    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
++    int mem_idx;
--    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
++    TCGMemOpIdx oi;
--    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
++    Int128 v;
--    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
--    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
+-    if (HAVE_ATOMIC128) {
-+    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
+-        int mem_idx = cpu_mmu_index(env, false);
-+    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
+-        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-+    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
+-        Int128 v = int128_make128(low, high);
-+    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
+-        helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
-+    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
+-    } else {
-+    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
+-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-+    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
+-    }
-+    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
++    assert(HAVE_ATOMIC128);
-+    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (8  << DF_BYTE), ra);
++
-+    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (9  << DF_BYTE), ra);
++    mem_idx = cpu_mmu_index(env, false);
-+    pwd->b[10] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
++    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-+    pwd->b[11] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
++    v = int128_make128(low, high);
-+    pwd->b[12] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
++    helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
 +    pwd->b[13] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
 +    pwd->b[14] = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
 +    pwd->b[15] = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
  #else
 -    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
 -    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
 -    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
 -    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
 -    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
 -    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
 -    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
 -    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
 -    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
 -    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
 -    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
 -    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
 -    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
 -    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
 -    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
 -    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
 -#endif
 -#else
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    pwd->b[0]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
 -    pwd->b[1]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
 -    pwd->b[2]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
 -    pwd->b[3]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
 -    pwd->b[4]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
 -    pwd->b[5]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
 -    pwd->b[6]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
 -    pwd->b[7]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
 -    pwd->b[8]  = cpu_ldub_data(env, addr + (8  << DF_BYTE));
 -    pwd->b[9]  = cpu_ldub_data(env, addr + (9  << DF_BYTE));
 -    pwd->b[10] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
 -    pwd->b[11] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
 -    pwd->b[12] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
 -    pwd->b[13] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
 -    pwd->b[14] = cpu_ldub_data(env, addr + (14 << DF_BYTE));
 -    pwd->b[15] = cpu_ldub_data(env, addr + (15 << DF_BYTE));
 -#else
 -    pwd->b[0]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
 -    pwd->b[1]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
 -    pwd->b[2]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
 -    pwd->b[3]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
 -    pwd->b[4]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
 -    pwd->b[5]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
 -    pwd->b[6]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
 -    pwd->b[7]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
 -    pwd->b[8]  = cpu_ldub_data(env, addr + (15 << DF_BYTE));
 -    pwd->b[9]  = cpu_ldub_data(env, addr + (14 << DF_BYTE));
 -    pwd->b[10] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
 -    pwd->b[11] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
 -    pwd->b[12] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
 -    pwd->b[13] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
 -    pwd->b[14] = cpu_ldub_data(env, addr + (9 << DF_BYTE));
 -    pwd->b[15] = cpu_ldub_data(env, addr + (8 << DF_BYTE));
 -#endif
 +    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
 +    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
 +    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
 +    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
 +    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
 +    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
 +    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
 +    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
 +    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
 +    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
 +    pwd->b[10] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
 +    pwd->b[11] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
 +    pwd->b[12] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
 +    pwd->b[13] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
 +    pwd->b[14] = cpu_ldub_data_ra(env, addr + (9 << DF_BYTE), ra);
 +    pwd->b[15] = cpu_ldub_data_ra(env, addr + (8 << DF_BYTE), ra);
  #endif
  }
-@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
+ /* Execute instruction.  This instruction executes an insn modified with
-                      target_ulong addr)
+diff --git a/target/s390x/translate.c b/target/s390x/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/s390x/translate.c
 +++ b/target/s390x/translate.c
@@ -XXX,XX +XXX,XX @@
  #include "trace-tcg.h"
  #include "exec/translator.h"
  #include "exec/log.h"
 +#include "qemu/atomic128.h"
  /* Information that (most) every instruction needs to manipulate.  */
@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_cdsg(DisasContext *s, DisasOps *o)
      int r3 = get_field(s->fields, r3);
      int d2 = get_field(s->fields, d2);
      int b2 = get_field(s->fields, b2);
 +    DisasJumpType ret = DISAS_NEXT;
      TCGv_i64 addr;
      TCGv_i32 t_r1, t_r3;
@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_cdsg(DisasContext *s, DisasOps *o)
      addr = get_address(s, 0, b2, d2);
      t_r1 = tcg_const_i32(r1);
      t_r3 = tcg_const_i32(r3);
 -    if (tb_cflags(s->base.tb) & CF_PARALLEL) {
 +    if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
 +        gen_helper_cdsg(cpu_env, addr, t_r1, t_r3);
 +    } else if (HAVE_CMPXCHG128) {
          gen_helper_cdsg_parallel(cpu_env, addr, t_r1, t_r3);
      } else {
 -        gen_helper_cdsg(cpu_env, addr, t_r1, t_r3);
 +        gen_helper_exit_atomic(cpu_env);
 +        ret = DISAS_NORETURN;
      }
      tcg_temp_free_i64(addr);
      tcg_temp_free_i32(t_r1);
      tcg_temp_free_i32(t_r3);
      set_cc_static(s);
 -    return DISAS_NEXT;
 +    return ret;
  }
  static DisasJumpType op_csst(DisasContext *s, DisasOps *o)
@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_lpd(DisasContext *s, DisasOps *o)
  static DisasJumpType op_lpq(DisasContext *s, DisasOps *o)
  {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+-    if (tb_cflags(s->base.tb) & CF_PARALLEL) {
--    MEMOP_IDX(DF_HALF)
++    if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
--#if !defined(CONFIG_USER_ONLY)
++        gen_helper_lpq(o->out, cpu_env, o->in2);
-+    uintptr_t ra = GETPC();
++    } else if (HAVE_ATOMIC128) {
-+
+         gen_helper_lpq_parallel(o->out, cpu_env, o->in2);
- #if !defined(HOST_WORDS_BIGENDIAN)
+     } else {
--    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
+-        gen_helper_lpq(o->out, cpu_env, o->in2);
--    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
++        gen_helper_exit_atomic(cpu_env);
--    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
++        return DISAS_NORETURN;
--    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
+     }
--    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
+     return_low128(o->out2);
--    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
+     return DISAS_NEXT;
--    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
+@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_stmh(DisasContext *s, DisasOps *o)
--    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
-+    pwd->h[0] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
+ static DisasJumpType op_stpq(DisasContext *s, DisasOps *o)
 +    pwd->h[1] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
 +    pwd->h[2] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
 +    pwd->h[3] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
 +    pwd->h[4] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
 +    pwd->h[5] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
 +    pwd->h[6] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
 +    pwd->h[7] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
  #else
 -    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
 -    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
 -    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
 -    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
 -    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
 -    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
 -    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
 -    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
 -#endif
 -#else
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    pwd->h[0] = cpu_lduw_data(env, addr + (0 << DF_HALF));
 -    pwd->h[1] = cpu_lduw_data(env, addr + (1 << DF_HALF));
 -    pwd->h[2] = cpu_lduw_data(env, addr + (2 << DF_HALF));
 -    pwd->h[3] = cpu_lduw_data(env, addr + (3 << DF_HALF));
 -    pwd->h[4] = cpu_lduw_data(env, addr + (4 << DF_HALF));
 -    pwd->h[5] = cpu_lduw_data(env, addr + (5 << DF_HALF));
 -    pwd->h[6] = cpu_lduw_data(env, addr + (6 << DF_HALF));
 -    pwd->h[7] = cpu_lduw_data(env, addr + (7 << DF_HALF));
 -#else
 -    pwd->h[0] = cpu_lduw_data(env, addr + (3 << DF_HALF));
 -    pwd->h[1] = cpu_lduw_data(env, addr + (2 << DF_HALF));
 -    pwd->h[2] = cpu_lduw_data(env, addr + (1 << DF_HALF));
 -    pwd->h[3] = cpu_lduw_data(env, addr + (0 << DF_HALF));
 -    pwd->h[4] = cpu_lduw_data(env, addr + (7 << DF_HALF));
 -    pwd->h[5] = cpu_lduw_data(env, addr + (6 << DF_HALF));
 -    pwd->h[6] = cpu_lduw_data(env, addr + (5 << DF_HALF));
 -    pwd->h[7] = cpu_lduw_data(env, addr + (4 << DF_HALF));
 -#endif
 +    pwd->h[0] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
 +    pwd->h[1] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
 +    pwd->h[2] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
 +    pwd->h[3] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
 +    pwd->h[4] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
 +    pwd->h[5] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
 +    pwd->h[6] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
 +    pwd->h[7] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
  #endif
  }
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
                       target_ulong addr)
  {
-     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
+-    if (tb_cflags(s->base.tb) & CF_PARALLEL) {
--    MEMOP_IDX(DF_WORD)
++    if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
--#if !defined(CONFIG_USER_ONLY)
++        gen_helper_stpq(cpu_env, o->in2, o->out2, o->out);
-+    uintptr_t ra = GETPC();
++    } else if (HAVE_ATOMIC128) {
-+
+         gen_helper_stpq_parallel(cpu_env, o->in2, o->out2, o->out);
- #if !defined(HOST_WORDS_BIGENDIAN)
+     } else {
--    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
+-        gen_helper_stpq(cpu_env, o->in2, o->out2, o->out);
--    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
++        gen_helper_exit_atomic(cpu_env);
--    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
++        return DISAS_NORETURN;
--    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
+     }
-+    pwd->w[0] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
+     return DISAS_NEXT;
 +    pwd->w[1] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
 +    pwd->w[2] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
 +    pwd->w[3] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
  #else
 -    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
 -    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
 -    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
 -    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
 -#endif
 -#else
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    pwd->w[0] = cpu_ldl_data(env, addr + (0 << DF_WORD));
 -    pwd->w[1] = cpu_ldl_data(env, addr + (1 << DF_WORD));
 -    pwd->w[2] = cpu_ldl_data(env, addr + (2 << DF_WORD));
 -    pwd->w[3] = cpu_ldl_data(env, addr + (3 << DF_WORD));
 -#else
 -    pwd->w[0] = cpu_ldl_data(env, addr + (1 << DF_WORD));
 -    pwd->w[1] = cpu_ldl_data(env, addr + (0 << DF_WORD));
 -    pwd->w[2] = cpu_ldl_data(env, addr + (3 << DF_WORD));
 -    pwd->w[3] = cpu_ldl_data(env, addr + (2 << DF_WORD));
 -#endif
 +    pwd->w[0] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
 +    pwd->w[1] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
 +    pwd->w[2] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
 +    pwd->w[3] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
  #endif
  }
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
                       target_ulong addr)
  {
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
 -    MEMOP_IDX(DF_DOUBLE)
 -#if !defined(CONFIG_USER_ONLY)
 -    pwd->d[0] = helper_ret_ldq_mmu(env, addr + (0 << DF_DOUBLE), oi, GETPC());
 -    pwd->d[1] = helper_ret_ldq_mmu(env, addr + (1 << DF_DOUBLE), oi, GETPC());
 -#else
 -    pwd->d[0] = cpu_ldq_data(env, addr + (0 << DF_DOUBLE));
 -    pwd->d[1] = cpu_ldq_data(env, addr + (1 << DF_DOUBLE));
 -#endif
 +    uintptr_t ra = GETPC();
 +
 +    pwd->d[0] = cpu_ldq_data_ra(env, addr + (0 << DF_DOUBLE), ra);
 +    pwd->d[1] = cpu_ldq_data_ra(env, addr + (1 << DF_DOUBLE), ra);
  }
  #define MSA_PAGESPAN(x) \
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_b(CPUMIPSState *env, uint32_t wd,
  {
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      int mmu_idx = cpu_mmu_index(env, false);
 +    uintptr_t ra = GETPC();
 +
 +    ensure_writable_pages(env, addr, mmu_idx, ra);
 -    MEMOP_IDX(DF_BYTE)
 -    ensure_writable_pages(env, addr, mmu_idx, GETPC());
 -#if !defined(CONFIG_USER_ONLY)
  #if !defined(HOST_WORDS_BIGENDIAN)
 -    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[0],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[1],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[2],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[3],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[4],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[5],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[6],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[7],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[8],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[9],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[10], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[11], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[12], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[13], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[14], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[15], oi, GETPC());
 +    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[0], ra);
 +    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[1], ra);
 +    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[2], ra);
 +    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[3], ra);
 +    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[4], ra);
 +    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[5], ra);
 +    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[6], ra);
 +    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[7], ra);
 +    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[8], ra);
 +    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[9], ra);
 +    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[10], ra);
 +    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[11], ra);
 +    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[12], ra);
 +    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[13], ra);
 +    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[14], ra);
 +    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[15], ra);
  #else
 -    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[0],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[1],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[2],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[3],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[4],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[5],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[6],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[7],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[8],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[9],  oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[10], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[11], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[12], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[13], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[14], oi, GETPC());
 -    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[15], oi, GETPC());
 -#endif
 -#else
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[0]);
 -    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[1]);
 -    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[2]);
 -    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[3]);
 -    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[4]);
 -    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[5]);
 -    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[6]);
 -    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[7]);
 -    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[8]);
 -    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[9]);
 -    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[10]);
 -    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[11]);
 -    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[12]);
 -    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[13]);
 -    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[14]);
 -    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[15]);
 -#else
 -    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[0]);
 -    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[1]);
 -    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[2]);
 -    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[3]);
 -    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[4]);
 -    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[5]);
 -    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[6]);
 -    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[7]);
 -    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[8]);
 -    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[9]);
 -    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[10]);
 -    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[11]);
 -    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[12]);
 -    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[13]);
 -    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[14]);
 -    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[15]);
 -#endif
 +    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[0], ra);
 +    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[1], ra);
 +    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[2], ra);
 +    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[3], ra);
 +    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[4], ra);
 +    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[5], ra);
 +    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[6], ra);
 +    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[7], ra);
 +    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[8], ra);
 +    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[9], ra);
 +    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[10], ra);
 +    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[11], ra);
 +    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[12], ra);
 +    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[13], ra);
 +    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[14], ra);
 +    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[15], ra);
  #endif
  }
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
  {
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      int mmu_idx = cpu_mmu_index(env, false);
 +    uintptr_t ra = GETPC();
 +
 +    ensure_writable_pages(env, addr, mmu_idx, ra);
 -    MEMOP_IDX(DF_HALF)
 -    ensure_writable_pages(env, addr, mmu_idx, GETPC());
 -#if !defined(CONFIG_USER_ONLY)
  #if !defined(HOST_WORDS_BIGENDIAN)
 -    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[0], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[1], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[2], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[3], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[4], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[5], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[6], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[7], oi, GETPC());
 +    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[0], ra);
 +    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[1], ra);
 +    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[2], ra);
 +    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[3], ra);
 +    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[4], ra);
 +    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[5], ra);
 +    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[6], ra);
 +    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[7], ra);
  #else
 -    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[0], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[1], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[2], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[3], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[4], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[5], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[6], oi, GETPC());
 -    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[7], oi, GETPC());
 -#endif
 -#else
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[0]);
 -    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[1]);
 -    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[2]);
 -    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[3]);
 -    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[4]);
 -    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[5]);
 -    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[6]);
 -    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[7]);
 -#else
 -    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[0]);
 -    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[1]);
 -    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[2]);
 -    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[3]);
 -    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[4]);
 -    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[5]);
 -    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[6]);
 -    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[7]);
 -#endif
 +    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[0], ra);
 +    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[1], ra);
 +    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[2], ra);
 +    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[3], ra);
 +    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[4], ra);
 +    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[5], ra);
 +    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[6], ra);
 +    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[7], ra);
  #endif
  }
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
  {
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      int mmu_idx = cpu_mmu_index(env, false);
 +    uintptr_t ra = GETPC();
 +
 +    ensure_writable_pages(env, addr, mmu_idx, ra);
 -    MEMOP_IDX(DF_WORD)
 -    ensure_writable_pages(env, addr, mmu_idx, GETPC());
 -#if !defined(CONFIG_USER_ONLY)
  #if !defined(HOST_WORDS_BIGENDIAN)
 -    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[0], oi, GETPC());
 -    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[1], oi, GETPC());
 -    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[2], oi, GETPC());
 -    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[3], oi, GETPC());
 +    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[0], ra);
 +    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[1], ra);
 +    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[2], ra);
 +    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[3], ra);
  #else
 -    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[0], oi, GETPC());
 -    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[1], oi, GETPC());
 -    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[2], oi, GETPC());
 -    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[3], oi, GETPC());
 -#endif
 -#else
 -#if !defined(HOST_WORDS_BIGENDIAN)
 -    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[0]);
 -    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[1]);
 -    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[2]);
 -    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[3]);
 -#else
 -    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[0]);
 -    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[1]);
 -    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[2]);
 -    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[3]);
 -#endif
 +    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[0], ra);
 +    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[1], ra);
 +    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[2], ra);
 +    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[3], ra);
  #endif
  }
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
  {
      wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
      int mmu_idx = cpu_mmu_index(env, false);
 +    uintptr_t ra = GETPC();
 -    MEMOP_IDX(DF_DOUBLE)
      ensure_writable_pages(env, addr, mmu_idx, GETPC());
 -#if !defined(CONFIG_USER_ONLY)
 -    helper_ret_stq_mmu(env, addr + (0 << DF_DOUBLE), pwd->d[0], oi, GETPC());
 -    helper_ret_stq_mmu(env, addr + (1 << DF_DOUBLE), pwd->d[1], oi, GETPC());
 -#else
 -    cpu_stq_data(env, addr + (0 << DF_DOUBLE), pwd->d[0]);
 -    cpu_stq_data(env, addr + (1 << DF_DOUBLE), pwd->d[1]);
 -#endif
 +
 +    cpu_stq_data_ra(env, addr + (0 << DF_DOUBLE), pwd->d[0], ra);
 +    cpu_stq_data_ra(env, addr + (1 << DF_DOUBLE), pwd->d[1], ra);
  }
 --
-.25.1
+.17.2

-New patch
+[Qemu-devel] [PULL v2 21/21] cputlb: read CPUTLBEntry.addr_write atomically
+From: "Emilio G. Cota" <cota@braap.org>
 Updates can come from other threads, so readers that do not
 take tlb_lock must use atomic_read to avoid undefined
 behaviour (UB).
 This completes the conversion to tlb_lock. This conversion results
 on average in no performance loss, as the following experiments
 (run on an Intel i7-6700K CPU @ 4.00GHz) show.
 . aarch64 bootup+shutdown test:
 - Before:
  Performance counter stats for 'taskset -c 0 ../img/aarch64/die.sh' (10 runs):
 .087786      task-clock (msec)         #    0.998 CPUs utilized            ( +-  0.12% )
 ,574,905,303      cycles                    #    4.217 GHz                      ( +-  0.12% )
 ,097,908,812      instructions              #    1.81  insns per cycle          ( +-  0.08% )
 ,255,415,367      branches                  # 1369.747 M/sec                    ( +-  0.08% )
 ,278,962      branch-misses             #    1.69% of all branches          ( +-  0.18% )
 .504481349 seconds time elapsed                                          ( +-  0.14% )
 - After:
  Performance counter stats for 'taskset -c 0 ../img/aarch64/die.sh' (10 runs):
 .441328      task-clock (msec)         #    0.998 CPUs utilized            ( +-  0.07% )
 ,478,476,520      cycles                    #    4.218 GHz                      ( +-  0.07% )
 ,017,330,084      instructions              #    1.81  insns per cycle          ( +-  0.05% )
 ,251,929,667      branches                  # 1373.804 M/sec                    ( +-  0.05% )
 ,023,787      branch-misses             #    1.69% of all branches          ( +-  0.11% )
 .474970463 seconds time elapsed                                          ( +-  0.07% )
 . SPEC06int:
                                               SPEC06int (test set)
                                            [Y axis: Speedup over master]
 .15 +-+----+------+------+------+------+------+-------+------+------+------+------+------+------+----+-+
        |                                                                                                  |
 .1 +-+.................................+++.............................+  tlb-lock-v2 (m+++x)       +-+
        |                                +++ |                   +++        tlb-lock-v3 (spinl|ck)         |
        |                    +++          |  |     +++    +++     |                           |            |
 .05 +-+....+++...........####.........|####.+++.|......|.....###....+++...........+++....###.........+-+
        |      ###         ++#| #         |# |# ***### +++### +++#+#     |     +++     |     #|#    ###    |
 +-+++***+#++++####+++#++#++++++++++#++#+*+*++#++++#+#+****+#++++###++++###++++###++++#+#++++#+#+++-+
        |    *+* #    #++# ***  #   #### ***  # * *++# ****+# *| * # ****|#   |# #    #|#    #+#    # #    |
 .95 +-+..*.*.#....#..#.*|*..#...#..#.*|*..#.*.*..#.*|.*.#.*++*.#.*++*+#.****.#....#+#....#.#..++#.#..+-+
        |    * * #    #  # *|*  #   #  # *|*  # * *  # *++* # *  * # *  * # * |* #  ++# #    # #  *** #    |
        |    * * #  ++#  # *+*  #   #  # *|*  # * *  # *  * # *  * # *  * # *++* # **** #  ++# #  * * #    |
 .9 +-+..*.*.#...|#..#.*.*..#.++#..#.*|*..#.*.*..#.*..*.#.*..*.#.*..*.#.*..*.#.*.|*.#...|#.#..*.*.#..+-+
        |    * * #  ***  # * *  #  |#  # *+*  # * *  # *  * # *  * # *  * # *  * # *++* #   |# #  * * #    |
 .85 +-+..*.*.#..*|*..#.*.*..#.***..#.*.*..#.*.*..#.*..*.#.*..*.#.*..*.#.*..*.#.*..*.#.****.#..*.*.#..+-+
        |    * * #  *+*  # * *  # *|*  # * *  # * *  # *  * # *  * # *  * # *  * # *  * # * |* #  * * #    |
        |    * * #  * *  # * *  # *+*  # * *  # * *  # *  * # *  * # *  * # *  * # *  * # * |* #  * * #    |
 .8 +-+..*.*.#..*.*..#.*.*..#.*.*..#.*.*..#.*.*..#.*..*.#.*..*.#.*..*.#.*..*.#.*..*.#.*++*.#..*.*.#..+-+
        |    * * #  * *  # * *  # * *  # * *  # * *  # *  * # *  * # *  * # *  * # *  * # *  * #  * * #    |
 .75 +-+--***##--***###-***###-***###-***###-***###-****##-****##-****##-****##-****##-****##--***##--+-+
 .perlben401.bzip2403.gcc429.m445.gob456.hmme45462.libqua464.h26471.omnet473483.xalancbmkgeomean
   png: https://imgur.com/a/BHzpPTW
 Notes:
 - tlb-lock-v2 corresponds to an implementation with a mutex.
 - tlb-lock-v3 corresponds to the current implementation, i.e.
   a spinlock and a single lock acquisition in tlb_set_page_with_attrs.
 Signed-off-by: Emilio G. Cota <cota@braap.org>
 Message-Id: <20181016153840.25877-1-cota@braap.org>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 ---
  accel/tcg/softmmu_template.h     | 12 ++++++------
  include/exec/cpu_ldst.h          | 11 ++++++++++-
  include/exec/cpu_ldst_template.h |  2 +-
  accel/tcg/cputlb.c               | 19 +++++++++++++------
 files changed, 30 insertions(+), 14 deletions(-)
 diff --git a/accel/tcg/softmmu_template.h b/accel/tcg/softmmu_template.h
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/softmmu_template.h
 +++ b/accel/tcg/softmmu_template.h
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
      uintptr_t mmu_idx = get_mmuidx(oi);
      uintptr_t index = tlb_index(env, mmu_idx, addr);
      CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
 -    target_ulong tlb_addr = entry->addr_write;
 +    target_ulong tlb_addr = tlb_addr_write(entry);
      unsigned a_bits = get_alignment_bits(get_memop(oi));
      uintptr_t haddr;
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
              tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
          }
 -        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
 +        tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
      }
      /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
             cannot evict the first.  */
          page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
          entry2 = tlb_entry(env, mmu_idx, page2);
 -        if (!tlb_hit_page(entry2->addr_write, page2)
 +        if (!tlb_hit_page(tlb_addr_write(entry2), page2)
              && !VICTIM_TLB_HIT(addr_write, page2)) {
              tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
      uintptr_t mmu_idx = get_mmuidx(oi);
      uintptr_t index = tlb_index(env, mmu_idx, addr);
      CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
 -    target_ulong tlb_addr = entry->addr_write;
 +    target_ulong tlb_addr = tlb_addr_write(entry);
      unsigned a_bits = get_alignment_bits(get_memop(oi));
      uintptr_t haddr;
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
              tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
          }
 -        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
 +        tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
      }
      /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
             cannot evict the first.  */
          page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
          entry2 = tlb_entry(env, mmu_idx, page2);
 -        if (!tlb_hit_page(entry2->addr_write, page2)
 +        if (!tlb_hit_page(tlb_addr_write(entry2), page2)
              && !VICTIM_TLB_HIT(addr_write, page2)) {
              tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                       mmu_idx, retaddr);
 diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/cpu_ldst.h
 +++ b/include/exec/cpu_ldst.h
@@ -XXX,XX +XXX,XX @@ extern __thread uintptr_t helper_retaddr;
  /* The memory helpers for tcg-generated code need tcg_target_long etc.  */
  #include "tcg.h"
 +static inline target_ulong tlb_addr_write(const CPUTLBEntry *entry)
 +{
 +#if TCG_OVERSIZED_GUEST
 +    return entry->addr_write;
 +#else
 +    return atomic_read(&entry->addr_write);
 +#endif
 +}
 +
  /* Find the TLB index corresponding to the mmu_idx + address pair.  */
  static inline uintptr_t tlb_index(CPUArchState *env, uintptr_t mmu_idx,
                                    target_ulong addr)
@@ -XXX,XX +XXX,XX @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
          tlb_addr = tlbentry->addr_read;
          break;
      case 1:
 -        tlb_addr = tlbentry->addr_write;
 +        tlb_addr = tlb_addr_write(tlbentry);
          break;
      case 2:
          tlb_addr = tlbentry->addr_code;
 diff --git a/include/exec/cpu_ldst_template.h b/include/exec/cpu_ldst_template.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/cpu_ldst_template.h
 +++ b/include/exec/cpu_ldst_template.h
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
      addr = ptr;
      mmu_idx = CPU_MMU_INDEX;
      entry = tlb_entry(env, mmu_idx, addr);
 -    if (unlikely(entry->addr_write !=
 +    if (unlikely(tlb_addr_write(entry) !=
                   (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
          oi = make_memop_idx(SHIFT, mmu_idx);
          glue(glue(helper_ret_st, SUFFIX), MMUSUFFIX)(env, addr, v, oi,
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
                                          target_ulong page)
  {
      return tlb_hit_page(tlb_entry->addr_read, page) ||
 -           tlb_hit_page(tlb_entry->addr_write, page) ||
 +           tlb_hit_page(tlb_addr_write(tlb_entry), page) ||
             tlb_hit_page(tlb_entry->addr_code, page);
  }
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
          tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
          entry = tlb_entry(env, mmu_idx, addr);
 -        tlb_addr = entry->addr_write;
 +        tlb_addr = tlb_addr_write(entry);
          if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
              /* RAM access */
              uintptr_t haddr = addr + entry->addend;
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
      assert_cpu_is_self(ENV_GET_CPU(env));
      for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
          CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx];
 -        target_ulong cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
 +        target_ulong cmp;
 +
 +        /* elt_ofs might correspond to .addr_write, so use atomic_read */
 +#if TCG_OVERSIZED_GUEST
 +        cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
 +#else
 +        cmp = atomic_read((target_ulong *)((uintptr_t)vtlb + elt_ofs));
 +#endif
          if (cmp == page) {
              /* Found entry in victim tlb, swap tlb and iotlb.  */
@@ -XXX,XX +XXX,XX @@ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
      uintptr_t index = tlb_index(env, mmu_idx, addr);
      CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
 -    if (!tlb_hit(entry->addr_write, addr)) {
 +    if (!tlb_hit(tlb_addr_write(entry), addr)) {
          /* TLB entry is for a different page */
          if (!VICTIM_TLB_HIT(addr_write, addr)) {
              tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
      size_t mmu_idx = get_mmuidx(oi);
      uintptr_t index = tlb_index(env, mmu_idx, addr);
      CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
 -    target_ulong tlb_addr = tlbe->addr_write;
 +    target_ulong tlb_addr = tlb_addr_write(tlbe);
      TCGMemOp mop = get_memop(oi);
      int a_bits = get_alignment_bits(mop);
      int s_bits = mop & MO_SIZE;
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
              tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,
                       mmu_idx, retaddr);
          }
 -        tlb_addr = tlbe->addr_write & ~TLB_INVALID_MASK;
 +        tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
      }
      /* Notice an IO access or a needs-MMU-lookup access */
 --
 .17.2

The following changes since commit ee26ce674a93c824713542cec3b6a9ca85459165:

Merge remote-tracking branch 'remotes/jsnow/tags/python-pull-request' into staging (2021-10-12 16:08:33 -0700)

are available in the Git repository at:

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20211013

for you to fetch changes up to 76e366e728549b3324cc2dee6745d6a4f1af18e6:

tcg: Canonicalize alignment flags in MemOp (2021-10-13 09:14:35 -0700)

----------------------------------------------------------------
Use MO_128 for 16-byte atomic memory operations.
Add cpu_ld/st_mmu memory primitives.
Move helper_ld/st memory helpers out of tcg.h.
Canonicalize alignment flags in MemOp.

