v2: Fix incorretly resolved rebase conflict in patch 16.

The following changes since commit 61fd710b8da8aedcea9b4f197283dc38638e4b60:

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2022-09-02 13:24:28 -0400)

https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220904

for you to fetch changes up to cc64de1fdeb81bc1ab8bb6c7c24bfd4fc9b28ef2:

target/riscv: Make translator stop before the end of a page (2022-09-03 09:27:05 +0100)

Respect PROT_EXEC in user-only mode.

Fix s390x, i386 and riscv for translations crossing a page.

Ilya Leoshkevich (4):

linux-user: Clear translations on mprotect()

accel/tcg: Introduce is_same_page()

target/s390x: Make translator stop before the end of a page

target/i386: Make translator stop before the end of a page

Richard Henderson (16):

linux-user/arm: Mark the commpage executable

linux-user/hppa: Allocate page zero as a commpage

linux-user/x86_64: Allocate vsyscall page as a commpage

linux-user: Honor PT_GNU_STACK

tests/tcg/i386: Move smc_code2 to an executable section

accel/tcg: Properly implement get_page_addr_code for user-only

accel/tcg: Unlock mmap_lock after longjmp

accel/tcg: Make tb_htable_lookup static

accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c

accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp

accel/tcg: Document the faulting lookup in tb_lookup_cmp

accel/tcg: Remove translator_ldsw

accel/tcg: Add pc and host_pc params to gen_intermediate_code

accel/tcg: Add fast path for translator_ld*

target/riscv: Add MAX_INSN_LEN and insn_len

target/riscv: Make translator stop before the end of a page

include/elf.h | 1 +

include/exec/cpu-common.h | 1 +

include/exec/exec-all.h | 89 ++++++++----------------

include/exec/translator.h | 96 ++++++++++++++++---------

linux-user/arm/target_cpu.h | 4 +-

linux-user/qemu.h | 1 +

accel/tcg/cpu-exec.c | 143 ++++++++++++++++++++------------------

accel/tcg/cputlb.c | 93 +++++++------------------

accel/tcg/translate-all.c | 29 ++++----

accel/tcg/translator.c | 135 ++++++++++++++++++++++++++---------

accel/tcg/user-exec.c | 17 ++++-

linux-user/elfload.c | 82 ++++++++++++++++++++--

linux-user/mmap.c | 6 +-

softmmu/physmem.c | 12 ++++

target/alpha/translate.c | 5 +-

target/arm/translate.c | 5 +-

target/avr/translate.c | 5 +-

target/cris/translate.c | 5 +-

target/hexagon/translate.c | 6 +-

target/hppa/translate.c | 5 +-

target/i386/tcg/translate.c | 71 +++++++++++--------

target/loongarch/translate.c | 6 +-

target/m68k/translate.c | 5 +-

target/microblaze/translate.c | 5 +-

target/mips/tcg/translate.c | 5 +-

target/nios2/translate.c | 5 +-

target/openrisc/translate.c | 6 +-

target/ppc/translate.c | 5 +-

target/riscv/translate.c | 32 +++++++--

target/rx/translate.c | 5 +-

target/s390x/tcg/translate.c | 20 ++++--

target/sh4/translate.c | 5 +-

target/sparc/translate.c | 5 +-

target/tricore/translate.c | 6 +-

target/xtensa/translate.c | 6 +-

tests/tcg/i386/test-i386.c | 2 +-

tests/tcg/riscv64/noexec.c | 79 +++++++++++++++++++++

tests/tcg/s390x/noexec.c | 106 ++++++++++++++++++++++++++++

tests/tcg/x86_64/noexec.c | 75 ++++++++++++++++++++

tests/tcg/multiarch/noexec.c.inc | 139 ++++++++++++++++++++++++++++++++++++

tests/tcg/riscv64/Makefile.target | 1 +

tests/tcg/s390x/Makefile.target | 1 +

tests/tcg/x86_64/Makefile.target | 3 +-

43 files changed, 966 insertions(+), 367 deletions(-)

create mode 100644 tests/tcg/riscv64/noexec.c

create mode 100644 tests/tcg/s390x/noexec.c

create mode 100644 tests/tcg/x86_64/noexec.c

create mode 100644 tests/tcg/multiarch/noexec.c.inc

Cache the translation from guest to host address, so we may

use direct loads when we hit on the primary translation page.

Look up the second translation page only once, during translation.

This obviates another lookup of the second page within tb_gen_code

after translation.

Fixes a bug in that plugin_insn_append should be passed the bytes

in the original memory order, not bswapped by pieces.

Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>

Tested-by: Ilya Leoshkevich <iii@linux.ibm.com>

include/exec/translator.h | 63 +++++++++++--------

accel/tcg/translate-all.c | 23 +++----

accel/tcg/translator.c | 126 +++++++++++++++++++++++++++++---------

3 files changed, 141 insertions(+), 71 deletions(-)

typedef struct DisasContextBase {

- const TranslationBlock *tb;

+ TranslationBlock *tb;

target_ulong pc_first;

target_ulong pc_next;

DisasJumpType is_jmp;

-#ifdef CONFIG_USER_ONLY

- /*

- * Guest address of the last byte of the last protected page.

- *

- * Pages containing the translated instructions are made non-writable in

- * order to achieve consistency in case another thread is modifying the

- * code while translate_insn() fetches the instruction bytes piecemeal.

- * Such writer threads are blocked on mmap_lock() in page_unprotect().

- */

- target_ulong page_protect_end;

-#endif

+ void *host_addr[2];

@@ -XXX,XX +XXX,XX @@ bool translator_use_goto_tb(DisasContextBase *db, target_ulong dest)

return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;

}

-static inline void translator_page_protect(DisasContextBase *dcbase,

- target_ulong pc)

-{

-#ifdef CONFIG_USER_ONLY

- dcbase->page_protect_end = pc | ~TARGET_PAGE_MASK;

- page_protect(pc);

-#endif

-}

-

void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,

target_ulong pc, void *host_pc,

const TranslatorOps *ops, DisasContextBase *db)

@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,

db->num_insns = 0;

db->max_insns = max_insns;

db->singlestep_enabled = cflags & CF_SINGLE_STEP;

- translator_page_protect(db, db->pc_next);

+ db->host_addr[0] = host_pc;

+ db->host_addr[1] = NULL;

+

+#ifdef CONFIG_USER_ONLY

+ page_protect(pc);

+#endif

ops->init_disas_context(db, cpu);

tcg_debug_assert(db->is_jmp == DISAS_NEXT); /* no early exit */

@@ -XXX,XX +XXX,XX @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int max_insns,

#endif