----------------------------------------------------------------
BALATON Zoltan (1):
      memory: Log access direction for invalid accesses

Richard Henderson (14):
      target/arm: Use MO_128 for 16 byte atomics
      target/i386: Use MO_128 for 16 byte atomics
      target/ppc: Use MO_128 for 16 byte atomics
      target/s390x: Use MO_128 for 16 byte atomics
      target/hexagon: Implement cpu_mmu_index
      accel/tcg: Add cpu_{ld,st}*_mmu interfaces
      accel/tcg: Move cpu_atomic decls to exec/cpu_ldst.h
      target/mips: Use cpu_*_data_ra for msa load/store
      target/mips: Use 8-byte memory ops for msa load/store
      target/s390x: Use cpu_*_mmu instead of helper_*_mmu
      target/sparc: Use cpu_*_mmu instead of helper_*_mmu
      target/arm: Use cpu_*_mmu instead of helper_*_mmu
      tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
      tcg: Canonicalize alignment flags in MemOp

docs/devel/loads-stores.rst   |  52 +++++-
 include/exec/cpu_ldst.h       | 332 ++++++++++++++++++-----------------
 include/tcg/tcg-ldst.h        |  74 ++++++++
 include/tcg/tcg.h             | 158 -----------------
 target/hexagon/cpu.h          |   9 +
 accel/tcg/cputlb.c            | 393 ++++++++++++++----------------------------
 accel/tcg/user-exec.c         | 385 +++++++++++++++++------------------------
 softmmu/memory.c              |  20 +--
 target/arm/helper-a64.c       |  61 ++-----
 target/arm/m_helper.c         |   6 +-
 target/i386/tcg/mem_helper.c  |   2 +-
 target/m68k/op_helper.c       |   1 -
 target/mips/tcg/msa_helper.c  | 389 ++++++++++-------------------------------
 target/ppc/mem_helper.c       |   1 -
 target/ppc/translate.c        |  12 +-
 target/s390x/tcg/mem_helper.c |  13 +-
 target/sparc/ldst_helper.c    |  14 +-
 tcg/tcg-op.c                  |   7 +-
 tcg/tcg.c                     |   1 +
 tcg/tci.c                     |   1 +
 accel/tcg/ldst_common.c.inc   | 307 +++++++++++++++++++++++++++++++++
 21 files changed, 1032 insertions(+), 1206 deletions(-)
 create mode 100644 include/tcg/tcg-ldst.h
 create mode 100644 accel/tcg/ldst_common.c.inc

From: BALATON Zoltan <balaton@eik.bme.hu>

In memory_region_access_valid() invalid accesses are logged to help
debugging but the log message does not say if it was a read or write.
Log that too to better identify the access causing the problem.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <20211011173616.F1DE0756022@zero.eik.bme.hu>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 softmmu/memory.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/softmmu/memory.c b/softmmu/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -XXX,XX +XXX,XX @@ bool memory_region_access_valid(MemoryRegion *mr,
 {
     if (mr->ops->valid.accepts
         && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write, attrs)) {
-        qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr "
-                                       "0x%" HWADDR_PRIX ", size %u, "
-                                       "region '%s', reason: rejected\n",
+        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
+                      ", size %u, region '%s', reason: rejected\n",
+                      is_write ? "write" : "read",
                       addr, size, memory_region_name(mr));
         return false;
     }
 
     if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
-        qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr "
-                                       "0x%" HWADDR_PRIX ", size %u, "
-                                       "region '%s', reason: unaligned\n",
+        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
+                      ", size %u, region '%s', reason: unaligned\n",
+                      is_write ? "write" : "read",
                       addr, size, memory_region_name(mr));
         return false;
     }
@@ -XXX,XX +XXX,XX @@ bool memory_region_access_valid(MemoryRegion *mr,
 
     if (size > mr->ops->valid.max_access_size
         || size < mr->ops->valid.min_access_size) {
-        qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr "
-                                       "0x%" HWADDR_PRIX ", size %u, "
-                                       "region '%s', reason: invalid size "
-                                       "(min:%u max:%u)\n",
+        qemu_log_mask(LOG_GUEST_ERROR, "Invalid %s at addr 0x%" HWADDR_PRIX
+                      ", size %u, region '%s', reason: invalid size "
+                      "(min:%u max:%u)\n",
+                      is_write ? "write" : "read",
                       addr, size, memory_region_name(mr),
                       mr->ops->valid.min_access_size,
                       mr->ops->valid.max_access_size);
-- 
2.25.1

Cc: qemu-arm@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper-a64.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
 
     cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
     newv = int128_make128(new_lo, new_hi);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_BE | MO_128 | MO_ALIGN, mem_idx);
 
     /*
      * High and low need to be switched here because this is not actually a
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
 
     cmpv = int128_make128(env->xregs[rs], env->xregs[rs + 1]);
     newv = int128_make128(new_lo, new_hi);
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_LE | MO_128 | MO_ALIGN, mem_idx);
 
     cmpv = int128_make128(env->xregs[rs + 1], env->xregs[rs]);
     newv = int128_make128(new_lo, new_hi);
-- 
2.25.1

Cc: qemu-ppc@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/ppc/translate.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_std(DisasContext *ctx)
             if (HAVE_ATOMIC128) {
                 TCGv_i32 oi = tcg_temp_new_i32();
                 if (ctx->le_mode) {
-                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128,
+                                                        ctx->mem_idx));
                     gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
                 } else {
-                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128,
+                                                        ctx->mem_idx));
                     gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
                 }
                 tcg_temp_free_i32(oi);
@@ -XXX,XX +XXX,XX @@ static void gen_lqarx(DisasContext *ctx)
         if (HAVE_ATOMIC128) {
             TCGv_i32 oi = tcg_temp_new_i32();
             if (ctx->le_mode) {
-                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_LE | MO_128 | MO_ALIGN,
                                                     ctx->mem_idx));
                 gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
             } else {
-                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_BE | MO_128 | MO_ALIGN,
                                                     ctx->mem_idx));
                 gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
             }
@@ -XXX,XX +XXX,XX @@ static void gen_stqcx_(DisasContext *ctx)
 
     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
         if (HAVE_CMPXCHG128) {
-            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
+            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_128) | MO_ALIGN);
             if (ctx->le_mode) {
                 gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env,
                                              EA, lo, hi, oi);
-- 
2.25.1

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/tcg/mem_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
     assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
-    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+    oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
     oldv = cpu_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
     fail = !int128_eq(oldv, cmpv);
 
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                 cpu_stq_data_ra(env, a1 + 0, int128_gethi(nv), ra);
                 cpu_stq_data_ra(env, a1 + 8, int128_getlo(nv), ra);
             } else if (HAVE_CMPXCHG128) {
-                MemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+                MemOpIdx oi = make_memop_idx(MO_TE | MO_128 | MO_ALIGN, mem_idx);
                 ov = cpu_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
                 cc = !int128_eq(ov, cv);
             } else {
-- 
2.25.1

These functions are much closer to the softmmu helper
functions, in that they take the complete MemOpIdx,
and from that they may enforce required alignment.

The previous cpu_ldst.h functions did not have alignment info,
and so did not enforce it.  Retain this by adding MO_UNALN to
the MemOp that we create in calling the new functions.

Note that we are not yet enforcing alignment for user-only,
but we now have the information with which to do so.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 docs/devel/loads-stores.rst |  52 ++++-
 include/exec/cpu_ldst.h     | 245 ++++++++--------------
 accel/tcg/cputlb.c          | 392 ++++++++++++------------------------
 accel/tcg/user-exec.c       | 385 +++++++++++++++--------------------
 accel/tcg/ldst_common.c.inc | 307 ++++++++++++++++++++++++++++
 5 files changed, 717 insertions(+), 664 deletions(-)
 create mode 100644 accel/tcg/ldst_common.c.inc

diff --git a/docs/devel/loads-stores.rst b/docs/devel/loads-stores.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/loads-stores.rst
+++ b/docs/devel/loads-stores.rst
@@ -XXX,XX +XXX,XX @@ Regexes for git grep
  - ``\<ldn_$[hbl]e$?_p\>``
  - ``\<stn_$[hbl]e$?_p\>``
 
-``cpu_{ld,st}*_mmuidx_ra``
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+``cpu_{ld,st}*_mmu``
+~~~~~~~~~~~~~~~~~~~~
 
-These functions operate on a guest virtual address plus a context,
-known as a "mmu index" or ``mmuidx``, which controls how that virtual
-address is translated.  The meaning of the indexes are target specific,
-but specifying a particular index might be necessary if, for instance,
-the helper requires an "always as non-privileged" access rather that
-the default access for the current state of the guest CPU.
+These functions operate on a guest virtual address, plus a context
+known as a "mmu index" which controls how that virtual address is
+translated, plus a ``MemOp`` which contains alignment requirements
+among other things.  The ``MemOp`` and mmu index are combined into
+a single argument of type ``MemOpIdx``.
+
+The meaning of the indexes are target specific, but specifying a
+particular index might be necessary if, for instance, the helper
+requires a "always as non-privileged" access rather than the
+default access for the current state of the guest CPU.
 
 These functions may cause a guest CPU exception to be taken
 (e.g. for an alignment fault or MMU fault) which will result in
@@ -XXX,XX +XXX,XX @@ function, which is a return address into the generated code [#gpc]_.
 
 Function names follow the pattern:
 
+load: ``cpu_ld{size}{end}_mmu(env, ptr, oi, retaddr)``
+
+store: ``cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)``
+
+``size``
+ - ``b`` : 8 bits
+ - ``w`` : 16 bits
+ - ``l`` : 32 bits
+ - ``q`` : 64 bits
+
+``end``
+ - (empty) : for target endian, or 8 bit sizes
+ - ``_be`` : big endian
+ - ``_le`` : little endian
+
+Regexes for git grep:
+ - ``\<cpu_ld[bwlq](_[bl]e)\?_mmu\>``
+ - ``\<cpu_st[bwlq](_[bl]e)\?_mmu\>``
+
+
+``cpu_{ld,st}*_mmuidx_ra``
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+These functions work like the ``cpu_{ld,st}_mmu`` functions except
+that the ``mmuidx`` parameter is not combined with a ``MemOp``,
+and therefore there is no required alignment supplied or enforced.
+
+Function names follow the pattern:
+
 load: ``cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmuidx, retaddr)``
 
 store: ``cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmuidx, retaddr)``
@@ -XXX,XX +XXX,XX @@ of the guest CPU, as determined by ``cpu_mmu_index(env, false)``.
 
 These are generally the preferred way to do accesses by guest
 virtual address from helper functions, unless the access should
-be performed with a context other than the default.
+be performed with a context other than the default, or alignment
+should be enforced for the access.
 
 Function names follow the pattern:
 
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -XXX,XX +XXX,XX @@
  * load:  cpu_ld{sign}{size}{end}_{mmusuffix}(env, ptr)
  *        cpu_ld{sign}{size}{end}_{mmusuffix}_ra(env, ptr, retaddr)
  *        cpu_ld{sign}{size}{end}_mmuidx_ra(env, ptr, mmu_idx, retaddr)
+ *        cpu_ld{sign}{size}{end}_mmu(env, ptr, oi, retaddr)
  *
  * store: cpu_st{size}{end}_{mmusuffix}(env, ptr, val)
  *        cpu_st{size}{end}_{mmusuffix}_ra(env, ptr, val, retaddr)
  *        cpu_st{size}{end}_mmuidx_ra(env, ptr, val, mmu_idx, retaddr)
+ *        cpu_st{size}{end}_mmu(env, ptr, val, oi, retaddr)
  *
  * sign is:
  * (empty): for 32 and 64 bit sizes
@@ -XXX,XX +XXX,XX @@
  * The "mmuidx" suffix carries an extra mmu_idx argument that specifies
  * the index to use; the "data" and "code" suffixes take the index from
  * cpu_mmu_index().
+ *
+ * The "mmu" suffix carries the full MemOpIdx, with both mmu_idx and the
+ * MemOp including alignment requirements.  The alignment will be enforced.
  */
 #ifndef CPU_LDST_H
 #define CPU_LDST_H
 
+#include "exec/memopidx.h"
+
 #if defined(CONFIG_USER_ONLY)
 /* sparc32plus has 64bit long but 32bit space address
  * this can make bad result with g2h() and h2g()
@@ -XXX,XX +XXX,XX @@ typedef target_ulong abi_ptr;
 
 uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr);
 int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr);
-
 uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr);
 int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr);
 uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr);
 uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr);
-
 uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr);
 int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr);
 uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr);
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr);
 
 uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
-
 uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
-
 uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t ra);
 
 void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
-
 void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
-
 void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val);
 void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val);
 
 void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
                      uint32_t val, uintptr_t ra);
-
 void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint32_t val, uintptr_t ra);
 void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint32_t val, uintptr_t ra);
 void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint64_t val, uintptr_t ra);
-
 void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint32_t val, uintptr_t ra);
 void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
 void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
                         uint64_t val, uintptr_t ra);
 
+uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                            int mmu_idx, uintptr_t ra);
+int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                       int mmu_idx, uintptr_t ra);
+uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                               int mmu_idx, uintptr_t ra);
+int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                          int mmu_idx, uintptr_t ra);
+uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                               int mmu_idx, uintptr_t ra);
+int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                          int mmu_idx, uintptr_t ra);
+uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr,
+                              int mmu_idx, uintptr_t ra);
+
+void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                       int mmu_idx, uintptr_t ra);
+void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                          int mmu_idx, uintptr_t ra);
+void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                          int mmu_idx, uintptr_t ra);
+
+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr ptr, MemOpIdx oi, uintptr_t ra);
+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr ptr,
+                        MemOpIdx oi, uintptr_t ra);
+
+void cpu_stb_mmu(CPUArchState *env, abi_ptr ptr, uint8_t val,
+                 MemOpIdx oi, uintptr_t ra);
+void cpu_stw_be_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stl_be_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stq_be_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stw_le_mmu(CPUArchState *env, abi_ptr ptr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra);
+void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra);
+
 #if defined(CONFIG_USER_ONLY)
 
 extern __thread uintptr_t helper_retaddr;
@@ -XXX,XX +XXX,XX @@ static inline void clear_helper_retaddr(void)
     helper_retaddr = 0;
 }
 
-/*
- * Provide the same *_mmuidx_ra interface as for softmmu.
- * The mmu_idx argument is ignored.
- */
-
-static inline uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                          int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldub_data_ra(env, addr, ra);
-}
-
-static inline int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                     int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldsb_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                             int mmu_idx, uintptr_t ra)
-{
-    return cpu_lduw_be_data_ra(env, addr, ra);
-}
-
-static inline int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldsw_be_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldl_be_data_ra(env, addr, ra);
-}
-
-static inline uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldq_be_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                             int mmu_idx, uintptr_t ra)
-{
-    return cpu_lduw_le_data_ra(env, addr, ra);
-}
-
-static inline int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldsw_le_data_ra(env, addr, ra);
-}
-
-static inline uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldl_le_data_ra(env, addr, ra);
-}
-
-static inline uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                            int mmu_idx, uintptr_t ra)
-{
-    return cpu_ldq_le_data_ra(env, addr, ra);
-}
-
-static inline void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                     uint32_t val, int mmu_idx, uintptr_t ra)
-{
-    cpu_stb_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stw_be_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stl_be_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint64_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stq_be_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stw_le_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint32_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stl_le_data_ra(env, addr, val, ra);
-}
-
-static inline void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                                        uint64_t val, int mmu_idx,
-                                        uintptr_t ra)
-{
-    cpu_stq_le_data_ra(env, addr, val, ra);
-}
-
 #else
 
 /* Needed for TCG_OVERSIZED_GUEST */
@@ -XXX,XX +XXX,XX @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, uintptr_t mmu_idx,
     return &env_tlb(env)->f[mmu_idx].table[tlb_index(env, mmu_idx, addr)];
 }
 
-uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                            int mmu_idx, uintptr_t ra);
-int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                       int mmu_idx, uintptr_t ra);
-
-uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra);
-int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra);
-uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-
-uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra);
-int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra);
-uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra);
-
-void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                       int mmu_idx, uintptr_t retaddr);
-
-void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr);
-
-void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr);
-void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr);
-
 #endif /* defined(CONFIG_USER_ONLY) */
 
 #ifdef TARGET_WORDS_BIGENDIAN
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_ldsw_mmuidx_ra   cpu_ldsw_be_mmuidx_ra
 # define cpu_ldl_mmuidx_ra    cpu_ldl_be_mmuidx_ra
 # define cpu_ldq_mmuidx_ra    cpu_ldq_be_mmuidx_ra
+# define cpu_ldw_mmu          cpu_ldw_be_mmu
+# define cpu_ldl_mmu          cpu_ldl_be_mmu
+# define cpu_ldq_mmu          cpu_ldq_be_mmu
 # define cpu_stw_data         cpu_stw_be_data
 # define cpu_stl_data         cpu_stl_be_data
 # define cpu_stq_data         cpu_stq_be_data
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_stw_mmuidx_ra    cpu_stw_be_mmuidx_ra
 # define cpu_stl_mmuidx_ra    cpu_stl_be_mmuidx_ra
 # define cpu_stq_mmuidx_ra    cpu_stq_be_mmuidx_ra
+# define cpu_stw_mmu          cpu_stw_be_mmu
+# define cpu_stl_mmu          cpu_stl_be_mmu
+# define cpu_stq_mmu          cpu_stq_be_mmu
 #else
 # define cpu_lduw_data        cpu_lduw_le_data
 # define cpu_ldsw_data        cpu_ldsw_le_data
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_ldsw_mmuidx_ra   cpu_ldsw_le_mmuidx_ra
 # define cpu_ldl_mmuidx_ra    cpu_ldl_le_mmuidx_ra
 # define cpu_ldq_mmuidx_ra    cpu_ldq_le_mmuidx_ra
+# define cpu_ldw_mmu          cpu_ldw_le_mmu
+# define cpu_ldl_mmu          cpu_ldl_le_mmu
+# define cpu_ldq_mmu          cpu_ldq_le_mmu
 # define cpu_stw_data         cpu_stw_le_data
 # define cpu_stl_data         cpu_stl_le_data
 # define cpu_stq_data         cpu_stq_le_data
@@ -XXX,XX +XXX,XX @@ void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
 # define cpu_stw_mmuidx_ra    cpu_stw_le_mmuidx_ra
 # define cpu_stl_mmuidx_ra    cpu_stl_le_mmuidx_ra
 # define cpu_stq_mmuidx_ra    cpu_stq_le_mmuidx_ra
+# define cpu_stw_mmu          cpu_stw_le_mmu
+# define cpu_stl_mmu          cpu_stl_le_mmu
+# define cpu_stq_mmu          cpu_stq_le_mmu
 #endif
 
 uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr);
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
     cpu_loop_exit_atomic(env_cpu(env), retaddr);
 }
 
+/*
+ * Verify that we have passed the correct MemOp to the correct function.
+ *
+ * In the case of the helper_*_mmu functions, we will have done this by
+ * using the MemOp to look up the helper during code generation.
+ *
+ * In the case of the cpu_*_mmu functions, this is up to the caller.
+ * We could present one function to target code, and dispatch based on
+ * the MemOp, but so far we have worked hard to avoid an indirect function
+ * call along the memory path.
+ */
+static void validate_memop(MemOpIdx oi, MemOp expected)
+{
+#ifdef CONFIG_DEBUG_TCG
+    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
+    assert(have == expected);
+#endif
+}
+
 /*
  * Load Helpers
  *
@@ -XXX,XX +XXX,XX @@ load_helper(CPUArchState *env, target_ulong addr, MemOpIdx oi,
 static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
                               MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_UB);
     return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
 }
 
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEUW);
     return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
                        full_le_lduw_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEUW);
     return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
                        full_be_lduw_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEUL);
     return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
                        full_le_ldul_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
 static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
                                  MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEUL);
     return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
                        full_be_ldul_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
 uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
                            MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEQ);
     return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
                        helper_le_ldq_mmu);
 }
@@ -XXX,XX +XXX,XX @@ uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
 uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
                            MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEQ);
     return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
                        helper_be_ldq_mmu);
 }
@@ -XXX,XX +XXX,XX @@ tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
  */
 
 static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
-                                       int mmu_idx, uintptr_t retaddr,
-                                       MemOp op, FullLoadHelper *full_load)
+                                       MemOpIdx oi, uintptr_t retaddr,
+                                       FullLoadHelper *full_load)
 {
-    MemOpIdx oi = make_memop_idx(op, mmu_idx);
     uint64_t ret;
 
     trace_guest_ld_before_exec(env_cpu(env), addr, oi);
-
     ret = full_load(env, addr, oi, retaddr);
-
     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
-
     return ret;
 }
 
-uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                            int mmu_idx, uintptr_t ra)
+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr, MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_UB, full_ldub_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_ldub_mmu);
 }
 
-int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                       int mmu_idx, uintptr_t ra)
+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
+    return cpu_load_helper(env, addr, oi, ra, full_be_lduw_mmu);
 }
 
-uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra)
+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUW, full_be_lduw_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_be_ldul_mmu);
 }
 
-int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra)
+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
+    return cpu_load_helper(env, addr, oi, MO_BEQ, helper_be_ldq_mmu);
 }
 
-uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUL, full_be_ldul_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_le_lduw_mmu);
 }
 
-uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEQ, helper_be_ldq_mmu);
+    return cpu_load_helper(env, addr, oi, ra, full_le_ldul_mmu);
 }
 
-uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                               int mmu_idx, uintptr_t ra)
+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUW, full_le_lduw_mmu);
-}
-
-int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                          int mmu_idx, uintptr_t ra)
-{
-    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
-}
-
-uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
-{
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUL, full_le_ldul_mmu);
-}
-
-uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
-                              int mmu_idx, uintptr_t ra)
-{
-    return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEQ, helper_le_ldq_mmu);
-}
-
-uint32_t cpu_ldub_data_ra(CPUArchState *env, target_ulong ptr,
-                          uintptr_t retaddr)
-{
-    return cpu_ldub_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-int cpu_ldsb_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
-{
-    return cpu_ldsb_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_lduw_be_data_ra(CPUArchState *env, target_ulong ptr,
-                             uintptr_t retaddr)
-{
-    return cpu_lduw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-int cpu_ldsw_be_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
-{
-    return cpu_ldsw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_ldl_be_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldl_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint64_t cpu_ldq_be_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldq_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_lduw_le_data_ra(CPUArchState *env, target_ulong ptr,
-                             uintptr_t retaddr)
-{
-    return cpu_lduw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-int cpu_ldsw_le_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
-{
-    return cpu_ldsw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_ldl_le_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldl_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint64_t cpu_ldq_le_data_ra(CPUArchState *env, target_ulong ptr,
-                            uintptr_t retaddr)
-{
-    return cpu_ldq_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
-}
-
-uint32_t cpu_ldub_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldub_data_ra(env, ptr, 0);
-}
-
-int cpu_ldsb_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldsb_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_lduw_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_lduw_be_data_ra(env, ptr, 0);
-}
-
-int cpu_ldsw_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldsw_be_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_ldl_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldl_be_data_ra(env, ptr, 0);
-}
-
-uint64_t cpu_ldq_be_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldq_be_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_lduw_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_lduw_le_data_ra(env, ptr, 0);
-}
-
-int cpu_ldsw_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldsw_le_data_ra(env, ptr, 0);
-}
-
-uint32_t cpu_ldl_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldl_le_data_ra(env, ptr, 0);
-}
-
-uint64_t cpu_ldq_le_data(CPUArchState *env, target_ulong ptr)
-{
-    return cpu_ldq_le_data_ra(env, ptr, 0);
+    return cpu_load_helper(env, addr, oi, ra, helper_le_ldq_mmu);
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ store_memop(void *haddr, uint64_t val, MemOp op)
     }
 }
 
+static void full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                         MemOpIdx oi, uintptr_t retaddr);
+
 static void __attribute__((noinline))
 store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
                        uintptr_t retaddr, size_t size, uintptr_t mmu_idx,
@@ -XXX,XX +XXX,XX @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
         for (i = 0; i < size; ++i) {
             /* Big-endian extract.  */
             uint8_t val8 = val >> (((size - 1) * 8) - (i * 8));
-            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
+            full_stb_mmu(env, addr + i, val8, oi, retaddr);
         }
     } else {
         for (i = 0; i < size; ++i) {
             /* Little-endian extract.  */
             uint8_t val8 = val >> (i * 8);
-            helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
+            full_stb_mmu(env, addr + i, val8, oi, retaddr);
         }
     }
 }
@@ -XXX,XX +XXX,XX @@ store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
     store_memop(haddr, val, op);
 }
 
-void __attribute__((noinline))
-helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-                   MemOpIdx oi, uintptr_t retaddr)
+static void __attribute__((noinline))
+full_stb_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+             MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_UB);
     store_helper(env, addr, val, oi, retaddr, MO_UB);
 }
 
+void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
+                        MemOpIdx oi, uintptr_t retaddr)
+{
+    full_stb_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_le_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_LEUW);
+    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
+}
+
 void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_LEUW);
+    full_le_stw_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_be_stw_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_BEUW);
+    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
 }
 
 void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_BEUW);
+    full_be_stw_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_le_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_LEUL);
+    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
 }
 
 void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_LEUL);
+    full_le_stl_mmu(env, addr, val, oi, retaddr);
+}
+
+static void full_be_stl_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                            MemOpIdx oi, uintptr_t retaddr)
+{
+    validate_memop(oi, MO_BEUL);
+    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
 }
 
 void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
-    store_helper(env, addr, val, oi, retaddr, MO_BEUL);
+    full_be_stl_mmu(env, addr, val, oi, retaddr);
 }
 
 void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_LEQ);
     store_helper(env, addr, val, oi, retaddr, MO_LEQ);
 }
 
 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
                        MemOpIdx oi, uintptr_t retaddr)
 {
+    validate_memop(oi, MO_BEQ);
     store_helper(env, addr, val, oi, retaddr, MO_BEQ);
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
  * Store Helpers for cpu_ldst.h
  */
 
-static inline void QEMU_ALWAYS_INLINE
-cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
-                 int mmu_idx, uintptr_t retaddr, MemOp op)
+typedef void FullStoreHelper(CPUArchState *env, target_ulong addr,
+                             uint64_t val, MemOpIdx oi, uintptr_t retaddr);
+
+static inline void cpu_store_helper(CPUArchState *env, target_ulong addr,
+                                    uint64_t val, MemOpIdx oi, uintptr_t ra,
+                                    FullStoreHelper *full_store)
 {
-    MemOpIdx oi = make_memop_idx(op, mmu_idx);
-
     trace_guest_st_before_exec(env_cpu(env), addr, oi);
-
-    store_helper(env, addr, val, oi, retaddr, op);
-
+    full_store(env, addr, val, oi, ra);
     qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                       int mmu_idx, uintptr_t retaddr)
+void cpu_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
+                 MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_UB);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_stb_mmu);
 }
 
-void cpu_stw_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stw_be_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUW);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stw_mmu);
 }
 
-void cpu_stl_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stl_be_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUL);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_be_stl_mmu);
 }
 
-void cpu_stq_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stq_be_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEQ);
+    cpu_store_helper(env, addr, val, oi, retaddr, helper_be_stq_mmu);
 }
 
-void cpu_stw_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stw_le_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUW);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stw_mmu);
 }
 
-void cpu_stl_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stl_le_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUL);
+    cpu_store_helper(env, addr, val, oi, retaddr, full_le_stl_mmu);
 }
 
-void cpu_stq_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
-                          int mmu_idx, uintptr_t retaddr)
+void cpu_stq_le_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t retaddr)
 {
-    cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEQ);
+    cpu_store_helper(env, addr, val, oi, retaddr, helper_le_stq_mmu);
 }
 
-void cpu_stb_data_ra(CPUArchState *env, target_ulong ptr,
-                     uint32_t val, uintptr_t retaddr)
-{
-    cpu_stb_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stw_be_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stw_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stl_be_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stl_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stq_be_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    cpu_stq_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stw_le_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stw_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stl_le_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    cpu_stl_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stq_le_data_ra(CPUArchState *env, target_ulong ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    cpu_stq_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
-}
-
-void cpu_stb_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stb_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stw_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stw_be_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stl_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stl_be_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stq_be_data(CPUArchState *env, target_ulong ptr, uint64_t val)
-{
-    cpu_stq_be_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stw_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stw_le_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stl_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
-{
-    cpu_stl_le_data_ra(env, ptr, val, 0);
-}
-
-void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
-{
-    cpu_stq_le_data_ra(env, ptr, val, 0);
-}
+#include "ldst_common.c.inc"
 
 /*
  * First set of functions passes in OI and RETADDR.
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@ int cpu_signal_handler(int host_signum, void *pinfo,
 
 /* The softmmu versions of these helpers are in cputlb.c.  */
 
-uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr ptr)
+/*
+ * Verify that we have passed the correct MemOp to the correct function.
+ *
+ * We could present one function to target code, and dispatch based on
+ * the MemOp, but so far we have worked hard to avoid an indirect function
+ * call along the memory path.
+ */
+static void validate_memop(MemOpIdx oi, MemOp expected)
 {
-    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
-    uint32_t ret;
+#ifdef CONFIG_DEBUG_TCG
+    MemOp have = get_memop(oi) & (MO_SIZE | MO_BSWAP);
+    assert(have == expected);
+#endif
+}
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldub_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+static void *cpu_mmu_lookup(CPUArchState *env, target_ulong addr,
+                            MemOpIdx oi, uintptr_t ra, MMUAccessType type)
+{
+    void *ret;
+
+    /* TODO: Enforce guest required alignment.  */
+
+    ret = g2h(env_cpu(env), addr);
+    set_helper_retaddr(ra);
     return ret;
 }
 
-int cpu_ldsb_data(CPUArchState *env, abi_ptr ptr)
+uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int8_t)cpu_ldub_data(env, ptr);
-}
+    void *haddr;
+    uint8_t ret;
 
-uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
-    uint32_t ret;
-
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = lduw_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_UB);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldub_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-int cpu_ldsw_be_data(CPUArchState *env, abi_ptr ptr)
+uint16_t cpu_ldw_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_be_data(env, ptr);
-}
+    void *haddr;
+    uint16_t ret;
 
-uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
-    uint32_t ret;
-
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldl_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_BEUW);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = lduw_be_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr ptr)
+uint32_t cpu_ldl_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
+    void *haddr;
+    uint32_t ret;
+
+    validate_memop(oi, MO_BEUL);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldl_be_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
+    return ret;
+}
+
+uint64_t cpu_ldq_be_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
+{
+    void *haddr;
     uint64_t ret;
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldq_be_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_BEQ);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldq_be_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr ptr)
+uint16_t cpu_ldw_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
+    void *haddr;
+    uint16_t ret;
+
+    validate_memop(oi, MO_LEUW);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = lduw_le_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
+    return ret;
+}
+
+uint32_t cpu_ldl_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
+{
+    void *haddr;
     uint32_t ret;
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = lduw_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_LEUL);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldl_le_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-int cpu_ldsw_le_data(CPUArchState *env, abi_ptr ptr)
+uint64_t cpu_ldq_le_mmu(CPUArchState *env, abi_ptr addr,
+                        MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_le_data(env, ptr);
-}
-
-uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
-    uint32_t ret;
-
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldl_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
-    return ret;
-}
-
-uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr ptr)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
+    void *haddr;
     uint64_t ret;
 
-    trace_guest_ld_before_exec(env_cpu(env), ptr, oi);
-    ret = ldq_le_p(g2h(env_cpu(env), ptr));
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_R);
+    validate_memop(oi, MO_LEQ);
+    trace_guest_ld_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_LOAD);
+    ret = ldq_le_p(haddr);
+    clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
     return ret;
 }
 
-uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stb_mmu(CPUArchState *env, abi_ptr addr, uint8_t val,
+                 MemOpIdx oi, uintptr_t ra)
 {
-    uint32_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldub_data(env, ptr);
+    validate_memop(oi, MO_UB);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stb_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stw_be_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int8_t)cpu_ldub_data_ra(env, ptr, retaddr);
-}
+    void *haddr;
 
-uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-{
-    uint32_t ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_lduw_be_data(env, ptr);
+    validate_memop(oi, MO_BEUW);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stw_be_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stl_be_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_be_data_ra(env, ptr, retaddr);
-}
+    void *haddr;
 
-uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-{
-    uint32_t ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldl_be_data(env, ptr);
+    validate_memop(oi, MO_BEUL);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stl_be_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stq_be_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    uint64_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldq_be_data(env, ptr);
+    validate_memop(oi, MO_BEQ);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stq_be_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stw_le_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    uint32_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_lduw_le_data(env, ptr);
+    validate_memop(oi, MO_LEUW);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stw_le_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stl_le_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    return (int16_t)cpu_lduw_le_data_ra(env, ptr, retaddr);
-}
+    void *haddr;
 
-uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
-{
-    uint32_t ret;
-
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldl_le_data(env, ptr);
+    validate_memop(oi, MO_LEUL);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stl_le_p(haddr, val);
     clear_helper_retaddr();
-    return ret;
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
-uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr ptr, uintptr_t retaddr)
+void cpu_stq_le_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
+                    MemOpIdx oi, uintptr_t ra)
 {
-    uint64_t ret;
+    void *haddr;
 
-    set_helper_retaddr(retaddr);
-    ret = cpu_ldq_le_data(env, ptr);
-    clear_helper_retaddr();
-    return ret;
-}
-
-void cpu_stb_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_UB, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stb_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stw_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUW, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stw_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stl_be_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEUL, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stl_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stq_be_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_BEQ, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stq_be_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stw_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEUW, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stw_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stl_le_data(CPUArchState *env, abi_ptr ptr, uint32_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEUL, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stl_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stq_le_data(CPUArchState *env, abi_ptr ptr, uint64_t val)
-{
-    MemOpIdx oi = make_memop_idx(MO_LEQ, MMU_USER_IDX);
-
-    trace_guest_st_before_exec(env_cpu(env), ptr, oi);
-    stq_le_p(g2h(env_cpu(env), ptr), val);
-    qemu_plugin_vcpu_mem_cb(env_cpu(env), ptr, oi, QEMU_PLUGIN_MEM_W);
-}
-
-void cpu_stb_data_ra(CPUArchState *env, abi_ptr ptr,
-                     uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stb_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stw_be_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stl_be_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stq_be_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stw_le_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint32_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stl_le_data(env, ptr, val);
-    clear_helper_retaddr();
-}
-
-void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr ptr,
-                        uint64_t val, uintptr_t retaddr)
-{
-    set_helper_retaddr(retaddr);
-    cpu_stq_le_data(env, ptr, val);
+    validate_memop(oi, MO_LEQ);
+    trace_guest_st_before_exec(env_cpu(env), addr, oi);
+    haddr = cpu_mmu_lookup(env, addr, oi, ra, MMU_DATA_STORE);
+    stq_le_p(haddr, val);
     clear_helper_retaddr();
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
 }
 
 uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr ptr)
@@ -XXX,XX +XXX,XX @@ uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr ptr)
     return ret;
 }
 
+#include "ldst_common.c.inc"
+
 /*
  * Do not allow unaligned operations to proceed.  Return the host address.
  *
diff --git a/accel/tcg/ldst_common.c.inc b/accel/tcg/ldst_common.c.inc
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/accel/tcg/ldst_common.c.inc
@@ -XXX,XX +XXX,XX @@
+/*
+ * Routines common to user and system emulation of load/store.
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                            int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+    return cpu_ldb_mmu(env, addr, oi, ra);
+}
+
+int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                       int mmu_idx, uintptr_t ra)
+{
+    return (int8_t)cpu_ldub_mmuidx_ra(env, addr, mmu_idx, ra);
+}
+
+uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                               int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
+    return cpu_ldw_be_mmu(env, addr, oi, ra);
+}
+
+int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                          int mmu_idx, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_be_mmuidx_ra(env, addr, mmu_idx, ra);
+}
+
+uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
+    return cpu_ldl_be_mmu(env, addr, oi, ra);
+}
+
+uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
+    return cpu_ldq_be_mmu(env, addr, oi, ra);
+}
+
+uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                               int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
+    return cpu_ldw_le_mmu(env, addr, oi, ra);
+}
+
+int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                          int mmu_idx, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_le_mmuidx_ra(env, addr, mmu_idx, ra);
+}
+
+uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
+    return cpu_ldl_le_mmu(env, addr, oi, ra);
+}
+
+uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
+                              int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
+    return cpu_ldq_le_mmu(env, addr, oi, ra);
+}
+
+void cpu_stb_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                       int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx);
+    cpu_stb_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUW | MO_UNALN, mmu_idx);
+    cpu_stw_be_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEUL | MO_UNALN, mmu_idx);
+    cpu_stl_be_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_BEQ | MO_UNALN, mmu_idx);
+    cpu_stq_be_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUW | MO_UNALN, mmu_idx);
+    cpu_stw_le_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint32_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEUL | MO_UNALN, mmu_idx);
+    cpu_stl_le_mmu(env, addr, val, oi, ra);
+}
+
+void cpu_stq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr, uint64_t val,
+                          int mmu_idx, uintptr_t ra)
+{
+    MemOpIdx oi = make_memop_idx(MO_LEQ | MO_UNALN, mmu_idx);
+    cpu_stq_le_mmu(env, addr, val, oi, ra);
+}
+
+/*--------------------------*/
+
+uint32_t cpu_ldub_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldub_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+int cpu_ldsb_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return (int8_t)cpu_ldub_data_ra(env, addr, ra);
+}
+
+uint32_t cpu_lduw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_lduw_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+int cpu_ldsw_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_be_data_ra(env, addr, ra);
+}
+
+uint32_t cpu_ldl_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldl_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+uint64_t cpu_ldq_be_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldq_be_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+uint32_t cpu_lduw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_lduw_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+int cpu_ldsw_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return (int16_t)cpu_lduw_le_data_ra(env, addr, ra);
+}
+
+uint32_t cpu_ldl_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldl_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+uint64_t cpu_ldq_le_data_ra(CPUArchState *env, abi_ptr addr, uintptr_t ra)
+{
+    return cpu_ldq_le_mmuidx_ra(env, addr, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stb_data_ra(CPUArchState *env, abi_ptr addr,
+                     uint32_t val, uintptr_t ra)
+{
+    cpu_stb_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stw_be_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stw_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stl_be_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stl_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stq_be_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint64_t val, uintptr_t ra)
+{
+    cpu_stq_be_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stw_le_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stw_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stl_le_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint32_t val, uintptr_t ra)
+{
+    cpu_stl_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+void cpu_stq_le_data_ra(CPUArchState *env, abi_ptr addr,
+                        uint64_t val, uintptr_t ra)
+{
+    cpu_stq_le_mmuidx_ra(env, addr, val, cpu_mmu_index(env, false), ra);
+}
+
+/*--------------------------*/
+
+uint32_t cpu_ldub_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldub_data_ra(env, addr, 0);
+}
+
+int cpu_ldsb_data(CPUArchState *env, abi_ptr addr)
+{
+    return (int8_t)cpu_ldub_data(env, addr);
+}
+
+uint32_t cpu_lduw_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_lduw_be_data_ra(env, addr, 0);
+}
+
+int cpu_ldsw_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return (int16_t)cpu_lduw_be_data(env, addr);
+}
+
+uint32_t cpu_ldl_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldl_be_data_ra(env, addr, 0);
+}
+
+uint64_t cpu_ldq_be_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldq_be_data_ra(env, addr, 0);
+}
+
+uint32_t cpu_lduw_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_lduw_le_data_ra(env, addr, 0);
+}
+
+int cpu_ldsw_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return (int16_t)cpu_lduw_le_data(env, addr);
+}
+
+uint32_t cpu_ldl_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldl_le_data_ra(env, addr, 0);
+}
+
+uint64_t cpu_ldq_le_data(CPUArchState *env, abi_ptr addr)
+{
+    return cpu_ldq_le_data_ra(env, addr, 0);
+}
+
+void cpu_stb_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stb_data_ra(env, addr, val, 0);
+}
+
+void cpu_stw_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stw_be_data_ra(env, addr, val, 0);
+}
+
+void cpu_stl_be_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stl_be_data_ra(env, addr, val, 0);
+}
+
+void cpu_stq_be_data(CPUArchState *env, abi_ptr addr, uint64_t val)
+{
+    cpu_stq_be_data_ra(env, addr, val, 0);
+}
+
+void cpu_stw_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stw_le_data_ra(env, addr, val, 0);
+}
+
+void cpu_stl_le_data(CPUArchState *env, abi_ptr addr, uint32_t val)
+{
+    cpu_stl_le_data_ra(env, addr, val, 0);
+}
+
+void cpu_stq_le_data(CPUArchState *env, abi_ptr addr, uint64_t val)
+{
+    cpu_stq_le_data_ra(env, addr, val, 0);
+}
-- 
2.25.1

The previous placement in tcg/tcg.h was not logical.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu_ldst.h       | 87 +++++++++++++++++++++++++++++++++++
 include/tcg/tcg.h             | 87 -----------------------------------
 target/arm/helper-a64.c       |  1 -
 target/m68k/op_helper.c       |  1 -
 target/ppc/mem_helper.c       |  1 -
 target/s390x/tcg/mem_helper.c |  1 -
 6 files changed, 87 insertions(+), 91 deletions(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -XXX,XX +XXX,XX @@
 #define CPU_LDST_H
 
 #include "exec/memopidx.h"
+#include "qemu/int128.h"
 
 #if defined(CONFIG_USER_ONLY)
 /* sparc32plus has 64bit long but 32bit space address
@@ -XXX,XX +XXX,XX @@ void cpu_stl_le_mmu(CPUArchState *env, abi_ptr ptr, uint32_t val,
 void cpu_stq_le_mmu(CPUArchState *env, abi_ptr ptr, uint64_t val,
                     MemOpIdx oi, uintptr_t ra);
 
+uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
+                                 uint32_t cmpv, uint32_t newv,
+                                 MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
+                                    uint64_t cmpv, uint64_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
+                                    uint32_t cmpv, uint32_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
+                                    uint64_t cmpv, uint64_t newv,
+                                    MemOpIdx oi, uintptr_t retaddr);
+
+#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
+TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
+    (CPUArchState *env, target_ulong addr, TYPE val,  \
+     MemOpIdx oi, uintptr_t retaddr);
+
+#ifdef CONFIG_ATOMIC64
+#define GEN_ATOMIC_HELPER_ALL(NAME)          \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
+    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
+#else
+#define GEN_ATOMIC_HELPER_ALL(NAME)          \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
+    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
+#endif
+
+GEN_ATOMIC_HELPER_ALL(fetch_add)
+GEN_ATOMIC_HELPER_ALL(fetch_sub)
+GEN_ATOMIC_HELPER_ALL(fetch_and)
+GEN_ATOMIC_HELPER_ALL(fetch_or)
+GEN_ATOMIC_HELPER_ALL(fetch_xor)
+GEN_ATOMIC_HELPER_ALL(fetch_smin)
+GEN_ATOMIC_HELPER_ALL(fetch_umin)
+GEN_ATOMIC_HELPER_ALL(fetch_smax)
+GEN_ATOMIC_HELPER_ALL(fetch_umax)
+
+GEN_ATOMIC_HELPER_ALL(add_fetch)
+GEN_ATOMIC_HELPER_ALL(sub_fetch)
+GEN_ATOMIC_HELPER_ALL(and_fetch)
+GEN_ATOMIC_HELPER_ALL(or_fetch)
+GEN_ATOMIC_HELPER_ALL(xor_fetch)
+GEN_ATOMIC_HELPER_ALL(smin_fetch)
+GEN_ATOMIC_HELPER_ALL(umin_fetch)
+GEN_ATOMIC_HELPER_ALL(smax_fetch)
+GEN_ATOMIC_HELPER_ALL(umax_fetch)
+
+GEN_ATOMIC_HELPER_ALL(xchg)
+
+#undef GEN_ATOMIC_HELPER_ALL
+#undef GEN_ATOMIC_HELPER
+
+Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
+                                  Int128 cmpv, Int128 newv,
+                                  MemOpIdx oi, uintptr_t retaddr);
+Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
+                                  Int128 cmpv, Int128 newv,
+                                  MemOpIdx oi, uintptr_t retaddr);
+
+Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
+                             MemOpIdx oi, uintptr_t retaddr);
+Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
+                             MemOpIdx oi, uintptr_t retaddr);
+void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
+                           MemOpIdx oi, uintptr_t retaddr);
+void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
+                           MemOpIdx oi, uintptr_t retaddr);
+
 #if defined(CONFIG_USER_ONLY)
 
 extern __thread uintptr_t helper_retaddr;
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@
 #include "qemu/queue.h"
 #include "tcg/tcg-mo.h"
 #include "tcg-target.h"
-#include "qemu/int128.h"
 #include "tcg/tcg-cond.h"
 
 /* XXX: make safe guess about sizes */
@@ -XXX,XX +XXX,XX @@ void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
 #endif
 #endif /* CONFIG_SOFTMMU */
 
-uint32_t cpu_atomic_cmpxchgb_mmu(CPUArchState *env, target_ulong addr,
-                                 uint32_t cmpv, uint32_t newv,
-                                 MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgw_le_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgl_le_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t cpu_atomic_cmpxchgq_le_mmu(CPUArchState *env, target_ulong addr,
-                                    uint64_t cmpv, uint64_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgw_be_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint32_t cpu_atomic_cmpxchgl_be_mmu(CPUArchState *env, target_ulong addr,
-                                    uint32_t cmpv, uint32_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t cpu_atomic_cmpxchgq_be_mmu(CPUArchState *env, target_ulong addr,
-                                    uint64_t cmpv, uint64_t newv,
-                                    MemOpIdx oi, uintptr_t retaddr);
-
-#define GEN_ATOMIC_HELPER(NAME, TYPE, SUFFIX)         \
-TYPE cpu_atomic_ ## NAME ## SUFFIX ## _mmu            \
-    (CPUArchState *env, target_ulong addr, TYPE val,  \
-     MemOpIdx oi, uintptr_t retaddr);
-
-#ifdef CONFIG_ATOMIC64
-#define GEN_ATOMIC_HELPER_ALL(NAME)          \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)  \
-    GEN_ATOMIC_HELPER(NAME, uint64_t, q_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint64_t, q_be)
-#else
-#define GEN_ATOMIC_HELPER_ALL(NAME)          \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, b)     \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, w_be)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_le)  \
-    GEN_ATOMIC_HELPER(NAME, uint32_t, l_be)
-#endif
-
-GEN_ATOMIC_HELPER_ALL(fetch_add)
-GEN_ATOMIC_HELPER_ALL(fetch_sub)
-GEN_ATOMIC_HELPER_ALL(fetch_and)
-GEN_ATOMIC_HELPER_ALL(fetch_or)
-GEN_ATOMIC_HELPER_ALL(fetch_xor)
-GEN_ATOMIC_HELPER_ALL(fetch_smin)
-GEN_ATOMIC_HELPER_ALL(fetch_umin)
-GEN_ATOMIC_HELPER_ALL(fetch_smax)
-GEN_ATOMIC_HELPER_ALL(fetch_umax)
-
-GEN_ATOMIC_HELPER_ALL(add_fetch)
-GEN_ATOMIC_HELPER_ALL(sub_fetch)
-GEN_ATOMIC_HELPER_ALL(and_fetch)
-GEN_ATOMIC_HELPER_ALL(or_fetch)
-GEN_ATOMIC_HELPER_ALL(xor_fetch)
-GEN_ATOMIC_HELPER_ALL(smin_fetch)
-GEN_ATOMIC_HELPER_ALL(umin_fetch)
-GEN_ATOMIC_HELPER_ALL(smax_fetch)
-GEN_ATOMIC_HELPER_ALL(umax_fetch)
-
-GEN_ATOMIC_HELPER_ALL(xchg)
-
-#undef GEN_ATOMIC_HELPER_ALL
-#undef GEN_ATOMIC_HELPER
-
-Int128 cpu_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
-                                  Int128 cmpv, Int128 newv,
-                                  MemOpIdx oi, uintptr_t retaddr);
-Int128 cpu_atomic_cmpxchgo_be_mmu(CPUArchState *env, target_ulong addr,
-                                  Int128 cmpv, Int128 newv,
-                                  MemOpIdx oi, uintptr_t retaddr);
-
-Int128 cpu_atomic_ldo_le_mmu(CPUArchState *env, target_ulong addr,
-                             MemOpIdx oi, uintptr_t retaddr);
-Int128 cpu_atomic_ldo_be_mmu(CPUArchState *env, target_ulong addr,
-                             MemOpIdx oi, uintptr_t retaddr);
-void cpu_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-                           MemOpIdx oi, uintptr_t retaddr);
-void cpu_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
-                           MemOpIdx oi, uintptr_t retaddr);
-
 #ifdef CONFIG_DEBUG_TCG
 void tcg_assert_listed_vecop(TCGOpcode);
 #else
diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "qemu/int128.h"
 #include "qemu/atomic128.h"
-#include "tcg/tcg.h"
 #include "fpu/softfloat.h"
 #include <zlib.h> /* For crc32 */
 
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "semihosting/semihost.h"
-#include "tcg/tcg.h"
 
 #if !defined(CONFIG_USER_ONLY)
 
diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/helper-proto.h"
 #include "helper_regs.h"
 #include "exec/cpu_ldst.h"
-#include "tcg/tcg.h"
 #include "internal.h"
 #include "qemu/atomic128.h"
 
diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "qemu/int128.h"
 #include "qemu/atomic128.h"
-#include "tcg/tcg.h"
 #include "trace.h"
 
 #if !defined(CONFIG_USER_ONLY)
-- 
2.25.1

We should not have been using the helper_ret_* set of
functions, as they are supposed to be private to tcg.
Nor should we have been using the plain cpu_*_data set
of functions, as they do not handle unwinding properly.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/msa_helper.c | 420 +++++++++++------------------------
 1 file changed, 135 insertions(+), 285 deletions(-)

diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/msa_helper.c
+++ b/target/mips/tcg/msa_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_b(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_BYTE)
-#if !defined(CONFIG_USER_ONLY)
+    uintptr_t ra = GETPC();
+
 #if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
-    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
-    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
-    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
-    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
-    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
-    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
-    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
-    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
-    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
-    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
-    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
-    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
-    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
-    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
-    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
+    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
+    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
+    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
+    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
+    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
+    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
+    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
+    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
+    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (8  << DF_BYTE), ra);
+    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (9  << DF_BYTE), ra);
+    pwd->b[10] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
+    pwd->b[11] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
+    pwd->b[12] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
+    pwd->b[13] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
+    pwd->b[14] = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
+    pwd->b[15] = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
 #else
-    pwd->b[0]  = helper_ret_ldub_mmu(env, addr + (7  << DF_BYTE), oi, GETPC());
-    pwd->b[1]  = helper_ret_ldub_mmu(env, addr + (6  << DF_BYTE), oi, GETPC());
-    pwd->b[2]  = helper_ret_ldub_mmu(env, addr + (5  << DF_BYTE), oi, GETPC());
-    pwd->b[3]  = helper_ret_ldub_mmu(env, addr + (4  << DF_BYTE), oi, GETPC());
-    pwd->b[4]  = helper_ret_ldub_mmu(env, addr + (3  << DF_BYTE), oi, GETPC());
-    pwd->b[5]  = helper_ret_ldub_mmu(env, addr + (2  << DF_BYTE), oi, GETPC());
-    pwd->b[6]  = helper_ret_ldub_mmu(env, addr + (1  << DF_BYTE), oi, GETPC());
-    pwd->b[7]  = helper_ret_ldub_mmu(env, addr + (0  << DF_BYTE), oi, GETPC());
-    pwd->b[8]  = helper_ret_ldub_mmu(env, addr + (15 << DF_BYTE), oi, GETPC());
-    pwd->b[9]  = helper_ret_ldub_mmu(env, addr + (14 << DF_BYTE), oi, GETPC());
-    pwd->b[10] = helper_ret_ldub_mmu(env, addr + (13 << DF_BYTE), oi, GETPC());
-    pwd->b[11] = helper_ret_ldub_mmu(env, addr + (12 << DF_BYTE), oi, GETPC());
-    pwd->b[12] = helper_ret_ldub_mmu(env, addr + (11 << DF_BYTE), oi, GETPC());
-    pwd->b[13] = helper_ret_ldub_mmu(env, addr + (10 << DF_BYTE), oi, GETPC());
-    pwd->b[14] = helper_ret_ldub_mmu(env, addr + (9  << DF_BYTE), oi, GETPC());
-    pwd->b[15] = helper_ret_ldub_mmu(env, addr + (8  << DF_BYTE), oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->b[0]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
-    pwd->b[1]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
-    pwd->b[2]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
-    pwd->b[3]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
-    pwd->b[4]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
-    pwd->b[5]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
-    pwd->b[6]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
-    pwd->b[7]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
-    pwd->b[8]  = cpu_ldub_data(env, addr + (8  << DF_BYTE));
-    pwd->b[9]  = cpu_ldub_data(env, addr + (9  << DF_BYTE));
-    pwd->b[10] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
-    pwd->b[11] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
-    pwd->b[12] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
-    pwd->b[13] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
-    pwd->b[14] = cpu_ldub_data(env, addr + (14 << DF_BYTE));
-    pwd->b[15] = cpu_ldub_data(env, addr + (15 << DF_BYTE));
-#else
-    pwd->b[0]  = cpu_ldub_data(env, addr + (7  << DF_BYTE));
-    pwd->b[1]  = cpu_ldub_data(env, addr + (6  << DF_BYTE));
-    pwd->b[2]  = cpu_ldub_data(env, addr + (5  << DF_BYTE));
-    pwd->b[3]  = cpu_ldub_data(env, addr + (4  << DF_BYTE));
-    pwd->b[4]  = cpu_ldub_data(env, addr + (3  << DF_BYTE));
-    pwd->b[5]  = cpu_ldub_data(env, addr + (2  << DF_BYTE));
-    pwd->b[6]  = cpu_ldub_data(env, addr + (1  << DF_BYTE));
-    pwd->b[7]  = cpu_ldub_data(env, addr + (0  << DF_BYTE));
-    pwd->b[8]  = cpu_ldub_data(env, addr + (15 << DF_BYTE));
-    pwd->b[9]  = cpu_ldub_data(env, addr + (14 << DF_BYTE));
-    pwd->b[10] = cpu_ldub_data(env, addr + (13 << DF_BYTE));
-    pwd->b[11] = cpu_ldub_data(env, addr + (12 << DF_BYTE));
-    pwd->b[12] = cpu_ldub_data(env, addr + (11 << DF_BYTE));
-    pwd->b[13] = cpu_ldub_data(env, addr + (10 << DF_BYTE));
-    pwd->b[14] = cpu_ldub_data(env, addr + (9 << DF_BYTE));
-    pwd->b[15] = cpu_ldub_data(env, addr + (8 << DF_BYTE));
-#endif
+    pwd->b[0]  = cpu_ldub_data_ra(env, addr + (7  << DF_BYTE), ra);
+    pwd->b[1]  = cpu_ldub_data_ra(env, addr + (6  << DF_BYTE), ra);
+    pwd->b[2]  = cpu_ldub_data_ra(env, addr + (5  << DF_BYTE), ra);
+    pwd->b[3]  = cpu_ldub_data_ra(env, addr + (4  << DF_BYTE), ra);
+    pwd->b[4]  = cpu_ldub_data_ra(env, addr + (3  << DF_BYTE), ra);
+    pwd->b[5]  = cpu_ldub_data_ra(env, addr + (2  << DF_BYTE), ra);
+    pwd->b[6]  = cpu_ldub_data_ra(env, addr + (1  << DF_BYTE), ra);
+    pwd->b[7]  = cpu_ldub_data_ra(env, addr + (0  << DF_BYTE), ra);
+    pwd->b[8]  = cpu_ldub_data_ra(env, addr + (15 << DF_BYTE), ra);
+    pwd->b[9]  = cpu_ldub_data_ra(env, addr + (14 << DF_BYTE), ra);
+    pwd->b[10] = cpu_ldub_data_ra(env, addr + (13 << DF_BYTE), ra);
+    pwd->b[11] = cpu_ldub_data_ra(env, addr + (12 << DF_BYTE), ra);
+    pwd->b[12] = cpu_ldub_data_ra(env, addr + (11 << DF_BYTE), ra);
+    pwd->b[13] = cpu_ldub_data_ra(env, addr + (10 << DF_BYTE), ra);
+    pwd->b[14] = cpu_ldub_data_ra(env, addr + (9 << DF_BYTE), ra);
+    pwd->b[15] = cpu_ldub_data_ra(env, addr + (8 << DF_BYTE), ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_h(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_HALF)
-#if !defined(CONFIG_USER_ONLY)
+    uintptr_t ra = GETPC();
+
 #if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
-    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
-    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
-    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
-    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
-    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
-    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
-    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
+    pwd->h[0] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
+    pwd->h[1] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
+    pwd->h[2] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
+    pwd->h[3] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
+    pwd->h[4] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
+    pwd->h[5] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
+    pwd->h[6] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
+    pwd->h[7] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
 #else
-    pwd->h[0] = helper_ret_lduw_mmu(env, addr + (3 << DF_HALF), oi, GETPC());
-    pwd->h[1] = helper_ret_lduw_mmu(env, addr + (2 << DF_HALF), oi, GETPC());
-    pwd->h[2] = helper_ret_lduw_mmu(env, addr + (1 << DF_HALF), oi, GETPC());
-    pwd->h[3] = helper_ret_lduw_mmu(env, addr + (0 << DF_HALF), oi, GETPC());
-    pwd->h[4] = helper_ret_lduw_mmu(env, addr + (7 << DF_HALF), oi, GETPC());
-    pwd->h[5] = helper_ret_lduw_mmu(env, addr + (6 << DF_HALF), oi, GETPC());
-    pwd->h[6] = helper_ret_lduw_mmu(env, addr + (5 << DF_HALF), oi, GETPC());
-    pwd->h[7] = helper_ret_lduw_mmu(env, addr + (4 << DF_HALF), oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->h[0] = cpu_lduw_data(env, addr + (0 << DF_HALF));
-    pwd->h[1] = cpu_lduw_data(env, addr + (1 << DF_HALF));
-    pwd->h[2] = cpu_lduw_data(env, addr + (2 << DF_HALF));
-    pwd->h[3] = cpu_lduw_data(env, addr + (3 << DF_HALF));
-    pwd->h[4] = cpu_lduw_data(env, addr + (4 << DF_HALF));
-    pwd->h[5] = cpu_lduw_data(env, addr + (5 << DF_HALF));
-    pwd->h[6] = cpu_lduw_data(env, addr + (6 << DF_HALF));
-    pwd->h[7] = cpu_lduw_data(env, addr + (7 << DF_HALF));
-#else
-    pwd->h[0] = cpu_lduw_data(env, addr + (3 << DF_HALF));
-    pwd->h[1] = cpu_lduw_data(env, addr + (2 << DF_HALF));
-    pwd->h[2] = cpu_lduw_data(env, addr + (1 << DF_HALF));
-    pwd->h[3] = cpu_lduw_data(env, addr + (0 << DF_HALF));
-    pwd->h[4] = cpu_lduw_data(env, addr + (7 << DF_HALF));
-    pwd->h[5] = cpu_lduw_data(env, addr + (6 << DF_HALF));
-    pwd->h[6] = cpu_lduw_data(env, addr + (5 << DF_HALF));
-    pwd->h[7] = cpu_lduw_data(env, addr + (4 << DF_HALF));
-#endif
+    pwd->h[0] = cpu_lduw_data_ra(env, addr + (3 << DF_HALF), ra);
+    pwd->h[1] = cpu_lduw_data_ra(env, addr + (2 << DF_HALF), ra);
+    pwd->h[2] = cpu_lduw_data_ra(env, addr + (1 << DF_HALF), ra);
+    pwd->h[3] = cpu_lduw_data_ra(env, addr + (0 << DF_HALF), ra);
+    pwd->h[4] = cpu_lduw_data_ra(env, addr + (7 << DF_HALF), ra);
+    pwd->h[5] = cpu_lduw_data_ra(env, addr + (6 << DF_HALF), ra);
+    pwd->h[6] = cpu_lduw_data_ra(env, addr + (5 << DF_HALF), ra);
+    pwd->h[7] = cpu_lduw_data_ra(env, addr + (4 << DF_HALF), ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_w(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_WORD)
-#if !defined(CONFIG_USER_ONLY)
+    uintptr_t ra = GETPC();
+
 #if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
-    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
-    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
-    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
+    pwd->w[0] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
+    pwd->w[1] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
+    pwd->w[2] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
+    pwd->w[3] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
 #else
-    pwd->w[0] = helper_ret_ldul_mmu(env, addr + (1 << DF_WORD), oi, GETPC());
-    pwd->w[1] = helper_ret_ldul_mmu(env, addr + (0 << DF_WORD), oi, GETPC());
-    pwd->w[2] = helper_ret_ldul_mmu(env, addr + (3 << DF_WORD), oi, GETPC());
-    pwd->w[3] = helper_ret_ldul_mmu(env, addr + (2 << DF_WORD), oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    pwd->w[0] = cpu_ldl_data(env, addr + (0 << DF_WORD));
-    pwd->w[1] = cpu_ldl_data(env, addr + (1 << DF_WORD));
-    pwd->w[2] = cpu_ldl_data(env, addr + (2 << DF_WORD));
-    pwd->w[3] = cpu_ldl_data(env, addr + (3 << DF_WORD));
-#else
-    pwd->w[0] = cpu_ldl_data(env, addr + (1 << DF_WORD));
-    pwd->w[1] = cpu_ldl_data(env, addr + (0 << DF_WORD));
-    pwd->w[2] = cpu_ldl_data(env, addr + (3 << DF_WORD));
-    pwd->w[3] = cpu_ldl_data(env, addr + (2 << DF_WORD));
-#endif
+    pwd->w[0] = cpu_ldl_data_ra(env, addr + (1 << DF_WORD), ra);
+    pwd->w[1] = cpu_ldl_data_ra(env, addr + (0 << DF_WORD), ra);
+    pwd->w[2] = cpu_ldl_data_ra(env, addr + (3 << DF_WORD), ra);
+    pwd->w[3] = cpu_ldl_data_ra(env, addr + (2 << DF_WORD), ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_ld_d(CPUMIPSState *env, uint32_t wd,
                      target_ulong addr)
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
-    MEMOP_IDX(DF_DOUBLE)
-#if !defined(CONFIG_USER_ONLY)
-    pwd->d[0] = helper_ret_ldq_mmu(env, addr + (0 << DF_DOUBLE), oi, GETPC());
-    pwd->d[1] = helper_ret_ldq_mmu(env, addr + (1 << DF_DOUBLE), oi, GETPC());
-#else
-    pwd->d[0] = cpu_ldq_data(env, addr + (0 << DF_DOUBLE));
-    pwd->d[1] = cpu_ldq_data(env, addr + (1 << DF_DOUBLE));
-#endif
+    uintptr_t ra = GETPC();
+
+    pwd->d[0] = cpu_ldq_data_ra(env, addr + (0 << DF_DOUBLE), ra);
+    pwd->d[1] = cpu_ldq_data_ra(env, addr + (1 << DF_DOUBLE), ra);
 }
 
 #define MSA_PAGESPAN(x) \
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_b(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
+
+    ensure_writable_pages(env, addr, mmu_idx, ra);
 
-    MEMOP_IDX(DF_BYTE)
-    ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
 #if !defined(HOST_WORDS_BIGENDIAN)
-    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[0],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[1],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[2],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[3],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[4],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[5],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[6],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[7],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[8],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[9],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[10], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[11], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[12], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[13], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[14], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[15], oi, GETPC());
+    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[0], ra);
+    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[1], ra);
+    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[2], ra);
+    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[3], ra);
+    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[4], ra);
+    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[5], ra);
+    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[6], ra);
+    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[7], ra);
+    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[8], ra);
+    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[9], ra);
+    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[10], ra);
+    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[11], ra);
+    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[12], ra);
+    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[13], ra);
+    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[14], ra);
+    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[15], ra);
 #else
-    helper_ret_stb_mmu(env, addr + (7  << DF_BYTE), pwd->b[0],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (6  << DF_BYTE), pwd->b[1],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (5  << DF_BYTE), pwd->b[2],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (4  << DF_BYTE), pwd->b[3],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (3  << DF_BYTE), pwd->b[4],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (2  << DF_BYTE), pwd->b[5],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (1  << DF_BYTE), pwd->b[6],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (0  << DF_BYTE), pwd->b[7],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (15 << DF_BYTE), pwd->b[8],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (14 << DF_BYTE), pwd->b[9],  oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (13 << DF_BYTE), pwd->b[10], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (12 << DF_BYTE), pwd->b[11], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (11 << DF_BYTE), pwd->b[12], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (10 << DF_BYTE), pwd->b[13], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (9  << DF_BYTE), pwd->b[14], oi, GETPC());
-    helper_ret_stb_mmu(env, addr + (8  << DF_BYTE), pwd->b[15], oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[0]);
-    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[1]);
-    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[2]);
-    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[3]);
-    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[4]);
-    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[5]);
-    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[6]);
-    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[7]);
-    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[8]);
-    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[9]);
-    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[10]);
-    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[11]);
-    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[12]);
-    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[13]);
-    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[14]);
-    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[15]);
-#else
-    cpu_stb_data(env, addr + (7  << DF_BYTE), pwd->b[0]);
-    cpu_stb_data(env, addr + (6  << DF_BYTE), pwd->b[1]);
-    cpu_stb_data(env, addr + (5  << DF_BYTE), pwd->b[2]);
-    cpu_stb_data(env, addr + (4  << DF_BYTE), pwd->b[3]);
-    cpu_stb_data(env, addr + (3  << DF_BYTE), pwd->b[4]);
-    cpu_stb_data(env, addr + (2  << DF_BYTE), pwd->b[5]);
-    cpu_stb_data(env, addr + (1  << DF_BYTE), pwd->b[6]);
-    cpu_stb_data(env, addr + (0  << DF_BYTE), pwd->b[7]);
-    cpu_stb_data(env, addr + (15 << DF_BYTE), pwd->b[8]);
-    cpu_stb_data(env, addr + (14 << DF_BYTE), pwd->b[9]);
-    cpu_stb_data(env, addr + (13 << DF_BYTE), pwd->b[10]);
-    cpu_stb_data(env, addr + (12 << DF_BYTE), pwd->b[11]);
-    cpu_stb_data(env, addr + (11 << DF_BYTE), pwd->b[12]);
-    cpu_stb_data(env, addr + (10 << DF_BYTE), pwd->b[13]);
-    cpu_stb_data(env, addr + (9  << DF_BYTE), pwd->b[14]);
-    cpu_stb_data(env, addr + (8  << DF_BYTE), pwd->b[15]);
-#endif
+    cpu_stb_data_ra(env, addr + (7  << DF_BYTE), pwd->b[0], ra);
+    cpu_stb_data_ra(env, addr + (6  << DF_BYTE), pwd->b[1], ra);
+    cpu_stb_data_ra(env, addr + (5  << DF_BYTE), pwd->b[2], ra);
+    cpu_stb_data_ra(env, addr + (4  << DF_BYTE), pwd->b[3], ra);
+    cpu_stb_data_ra(env, addr + (3  << DF_BYTE), pwd->b[4], ra);
+    cpu_stb_data_ra(env, addr + (2  << DF_BYTE), pwd->b[5], ra);
+    cpu_stb_data_ra(env, addr + (1  << DF_BYTE), pwd->b[6], ra);
+    cpu_stb_data_ra(env, addr + (0  << DF_BYTE), pwd->b[7], ra);
+    cpu_stb_data_ra(env, addr + (15 << DF_BYTE), pwd->b[8], ra);
+    cpu_stb_data_ra(env, addr + (14 << DF_BYTE), pwd->b[9], ra);
+    cpu_stb_data_ra(env, addr + (13 << DF_BYTE), pwd->b[10], ra);
+    cpu_stb_data_ra(env, addr + (12 << DF_BYTE), pwd->b[11], ra);
+    cpu_stb_data_ra(env, addr + (11 << DF_BYTE), pwd->b[12], ra);
+    cpu_stb_data_ra(env, addr + (10 << DF_BYTE), pwd->b[13], ra);
+    cpu_stb_data_ra(env, addr + (9  << DF_BYTE), pwd->b[14], ra);
+    cpu_stb_data_ra(env, addr + (8  << DF_BYTE), pwd->b[15], ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_h(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
+
+    ensure_writable_pages(env, addr, mmu_idx, ra);
 
-    MEMOP_IDX(DF_HALF)
-    ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
 #if !defined(HOST_WORDS_BIGENDIAN)
-    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[0], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[1], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[2], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[3], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[4], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[5], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[6], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[7], oi, GETPC());
+    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[0], ra);
+    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[1], ra);
+    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[2], ra);
+    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[3], ra);
+    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[4], ra);
+    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[5], ra);
+    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[6], ra);
+    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[7], ra);
 #else
-    helper_ret_stw_mmu(env, addr + (3 << DF_HALF), pwd->h[0], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (2 << DF_HALF), pwd->h[1], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (1 << DF_HALF), pwd->h[2], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (0 << DF_HALF), pwd->h[3], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (7 << DF_HALF), pwd->h[4], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (6 << DF_HALF), pwd->h[5], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (5 << DF_HALF), pwd->h[6], oi, GETPC());
-    helper_ret_stw_mmu(env, addr + (4 << DF_HALF), pwd->h[7], oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[0]);
-    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[1]);
-    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[2]);
-    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[3]);
-    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[4]);
-    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[5]);
-    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[6]);
-    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[7]);
-#else
-    cpu_stw_data(env, addr + (3 << DF_HALF), pwd->h[0]);
-    cpu_stw_data(env, addr + (2 << DF_HALF), pwd->h[1]);
-    cpu_stw_data(env, addr + (1 << DF_HALF), pwd->h[2]);
-    cpu_stw_data(env, addr + (0 << DF_HALF), pwd->h[3]);
-    cpu_stw_data(env, addr + (7 << DF_HALF), pwd->h[4]);
-    cpu_stw_data(env, addr + (6 << DF_HALF), pwd->h[5]);
-    cpu_stw_data(env, addr + (5 << DF_HALF), pwd->h[6]);
-    cpu_stw_data(env, addr + (4 << DF_HALF), pwd->h[7]);
-#endif
+    cpu_stw_data_ra(env, addr + (3 << DF_HALF), pwd->h[0], ra);
+    cpu_stw_data_ra(env, addr + (2 << DF_HALF), pwd->h[1], ra);
+    cpu_stw_data_ra(env, addr + (1 << DF_HALF), pwd->h[2], ra);
+    cpu_stw_data_ra(env, addr + (0 << DF_HALF), pwd->h[3], ra);
+    cpu_stw_data_ra(env, addr + (7 << DF_HALF), pwd->h[4], ra);
+    cpu_stw_data_ra(env, addr + (6 << DF_HALF), pwd->h[5], ra);
+    cpu_stw_data_ra(env, addr + (5 << DF_HALF), pwd->h[6], ra);
+    cpu_stw_data_ra(env, addr + (4 << DF_HALF), pwd->h[7], ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_w(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
+
+    ensure_writable_pages(env, addr, mmu_idx, ra);
 
-    MEMOP_IDX(DF_WORD)
-    ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
 #if !defined(HOST_WORDS_BIGENDIAN)
-    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[0], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[1], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[2], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[3], oi, GETPC());
+    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[0], ra);
+    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[1], ra);
+    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[2], ra);
+    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[3], ra);
 #else
-    helper_ret_stl_mmu(env, addr + (1 << DF_WORD), pwd->w[0], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (0 << DF_WORD), pwd->w[1], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (3 << DF_WORD), pwd->w[2], oi, GETPC());
-    helper_ret_stl_mmu(env, addr + (2 << DF_WORD), pwd->w[3], oi, GETPC());
-#endif
-#else
-#if !defined(HOST_WORDS_BIGENDIAN)
-    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[0]);
-    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[1]);
-    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[2]);
-    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[3]);
-#else
-    cpu_stl_data(env, addr + (1 << DF_WORD), pwd->w[0]);
-    cpu_stl_data(env, addr + (0 << DF_WORD), pwd->w[1]);
-    cpu_stl_data(env, addr + (3 << DF_WORD), pwd->w[2]);
-    cpu_stl_data(env, addr + (2 << DF_WORD), pwd->w[3]);
-#endif
+    cpu_stl_data_ra(env, addr + (1 << DF_WORD), pwd->w[0], ra);
+    cpu_stl_data_ra(env, addr + (0 << DF_WORD), pwd->w[1], ra);
+    cpu_stl_data_ra(env, addr + (3 << DF_WORD), pwd->w[2], ra);
+    cpu_stl_data_ra(env, addr + (2 << DF_WORD), pwd->w[3], ra);
 #endif
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_msa_st_d(CPUMIPSState *env, uint32_t wd,
 {
     wr_t *pwd = &(env->active_fpu.fpr[wd].wr);
     int mmu_idx = cpu_mmu_index(env, false);
+    uintptr_t ra = GETPC();
 
-    MEMOP_IDX(DF_DOUBLE)
     ensure_writable_pages(env, addr, mmu_idx, GETPC());
-#if !defined(CONFIG_USER_ONLY)
-    helper_ret_stq_mmu(env, addr + (0 << DF_DOUBLE), pwd->d[0], oi, GETPC());
-    helper_ret_stq_mmu(env, addr + (1 << DF_DOUBLE), pwd->d[1], oi, GETPC());
-#else
-    cpu_stq_data(env, addr + (0 << DF_DOUBLE), pwd->d[0]);
-    cpu_stq_data(env, addr + (1 << DF_DOUBLE), pwd->d[1]);
-#endif
+
+    cpu_stq_data_ra(env, addr + (0 << DF_DOUBLE), pwd->d[0], ra);
+    cpu_stq_data_ra(env, addr + (1 << DF_DOUBLE), pwd->d[1], ra);
 }
-- 
2.25.1

Rather than use 4-16 separate operations, use 2 operations
plus some byte reordering as necessary.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/mips/tcg/msa_helper.c | 201 +++++++++++++----------------------
 1 file changed, 71 insertions(+), 130 deletions(-)

The helper_*_mmu functions were the only thing available
when this code was written.  This could have been adjusted
when we added cpu_*_mmuidx_ra, but now we can most easily
use the newest set of interfaces.

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/tcg/mem_helper.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -XXX,XX +XXX,XX @@ static void do_access_memset(CPUS390XState *env, vaddr vaddr, char *haddr,
          * page. This is especially relevant to speed up TLB_NOTDIRTY.
          */
         g_assert(size > 0);
-        helper_ret_stb_mmu(env, vaddr, byte, oi, ra);
+        cpu_stb_mmu(env, vaddr, byte, oi, ra);
         haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
         if (likely(haddr)) {
             memset(haddr + 1, byte, size - 1);
         } else {
             for (i = 1; i < size; i++) {
-                helper_ret_stb_mmu(env, vaddr + i, byte, oi, ra);
+                cpu_stb_mmu(env, vaddr + i, byte, oi, ra);
             }
         }
     }
@@ -XXX,XX +XXX,XX @@ static uint8_t do_access_get_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
      * Do a single access and test if we can then get access to the
      * page. This is especially relevant to speed up TLB_NOTDIRTY.
      */
-    byte = helper_ret_ldub_mmu(env, vaddr + offset, oi, ra);
+    byte = cpu_ldb_mmu(env, vaddr + offset, oi, ra);
     *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_LOAD, mmu_idx);
     return byte;
 #endif
@@ -XXX,XX +XXX,XX @@ static void do_access_set_byte(CPUS390XState *env, vaddr vaddr, char **haddr,
      * Do a single access and test if we can then get access to the
      * page. This is especially relevant to speed up TLB_NOTDIRTY.
      */
-    helper_ret_stb_mmu(env, vaddr + offset, byte, oi, ra);
+    cpu_stb_mmu(env, vaddr + offset, byte, oi, ra);
     *haddr = tlb_vaddr_to_host(env, vaddr, MMU_DATA_STORE, mmu_idx);
 #endif
 }
-- 
2.25.1

Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/sparc/ldst_helper.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/ldst_helper.c
+++ b/target/sparc/ldst_helper.c
@@ -XXX,XX +XXX,XX @@ uint64_t helper_ld_asi(CPUSPARCState *env, target_ulong addr,
             oi = make_memop_idx(memop, idx);
             switch (size) {
             case 1:
-                ret = helper_ret_ldub_mmu(env, addr, oi, GETPC());
+                ret = cpu_ldb_mmu(env, addr, oi, GETPC());
                 break;
             case 2:
                 if (asi & 8) {
-                    ret = helper_le_lduw_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldw_le_mmu(env, addr, oi, GETPC());
                 } else {
-                    ret = helper_be_lduw_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldw_be_mmu(env, addr, oi, GETPC());
                 }
                 break;
             case 4:
                 if (asi & 8) {
-                    ret = helper_le_ldul_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldl_le_mmu(env, addr, oi, GETPC());
                 } else {
-                    ret = helper_be_ldul_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldl_be_mmu(env, addr, oi, GETPC());
                 }
                 break;
             case 8:
                 if (asi & 8) {
-                    ret = helper_le_ldq_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldq_le_mmu(env, addr, oi, GETPC());
                 } else {
-                    ret = helper_be_ldq_mmu(env, addr, oi, GETPC());
+                    ret = cpu_ldq_be_mmu(env, addr, oi, GETPC());
                 }
                 break;
             default:
-- 
2.25.1

Cc: qemu-arm@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper-a64.c | 52 +++++++----------------------------------
 target/arm/m_helper.c   |  6 ++---
 2 files changed, 11 insertions(+), 47 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
     uintptr_t ra = GETPC();
     uint64_t o0, o1;
     bool success;
-
-#ifdef CONFIG_USER_ONLY
-    /* ??? Enforce alignment.  */
-    uint64_t *haddr = g2h(env_cpu(env), addr);
-
-    set_helper_retaddr(ra);
-    o0 = ldq_le_p(haddr + 0);
-    o1 = ldq_le_p(haddr + 1);
-    oldv = int128_make128(o0, o1);
-
-    success = int128_eq(oldv, cmpv);
-    if (success) {
-        stq_le_p(haddr + 0, int128_getlo(newv));
-        stq_le_p(haddr + 1, int128_gethi(newv));
-    }
-    clear_helper_retaddr();
-#else
     int mem_idx = cpu_mmu_index(env, false);
     MemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
     MemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
 
-    o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
-    o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
+    o0 = cpu_ldq_le_mmu(env, addr + 0, oi0, ra);
+    o1 = cpu_ldq_le_mmu(env, addr + 8, oi1, ra);
     oldv = int128_make128(o0, o1);
 
     success = int128_eq(oldv, cmpv);
     if (success) {
-        helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
-        helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
+        cpu_stq_le_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
+        cpu_stq_le_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
     }
-#endif
 
     return !success;
 }
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
     uintptr_t ra = GETPC();
     uint64_t o0, o1;
     bool success;
-
-#ifdef CONFIG_USER_ONLY
-    /* ??? Enforce alignment.  */
-    uint64_t *haddr = g2h(env_cpu(env), addr);
-
-    set_helper_retaddr(ra);
-    o1 = ldq_be_p(haddr + 0);
-    o0 = ldq_be_p(haddr + 1);
-    oldv = int128_make128(o0, o1);
-
-    success = int128_eq(oldv, cmpv);
-    if (success) {
-        stq_be_p(haddr + 0, int128_gethi(newv));
-        stq_be_p(haddr + 1, int128_getlo(newv));
-    }
-    clear_helper_retaddr();
-#else
     int mem_idx = cpu_mmu_index(env, false);
     MemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
     MemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
 
-    o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
-    o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
+    o1 = cpu_ldq_be_mmu(env, addr + 0, oi0, ra);
+    o0 = cpu_ldq_be_mmu(env, addr + 8, oi1, ra);
     oldv = int128_make128(o0, o1);
 
     success = int128_eq(oldv, cmpv);
     if (success) {
-        helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
-        helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
+        cpu_stq_be_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
+        cpu_stq_be_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
     }
-#endif
 
     return !success;
 }
diff --git a/target/arm/m_helper.c b/target/arm/m_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/m_helper.c
+++ b/target/arm/m_helper.c
@@ -XXX,XX +XXX,XX @@ static bool do_v7m_function_return(ARMCPU *cpu)
          * do them as secure, so work out what MMU index that is.
          */
         mmu_idx = arm_v7m_mmu_idx_for_secstate(env, true);
-        oi = make_memop_idx(MO_LE, arm_to_core_mmu_idx(mmu_idx));
-        newpc = helper_le_ldul_mmu(env, frameptr, oi, 0);
-        newpsr = helper_le_ldul_mmu(env, frameptr + 4, oi, 0);
+        oi = make_memop_idx(MO_LEUL, arm_to_core_mmu_idx(mmu_idx));
+        newpc = cpu_ldl_le_mmu(env, frameptr, oi, 0);
+        newpsr = cpu_ldl_le_mmu(env, frameptr + 4, oi, 0);
 
         /* Consistency checks on new IPSR */
         newpsr_exc = newpsr & XPSR_EXCP;
-- 
2.25.1

These functions have been replaced by cpu_*_mmu as the
most proper interface to use from target code.

Hide these declarations from code that should not use them.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/tcg/tcg-ldst.h | 74 ++++++++++++++++++++++++++++++++++++++++++
 include/tcg/tcg.h      | 71 ----------------------------------------
 accel/tcg/cputlb.c     |  1 +
 tcg/tcg.c              |  1 +
 tcg/tci.c              |  1 +
 5 files changed, 77 insertions(+), 71 deletions(-)
 create mode 100644 include/tcg/tcg-ldst.h

diff --git a/include/tcg/tcg-ldst.h b/include/tcg/tcg-ldst.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/tcg/tcg-ldst.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Memory helpers that will be used by TCG generated code.
+ *
+ * Copyright (c) 2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef TCG_LDST_H
+#define TCG_LDST_H 1
+
+#ifdef CONFIG_SOFTMMU
+
+/* Value zero-extended to tcg register size.  */
+tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
+                                     MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
+                           MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
+                           MemOpIdx oi, uintptr_t retaddr);
+
+/* Value sign-extended to tcg register size.  */
+tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
+                                     MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
+                                    MemOpIdx oi, uintptr_t retaddr);
+
+void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
+                        MemOpIdx oi, uintptr_t retaddr);
+void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
+                       MemOpIdx oi, uintptr_t retaddr);
+
+#endif /* CONFIG_SOFTMMU */
+#endif /* TCG_LDST_H */
diff --git a/include/tcg/tcg.h b/include/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/include/tcg/tcg.h
+++ b/include/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ uint64_t dup_const(unsigned vece, uint64_t c);
      :  (target_long)dup_const(VECE, C))
 #endif
 
-/*
- * Memory helpers that will be used by TCG generated code.
- */
-#ifdef CONFIG_SOFTMMU
-/* Value zero-extended to tcg register size.  */
-tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
-                                     MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
-                           MemOpIdx oi, uintptr_t retaddr);
-
-/* Value sign-extended to tcg register size.  */
-tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
-                                     MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
-                                    MemOpIdx oi, uintptr_t retaddr);
-
-void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
-                        MemOpIdx oi, uintptr_t retaddr);
-void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
-                       MemOpIdx oi, uintptr_t retaddr);
-
-/* Temporary aliases until backends are converted.  */
-#ifdef TARGET_WORDS_BIGENDIAN
-# define helper_ret_ldsw_mmu  helper_be_ldsw_mmu
-# define helper_ret_lduw_mmu  helper_be_lduw_mmu
-# define helper_ret_ldsl_mmu  helper_be_ldsl_mmu
-# define helper_ret_ldul_mmu  helper_be_ldul_mmu
-# define helper_ret_ldl_mmu   helper_be_ldul_mmu
-# define helper_ret_ldq_mmu   helper_be_ldq_mmu
-# define helper_ret_stw_mmu   helper_be_stw_mmu
-# define helper_ret_stl_mmu   helper_be_stl_mmu
-# define helper_ret_stq_mmu   helper_be_stq_mmu
-#else
-# define helper_ret_ldsw_mmu  helper_le_ldsw_mmu
-# define helper_ret_lduw_mmu  helper_le_lduw_mmu
-# define helper_ret_ldsl_mmu  helper_le_ldsl_mmu
-# define helper_ret_ldul_mmu  helper_le_ldul_mmu
-# define helper_ret_ldl_mmu   helper_le_ldul_mmu
-# define helper_ret_ldq_mmu   helper_le_ldq_mmu
-# define helper_ret_stw_mmu   helper_le_stw_mmu
-# define helper_ret_stl_mmu   helper_le_stl_mmu
-# define helper_ret_stq_mmu   helper_le_stq_mmu
-#endif
-#endif /* CONFIG_SOFTMMU */
-
 #ifdef CONFIG_DEBUG_TCG
 void tcg_assert_listed_vecop(TCGOpcode);
 #else
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@
 #ifdef CONFIG_PLUGIN
 #include "qemu/plugin-memory.h"
 #endif
+#include "tcg/tcg-ldst.h"
 
 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
 /* #define DEBUG_TLB */
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@
 
 #include "elf.h"
 #include "exec/log.h"
+#include "tcg/tcg-ldst.h"
 #include "tcg-internal.h"
 
 #ifdef CONFIG_TCG_INTERPRETER
diff --git a/tcg/tci.c b/tcg/tci.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -XXX,XX +XXX,XX @@
 #include "tcg/tcg.h"           /* MAX_OPC_PARAM_IARGS */
 #include "exec/cpu_ldst.h"
 #include "tcg/tcg-op.h"
+#include "tcg/tcg-ldst.h"
 #include "qemu/compiler.h"
 #include <ffi.h>
 
-- 
2.25.1

Changes since v1:
  * Added QEMU_ERROR to wrap __attribute__((error)) -- patch 12.

The following changes since commit 77f7c747193662edfadeeb3118d63eed0eac51a6:

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2018-10-17' into staging (2018-10-18 13:40:19 +0100)

are available in the Git repository at:

https://github.com/rth7680/qemu.git tags/pull-tcg-20181018

for you to fetch changes up to 403f290c0603f35f2d09c982bf5549b6d0803ec1:

cputlb: read CPUTLBEntry.addr_write atomically (2018-10-18 19:46:53 -0700)

----------------------------------------------------------------
Queued tcg patches.

----------------------------------------------------------------
Emilio G. Cota (10):
      tcg: access cpu->icount_decr.u16.high with atomics
      tcg: fix use of uninitialized variable under CONFIG_PROFILER
      tcg: plug holes in struct TCGProfile
      tcg: distribute tcg_time into TCG contexts
      target/alpha: remove tlb_flush from alpha_cpu_initfn
      target/unicore32: remove tlb_flush from uc32_init_fn
      exec: introduce tlb_init
      cputlb: fix assert_cpu_is_self macro
      cputlb: serialize tlb updates with env->tlb_lock
      cputlb: read CPUTLBEntry.addr_write atomically

Richard Henderson (11):
      tcg: Implement CPU_LOG_TB_NOCHAIN during expansion
      tcg: Add tlb_index and tlb_entry helpers
      tcg: Split CONFIG_ATOMIC128
      target/i386: Convert to HAVE_CMPXCHG128
      target/arm: Convert to HAVE_CMPXCHG128
      target/arm: Check HAVE_CMPXCHG128 at translate time
      target/ppc: Convert to HAVE_CMPXCHG128 and HAVE_ATOMIC128
      target/s390x: Convert to HAVE_CMPXCHG128 and HAVE_ATOMIC128
      target/s390x: Split do_cdsg, do_lpq, do_stpq
      target/s390x: Skip wout, cout helpers if op helper does not return
      target/s390x: Check HAVE_ATOMIC128 and HAVE_CMPXCHG128 at translate

Rather than test NOCHAIN before linking, do not emit the
goto_tb opcode at all.  We already do this for goto_ptr.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cpu-exec.c | 2 +-
 tcg/tcg-op.c         | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static inline TranslationBlock *tb_find(CPUState *cpu,
     }
 #endif
     /* See if we can patch the calling TB. */
-    if (last_tb && !qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
+    if (last_tb) {
         tb_add_jump(last_tb, tb_exit, tb);
     }
     return tb;
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -XXX,XX +XXX,XX @@ void tcg_gen_exit_tb(TranslationBlock *tb, unsigned idx)
            seen this numbered exit before, via tcg_gen_goto_tb.  */
         tcg_debug_assert(tcg_ctx->goto_tb_issue_mask & (1 << idx));
 #endif
+        /* When not chaining, exit without indicating a link.  */
+        if (qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
+            val = 0;
+        }
     } else {
         /* This is an exit via the exitreq label.  */
         tcg_debug_assert(idx == TB_EXIT_REQUESTED);
@@ -XXX,XX +XXX,XX @@ void tcg_gen_goto_tb(unsigned idx)
     tcg_debug_assert((tcg_ctx->goto_tb_issue_mask & (1 << idx)) == 0);
     tcg_ctx->goto_tb_issue_mask |= 1 << idx;
 #endif
-    tcg_gen_op1i(INDEX_op_goto_tb, idx);
+    /* When not chaining, we simply fall through to the "fallback" exit.  */
+    if (!qemu_loglevel_mask(CPU_LOG_TB_NOCHAIN)) {
+        tcg_gen_op1i(INDEX_op_goto_tb, idx);
+    }
 }
 
 void tcg_gen_lookup_and_goto_ptr(void)
-- 
2.17.2

From: "Emilio G. Cota" <cota@braap.org>

Consistently access u16.high with atomics to avoid
undefined behaviour in MTTCG.

Note that icount_decr.u16.low is only used in icount mode,
so regular accesses to it are OK.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181010144853.13005-2-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tcg-all.c       | 2 +-
 accel/tcg/translate-all.c | 2 +-
 qom/cpu.c                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-all.c
+++ b/accel/tcg/tcg-all.c
@@ -XXX,XX +XXX,XX @@ static void tcg_handle_interrupt(CPUState *cpu, int mask)
     if (!qemu_cpu_is_self(cpu)) {
         qemu_cpu_kick(cpu);
     } else {
-        cpu->icount_decr.u16.high = -1;
+        atomic_set(&cpu->icount_decr.u16.high, -1);
         if (use_icount &&
             !cpu->can_do_io
             && (mask & ~old_mask) != 0) {
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void cpu_interrupt(CPUState *cpu, int mask)
 {
     g_assert(qemu_mutex_iothread_locked());
     cpu->interrupt_request |= mask;
-    cpu->icount_decr.u16.high = -1;
+    atomic_set(&cpu->icount_decr.u16.high, -1);
 }
 
 /*
diff --git a/qom/cpu.c b/qom/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -XXX,XX +XXX,XX @@ static void cpu_common_reset(CPUState *cpu)
     cpu->mem_io_pc = 0;
     cpu->mem_io_vaddr = 0;
     cpu->icount_extra = 0;
-    cpu->icount_decr.u32 = 0;
+    atomic_set(&cpu->icount_decr.u32, 0);
     cpu->can_do_io = 1;
     cpu->exception_index = -1;
     cpu->crash_occurred = false;
-- 
2.17.2

From: "Emilio G. Cota" <cota@braap.org>

When we implemented per-vCPU TCG contexts, we forgot to also
distribute the tcg_time counter, which has remained as a global
accessed without any serialization, leading to potentially missed
counts.

Fix it by distributing the field over the TCG contexts, embedding
it into TCGProfile with a field called "cpu_exec_time", which is more
descriptive than "tcg_time". Add a function to query this value
directly, and for completeness, fill in the field in
tcg_profile_snapshot, even though its callers do not use it.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181010144853.13005-5-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/qemu/timer.h |  1 -
 tcg/tcg.h            |  2 ++
 cpus.c               |  3 ++-
 monitor.c            | 13 ++++++++++---
 tcg/tcg.c            | 23 +++++++++++++++++++++++
 5 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -XXX,XX +XXX,XX @@ static inline int64_t profile_getclock(void)
     return get_clock();
 }
 
-extern int64_t tcg_time;
 extern int64_t dev_time;
 #endif
 
diff --git a/tcg/tcg.h b/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@ typedef struct TCGOp {
 QEMU_BUILD_BUG_ON(NB_OPS > (1 << 8));
 
 typedef struct TCGProfile {
+    int64_t cpu_exec_time;
     int64_t tb_count1;
     int64_t tb_count;
     int64_t op_count; /* total insn count */
@@ -XXX,XX +XXX,XX @@ int tcg_check_temp_count(void);
 #define tcg_check_temp_count() 0
 #endif
 
+int64_t tcg_cpu_exec_time(void);
 void tcg_dump_info(FILE *f, fprintf_function cpu_fprintf);
 void tcg_dump_op_count(FILE *f, fprintf_function cpu_fprintf);
 
diff --git a/cpus.c b/cpus.c
index XXXXXXX..XXXXXXX 100644
--- a/cpus.c
+++ b/cpus.c
@@ -XXX,XX +XXX,XX @@ static int tcg_cpu_exec(CPUState *cpu)
     ret = cpu_exec(cpu);
     cpu_exec_end(cpu);
 #ifdef CONFIG_PROFILER
-    tcg_time += profile_getclock() - ti;
+    atomic_set(&tcg_ctx->prof.cpu_exec_time,
+               tcg_ctx->prof.cpu_exec_time + profile_getclock() - ti);
 #endif
     return ret;
 }
diff --git a/monitor.c b/monitor.c
index XXXXXXX..XXXXXXX 100644
--- a/monitor.c
+++ b/monitor.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/cpus.h"
 #include "sysemu/iothread.h"
 #include "qemu/cutils.h"
+#include "tcg/tcg.h"
 
 #if defined(TARGET_S390X)
 #include "hw/s390x/storage-keys.h"
@@ -XXX,XX +XXX,XX @@ static void hmp_info_numa(Monitor *mon, const QDict *qdict)
 
 #ifdef CONFIG_PROFILER
 
-int64_t tcg_time;
 int64_t dev_time;
 
 static void hmp_info_profile(Monitor *mon, const QDict *qdict)
 {
+    static int64_t last_cpu_exec_time;
+    int64_t cpu_exec_time;
+    int64_t delta;
+
+    cpu_exec_time = tcg_cpu_exec_time();
+    delta = cpu_exec_time - last_cpu_exec_time;
+
     monitor_printf(mon, "async time  %" PRId64 " (%0.3f)\n",
                    dev_time, dev_time / (double)NANOSECONDS_PER_SECOND);
     monitor_printf(mon, "qemu time   %" PRId64 " (%0.3f)\n",
-                   tcg_time, tcg_time / (double)NANOSECONDS_PER_SECOND);
-    tcg_time = 0;
+                   delta, delta / (double)NANOSECONDS_PER_SECOND);
+    last_cpu_exec_time = cpu_exec_time;
     dev_time = 0;
 }
 #else
diff --git a/tcg/tcg.c b/tcg/tcg.c
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -XXX,XX +XXX,XX @@
 /* Define to jump the ELF file used to communicate with GDB.  */
 #undef DEBUG_JIT
 
+#include "qemu/error-report.h"
 #include "qemu/cutils.h"
 #include "qemu/host-utils.h"
 #include "qemu/timer.h"
@@ -XXX,XX +XXX,XX @@ void tcg_profile_snapshot(TCGProfile *prof, bool counters, bool table)
         const TCGProfile *orig = &s->prof;
 
         if (counters) {
+            PROF_ADD(prof, orig, cpu_exec_time);
             PROF_ADD(prof, orig, tb_count1);
             PROF_ADD(prof, orig, tb_count);
             PROF_ADD(prof, orig, op_count);
@@ -XXX,XX +XXX,XX @@ void tcg_dump_op_count(FILE *f, fprintf_function cpu_fprintf)
                     prof.table_op_count[i]);
     }
 }
+
+int64_t tcg_cpu_exec_time(void)
+{
+    unsigned int n_ctxs = atomic_read(&n_tcg_ctxs);
+    unsigned int i;
+    int64_t ret = 0;
+
+    for (i = 0; i < n_ctxs; i++) {
+        const TCGContext *s = atomic_read(&tcg_ctxs[i]);
+        const TCGProfile *prof = &s->prof;
+
+        ret += atomic_read(&prof->cpu_exec_time);
+    }
+    return ret;
+}
 #else
 void tcg_dump_op_count(FILE *f, fprintf_function cpu_fprintf)
 {
     cpu_fprintf(f, "[TCG profiler not compiled]\n");
 }
+
+int64_t tcg_cpu_exec_time(void)
+{
+    error_report("%s: TCG profiler not compiled", __func__);
+    exit(EXIT_FAILURE);
+}
 #endif
 
 
-- 
2.17.2

From: "Emilio G. Cota" <cota@braap.org>

As far as I can tell tlb_flush does not need to be called
this early. tlb_flush is eventually called after the CPU
has been realized.

This change paves the way to the introduction of tlb_init,
which will be called from cpu_exec_realizefn.

Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181009174557.16125-3-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/unicore32/cpu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/target/unicore32/cpu.c b/target/unicore32/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/unicore32/cpu.c
+++ b/target/unicore32/cpu.c
@@ -XXX,XX +XXX,XX @@ static void uc32_cpu_initfn(Object *obj)
     env->uncached_asr = ASR_MODE_PRIV;
     env->regs[31] = 0x03000000;
 #endif
-
-    tlb_flush(cs);
 }
 
 static const VMStateDescription vmstate_uc32_cpu = {
-- 
2.17.2

From: "Emilio G. Cota" <cota@braap.org>

Paves the way for the addition of a per-TLB lock.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181009174557.16125-4-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/exec-all.h | 8 ++++++++
 accel/tcg/cputlb.c      | 4 ++++
 exec.c                  | 1 +
 3 files changed, 13 insertions(+)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -XXX,XX +XXX,XX @@ void cpu_address_space_init(CPUState *cpu, int asidx,
 
 #if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
 /* cputlb.c */
+/**
+ * tlb_init - initialize a CPU's TLB
+ * @cpu: CPU whose TLB should be initialized
+ */
+void tlb_init(CPUState *cpu);
 /**
  * tlb_flush_page:
  * @cpu: CPU whose TLB should be flushed
@@ -XXX,XX +XXX,XX @@ void tlb_set_page(CPUState *cpu, target_ulong vaddr,
 void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
                  uintptr_t retaddr);
 #else
+static inline void tlb_init(CPUState *cpu)
+{
+}
 static inline void tlb_flush_page(CPUState *cpu, target_ulong addr)
 {
 }
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
 QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
 #define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
 
+void tlb_init(CPUState *cpu)
+{
+}
+
 /* flush_all_helper: run fn across all cpus
  *
  * If the wait flag is set then the src cpu's helper will be queued as
diff --git a/exec.c b/exec.c
index XXXXXXX..XXXXXXX 100644
--- a/exec.c
+++ b/exec.c
@@ -XXX,XX +XXX,XX @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
         tcg_target_initialized = true;
         cc->tcg_initialize();
     }
+    tlb_init(cpu);
 
 #ifndef CONFIG_USER_ONLY
     if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
-- 
2.17.2

From: "Emilio G. Cota" <cota@braap.org>

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181009174557.16125-5-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cputlb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@
     } \
 } while (0)
 
-#define assert_cpu_is_self(this_cpu) do {                         \
+#define assert_cpu_is_self(cpu) do {                              \
         if (DEBUG_TLB_GATE) {                                     \
-            g_assert(!cpu->created || qemu_cpu_is_self(cpu));     \
+            g_assert(!(cpu)->created || qemu_cpu_is_self(cpu));   \
         }                                                         \
     } while (0)
 
-- 
2.17.2

From: "Emilio G. Cota" <cota@braap.org>

Currently we rely on atomic operations for cross-CPU invalidations.
There are two cases that these atomics miss: cross-CPU invalidations
can race with either (1) vCPU threads flushing their TLB, which
happens via memset, or (2) vCPUs calling tlb_reset_dirty on their TLB,
which updates .addr_write with a regular store. This results in
undefined behaviour, since we're mixing regular and atomic ops
on concurrent accesses.

Fix it by using tlb_lock, a per-vCPU lock. All updaters of tlb_table
and the corresponding victim cache now hold the lock.
The readers that do not hold tlb_lock must use atomic reads when
reading .addr_write, since this field can be updated by other threads;
the conversion to atomic reads is done in the next patch.

Note that an alternative fix would be to expand the use of atomic ops.
However, in the case of TLB flushes this would have a huge performance
impact, since (1) TLB flushes can happen very frequently and (2) we
currently use a full memory barrier to flush each TLB entry, and a TLB
has many entries. Instead, acquiring the lock is barely slower than a
full memory barrier since it is uncontended, and with a single lock
acquisition we can flush the entire TLB.

Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181009174557.16125-6-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 include/exec/cpu-defs.h |   3 +
 accel/tcg/cputlb.c      | 155 ++++++++++++++++++++++------------------
 2 files changed, 87 insertions(+), 71 deletions(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -XXX,XX +XXX,XX @@
 #endif
 
 #include "qemu/host-utils.h"
+#include "qemu/thread.h"
 #include "qemu/queue.h"
 #ifdef CONFIG_TCG
 #include "tcg-target.h"
@@ -XXX,XX +XXX,XX @@ typedef struct CPUIOTLBEntry {
 
 #define CPU_COMMON_TLB \
     /* The meaning of the MMU modes is defined in the target code. */   \
+    /* tlb_lock serializes updates to tlb_table and tlb_v_table */      \
+    QemuSpin tlb_lock;                                                  \
     CPUTLBEntry tlb_table[NB_MMU_MODES][CPU_TLB_SIZE];                  \
     CPUTLBEntry tlb_v_table[NB_MMU_MODES][CPU_VTLB_SIZE];               \
     CPUIOTLBEntry iotlb[NB_MMU_MODES][CPU_TLB_SIZE];                    \
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
 
 void tlb_init(CPUState *cpu)
 {
+    CPUArchState *env = cpu->env_ptr;
+
+    qemu_spin_init(&env->tlb_lock);
 }
 
 /* flush_all_helper: run fn across all cpus
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_nocheck(CPUState *cpu)
     atomic_set(&env->tlb_flush_count, env->tlb_flush_count + 1);
     tlb_debug("(count: %zu)\n", tlb_flush_count());
 
+    /*
+     * tlb_table/tlb_v_table updates from any thread must hold tlb_lock.
+     * However, updates from the owner thread (as is the case here; see the
+     * above assert_cpu_is_self) do not need atomic_set because all reads
+     * that do not hold the lock are performed by the same owner thread.
+     */
+    qemu_spin_lock(&env->tlb_lock);
     memset(env->tlb_table, -1, sizeof(env->tlb_table));
     memset(env->tlb_v_table, -1, sizeof(env->tlb_v_table));
+    qemu_spin_unlock(&env->tlb_lock);
+
     cpu_tb_jmp_cache_clear(cpu);
 
     env->vtlb_index = 0;
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
 
     tlb_debug("start: mmu_idx:0x%04lx\n", mmu_idx_bitmask);
 
+    qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
 
         if (test_bit(mmu_idx, &mmu_idx_bitmask)) {
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
             memset(env->tlb_v_table[mmu_idx], -1, sizeof(env->tlb_v_table[0]));
         }
     }
+    qemu_spin_unlock(&env->tlb_lock);
 
     cpu_tb_jmp_cache_clear(cpu);
 
@@ -XXX,XX +XXX,XX @@ static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
            tlb_hit_page(tlb_entry->addr_code, page);
 }
 
-static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong page)
+/* Called with tlb_lock held */
+static inline void tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
+                                          target_ulong page)
 {
     if (tlb_hit_page_anyprot(tlb_entry, page)) {
         memset(tlb_entry, -1, sizeof(*tlb_entry));
     }
 }
 
-static inline void tlb_flush_vtlb_page(CPUArchState *env, int mmu_idx,
-                                       target_ulong page)
+/* Called with tlb_lock held */
+static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
+                                              target_ulong page)
 {
     int k;
+
+    assert_cpu_is_self(ENV_GET_CPU(env));
     for (k = 0; k < CPU_VTLB_SIZE; k++) {
-        tlb_flush_entry(&env->tlb_v_table[mmu_idx][k], page);
+        tlb_flush_entry_locked(&env->tlb_v_table[mmu_idx][k], page);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
 
     addr &= TARGET_PAGE_MASK;
     i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+    qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
-        tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
-        tlb_flush_vtlb_page(env, mmu_idx, addr);
+        tlb_flush_entry_locked(&env->tlb_table[mmu_idx][i], addr);
+        tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
     }
+    qemu_spin_unlock(&env->tlb_lock);
 
     tb_flush_jmp_cache(cpu, addr);
 }
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
     tlb_debug("page:%d addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
               page, addr, mmu_idx_bitmap);
 
+    qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
         if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
-            tlb_flush_entry(&env->tlb_table[mmu_idx][page], addr);
-            tlb_flush_vtlb_page(env, mmu_idx, addr);
+            tlb_flush_entry_locked(&env->tlb_table[mmu_idx][page], addr);
+            tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
         }
     }
+    qemu_spin_unlock(&env->tlb_lock);
 
     tb_flush_jmp_cache(cpu, addr);
 }
@@ -XXX,XX +XXX,XX @@ void tlb_unprotect_code(ram_addr_t ram_addr)
  * most usual is detecting writes to code regions which may invalidate
  * generated code.
  *
- * Because we want other vCPUs to respond to changes straight away we
- * update the te->addr_write field atomically. If the TLB entry has
- * been changed by the vCPU in the mean time we skip the update.
+ * Other vCPUs might be reading their TLBs during guest execution, so we update
+ * te->addr_write with atomic_set. We don't need to worry about this for
+ * oversized guests as MTTCG is disabled for them.
  *
- * As this function uses atomic accesses we also need to ensure
- * updates to tlb_entries follow the same access rules. We don't need
- * to worry about this for oversized guests as MTTCG is disabled for
- * them.
+ * Called with tlb_lock held.
  */
-
-static void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start,
-                           uintptr_t length)
+static void tlb_reset_dirty_range_locked(CPUTLBEntry *tlb_entry,
+                                         uintptr_t start, uintptr_t length)
 {
-#if TCG_OVERSIZED_GUEST
     uintptr_t addr = tlb_entry->addr_write;
 
     if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
         addr &= TARGET_PAGE_MASK;
         addr += tlb_entry->addend;
         if ((addr - start) < length) {
+#if TCG_OVERSIZED_GUEST
             tlb_entry->addr_write |= TLB_NOTDIRTY;
-        }
-    }
 #else
-    /* paired with atomic_mb_set in tlb_set_page_with_attrs */
-    uintptr_t orig_addr = atomic_mb_read(&tlb_entry->addr_write);
-    uintptr_t addr = orig_addr;
-
-    if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
-        addr &= TARGET_PAGE_MASK;
-        addr += atomic_read(&tlb_entry->addend);
-        if ((addr - start) < length) {
-            uintptr_t notdirty_addr = orig_addr | TLB_NOTDIRTY;
-            atomic_cmpxchg(&tlb_entry->addr_write, orig_addr, notdirty_addr);
+            atomic_set(&tlb_entry->addr_write,
+                       tlb_entry->addr_write | TLB_NOTDIRTY);
+#endif
         }
     }
-#endif
 }
 
-/* For atomic correctness when running MTTCG we need to use the right
- * primitives when copying entries */
-static inline void copy_tlb_helper(CPUTLBEntry *d, CPUTLBEntry *s,
-                                   bool atomic_set)
+/*
+ * Called with tlb_lock held.
+ * Called only from the vCPU context, i.e. the TLB's owner thread.
+ */
+static inline void copy_tlb_helper_locked(CPUTLBEntry *d, const CPUTLBEntry *s)
 {
-#if TCG_OVERSIZED_GUEST
     *d = *s;
-#else
-    if (atomic_set) {
-        d->addr_read = s->addr_read;
-        d->addr_code = s->addr_code;
-        atomic_set(&d->addend, atomic_read(&s->addend));
-        /* Pairs with flag setting in tlb_reset_dirty_range */
-        atomic_mb_set(&d->addr_write, atomic_read(&s->addr_write));
-    } else {
-        d->addr_read = s->addr_read;
-        d->addr_write = atomic_read(&s->addr_write);
-        d->addr_code = s->addr_code;
-        d->addend = atomic_read(&s->addend);
-    }
-#endif
 }
 
 /* This is a cross vCPU call (i.e. another vCPU resetting the flags of
- * the target vCPU). As such care needs to be taken that we don't
- * dangerously race with another vCPU update. The only thing actually
- * updated is the target TLB entry ->addr_write flags.
+ * the target vCPU).
+ * We must take tlb_lock to avoid racing with another vCPU update. The only
+ * thing actually updated is the target TLB entry ->addr_write flags.
  */
 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
 {
@@ -XXX,XX +XXX,XX @@ void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
     int mmu_idx;
 
     env = cpu->env_ptr;
+    qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
         unsigned int i;
 
         for (i = 0; i < CPU_TLB_SIZE; i++) {
-            tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
-                                  start1, length);
+            tlb_reset_dirty_range_locked(&env->tlb_table[mmu_idx][i], start1,
+                                         length);
         }
 
         for (i = 0; i < CPU_VTLB_SIZE; i++) {
-            tlb_reset_dirty_range(&env->tlb_v_table[mmu_idx][i],
-                                  start1, length);
+            tlb_reset_dirty_range_locked(&env->tlb_v_table[mmu_idx][i], start1,
+                                         length);
         }
     }
+    qemu_spin_unlock(&env->tlb_lock);
 }
 
-static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
+/* Called with tlb_lock held */
+static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
+                                         target_ulong vaddr)
 {
     if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
         tlb_entry->addr_write = vaddr;
@@ -XXX,XX +XXX,XX @@ void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
 
     vaddr &= TARGET_PAGE_MASK;
     i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+    qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
-        tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
+        tlb_set_dirty1_locked(&env->tlb_table[mmu_idx][i], vaddr);
     }
 
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
         int k;
         for (k = 0; k < CPU_VTLB_SIZE; k++) {
-            tlb_set_dirty1(&env->tlb_v_table[mmu_idx][k], vaddr);
+            tlb_set_dirty1_locked(&env->tlb_v_table[mmu_idx][k], vaddr);
         }
     }
+    qemu_spin_unlock(&env->tlb_lock);
 }
 
 /* Our TLB does not support large pages, so remember the area covered by
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
         addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
     }
 
-    /* Make sure there's no cached translation for the new page.  */
-    tlb_flush_vtlb_page(env, mmu_idx, vaddr_page);
-
     code_address = address;
     iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page,
                                             paddr_page, xlat, prot, &address);
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
     index = (vaddr_page >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     te = &env->tlb_table[mmu_idx][index];
 
+    /*
+     * Hold the TLB lock for the rest of the function. We could acquire/release
+     * the lock several times in the function, but it is faster to amortize the
+     * acquisition cost by acquiring it just once. Note that this leads to
+     * a longer critical section, but this is not a concern since the TLB lock
+     * is unlikely to be contended.
+     */
+    qemu_spin_lock(&env->tlb_lock);
+
+    /* Make sure there's no cached translation for the new page.  */
+    tlb_flush_vtlb_page_locked(env, mmu_idx, vaddr_page);
+
     /*
      * Only evict the old entry to the victim tlb if it's for a
      * different page; otherwise just overwrite the stale data.
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
         CPUTLBEntry *tv = &env->tlb_v_table[mmu_idx][vidx];
 
         /* Evict the old entry into the victim tlb.  */
-        copy_tlb_helper(tv, te, true);
+        copy_tlb_helper_locked(tv, te);
         env->iotlb_v[mmu_idx][vidx] = env->iotlb[mmu_idx][index];
     }
 
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
         }
     }
 
-    /* Pairs with flag setting in tlb_reset_dirty_range */
-    copy_tlb_helper(te, &tn, true);
-    /* atomic_mb_set(&te->addr_write, write_address); */
+    copy_tlb_helper_locked(te, &tn);
+    qemu_spin_unlock(&env->tlb_lock);
 }
 
 /* Add a new TLB entry, but without specifying the memory
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
                            size_t elt_ofs, target_ulong page)
 {
     size_t vidx;
+
+    assert_cpu_is_self(ENV_GET_CPU(env));
     for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
         CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx];
         target_ulong cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
             /* Found entry in victim tlb, swap tlb and iotlb.  */
             CPUTLBEntry tmptlb, *tlb = &env->tlb_table[mmu_idx][index];
 
-            copy_tlb_helper(&tmptlb, tlb, false);
-            copy_tlb_helper(tlb, vtlb, true);
-            copy_tlb_helper(vtlb, &tmptlb, true);
+            qemu_spin_lock(&env->tlb_lock);
+            copy_tlb_helper_locked(&tmptlb, tlb);
+            copy_tlb_helper_locked(tlb, vtlb);
+            copy_tlb_helper_locked(vtlb, &tmptlb);
+            qemu_spin_unlock(&env->tlb_lock);
 
             CPUIOTLBEntry tmpio, *io = &env->iotlb[mmu_idx][index];
             CPUIOTLBEntry *vio = &env->iotlb_v[mmu_idx][vidx];
-- 
2.17.2

Isolate the computation of an index from an address into a
helper before we change that function.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
[ cota: convert tlb_vaddr_to_host; use atomic_read on addr_write ]
Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181009175129.17888-2-cota@braap.org>
---
 accel/tcg/softmmu_template.h     | 64 +++++++++++++++++---------------
 include/exec/cpu_ldst.h          | 19 ++++++++--
 include/exec/cpu_ldst_template.h | 25 +++++++------
 accel/tcg/cputlb.c               | 60 ++++++++++++++----------------
 4 files changed, 90 insertions(+), 78 deletions(-)

diff --git a/accel/tcg/softmmu_template.h b/accel/tcg/softmmu_template.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/softmmu_template.h
+++ b/accel/tcg/softmmu_template.h
@@ -XXX,XX +XXX,XX @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env,
 WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr)
 {
-    unsigned mmu_idx = get_mmuidx(oi);
-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
+    uintptr_t mmu_idx = get_mmuidx(oi);
+    uintptr_t index = tlb_index(env, mmu_idx, addr);
+    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+    target_ulong tlb_addr = entry->ADDR_READ;
     unsigned a_bits = get_alignment_bits(get_memop(oi));
     uintptr_t haddr;
     DATA_TYPE res;
@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,
                      mmu_idx, retaddr);
         }
-        tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
+        tlb_addr = entry->ADDR_READ;
     }
 
     /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
         return res;
     }
 
-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
+    haddr = addr + entry->addend;
 #if DATA_SIZE == 1
     res = glue(glue(ld, LSUFFIX), _p)((uint8_t *)haddr);
 #else
@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
 WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr,
                             TCGMemOpIdx oi, uintptr_t retaddr)
 {
-    unsigned mmu_idx = get_mmuidx(oi);
-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
+    uintptr_t mmu_idx = get_mmuidx(oi);
+    uintptr_t index = tlb_index(env, mmu_idx, addr);
+    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+    target_ulong tlb_addr = entry->ADDR_READ;
     unsigned a_bits = get_alignment_bits(get_memop(oi));
     uintptr_t haddr;
     DATA_TYPE res;
@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr,
             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,
                      mmu_idx, retaddr);
         }
-        tlb_addr = env->tlb_table[mmu_idx][index].ADDR_READ;
+        tlb_addr = entry->ADDR_READ;
     }
 
     /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr,
         return res;
     }
 
-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
+    haddr = addr + entry->addend;
     res = glue(glue(ld, LSUFFIX), _be_p)((uint8_t *)haddr);
     return res;
 }
@@ -XXX,XX +XXX,XX @@ static inline void glue(io_write, SUFFIX)(CPUArchState *env,
 void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
                        TCGMemOpIdx oi, uintptr_t retaddr)
 {
-    unsigned mmu_idx = get_mmuidx(oi);
-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
+    uintptr_t mmu_idx = get_mmuidx(oi);
+    uintptr_t index = tlb_index(env, mmu_idx, addr);
+    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+    target_ulong tlb_addr = entry->addr_write;
     unsigned a_bits = get_alignment_bits(get_memop(oi));
     uintptr_t haddr;
 
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
         }
-        tlb_addr = env->tlb_table[mmu_idx][index].addr_write & ~TLB_INVALID_MASK;
+        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
     }
 
     /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
     if (DATA_SIZE > 1
         && unlikely((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1
                      >= TARGET_PAGE_SIZE)) {
-        int i, index2;
-        target_ulong page2, tlb_addr2;
+        int i;
+        target_ulong page2;
+        CPUTLBEntry *entry2;
     do_unaligned_access:
         /* Ensure the second page is in the TLB.  Note that the first page
            is already guaranteed to be filled, and that the second page
            cannot evict the first.  */
         page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
-        index2 = (page2 >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-        tlb_addr2 = env->tlb_table[mmu_idx][index2].addr_write;
-        if (!tlb_hit_page(tlb_addr2, page2)
+        entry2 = tlb_entry(env, mmu_idx, page2);
+        if (!tlb_hit_page(entry2->addr_write, page2)
             && !VICTIM_TLB_HIT(addr_write, page2)) {
             tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
         return;
     }
 
-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
+    haddr = addr + entry->addend;
 #if DATA_SIZE == 1
     glue(glue(st, SUFFIX), _p)((uint8_t *)haddr, val);
 #else
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
 void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
                        TCGMemOpIdx oi, uintptr_t retaddr)
 {
-    unsigned mmu_idx = get_mmuidx(oi);
-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
+    uintptr_t mmu_idx = get_mmuidx(oi);
+    uintptr_t index = tlb_index(env, mmu_idx, addr);
+    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
+    target_ulong tlb_addr = entry->addr_write;
     unsigned a_bits = get_alignment_bits(get_memop(oi));
     uintptr_t haddr;
 
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
         }
-        tlb_addr = env->tlb_table[mmu_idx][index].addr_write & ~TLB_INVALID_MASK;
+        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
     }
 
     /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
     if (DATA_SIZE > 1
         && unlikely((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1
                      >= TARGET_PAGE_SIZE)) {
-        int i, index2;
-        target_ulong page2, tlb_addr2;
+        int i;
+        target_ulong page2;
+        CPUTLBEntry *entry2;
     do_unaligned_access:
         /* Ensure the second page is in the TLB.  Note that the first page
            is already guaranteed to be filled, and that the second page
            cannot evict the first.  */
         page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
-        index2 = (page2 >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-        tlb_addr2 = env->tlb_table[mmu_idx][index2].addr_write;
-        if (!tlb_hit_page(tlb_addr2, page2)
+        entry2 = tlb_entry(env, mmu_idx, page2);
+        if (!tlb_hit_page(entry2->addr_write, page2)
             && !VICTIM_TLB_HIT(addr_write, page2)) {
             tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
         return;
     }
 
-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
+    haddr = addr + entry->addend;
     glue(glue(st, SUFFIX), _be_p)((uint8_t *)haddr, val);
 }
 #endif /* DATA_SIZE > 1 */
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -XXX,XX +XXX,XX @@ extern __thread uintptr_t helper_retaddr;
 /* The memory helpers for tcg-generated code need tcg_target_long etc.  */
 #include "tcg.h"
 
+/* Find the TLB index corresponding to the mmu_idx + address pair.  */
+static inline uintptr_t tlb_index(CPUArchState *env, uintptr_t mmu_idx,
+                                  target_ulong addr)
+{
+    return (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+}
+
+/* Find the TLB entry corresponding to the mmu_idx + address pair.  */
+static inline CPUTLBEntry *tlb_entry(CPUArchState *env, uintptr_t mmu_idx,
+                                     target_ulong addr)
+{
+    return &env->tlb_table[mmu_idx][tlb_index(env, mmu_idx, addr)];
+}
+
 #ifdef MMU_MODE0_SUFFIX
 #define CPU_MMU_INDEX 0
 #define MEMSUFFIX MMU_MODE0_SUFFIX
@@ -XXX,XX +XXX,XX @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
 #if defined(CONFIG_USER_ONLY)
     return g2h(addr);
 #else
-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    CPUTLBEntry *tlbentry = &env->tlb_table[mmu_idx][index];
+    CPUTLBEntry *tlbentry = tlb_entry(env, mmu_idx, addr);
     abi_ptr tlb_addr;
     uintptr_t haddr;
 
@@ -XXX,XX +XXX,XX @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
         return NULL;
     }
 
-    haddr = addr + env->tlb_table[mmu_idx][index].addend;
+    haddr = addr + tlbentry->addend;
     return (void *)haddr;
 #endif /* defined(CONFIG_USER_ONLY) */
 }
diff --git a/include/exec/cpu_ldst_template.h b/include/exec/cpu_ldst_template.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst_template.h
+++ b/include/exec/cpu_ldst_template.h
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
                                                   target_ulong ptr,
                                                   uintptr_t retaddr)
 {
-    int page_index;
+    CPUTLBEntry *entry;
     RES_TYPE res;
     target_ulong addr;
     int mmu_idx;
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_ld, USUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
 #endif
 
     addr = ptr;
-    page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = CPU_MMU_INDEX;
-    if (unlikely(env->tlb_table[mmu_idx][page_index].ADDR_READ !=
+    entry = tlb_entry(env, mmu_idx, addr);
+    if (unlikely(entry->ADDR_READ !=
                  (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
         oi = make_memop_idx(SHIFT, mmu_idx);
         res = glue(glue(helper_ret_ld, URETSUFFIX), MMUSUFFIX)(env, addr,
                                                             oi, retaddr);
     } else {
-        uintptr_t hostaddr = addr + env->tlb_table[mmu_idx][page_index].addend;
+        uintptr_t hostaddr = addr + entry->addend;
         res = glue(glue(ld, USUFFIX), _p)((uint8_t *)hostaddr);
     }
     return res;
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_lds, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
                                                   target_ulong ptr,
                                                   uintptr_t retaddr)
 {
-    int res, page_index;
+    CPUTLBEntry *entry;
+    int res;
     target_ulong addr;
     int mmu_idx;
     TCGMemOpIdx oi;
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_lds, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
 #endif
 
     addr = ptr;
-    page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = CPU_MMU_INDEX;
-    if (unlikely(env->tlb_table[mmu_idx][page_index].ADDR_READ !=
+    entry = tlb_entry(env, mmu_idx, addr);
+    if (unlikely(entry->ADDR_READ !=
                  (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
         oi = make_memop_idx(SHIFT, mmu_idx);
         res = (DATA_STYPE)glue(glue(helper_ret_ld, SRETSUFFIX),
                                MMUSUFFIX)(env, addr, oi, retaddr);
     } else {
-        uintptr_t hostaddr = addr + env->tlb_table[mmu_idx][page_index].addend;
+        uintptr_t hostaddr = addr + entry->addend;
         res = glue(glue(lds, SUFFIX), _p)((uint8_t *)hostaddr);
     }
     return res;
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
                                                  target_ulong ptr,
                                                  RES_TYPE v, uintptr_t retaddr)
 {
-    int page_index;
+    CPUTLBEntry *entry;
     target_ulong addr;
     int mmu_idx;
     TCGMemOpIdx oi;
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
 #endif
 
     addr = ptr;
-    page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = CPU_MMU_INDEX;
-    if (unlikely(env->tlb_table[mmu_idx][page_index].addr_write !=
+    entry = tlb_entry(env, mmu_idx, addr);
+    if (unlikely(entry->addr_write !=
                  (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
         oi = make_memop_idx(SHIFT, mmu_idx);
         glue(glue(helper_ret_st, SUFFIX), MMUSUFFIX)(env, addr, v, oi,
                                                      retaddr);
     } else {
-        uintptr_t hostaddr = addr + env->tlb_table[mmu_idx][page_index].addend;
+        uintptr_t hostaddr = addr + entry->addend;
         glue(glue(st, SUFFIX), _p)((uint8_t *)hostaddr, v);
     }
 }
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
 {
     CPUArchState *env = cpu->env_ptr;
     target_ulong addr = (target_ulong) data.target_ptr;
-    int i;
     int mmu_idx;
 
     assert_cpu_is_self(cpu);
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
     }
 
     addr &= TARGET_PAGE_MASK;
-    i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
-        tlb_flush_entry_locked(&env->tlb_table[mmu_idx][i], addr);
+        tlb_flush_entry_locked(tlb_entry(env, mmu_idx, addr), addr);
         tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
     }
     qemu_spin_unlock(&env->tlb_lock);
@@ -XXX,XX +XXX,XX @@ static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
     target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
     target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
     unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
-    int page = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     int mmu_idx;
 
     assert_cpu_is_self(cpu);
 
-    tlb_debug("page:%d addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
-              page, addr, mmu_idx_bitmap);
+    tlb_debug("flush page addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
+              addr, mmu_idx_bitmap);
 
     qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
         if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
-            tlb_flush_entry_locked(&env->tlb_table[mmu_idx][page], addr);
+            tlb_flush_entry_locked(tlb_entry(env, mmu_idx, addr), addr);
             tlb_flush_vtlb_page_locked(env, mmu_idx, addr);
         }
     }
@@ -XXX,XX +XXX,XX @@ static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
 {
     CPUArchState *env = cpu->env_ptr;
-    int i;
     int mmu_idx;
 
     assert_cpu_is_self(cpu);
 
     vaddr &= TARGET_PAGE_MASK;
-    i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     qemu_spin_lock(&env->tlb_lock);
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
-        tlb_set_dirty1_locked(&env->tlb_table[mmu_idx][i], vaddr);
+        tlb_set_dirty1_locked(tlb_entry(env, mmu_idx, vaddr), vaddr);
     }
 
     for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
@@ -XXX,XX +XXX,XX @@ void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
     iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page,
                                             paddr_page, xlat, prot, &address);
 
-    index = (vaddr_page >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    te = &env->tlb_table[mmu_idx][index];
+    index = tlb_index(env, mmu_idx, vaddr_page);
+    te = tlb_entry(env, mmu_idx, vaddr_page);
 
     /*
      * Hold the TLB lock for the rest of the function. We could acquire/release
@@ -XXX,XX +XXX,XX @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
          * repeat the MMU check here. This tlb_fill() call might
          * longjump out if this access should cause a guest exception.
          */
-        int index;
+        CPUTLBEntry *entry;
         target_ulong tlb_addr;
 
         tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
 
-        index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-        tlb_addr = env->tlb_table[mmu_idx][index].addr_read;
+        entry = tlb_entry(env, mmu_idx, addr);
+        tlb_addr = entry->addr_read;
         if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
             /* RAM access */
-            uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
+            uintptr_t haddr = addr + entry->addend;
 
             return ldn_p((void *)haddr, size);
         }
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
          * repeat the MMU check here. This tlb_fill() call might
          * longjump out if this access should cause a guest exception.
          */
-        int index;
+        CPUTLBEntry *entry;
         target_ulong tlb_addr;
 
         tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
 
-        index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-        tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
+        entry = tlb_entry(env, mmu_idx, addr);
+        tlb_addr = entry->addr_write;
         if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
             /* RAM access */
-            uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
+            uintptr_t haddr = addr + entry->addend;
 
             stn_p((void *)haddr, size, val);
             return;
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
  */
 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
 {
-    int mmu_idx, index;
+    uintptr_t mmu_idx = cpu_mmu_index(env, true);
+    uintptr_t index = tlb_index(env, mmu_idx, addr);
+    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
     void *p;
 
-    index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    mmu_idx = cpu_mmu_index(env, true);
-    if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) {
+    if (unlikely(!tlb_hit(entry->addr_code, addr))) {
         if (!VICTIM_TLB_HIT(addr_code, addr)) {
             tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
         }
-        assert(tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr));
+        assert(tlb_hit(entry->addr_code, addr));
     }
 
-    if (unlikely(env->tlb_table[mmu_idx][index].addr_code &
-                 (TLB_RECHECK | TLB_MMIO))) {
+    if (unlikely(entry->addr_code & (TLB_RECHECK | TLB_MMIO))) {
         /*
          * Return -1 if we can't translate and execute from an entire
          * page of RAM here, which will cause us to execute by loading
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
         return -1;
     }
 
-    p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend);
+    p = (void *)((uintptr_t)addr + entry->addend);
     return qemu_ram_addr_from_host_nofail(p);
 }
 
@@ -XXX,XX +XXX,XX @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
 void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
                  uintptr_t retaddr)
 {
-    int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
+    uintptr_t index = tlb_index(env, mmu_idx, addr);
+    CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
 
-    if (!tlb_hit(tlb_addr, addr)) {
+    if (!tlb_hit(entry->addr_write, addr)) {
         /* TLB entry is for a different page */
         if (!VICTIM_TLB_HIT(addr_write, addr)) {
             tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
                                NotDirtyInfo *ndi)
 {
     size_t mmu_idx = get_mmuidx(oi);
-    size_t index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-    CPUTLBEntry *tlbe = &env->tlb_table[mmu_idx][index];
+    uintptr_t index = tlb_index(env, mmu_idx, addr);
+    CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
     target_ulong tlb_addr = tlbe->addr_write;
     TCGMemOp mop = get_memop(oi);
     int a_bits = get_alignment_bits(mop);
-- 
2.17.2

GCC7+ will no longer advertise support for 16-byte __atomic operations
if only cmpxchg is supported, as for x86_64.  Fortunately, x86_64 still
has support for __sync_compare_and_swap_16 and we can make use of that.
AArch64 does not have, nor ever has had such support, so open-code it.

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/atomic_template.h |  20 ++++-
 include/qemu/atomic128.h    | 153 ++++++++++++++++++++++++++++++++++++
 include/qemu/compiler.h     |  11 +++
 tcg/tcg.h                   |  16 ++--
 accel/tcg/cputlb.c          |   3 +-
 accel/tcg/user-exec.c       |   5 +-
 configure                   |  19 +++++
 7 files changed, 213 insertions(+), 14 deletions(-)
 create mode 100644 include/qemu/atomic128.h

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
     DATA_TYPE ret;
 
     ATOMIC_TRACE_RMW;
+#if DATA_SIZE == 16
+    ret = atomic16_cmpxchg(haddr, cmpv, newv);
+#else
     ret = atomic_cmpxchg__nocheck(haddr, cmpv, newv);
+#endif
     ATOMIC_MMU_CLEANUP;
     return ret;
 }
 
 #if DATA_SIZE >= 16
+#if HAVE_ATOMIC128
 ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr EXTRA_ARGS)
 {
     ATOMIC_MMU_DECLS;
     DATA_TYPE val, *haddr = ATOMIC_MMU_LOOKUP;
 
     ATOMIC_TRACE_LD;
-    __atomic_load(haddr, &val, __ATOMIC_RELAXED);
+    val = atomic16_read(haddr);
     ATOMIC_MMU_CLEANUP;
     return val;
 }
@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr,
     DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
 
     ATOMIC_TRACE_ST;
-    __atomic_store(haddr, &val, __ATOMIC_RELAXED);
+    atomic16_set(haddr, val);
     ATOMIC_MMU_CLEANUP;
 }
+#endif
 #else
 ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr,
                            ABI_TYPE val EXTRA_ARGS)
@@ -XXX,XX +XXX,XX @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, target_ulong addr,
     DATA_TYPE ret;
 
     ATOMIC_TRACE_RMW;
+#if DATA_SIZE == 16
+    ret = atomic16_cmpxchg(haddr, BSWAP(cmpv), BSWAP(newv));
+#else
     ret = atomic_cmpxchg__nocheck(haddr, BSWAP(cmpv), BSWAP(newv));
+#endif
     ATOMIC_MMU_CLEANUP;
     return BSWAP(ret);
 }
 
 #if DATA_SIZE >= 16
+#if HAVE_ATOMIC128
 ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong addr EXTRA_ARGS)
 {
     ATOMIC_MMU_DECLS;
     DATA_TYPE val, *haddr = ATOMIC_MMU_LOOKUP;
 
     ATOMIC_TRACE_LD;
-    __atomic_load(haddr, &val, __ATOMIC_RELAXED);
+    val = atomic16_read(haddr);
     ATOMIC_MMU_CLEANUP;
     return BSWAP(val);
 }
@@ -XXX,XX +XXX,XX @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr,
 
     ATOMIC_TRACE_ST;
     val = BSWAP(val);
-    __atomic_store(haddr, &val, __ATOMIC_RELAXED);
+    atomic16_set(haddr, val);
     ATOMIC_MMU_CLEANUP;
 }
+#endif
 #else
 ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong addr,
                            ABI_TYPE val EXTRA_ARGS)
diff --git a/include/qemu/atomic128.h b/include/qemu/atomic128.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/qemu/atomic128.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Simple interface for 128-bit atomic operations.
+ *
+ * Copyright (C) 2018 Linaro, Ltd.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * See docs/devel/atomics.txt for discussion about the guarantees each
+ * atomic primitive is meant to provide.
+ */
+
+#ifndef QEMU_ATOMIC128_H
+#define QEMU_ATOMIC128_H
+
+/*
+ * GCC is a house divided about supporting large atomic operations.
+ *
+ * For hosts that only have large compare-and-swap, a legalistic reading
+ * of the C++ standard means that one cannot implement __atomic_read on
+ * read-only memory, and thus all atomic operations must synchronize
+ * through libatomic.
+ *
+ * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80878
+ *
+ * This interpretation is not especially helpful for QEMU.
+ * For softmmu, all RAM is always read/write from the hypervisor.
+ * For user-only, if the guest doesn't implement such an __atomic_read
+ * then the host need not worry about it either.
+ *
+ * Moreover, using libatomic is not an option, because its interface is
+ * built for std::atomic<T>, and requires that *all* accesses to such an
+ * object go through the library.  In our case we do not have an object
+ * in the C/C++ sense, but a view of memory as seen by the guest.
+ * The guest may issue a large atomic operation and then access those
+ * pieces using word-sized accesses.  From the hypervisor, we have no
+ * way to connect those two actions.
+ *
+ * Therefore, special case each platform.
+ */
+
+#if defined(CONFIG_ATOMIC128)
+static inline Int128 atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new)
+{
+    return atomic_cmpxchg__nocheck(ptr, cmp, new);
+}
+# define HAVE_CMPXCHG128 1
+#elif defined(CONFIG_CMPXCHG128)
+static inline Int128 atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new)
+{
+    return __sync_val_compare_and_swap_16(ptr, cmp, new);
+}
+# define HAVE_CMPXCHG128 1
+#elif defined(__aarch64__)
+/* Through gcc 8, aarch64 has no support for 128-bit at all.  */
+static inline Int128 atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new)
+{
+    uint64_t cmpl = int128_getlo(cmp), cmph = int128_gethi(cmp);
+    uint64_t newl = int128_getlo(new), newh = int128_gethi(new);
+    uint64_t oldl, oldh;
+    uint32_t tmp;
+
+    asm("0: ldaxp %[oldl], %[oldh], %[mem]\n\t"
+        "cmp %[oldl], %[cmpl]\n\t"
+        "ccmp %[oldh], %[cmph], #0, eq\n\t"
+        "b.ne 1f\n\t"
+        "stlxp %w[tmp], %[newl], %[newh], %[mem]\n\t"
+        "cbnz %w[tmp], 0b\n"
+        "1:"
+        : [mem] "+m"(*ptr), [tmp] "=&r"(tmp),
+          [oldl] "=&r"(oldl), [oldh] "=r"(oldh)
+        : [cmpl] "r"(cmpl), [cmph] "r"(cmph),
+          [newl] "r"(newl), [newh] "r"(newh)
+        : "memory", "cc");
+
+    return int128_make128(oldl, oldh);
+}
+# define HAVE_CMPXCHG128 1
+#else
+/* Fallback definition that must be optimized away, or error.  */
+Int128 QEMU_ERROR("unsupported atomic")
+    atomic16_cmpxchg(Int128 *ptr, Int128 cmp, Int128 new);
+# define HAVE_CMPXCHG128 0
+#endif /* Some definition for HAVE_CMPXCHG128 */
+
+
+#if defined(CONFIG_ATOMIC128)
+static inline Int128 atomic16_read(Int128 *ptr)
+{
+    return atomic_read__nocheck(ptr);
+}
+
+static inline void atomic16_set(Int128 *ptr, Int128 val)
+{
+    atomic_set__nocheck(ptr, val);
+}
+
+# define HAVE_ATOMIC128 1
+#elif !defined(CONFIG_USER_ONLY) && defined(__aarch64__)
+/* We can do better than cmpxchg for AArch64.  */
+static inline Int128 atomic16_read(Int128 *ptr)
+{
+    uint64_t l, h;
+    uint32_t tmp;
+
+    /* The load must be paired with the store to guarantee not tearing.  */
+    asm("0: ldxp %[l], %[h], %[mem]\n\t"
+        "stxp %w[tmp], %[l], %[h], %[mem]\n\t"
+        "cbnz %w[tmp], 0b"
+        : [mem] "+m"(*ptr), [tmp] "=r"(tmp), [l] "=r"(l), [h] "=r"(h));
+
+    return int128_make128(l, h);
+}
+
+static inline void atomic16_set(Int128 *ptr, Int128 val)
+{
+    uint64_t l = int128_getlo(val), h = int128_gethi(val);
+    uint64_t t1, t2;
+
+    /* Load into temporaries to acquire the exclusive access lock.  */
+    asm("0: ldxp %[t1], %[t2], %[mem]\n\t"
+        "stxp %w[t1], %[l], %[h], %[mem]\n\t"
+        "cbnz %w[t1], 0b"
+        : [mem] "+m"(*ptr), [t1] "=&r"(t1), [t2] "=&r"(t2)
+        : [l] "r"(l), [h] "r"(h));
+}
+
+# define HAVE_ATOMIC128 1
+#elif !defined(CONFIG_USER_ONLY) && HAVE_CMPXCHG128
+static inline Int128 atomic16_read(Int128 *ptr)
+{
+    /* Maybe replace 0 with 0, returning the old value.  */
+    return atomic16_cmpxchg(ptr, 0, 0);
+}
+
+static inline void atomic16_set(Int128 *ptr, Int128 val)
+{
+    Int128 old = *ptr, cmp;
+    do {
+        cmp = old;
+        old = atomic16_cmpxchg(ptr, cmp, val);
+    } while (old != cmp);
+}
+
+# define HAVE_ATOMIC128 1
+#else
+/* Fallback definitions that must be optimized away, or error.  */
+Int128 QEMU_ERROR("unsupported atomic") atomic16_read(Int128 *ptr);
+void QEMU_ERROR("unsupported atomic") atomic16_set(Int128 *ptr, Int128 val);
+# define HAVE_ATOMIC128 0
+#endif /* Some definition for HAVE_ATOMIC128 */
+
+#endif /* QEMU_ATOMIC128_H */
diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -XXX,XX +XXX,XX @@
 # define QEMU_FLATTEN
 #endif
 
+/*
+ * If __attribute__((error)) is present, use it to produce an error at
+ * compile time.  Otherwise, one must wait for the linker to diagnose
+ * the missing symbol.
+ */
+#if __has_attribute(error)
+# define QEMU_ERROR(X) __attribute__((error(X)))
+#else
+# define QEMU_ERROR(X)
+#endif
+
 /* Implement C11 _Generic via GCC builtins.  Example:
  *
  *    QEMU_GENERIC(x, (float, sinf), (long double, sinl), sin) (x)
diff --git a/tcg/tcg.h b/tcg/tcg.h
index XXXXXXX..XXXXXXX 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -XXX,XX +XXX,XX @@
 #include "qemu/queue.h"
 #include "tcg-mo.h"
 #include "tcg-target.h"
+#include "qemu/int128.h"
 
 /* XXX: make safe guess about sizes */
 #define MAX_OP_PER_INSTR 266
@@ -XXX,XX +XXX,XX @@ GEN_ATOMIC_HELPER_ALL(xchg)
 #undef GEN_ATOMIC_HELPER
 #endif /* CONFIG_SOFTMMU */
 
-#ifdef CONFIG_ATOMIC128
-#include "qemu/int128.h"
-
-/* These aren't really a "proper" helpers because TCG cannot manage Int128.
-   However, use the same format as the others, for use by the backends. */
+/*
+ * These aren't really a "proper" helpers because TCG cannot manage Int128.
+ * However, use the same format as the others, for use by the backends.
+ *
+ * The cmpxchg functions are only defined if HAVE_CMPXCHG128;
+ * the ld/st functions are only defined if HAVE_ATOMIC128,
+ * as defined by <qemu/atomic128.h>.
+ */
 Int128 helper_atomic_cmpxchgo_le_mmu(CPUArchState *env, target_ulong addr,
                                      Int128 cmpv, Int128 newv,
                                      TCGMemOpIdx oi, uintptr_t retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_atomic_sto_le_mmu(CPUArchState *env, target_ulong addr, Int128 val,
 void helper_atomic_sto_be_mmu(CPUArchState *env, target_ulong addr, Int128 val,
                               TCGMemOpIdx oi, uintptr_t retaddr);
 
-#endif /* CONFIG_ATOMIC128 */
-
 #endif /* TCG_H */
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/log.h"
 #include "exec/helper-proto.h"
 #include "qemu/atomic.h"
+#include "qemu/atomic128.h"
 
 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
 /* #define DEBUG_TLB */
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
 #include "atomic_template.h"
 #endif
 
-#ifdef CONFIG_ATOMIC128
+#if HAVE_CMPXCHG128 || HAVE_ATOMIC128
 #define DATA_SIZE 16
 #include "atomic_template.h"
 #endif
diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "translate-all.h"
 #include "exec/helper-proto.h"
+#include "qemu/atomic128.h"
 
 #undef EAX
 #undef ECX
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
 /* The following is only callable from other helpers, and matches up
    with the softmmu version.  */
 
-#ifdef CONFIG_ATOMIC128
+#if HAVE_ATOMIC128 || HAVE_CMPXCHG128
 
 #undef EXTRA_ARGS
 #undef ATOMIC_NAME
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
 
 #define DATA_SIZE 16
 #include "atomic_template.h"
-#endif /* CONFIG_ATOMIC128 */
+#endif
diff --git a/configure b/configure
index XXXXXXX..XXXXXXX 100755
--- a/configure
+++ b/configure
@@ -XXX,XX +XXX,XX @@ EOF
   fi
 fi
 
+cmpxchg128=no
+if test "$int128" = yes -a "$atomic128" = no; then
+  cat > $TMPC << EOF
+int main(void)
+{
+  unsigned __int128 x = 0, y = 0;
+  __sync_val_compare_and_swap_16(&x, y, x);
+  return 0;
+}
+EOF
+  if compile_prog "" "" ; then
+    cmpxchg128=yes
+  fi
+fi
+
 #########################################
 # See if 64-bit atomic operations are supported.
 # Note that without __atomic builtins, we can only
@@ -XXX,XX +XXX,XX @@ if test "$atomic128" = "yes" ; then
   echo "CONFIG_ATOMIC128=y" >> $config_host_mak
 fi
 
+if test "$cmpxchg128" = "yes" ; then
+  echo "CONFIG_CMPXCHG128=y" >> $config_host_mak
+fi
+
 if test "$atomic64" = "yes" ; then
   echo "CONFIG_ATOMIC64=y" >> $config_host_mak
 fi
-- 
2.17.2

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/mem_helper.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/target/i386/mem_helper.c b/target/i386/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/mem_helper.c
+++ b/target/i386/mem_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "qemu/int128.h"
+#include "qemu/atomic128.h"
 #include "tcg.h"
 
 void helper_cmpxchg8b_unlocked(CPUX86State *env, target_ulong a0)
@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
 
     if ((a0 & 0xf) != 0) {
         raise_exception_ra(env, EXCP0D_GPF, ra);
-    } else {
-#ifndef CONFIG_ATOMIC128
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
+    } else if (HAVE_CMPXCHG128) {
         int eflags = cpu_cc_compute_all(env, CC_OP);
 
         Int128 cmpv = int128_make128(env->regs[R_EAX], env->regs[R_EDX]);
@@ -XXX,XX +XXX,XX @@ void helper_cmpxchg16b(CPUX86State *env, target_ulong a0)
             eflags &= ~CC_Z;
         }
         CC_SRC = eflags;
-#endif
+    } else {
+        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
     }
 }
 #endif
-- 
2.17.2

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper-a64.c | 259 +++++++++++++++++++++-------------------
 1 file changed, 133 insertions(+), 126 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "qemu/int128.h"
+#include "qemu/atomic128.h"
 #include "tcg.h"
 #include "fpu/softfloat.h"
 #include <zlib.h> /* For crc32 */
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(crc32c_64)(uint64_t acc, uint64_t val, uint32_t bytes)
     return crc32c(acc, buf, bytes) ^ 0xffffffff;
 }
 
-/* Returns 0 on success; 1 otherwise.  */
-static uint64_t do_paired_cmpxchg64_le(CPUARMState *env, uint64_t addr,
-                                       uint64_t new_lo, uint64_t new_hi,
-                                       bool parallel, uintptr_t ra)
+uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
+                                     uint64_t new_lo, uint64_t new_hi)
 {
-    Int128 oldv, cmpv, newv;
+    Int128 cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
+    Int128 newv = int128_make128(new_lo, new_hi);
+    Int128 oldv;
+    uintptr_t ra = GETPC();
+    uint64_t o0, o1;
     bool success;
 
-    cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
-    newv = int128_make128(new_lo, new_hi);
-
-    if (parallel) {
-#ifndef CONFIG_ATOMIC128
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-        oldv = helper_atomic_cmpxchgo_le_mmu(env, addr, cmpv, newv, oi, ra);
-        success = int128_eq(oldv, cmpv);
-#endif
-    } else {
-        uint64_t o0, o1;
-
 #ifdef CONFIG_USER_ONLY
-        /* ??? Enforce alignment.  */
-        uint64_t *haddr = g2h(addr);
+    /* ??? Enforce alignment.  */
+    uint64_t *haddr = g2h(addr);
 
-        helper_retaddr = ra;
-        o0 = ldq_le_p(haddr + 0);
-        o1 = ldq_le_p(haddr + 1);
-        oldv = int128_make128(o0, o1);
+    helper_retaddr = ra;
+    o0 = ldq_le_p(haddr + 0);
+    o1 = ldq_le_p(haddr + 1);
+    oldv = int128_make128(o0, o1);
 
-        success = int128_eq(oldv, cmpv);
-        if (success) {
-            stq_le_p(haddr + 0, int128_getlo(newv));
-            stq_le_p(haddr + 1, int128_gethi(newv));
-        }
-        helper_retaddr = 0;
-#else
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
-        TCGMemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
-
-        o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
-        o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
-        oldv = int128_make128(o0, o1);
-
-        success = int128_eq(oldv, cmpv);
-        if (success) {
-            helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
-            helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
-        }
-#endif
+    success = int128_eq(oldv, cmpv);
+    if (success) {
+        stq_le_p(haddr + 0, int128_getlo(newv));
+        stq_le_p(haddr + 1, int128_gethi(newv));
     }
+    helper_retaddr = 0;
+#else
+    int mem_idx = cpu_mmu_index(env, false);
+    TCGMemOpIdx oi0 = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+    TCGMemOpIdx oi1 = make_memop_idx(MO_LEQ, mem_idx);
+
+    o0 = helper_le_ldq_mmu(env, addr + 0, oi0, ra);
+    o1 = helper_le_ldq_mmu(env, addr + 8, oi1, ra);
+    oldv = int128_make128(o0, o1);
+
+    success = int128_eq(oldv, cmpv);
+    if (success) {
+        helper_le_stq_mmu(env, addr + 0, int128_getlo(newv), oi1, ra);
+        helper_le_stq_mmu(env, addr + 8, int128_gethi(newv), oi1, ra);
+    }
+#endif
 
     return !success;
 }
 
-uint64_t HELPER(paired_cmpxchg64_le)(CPUARMState *env, uint64_t addr,
-                                              uint64_t new_lo, uint64_t new_hi)
-{
-    return do_paired_cmpxchg64_le(env, addr, new_lo, new_hi, false, GETPC());
-}
-
 uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
                                               uint64_t new_lo, uint64_t new_hi)
-{
-    return do_paired_cmpxchg64_le(env, addr, new_lo, new_hi, true, GETPC());
-}
-
-static uint64_t do_paired_cmpxchg64_be(CPUARMState *env, uint64_t addr,
-                                       uint64_t new_lo, uint64_t new_hi,
-                                       bool parallel, uintptr_t ra)
 {
     Int128 oldv, cmpv, newv;
+    uintptr_t ra = GETPC();
     bool success;
+    int mem_idx;
+    TCGMemOpIdx oi;
 
-    /* high and low need to be switched here because this is not actually a
-     * 128bit store but two doublewords stored consecutively
-     */
-    cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
-    newv = int128_make128(new_hi, new_lo);
-
-    if (parallel) {
-#ifndef CONFIG_ATOMIC128
+    if (!HAVE_CMPXCHG128) {
         cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
-        oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
-        success = int128_eq(oldv, cmpv);
-#endif
-    } else {
-        uint64_t o0, o1;
-
-#ifdef CONFIG_USER_ONLY
-        /* ??? Enforce alignment.  */
-        uint64_t *haddr = g2h(addr);
-
-        helper_retaddr = ra;
-        o1 = ldq_be_p(haddr + 0);
-        o0 = ldq_be_p(haddr + 1);
-        oldv = int128_make128(o0, o1);
-
-        success = int128_eq(oldv, cmpv);
-        if (success) {
-            stq_be_p(haddr + 0, int128_gethi(newv));
-            stq_be_p(haddr + 1, int128_getlo(newv));
-        }
-        helper_retaddr = 0;
-#else
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
-        TCGMemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
-
-        o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
-        o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
-        oldv = int128_make128(o0, o1);
-
-        success = int128_eq(oldv, cmpv);
-        if (success) {
-            helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
-            helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
-        }
-#endif
     }
 
+    mem_idx = cpu_mmu_index(env, false);
+    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
+
+    cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
+    newv = int128_make128(new_lo, new_hi);
+    oldv = helper_atomic_cmpxchgo_le_mmu(env, addr, cmpv, newv, oi, ra);
+
+    success = int128_eq(oldv, cmpv);
     return !success;
 }
 
 uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
                                      uint64_t new_lo, uint64_t new_hi)
 {
-    return do_paired_cmpxchg64_be(env, addr, new_lo, new_hi, false, GETPC());
+    /*
+     * High and low need to be switched here because this is not actually a
+     * 128bit store but two doublewords stored consecutively
+     */
+    Int128 cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
+    Int128 newv = int128_make128(new_lo, new_hi);
+    Int128 oldv;
+    uintptr_t ra = GETPC();
+    uint64_t o0, o1;
+    bool success;
+
+#ifdef CONFIG_USER_ONLY
+    /* ??? Enforce alignment.  */
+    uint64_t *haddr = g2h(addr);
+
+    helper_retaddr = ra;
+    o1 = ldq_be_p(haddr + 0);
+    o0 = ldq_be_p(haddr + 1);
+    oldv = int128_make128(o0, o1);
+
+    success = int128_eq(oldv, cmpv);
+    if (success) {
+        stq_be_p(haddr + 0, int128_gethi(newv));
+        stq_be_p(haddr + 1, int128_getlo(newv));
+    }
+    helper_retaddr = 0;
+#else
+    int mem_idx = cpu_mmu_index(env, false);
+    TCGMemOpIdx oi0 = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
+    TCGMemOpIdx oi1 = make_memop_idx(MO_BEQ, mem_idx);
+
+    o1 = helper_be_ldq_mmu(env, addr + 0, oi0, ra);
+    o0 = helper_be_ldq_mmu(env, addr + 8, oi1, ra);
+    oldv = int128_make128(o0, o1);
+
+    success = int128_eq(oldv, cmpv);
+    if (success) {
+        helper_be_stq_mmu(env, addr + 0, int128_gethi(newv), oi1, ra);
+        helper_be_stq_mmu(env, addr + 8, int128_getlo(newv), oi1, ra);
+    }
+#endif
+
+    return !success;
 }
 
 uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
-                                     uint64_t new_lo, uint64_t new_hi)
+                                              uint64_t new_lo, uint64_t new_hi)
 {
-    return do_paired_cmpxchg64_be(env, addr, new_lo, new_hi, true, GETPC());
+    Int128 oldv, cmpv, newv;
+    uintptr_t ra = GETPC();
+    bool success;
+    int mem_idx;
+    TCGMemOpIdx oi;
+
+    if (!HAVE_CMPXCHG128) {
+        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+    }
+
+    mem_idx = cpu_mmu_index(env, false);
+    oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
+
+    /*
+     * High and low need to be switched here because this is not actually a
+     * 128bit store but two doublewords stored consecutively
+     */
+    cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
+    newv = int128_make128(new_hi, new_lo);
+    oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
+
+    success = int128_eq(oldv, cmpv);
+    return !success;
 }
 
 /* Writes back the old data into Rs.  */
 void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
                               uint64_t new_lo, uint64_t new_hi)
 {
-    uintptr_t ra = GETPC();
-#ifndef CONFIG_ATOMIC128
-    cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
     Int128 oldv, cmpv, newv;
+    uintptr_t ra = GETPC();
+    int mem_idx;
+    TCGMemOpIdx oi;
+
+    if (!HAVE_CMPXCHG128) {
+        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+    }
+
+    mem_idx = cpu_mmu_index(env, false);
+    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
 
     cmpv = int128_make128(env->xregs[rs], env->xregs[rs + 1]);
     newv = int128_make128(new_lo, new_hi);
-
-    int mem_idx = cpu_mmu_index(env, false);
-    TCGMemOpIdx oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
     oldv = helper_atomic_cmpxchgo_le_mmu(env, addr, cmpv, newv, oi, ra);
 
     env->xregs[rs] = int128_getlo(oldv);
     env->xregs[rs + 1] = int128_gethi(oldv);
-#endif
 }
 
 void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
                               uint64_t new_hi, uint64_t new_lo)
 {
-    uintptr_t ra = GETPC();
-#ifndef CONFIG_ATOMIC128
-    cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
     Int128 oldv, cmpv, newv;
+    uintptr_t ra = GETPC();
+    int mem_idx;
+    TCGMemOpIdx oi;
+
+    if (!HAVE_CMPXCHG128) {
+        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+    }
+
+    mem_idx = cpu_mmu_index(env, false);
+    oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
 
     cmpv = int128_make128(env->xregs[rs + 1], env->xregs[rs]);
     newv = int128_make128(new_lo, new_hi);
-
-    int mem_idx = cpu_mmu_index(env, false);
-    TCGMemOpIdx oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
     oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
 
     env->xregs[rs + 1] = int128_getlo(oldv);
     env->xregs[rs] = int128_gethi(oldv);
-#endif
 }
 
 /*
-- 
2.17.2

Reviewed-by: Emilio G. Cota <cota@braap.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/arm/helper-a64.c    | 16 ++++------------
 target/arm/translate-a64.c | 38 ++++++++++++++++++++++----------------
 2 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_le_parallel)(CPUARMState *env, uint64_t addr,
     int mem_idx;
     TCGMemOpIdx oi;
 
-    if (!HAVE_CMPXCHG128) {
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-    }
+    assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
     oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be_parallel)(CPUARMState *env, uint64_t addr,
     int mem_idx;
     TCGMemOpIdx oi;
 
-    if (!HAVE_CMPXCHG128) {
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-    }
+    assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
     oi = make_memop_idx(MO_BEQ | MO_ALIGN_16, mem_idx);
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_le_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     int mem_idx;
     TCGMemOpIdx oi;
 
-    if (!HAVE_CMPXCHG128) {
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-    }
+    assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
     oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
@@ -XXX,XX +XXX,XX @@ void HELPER(casp_be_parallel)(CPUARMState *env, uint32_t rs, uint64_t addr,
     int mem_idx;
     TCGMemOpIdx oi;
 
-    if (!HAVE_CMPXCHG128) {
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-    }
+    assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
     oi = make_memop_idx(MO_LEQ | MO_ALIGN_16, mem_idx);
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@
 
 #include "trace-tcg.h"
 #include "translate-a64.h"
+#include "qemu/atomic128.h"
 
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
@@ -XXX,XX +XXX,XX @@ static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
                                        get_mem_index(s),
                                        MO_64 | MO_ALIGN | s->be_data);
             tcg_gen_setcond_i64(TCG_COND_NE, tmp, tmp, cpu_exclusive_val);
-        } else if (s->be_data == MO_LE) {
-            if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+        } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+            if (!HAVE_CMPXCHG128) {
+                gen_helper_exit_atomic(cpu_env);
+                s->base.is_jmp = DISAS_NORETURN;
+            } else if (s->be_data == MO_LE) {
                 gen_helper_paired_cmpxchg64_le_parallel(tmp, cpu_env,
                                                         cpu_exclusive_addr,
                                                         cpu_reg(s, rt),
                                                         cpu_reg(s, rt2));
             } else {
-                gen_helper_paired_cmpxchg64_le(tmp, cpu_env, cpu_exclusive_addr,
-                                               cpu_reg(s, rt), cpu_reg(s, rt2));
-            }
-        } else {
-            if (tb_cflags(s->base.tb) & CF_PARALLEL) {
                 gen_helper_paired_cmpxchg64_be_parallel(tmp, cpu_env,
                                                         cpu_exclusive_addr,
                                                         cpu_reg(s, rt),
                                                         cpu_reg(s, rt2));
-            } else {
-                gen_helper_paired_cmpxchg64_be(tmp, cpu_env, cpu_exclusive_addr,
-                                               cpu_reg(s, rt), cpu_reg(s, rt2));
             }
+        } else if (s->be_data == MO_LE) {
+            gen_helper_paired_cmpxchg64_le(tmp, cpu_env, cpu_exclusive_addr,
+                                           cpu_reg(s, rt), cpu_reg(s, rt2));
+        } else {
+            gen_helper_paired_cmpxchg64_be(tmp, cpu_env, cpu_exclusive_addr,
+                                           cpu_reg(s, rt), cpu_reg(s, rt2));
         }
     } else {
         tcg_gen_atomic_cmpxchg_i64(tmp, cpu_exclusive_addr, cpu_exclusive_val,
@@ -XXX,XX +XXX,XX @@ static void gen_compare_and_swap_pair(DisasContext *s, int rs, int rt,
         }
         tcg_temp_free_i64(cmp);
     } else if (tb_cflags(s->base.tb) & CF_PARALLEL) {
-        TCGv_i32 tcg_rs = tcg_const_i32(rs);
-
-        if (s->be_data == MO_LE) {
-            gen_helper_casp_le_parallel(cpu_env, tcg_rs, addr, t1, t2);
+        if (HAVE_CMPXCHG128) {
+            TCGv_i32 tcg_rs = tcg_const_i32(rs);
+            if (s->be_data == MO_LE) {
+                gen_helper_casp_le_parallel(cpu_env, tcg_rs, addr, t1, t2);
+            } else {
+                gen_helper_casp_be_parallel(cpu_env, tcg_rs, addr, t1, t2);
+            }
+            tcg_temp_free_i32(tcg_rs);
         } else {
-            gen_helper_casp_be_parallel(cpu_env, tcg_rs, addr, t1, t2);
+            gen_helper_exit_atomic(cpu_env);
+            s->base.is_jmp = DISAS_NORETURN;
         }
-        tcg_temp_free_i32(tcg_rs);
     } else {
         TCGv_i64 d1 = tcg_temp_new_i64();
         TCGv_i64 d2 = tcg_temp_new_i64();
-- 
2.17.2

Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/ppc/helper.h     |   2 +-
 target/ppc/mem_helper.c |  33 ++++++++++--
 target/ppc/translate.c  | 115 +++++++++++++++++++++-------------------
 3 files changed, 88 insertions(+), 62 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_4(dscliq, void, env, fprp, fprp, i32)
 DEF_HELPER_1(tbegin, void, env)
 DEF_HELPER_FLAGS_1(fixup_thrm, TCG_CALL_NO_RWG, void, env)
 
-#if defined(TARGET_PPC64) && defined(CONFIG_ATOMIC128)
+#ifdef TARGET_PPC64
 DEF_HELPER_FLAGS_3(lq_le_parallel, TCG_CALL_NO_WG, i64, env, tl, i32)
 DEF_HELPER_FLAGS_3(lq_be_parallel, TCG_CALL_NO_WG, i64, env, tl, i32)
 DEF_HELPER_FLAGS_5(stq_le_parallel, TCG_CALL_NO_WG,
diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/cpu_ldst.h"
 #include "tcg.h"
 #include "internal.h"
+#include "qemu/atomic128.h"
 
 //#define DEBUG_OP
 
@@ -XXX,XX +XXX,XX @@ target_ulong helper_lscbx(CPUPPCState *env, target_ulong addr, uint32_t reg,
     return i;
 }
 
-#if defined(TARGET_PPC64) && defined(CONFIG_ATOMIC128)
+#ifdef TARGET_PPC64
 uint64_t helper_lq_le_parallel(CPUPPCState *env, target_ulong addr,
                                uint32_t opidx)
 {
-    Int128 ret = helper_atomic_ldo_le_mmu(env, addr, opidx, GETPC());
+    Int128 ret;
+
+    /* We will have raised EXCP_ATOMIC from the translator.  */
+    assert(HAVE_ATOMIC128);
+    ret = helper_atomic_ldo_le_mmu(env, addr, opidx, GETPC());
     env->retxh = int128_gethi(ret);
     return int128_getlo(ret);
 }
@@ -XXX,XX +XXX,XX @@ uint64_t helper_lq_le_parallel(CPUPPCState *env, target_ulong addr,
 uint64_t helper_lq_be_parallel(CPUPPCState *env, target_ulong addr,
                                uint32_t opidx)
 {
-    Int128 ret = helper_atomic_ldo_be_mmu(env, addr, opidx, GETPC());
+    Int128 ret;
+
+    /* We will have raised EXCP_ATOMIC from the translator.  */
+    assert(HAVE_ATOMIC128);
+    ret = helper_atomic_ldo_be_mmu(env, addr, opidx, GETPC());
     env->retxh = int128_gethi(ret);
     return int128_getlo(ret);
 }
@@ -XXX,XX +XXX,XX @@ uint64_t helper_lq_be_parallel(CPUPPCState *env, target_ulong addr,
 void helper_stq_le_parallel(CPUPPCState *env, target_ulong addr,
                             uint64_t lo, uint64_t hi, uint32_t opidx)
 {
-    Int128 val = int128_make128(lo, hi);
+    Int128 val;
+
+    /* We will have raised EXCP_ATOMIC from the translator.  */
+    assert(HAVE_ATOMIC128);
+    val = int128_make128(lo, hi);
     helper_atomic_sto_le_mmu(env, addr, val, opidx, GETPC());
 }
 
 void helper_stq_be_parallel(CPUPPCState *env, target_ulong addr,
                             uint64_t lo, uint64_t hi, uint32_t opidx)
 {
-    Int128 val = int128_make128(lo, hi);
+    Int128 val;
+
+    /* We will have raised EXCP_ATOMIC from the translator.  */
+    assert(HAVE_ATOMIC128);
+    val = int128_make128(lo, hi);
     helper_atomic_sto_be_mmu(env, addr, val, opidx, GETPC());
 }
 
@@ -XXX,XX +XXX,XX @@ uint32_t helper_stqcx_le_parallel(CPUPPCState *env, target_ulong addr,
 {
     bool success = false;
 
+    /* We will have raised EXCP_ATOMIC from the translator.  */
+    assert(HAVE_CMPXCHG128);
+
     if (likely(addr == env->reserve_addr)) {
         Int128 oldv, cmpv, newv;
 
@@ -XXX,XX +XXX,XX @@ uint32_t helper_stqcx_be_parallel(CPUPPCState *env, target_ulong addr,
 {
     bool success = false;
 
+    /* We will have raised EXCP_ATOMIC from the translator.  */
+    assert(HAVE_CMPXCHG128);
+
     if (likely(addr == env->reserve_addr)) {
         Int128 oldv, cmpv, newv;
 
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
+#include "qemu/atomic128.h"
 
 
 #define CPU_SINGLE_STEP 0x1
@@ -XXX,XX +XXX,XX @@ static void gen_lq(DisasContext *ctx)
     hi = cpu_gpr[rd];
 
     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
-#ifdef CONFIG_ATOMIC128
-        TCGv_i32 oi = tcg_temp_new_i32();
-        if (ctx->le_mode) {
-            tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
-            gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
+        if (HAVE_ATOMIC128) {
+            TCGv_i32 oi = tcg_temp_new_i32();
+            if (ctx->le_mode) {
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
+                gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
+            } else {
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
+                gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
+            }
+            tcg_temp_free_i32(oi);
+            tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
         } else {
-            tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
-            gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
+            /* Restart with exclusive lock.  */
+            gen_helper_exit_atomic(cpu_env);
+            ctx->base.is_jmp = DISAS_NORETURN;
         }
-        tcg_temp_free_i32(oi);
-        tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
-#else
-        /* Restart with exclusive lock.  */
-        gen_helper_exit_atomic(cpu_env);
-        ctx->base.is_jmp = DISAS_NORETURN;
-#endif
     } else if (ctx->le_mode) {
         tcg_gen_qemu_ld_i64(lo, EA, ctx->mem_idx, MO_LEQ);
         gen_addr_add(ctx, EA, EA, 8);
@@ -XXX,XX +XXX,XX @@ static void gen_std(DisasContext *ctx)
         hi = cpu_gpr[rs];
 
         if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
-#ifdef CONFIG_ATOMIC128
-            TCGv_i32 oi = tcg_temp_new_i32();
-            if (ctx->le_mode) {
-                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
-                gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
+            if (HAVE_ATOMIC128) {
+                TCGv_i32 oi = tcg_temp_new_i32();
+                if (ctx->le_mode) {
+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ, ctx->mem_idx));
+                    gen_helper_stq_le_parallel(cpu_env, EA, lo, hi, oi);
+                } else {
+                    tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
+                    gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
+                }
+                tcg_temp_free_i32(oi);
             } else {
-                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ, ctx->mem_idx));
-                gen_helper_stq_be_parallel(cpu_env, EA, lo, hi, oi);
+                /* Restart with exclusive lock.  */
+                gen_helper_exit_atomic(cpu_env);
+                ctx->base.is_jmp = DISAS_NORETURN;
             }
-            tcg_temp_free_i32(oi);
-#else
-            /* Restart with exclusive lock.  */
-            gen_helper_exit_atomic(cpu_env);
-            ctx->base.is_jmp = DISAS_NORETURN;
-#endif
         } else if (ctx->le_mode) {
             tcg_gen_qemu_st_i64(lo, EA, ctx->mem_idx, MO_LEQ);
             gen_addr_add(ctx, EA, EA, 8);
@@ -XXX,XX +XXX,XX @@ static void gen_lqarx(DisasContext *ctx)
     hi = cpu_gpr[rd];
 
     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
-#ifdef CONFIG_ATOMIC128
-        TCGv_i32 oi = tcg_temp_new_i32();
-        if (ctx->le_mode) {
-            tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
-                                                ctx->mem_idx));
-            gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
+        if (HAVE_ATOMIC128) {
+            TCGv_i32 oi = tcg_temp_new_i32();
+            if (ctx->le_mode) {
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_LEQ | MO_ALIGN_16,
+                                                    ctx->mem_idx));
+                gen_helper_lq_le_parallel(lo, cpu_env, EA, oi);
+            } else {
+                tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
+                                                    ctx->mem_idx));
+                gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
+            }
+            tcg_temp_free_i32(oi);
+            tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
         } else {
-            tcg_gen_movi_i32(oi, make_memop_idx(MO_BEQ | MO_ALIGN_16,
-                                                ctx->mem_idx));
-            gen_helper_lq_be_parallel(lo, cpu_env, EA, oi);
+            /* Restart with exclusive lock.  */
+            gen_helper_exit_atomic(cpu_env);
+            ctx->base.is_jmp = DISAS_NORETURN;
+            tcg_temp_free(EA);
+            return;
         }
-        tcg_temp_free_i32(oi);
-        tcg_gen_ld_i64(hi, cpu_env, offsetof(CPUPPCState, retxh));
-#else
-        /* Restart with exclusive lock.  */
-        gen_helper_exit_atomic(cpu_env);
-        ctx->base.is_jmp = DISAS_NORETURN;
-        tcg_temp_free(EA);
-        return;
-#endif
     } else if (ctx->le_mode) {
         tcg_gen_qemu_ld_i64(lo, EA, ctx->mem_idx, MO_LEQ | MO_ALIGN_16);
         tcg_gen_mov_tl(cpu_reserve, EA);
@@ -XXX,XX +XXX,XX @@ static void gen_stqcx_(DisasContext *ctx)
     hi = cpu_gpr[rs];
 
     if (tb_cflags(ctx->base.tb) & CF_PARALLEL) {
-        TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
-#ifdef CONFIG_ATOMIC128
-        if (ctx->le_mode) {
-            gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env, EA, lo, hi, oi);
+        if (HAVE_CMPXCHG128) {
+            TCGv_i32 oi = tcg_const_i32(DEF_MEMOP(MO_Q) | MO_ALIGN_16);
+            if (ctx->le_mode) {
+                gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env,
+                                             EA, lo, hi, oi);
+            } else {
+                gen_helper_stqcx_be_parallel(cpu_crf[0], cpu_env,
+                                             EA, lo, hi, oi);
+            }
+            tcg_temp_free_i32(oi);
         } else {
-            gen_helper_stqcx_le_parallel(cpu_crf[0], cpu_env, EA, lo, hi, oi);
+            /* Restart with exclusive lock.  */
+            gen_helper_exit_atomic(cpu_env);
+            ctx->base.is_jmp = DISAS_NORETURN;
         }
-#else
-        /* Restart with exclusive lock.  */
-        gen_helper_exit_atomic(cpu_env);
-        ctx->base.is_jmp = DISAS_NORETURN;
-#endif
         tcg_temp_free(EA);
-        tcg_temp_free_i32(oi);
     } else {
         TCGLabel *lab_fail = gen_new_label();
         TCGLabel *lab_over = gen_new_label();
-- 
2.17.2

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/mem_helper.c | 92 +++++++++++++++++----------------------
 1 file changed, 41 insertions(+), 51 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "qemu/int128.h"
+#include "qemu/atomic128.h"
 
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/s390x/storage-keys.h"
@@ -XXX,XX +XXX,XX @@ static void do_cdsg(CPUS390XState *env, uint64_t addr,
     bool fail;
 
     if (parallel) {
-#ifndef CONFIG_ATOMIC128
+#if !HAVE_CMPXCHG128
         cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
 #else
         int mem_idx = cpu_mmu_index(env, false);
@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
 static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
                         uint64_t a2, bool parallel)
 {
-#if !defined(CONFIG_USER_ONLY) || defined(CONFIG_ATOMIC128)
     uint32_t mem_idx = cpu_mmu_index(env, false);
-#endif
     uintptr_t ra = GETPC();
     uint32_t fc = extract32(env->regs[0], 0, 8);
     uint32_t sc = extract32(env->regs[0], 8, 8);
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
     probe_write(env, a2, 0, mem_idx, ra);
 #endif
 
-    /* Note that the compare-and-swap is atomic, and the store is atomic, but
-       the complete operation is not.  Therefore we do not need to assert serial
-       context in order to implement this.  That said, restart early if we can't
-       support either operation that is supposed to be atomic.  */
+    /*
+     * Note that the compare-and-swap is atomic, and the store is atomic,
+     * but the complete operation is not.  Therefore we do not need to
+     * assert serial context in order to implement this.  That said,
+     * restart early if we can't support either operation that is supposed
+     * to be atomic.
+     */
     if (parallel) {
-        int mask = 0;
-#if !defined(CONFIG_ATOMIC64)
-        mask = -8;
-#elif !defined(CONFIG_ATOMIC128)
-        mask = -16;
+        uint32_t max = 2;
+#ifdef CONFIG_ATOMIC64
+        max = 3;
 #endif
-        if (((4 << fc) | (1 << sc)) & mask) {
+        if ((HAVE_CMPXCHG128 ? 0 : fc + 2 > max) ||
+            (HAVE_ATOMIC128  ? 0 : sc > max)) {
             cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
         }
     }
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
             Int128 cv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
             Int128 ov;
 
-            if (parallel) {
-#ifdef CONFIG_ATOMIC128
-                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-                ov = helper_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
-                cc = !int128_eq(ov, cv);
-#else
-                /* Note that we asserted !parallel above.  */
-                g_assert_not_reached();
-#endif
-            } else {
+            if (!parallel) {
                 uint64_t oh = cpu_ldq_data_ra(env, a1 + 0, ra);
                 uint64_t ol = cpu_ldq_data_ra(env, a1 + 8, ra);
 
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
 
                 cpu_stq_data_ra(env, a1 + 0, int128_gethi(nv), ra);
                 cpu_stq_data_ra(env, a1 + 8, int128_getlo(nv), ra);
+            } else if (HAVE_CMPXCHG128) {
+                TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+                ov = helper_atomic_cmpxchgo_be_mmu(env, a1, cv, nv, oi, ra);
+                cc = !int128_eq(ov, cv);
+            } else {
+                /* Note that we asserted !parallel above.  */
+                g_assert_not_reached();
             }
 
             env->regs[r3 + 0] = int128_gethi(ov);
@@ -XXX,XX +XXX,XX @@ static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
             cpu_stq_data_ra(env, a2, svh, ra);
             break;
         case 4:
-            if (parallel) {
-#ifdef CONFIG_ATOMIC128
+            if (!parallel) {
+                cpu_stq_data_ra(env, a2 + 0, svh, ra);
+                cpu_stq_data_ra(env, a2 + 8, svl, ra);
+            } else if (HAVE_ATOMIC128) {
                 TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
                 Int128 sv = int128_make128(svl, svh);
                 helper_atomic_sto_be_mmu(env, a2, sv, oi, ra);
-#else
+            } else {
                 /* Note that we asserted !parallel above.  */
                 g_assert_not_reached();
-#endif
-            } else {
-                cpu_stq_data_ra(env, a2 + 0, svh, ra);
-                cpu_stq_data_ra(env, a2 + 8, svl, ra);
             }
             break;
         default:
@@ -XXX,XX +XXX,XX @@ static uint64_t do_lpq(CPUS390XState *env, uint64_t addr, bool parallel)
     uintptr_t ra = GETPC();
     uint64_t hi, lo;
 
-    if (parallel) {
-#ifndef CONFIG_ATOMIC128
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
+    if (!parallel) {
+        check_alignment(env, addr, 16, ra);
+        hi = cpu_ldq_data_ra(env, addr + 0, ra);
+        lo = cpu_ldq_data_ra(env, addr + 8, ra);
+    } else if (HAVE_ATOMIC128) {
         int mem_idx = cpu_mmu_index(env, false);
         TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
         Int128 v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
         hi = int128_gethi(v);
         lo = int128_getlo(v);
-#endif
     } else {
-        check_alignment(env, addr, 16, ra);
-
-        hi = cpu_ldq_data_ra(env, addr + 0, ra);
-        lo = cpu_ldq_data_ra(env, addr + 8, ra);
+        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
     }
 
     env->retxl = lo;
@@ -XXX,XX +XXX,XX @@ static void do_stpq(CPUS390XState *env, uint64_t addr,
 {
     uintptr_t ra = GETPC();
 
-    if (parallel) {
-#ifndef CONFIG_ATOMIC128
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-
-        Int128 v = int128_make128(low, high);
-        helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
-#endif
-    } else {
+    if (!parallel) {
         check_alignment(env, addr, 16, ra);
-
         cpu_stq_data_ra(env, addr + 0, high, ra);
         cpu_stq_data_ra(env, addr + 8, low, ra);
+    } else if (HAVE_ATOMIC128) {
+        int mem_idx = cpu_mmu_index(env, false);
+        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+        Int128 v = int128_make128(low, high);
+        helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
+    } else {
+        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
     }
 }
 
-- 
2.17.2

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/mem_helper.c | 128 ++++++++++++++++++--------------------
 1 file changed, 61 insertions(+), 67 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(trXX)(CPUS390XState *env, uint32_t r1, uint32_t r2,
     return cc;
 }
 
-static void do_cdsg(CPUS390XState *env, uint64_t addr,
-                    uint32_t r1, uint32_t r3, bool parallel)
+void HELPER(cdsg)(CPUS390XState *env, uint64_t addr,
+                  uint32_t r1, uint32_t r3)
 {
     uintptr_t ra = GETPC();
     Int128 cmpv = int128_make128(env->regs[r1 + 1], env->regs[r1]);
     Int128 newv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
     Int128 oldv;
+    uint64_t oldh, oldl;
     bool fail;
 
-    if (parallel) {
-#if !HAVE_CMPXCHG128
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-#else
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-        oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
-        fail = !int128_eq(oldv, cmpv);
-#endif
-    } else {
-        uint64_t oldh, oldl;
+    check_alignment(env, addr, 16, ra);
 
-        check_alignment(env, addr, 16, ra);
+    oldh = cpu_ldq_data_ra(env, addr + 0, ra);
+    oldl = cpu_ldq_data_ra(env, addr + 8, ra);
 
-        oldh = cpu_ldq_data_ra(env, addr + 0, ra);
-        oldl = cpu_ldq_data_ra(env, addr + 8, ra);
-
-        oldv = int128_make128(oldl, oldh);
-        fail = !int128_eq(oldv, cmpv);
-        if (fail) {
-            newv = oldv;
-        }
-
-        cpu_stq_data_ra(env, addr + 0, int128_gethi(newv), ra);
-        cpu_stq_data_ra(env, addr + 8, int128_getlo(newv), ra);
+    oldv = int128_make128(oldl, oldh);
+    fail = !int128_eq(oldv, cmpv);
+    if (fail) {
+        newv = oldv;
     }
 
+    cpu_stq_data_ra(env, addr + 0, int128_gethi(newv), ra);
+    cpu_stq_data_ra(env, addr + 8, int128_getlo(newv), ra);
+
     env->cc_op = fail;
     env->regs[r1] = int128_gethi(oldv);
     env->regs[r1 + 1] = int128_getlo(oldv);
 }
 
-void HELPER(cdsg)(CPUS390XState *env, uint64_t addr,
-                  uint32_t r1, uint32_t r3)
-{
-    do_cdsg(env, addr, r1, r3, false);
-}
-
 void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
                            uint32_t r1, uint32_t r3)
 {
-    do_cdsg(env, addr, r1, r3, true);
+    uintptr_t ra = GETPC();
+    Int128 cmpv = int128_make128(env->regs[r1 + 1], env->regs[r1]);
+    Int128 newv = int128_make128(env->regs[r3 + 1], env->regs[r3]);
+    int mem_idx;
+    TCGMemOpIdx oi;
+    Int128 oldv;
+    bool fail;
+
+    if (!HAVE_CMPXCHG128) {
+        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
+    }
+
+    mem_idx = cpu_mmu_index(env, false);
+    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+    oldv = helper_atomic_cmpxchgo_be_mmu(env, addr, cmpv, newv, oi, ra);
+    fail = !int128_eq(oldv, cmpv);
+
+    env->cc_op = fail;
+    env->regs[r1] = int128_gethi(oldv);
+    env->regs[r1 + 1] = int128_getlo(oldv);
 }
 
 static uint32_t do_csst(CPUS390XState *env, uint32_t r3, uint64_t a1,
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(lra)(CPUS390XState *env, uint64_t addr)
 #endif
 
 /* load pair from quadword */
-static uint64_t do_lpq(CPUS390XState *env, uint64_t addr, bool parallel)
+uint64_t HELPER(lpq)(CPUS390XState *env, uint64_t addr)
 {
     uintptr_t ra = GETPC();
     uint64_t hi, lo;
 
-    if (!parallel) {
-        check_alignment(env, addr, 16, ra);
-        hi = cpu_ldq_data_ra(env, addr + 0, ra);
-        lo = cpu_ldq_data_ra(env, addr + 8, ra);
-    } else if (HAVE_ATOMIC128) {
+    check_alignment(env, addr, 16, ra);
+    hi = cpu_ldq_data_ra(env, addr + 0, ra);
+    lo = cpu_ldq_data_ra(env, addr + 8, ra);
+
+    env->retxl = lo;
+    return hi;
+}
+
+uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
+{
+    uintptr_t ra = GETPC();
+    uint64_t hi, lo;
+
+    if (HAVE_ATOMIC128) {
         int mem_idx = cpu_mmu_index(env, false);
         TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
         Int128 v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
@@ -XXX,XX +XXX,XX @@ static uint64_t do_lpq(CPUS390XState *env, uint64_t addr, bool parallel)
     return hi;
 }
 
-uint64_t HELPER(lpq)(CPUS390XState *env, uint64_t addr)
-{
-    return do_lpq(env, addr, false);
-}
-
-uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
-{
-    return do_lpq(env, addr, true);
-}
-
 /* store pair to quadword */
-static void do_stpq(CPUS390XState *env, uint64_t addr,
-                    uint64_t low, uint64_t high, bool parallel)
+void HELPER(stpq)(CPUS390XState *env, uint64_t addr,
+                  uint64_t low, uint64_t high)
 {
     uintptr_t ra = GETPC();
 
-    if (!parallel) {
-        check_alignment(env, addr, 16, ra);
-        cpu_stq_data_ra(env, addr + 0, high, ra);
-        cpu_stq_data_ra(env, addr + 8, low, ra);
-    } else if (HAVE_ATOMIC128) {
+    check_alignment(env, addr, 16, ra);
+    cpu_stq_data_ra(env, addr + 0, high, ra);
+    cpu_stq_data_ra(env, addr + 8, low, ra);
+}
+
+void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
+                           uint64_t low, uint64_t high)
+{
+    uintptr_t ra = GETPC();
+
+    if (HAVE_ATOMIC128) {
         int mem_idx = cpu_mmu_index(env, false);
         TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
         Int128 v = int128_make128(low, high);
@@ -XXX,XX +XXX,XX @@ static void do_stpq(CPUS390XState *env, uint64_t addr,
     }
 }
 
-void HELPER(stpq)(CPUS390XState *env, uint64_t addr,
-                  uint64_t low, uint64_t high)
-{
-    do_stpq(env, addr, low, high, false);
-}
-
-void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
-                           uint64_t low, uint64_t high)
-{
-    do_stpq(env, addr, low, high, true);
-}
-
 /* Execute instruction.  This instruction executes an insn modified with
    the contents of r1.  It does not change the executed instruction in memory;
    it does not change the program counter.
-- 
2.17.2

When op raises an exception, it may not have initialized the output
temps that would be written back by wout or cout.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/translate.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -XXX,XX +XXX,XX @@ struct DisasInsn {
 
     const char *name;
 
+    /* Pre-process arguments before HELP_OP.  */
     void (*help_in1)(DisasContext *, DisasFields *, DisasOps *);
     void (*help_in2)(DisasContext *, DisasFields *, DisasOps *);
     void (*help_prep)(DisasContext *, DisasFields *, DisasOps *);
+
+    /*
+     * Post-process output after HELP_OP.
+     * Note that these are not called if HELP_OP returns DISAS_NORETURN.
+     */
     void (*help_wout)(DisasContext *, DisasFields *, DisasOps *);
     void (*help_cout)(DisasContext *, DisasOps *);
+
+    /* Implement the operation itself.  */
     DisasJumpType (*help_op)(DisasContext *, DisasOps *);
 
     uint64_t data;
@@ -XXX,XX +XXX,XX @@ static DisasJumpType translate_one(CPUS390XState *env, DisasContext *s)
     if (insn->help_op) {
         ret = insn->help_op(s, &o);
     }
-    if (insn->help_wout) {
-        insn->help_wout(s, &f, &o);
-    }
-    if (insn->help_cout) {
-        insn->help_cout(s, &o);
+    if (ret != DISAS_NORETURN) {
+        if (insn->help_wout) {
+            insn->help_wout(s, &f, &o);
+        }
+        if (insn->help_cout) {
+            insn->help_cout(s, &o);
+        }
     }
 
     /* Free any temporaries created by the helpers.  */
-- 
2.17.2

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/s390x/mem_helper.c | 40 +++++++++++++++++++--------------------
 target/s390x/translate.c  | 25 +++++++++++++++++-------
 2 files changed, 38 insertions(+), 27 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(cdsg_parallel)(CPUS390XState *env, uint64_t addr,
     Int128 oldv;
     bool fail;
 
-    if (!HAVE_CMPXCHG128) {
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-    }
+    assert(HAVE_CMPXCHG128);
 
     mem_idx = cpu_mmu_index(env, false);
     oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(lpq_parallel)(CPUS390XState *env, uint64_t addr)
 {
     uintptr_t ra = GETPC();
     uint64_t hi, lo;
+    int mem_idx;
+    TCGMemOpIdx oi;
+    Int128 v;
 
-    if (HAVE_ATOMIC128) {
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-        Int128 v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
-        hi = int128_gethi(v);
-        lo = int128_getlo(v);
-    } else {
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-    }
+    assert(HAVE_ATOMIC128);
+
+    mem_idx = cpu_mmu_index(env, false);
+    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+    v = helper_atomic_ldo_be_mmu(env, addr, oi, ra);
+    hi = int128_gethi(v);
+    lo = int128_getlo(v);
 
     env->retxl = lo;
     return hi;
@@ -XXX,XX +XXX,XX @@ void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t addr,
                            uint64_t low, uint64_t high)
 {
     uintptr_t ra = GETPC();
+    int mem_idx;
+    TCGMemOpIdx oi;
+    Int128 v;
 
-    if (HAVE_ATOMIC128) {
-        int mem_idx = cpu_mmu_index(env, false);
-        TCGMemOpIdx oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
-        Int128 v = int128_make128(low, high);
-        helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
-    } else {
-        cpu_loop_exit_atomic(ENV_GET_CPU(env), ra);
-    }
+    assert(HAVE_ATOMIC128);
+
+    mem_idx = cpu_mmu_index(env, false);
+    oi = make_memop_idx(MO_TEQ | MO_ALIGN_16, mem_idx);
+    v = int128_make128(low, high);
+    helper_atomic_sto_be_mmu(env, addr, v, oi, ra);
 }
 
 /* Execute instruction.  This instruction executes an insn modified with
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -XXX,XX +XXX,XX @@
 #include "trace-tcg.h"
 #include "exec/translator.h"
 #include "exec/log.h"
+#include "qemu/atomic128.h"
 
 
 /* Information that (most) every instruction needs to manipulate.  */
@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_cdsg(DisasContext *s, DisasOps *o)
     int r3 = get_field(s->fields, r3);
     int d2 = get_field(s->fields, d2);
     int b2 = get_field(s->fields, b2);
+    DisasJumpType ret = DISAS_NEXT;
     TCGv_i64 addr;
     TCGv_i32 t_r1, t_r3;
 
@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_cdsg(DisasContext *s, DisasOps *o)
     addr = get_address(s, 0, b2, d2);
     t_r1 = tcg_const_i32(r1);
     t_r3 = tcg_const_i32(r3);
-    if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+    if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
+        gen_helper_cdsg(cpu_env, addr, t_r1, t_r3);
+    } else if (HAVE_CMPXCHG128) {
         gen_helper_cdsg_parallel(cpu_env, addr, t_r1, t_r3);
     } else {
-        gen_helper_cdsg(cpu_env, addr, t_r1, t_r3);
+        gen_helper_exit_atomic(cpu_env);
+        ret = DISAS_NORETURN;
     }
     tcg_temp_free_i64(addr);
     tcg_temp_free_i32(t_r1);
     tcg_temp_free_i32(t_r3);
 
     set_cc_static(s);
-    return DISAS_NEXT;
+    return ret;
 }
 
 static DisasJumpType op_csst(DisasContext *s, DisasOps *o)
@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_lpd(DisasContext *s, DisasOps *o)
 
 static DisasJumpType op_lpq(DisasContext *s, DisasOps *o)
 {
-    if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+    if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
+        gen_helper_lpq(o->out, cpu_env, o->in2);
+    } else if (HAVE_ATOMIC128) {
         gen_helper_lpq_parallel(o->out, cpu_env, o->in2);
     } else {
-        gen_helper_lpq(o->out, cpu_env, o->in2);
+        gen_helper_exit_atomic(cpu_env);
+        return DISAS_NORETURN;
     }
     return_low128(o->out2);
     return DISAS_NEXT;
@@ -XXX,XX +XXX,XX @@ static DisasJumpType op_stmh(DisasContext *s, DisasOps *o)
 
 static DisasJumpType op_stpq(DisasContext *s, DisasOps *o)
 {
-    if (tb_cflags(s->base.tb) & CF_PARALLEL) {
+    if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
+        gen_helper_stpq(cpu_env, o->in2, o->out2, o->out);
+    } else if (HAVE_ATOMIC128) {
         gen_helper_stpq_parallel(cpu_env, o->in2, o->out2, o->out);
     } else {
-        gen_helper_stpq(cpu_env, o->in2, o->out2, o->out);
+        gen_helper_exit_atomic(cpu_env);
+        return DISAS_NORETURN;
     }
     return DISAS_NEXT;
 }
-- 
2.17.2

From: "Emilio G. Cota" <cota@braap.org>

Updates can come from other threads, so readers that do not
take tlb_lock must use atomic_read to avoid undefined
behaviour (UB).

This completes the conversion to tlb_lock. This conversion results
on average in no performance loss, as the following experiments
(run on an Intel i7-6700K CPU @ 4.00GHz) show.

1. aarch64 bootup+shutdown test:

- Before:
 Performance counter stats for 'taskset -c 0 ../img/aarch64/die.sh' (10 runs):

7487.087786      task-clock (msec)         #    0.998 CPUs utilized            ( +-  0.12% )
    31,574,905,303      cycles                    #    4.217 GHz                      ( +-  0.12% )
    57,097,908,812      instructions              #    1.81  insns per cycle          ( +-  0.08% )
    10,255,415,367      branches                  # 1369.747 M/sec                    ( +-  0.08% )
       173,278,962      branch-misses             #    1.69% of all branches          ( +-  0.18% )

7.504481349 seconds time elapsed                                          ( +-  0.14% )

- After:
 Performance counter stats for 'taskset -c 0 ../img/aarch64/die.sh' (10 runs):

7462.441328      task-clock (msec)         #    0.998 CPUs utilized            ( +-  0.07% )
    31,478,476,520      cycles                    #    4.218 GHz                      ( +-  0.07% )
    57,017,330,084      instructions              #    1.81  insns per cycle          ( +-  0.05% )
    10,251,929,667      branches                  # 1373.804 M/sec                    ( +-  0.05% )
       173,023,787      branch-misses             #    1.69% of all branches          ( +-  0.11% )

7.474970463 seconds time elapsed                                          ( +-  0.07% )

2. SPEC06int:
                                              SPEC06int (test set)
                                           [Y axis: Speedup over master]
  1.15 +-+----+------+------+------+------+------+-------+------+------+------+------+------+------+----+-+
       |                                                                                                  |
   1.1 +-+.................................+++.............................+  tlb-lock-v2 (m+++x)       +-+
       |                                +++ |                   +++        tlb-lock-v3 (spinl|ck)         |
       |                    +++          |  |     +++    +++     |                           |            |
  1.05 +-+....+++...........####.........|####.+++.|......|.....###....+++...........+++....###.........+-+
       |      ###         ++#| #         |# |# ***### +++### +++#+#     |     +++     |     #|#    ###    |
     1 +-+++***+#++++####+++#++#++++++++++#++#+*+*++#++++#+#+****+#++++###++++###++++###++++#+#++++#+#+++-+
       |    *+* #    #++# ***  #   #### ***  # * *++# ****+# *| * # ****|#   |# #    #|#    #+#    # #    |
  0.95 +-+..*.*.#....#..#.*|*..#...#..#.*|*..#.*.*..#.*|.*.#.*++*.#.*++*+#.****.#....#+#....#.#..++#.#..+-+
       |    * * #    #  # *|*  #   #  # *|*  # * *  # *++* # *  * # *  * # * |* #  ++# #    # #  *** #    |
       |    * * #  ++#  # *+*  #   #  # *|*  # * *  # *  * # *  * # *  * # *++* # **** #  ++# #  * * #    |
   0.9 +-+..*.*.#...|#..#.*.*..#.++#..#.*|*..#.*.*..#.*..*.#.*..*.#.*..*.#.*..*.#.*.|*.#...|#.#..*.*.#..+-+
       |    * * #  ***  # * *  #  |#  # *+*  # * *  # *  * # *  * # *  * # *  * # *++* #   |# #  * * #    |
  0.85 +-+..*.*.#..*|*..#.*.*..#.***..#.*.*..#.*.*..#.*..*.#.*..*.#.*..*.#.*..*.#.*..*.#.****.#..*.*.#..+-+
       |    * * #  *+*  # * *  # *|*  # * *  # * *  # *  * # *  * # *  * # *  * # *  * # * |* #  * * #    |
       |    * * #  * *  # * *  # *+*  # * *  # * *  # *  * # *  * # *  * # *  * # *  * # * |* #  * * #    |
   0.8 +-+..*.*.#..*.*..#.*.*..#.*.*..#.*.*..#.*.*..#.*..*.#.*..*.#.*..*.#.*..*.#.*..*.#.*++*.#..*.*.#..+-+
       |    * * #  * *  # * *  # * *  # * *  # * *  # *  * # *  * # *  * # *  * # *  * # *  * #  * * #    |
  0.75 +-+--***##--***###-***###-***###-***###-***###-****##-****##-****##-****##-****##-****##--***##--+-+
 400.perlben401.bzip2403.gcc429.m445.gob456.hmme45462.libqua464.h26471.omnet473483.xalancbmkgeomean

png: https://imgur.com/a/BHzpPTW

Notes:
- tlb-lock-v2 corresponds to an implementation with a mutex.
- tlb-lock-v3 corresponds to the current implementation, i.e.
  a spinlock and a single lock acquisition in tlb_set_page_with_attrs.

Signed-off-by: Emilio G. Cota <cota@braap.org>
Message-Id: <20181016153840.25877-1-cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/softmmu_template.h     | 12 ++++++------
 include/exec/cpu_ldst.h          | 11 ++++++++++-
 include/exec/cpu_ldst_template.h |  2 +-
 accel/tcg/cputlb.c               | 19 +++++++++++++------
 4 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/accel/tcg/softmmu_template.h b/accel/tcg/softmmu_template.h
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/softmmu_template.h
+++ b/accel/tcg/softmmu_template.h
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
     uintptr_t mmu_idx = get_mmuidx(oi);
     uintptr_t index = tlb_index(env, mmu_idx, addr);
     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
-    target_ulong tlb_addr = entry->addr_write;
+    target_ulong tlb_addr = tlb_addr_write(entry);
     unsigned a_bits = get_alignment_bits(get_memop(oi));
     uintptr_t haddr;
 
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
         }
-        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
+        tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
     }
 
     /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
            cannot evict the first.  */
         page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
         entry2 = tlb_entry(env, mmu_idx, page2);
-        if (!tlb_hit_page(entry2->addr_write, page2)
+        if (!tlb_hit_page(tlb_addr_write(entry2), page2)
             && !VICTIM_TLB_HIT(addr_write, page2)) {
             tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
     uintptr_t mmu_idx = get_mmuidx(oi);
     uintptr_t index = tlb_index(env, mmu_idx, addr);
     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
-    target_ulong tlb_addr = entry->addr_write;
+    target_ulong tlb_addr = tlb_addr_write(entry);
     unsigned a_bits = get_alignment_bits(get_memop(oi));
     uintptr_t haddr;
 
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
             tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
         }
-        tlb_addr = entry->addr_write & ~TLB_INVALID_MASK;
+        tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
     }
 
     /* Handle an IO access.  */
@@ -XXX,XX +XXX,XX @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
            cannot evict the first.  */
         page2 = (addr + DATA_SIZE) & TARGET_PAGE_MASK;
         entry2 = tlb_entry(env, mmu_idx, page2);
-        if (!tlb_hit_page(entry2->addr_write, page2)
+        if (!tlb_hit_page(tlb_addr_write(entry2), page2)
             && !VICTIM_TLB_HIT(addr_write, page2)) {
             tlb_fill(ENV_GET_CPU(env), page2, DATA_SIZE, MMU_DATA_STORE,
                      mmu_idx, retaddr);
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -XXX,XX +XXX,XX @@ extern __thread uintptr_t helper_retaddr;
 /* The memory helpers for tcg-generated code need tcg_target_long etc.  */
 #include "tcg.h"
 
+static inline target_ulong tlb_addr_write(const CPUTLBEntry *entry)
+{
+#if TCG_OVERSIZED_GUEST
+    return entry->addr_write;
+#else
+    return atomic_read(&entry->addr_write);
+#endif
+}
+
 /* Find the TLB index corresponding to the mmu_idx + address pair.  */
 static inline uintptr_t tlb_index(CPUArchState *env, uintptr_t mmu_idx,
                                   target_ulong addr)
@@ -XXX,XX +XXX,XX @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
         tlb_addr = tlbentry->addr_read;
         break;
     case 1:
-        tlb_addr = tlbentry->addr_write;
+        tlb_addr = tlb_addr_write(tlbentry);
         break;
     case 2:
         tlb_addr = tlbentry->addr_code;
diff --git a/include/exec/cpu_ldst_template.h b/include/exec/cpu_ldst_template.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu_ldst_template.h
+++ b/include/exec/cpu_ldst_template.h
@@ -XXX,XX +XXX,XX @@ glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env,
     addr = ptr;
     mmu_idx = CPU_MMU_INDEX;
     entry = tlb_entry(env, mmu_idx, addr);
-    if (unlikely(entry->addr_write !=
+    if (unlikely(tlb_addr_write(entry) !=
                  (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) {
         oi = make_memop_idx(SHIFT, mmu_idx);
         glue(glue(helper_ret_st, SUFFIX), MMUSUFFIX)(env, addr, v, oi,
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
                                         target_ulong page)
 {
     return tlb_hit_page(tlb_entry->addr_read, page) ||
-           tlb_hit_page(tlb_entry->addr_write, page) ||
+           tlb_hit_page(tlb_addr_write(tlb_entry), page) ||
            tlb_hit_page(tlb_entry->addr_code, page);
 }
 
@@ -XXX,XX +XXX,XX @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
         tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
 
         entry = tlb_entry(env, mmu_idx, addr);
-        tlb_addr = entry->addr_write;
+        tlb_addr = tlb_addr_write(entry);
         if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
             /* RAM access */
             uintptr_t haddr = addr + entry->addend;
@@ -XXX,XX +XXX,XX @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
     assert_cpu_is_self(ENV_GET_CPU(env));
     for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
         CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx];
-        target_ulong cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
+        target_ulong cmp;
+
+        /* elt_ofs might correspond to .addr_write, so use atomic_read */
+#if TCG_OVERSIZED_GUEST
+        cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
+#else
+        cmp = atomic_read((target_ulong *)((uintptr_t)vtlb + elt_ofs));
+#endif
 
         if (cmp == page) {
             /* Found entry in victim tlb, swap tlb and iotlb.  */
@@ -XXX,XX +XXX,XX @@ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
     uintptr_t index = tlb_index(env, mmu_idx, addr);
     CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
 
-    if (!tlb_hit(entry->addr_write, addr)) {
+    if (!tlb_hit(tlb_addr_write(entry), addr)) {
         /* TLB entry is for a different page */
         if (!VICTIM_TLB_HIT(addr_write, addr)) {
             tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
     size_t mmu_idx = get_mmuidx(oi);
     uintptr_t index = tlb_index(env, mmu_idx, addr);
     CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
-    target_ulong tlb_addr = tlbe->addr_write;
+    target_ulong tlb_addr = tlb_addr_write(tlbe);
     TCGMemOp mop = get_memop(oi);
     int a_bits = get_alignment_bits(mop);
     int s_bits = mop & MO_SIZE;
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
             tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,
                      mmu_idx, retaddr);
         }
-        tlb_addr = tlbe->addr_write & ~TLB_INVALID_MASK;
+        tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
     }
 
     /* Notice an IO access or a needs-MMU-lookup access */
-- 
2.17.2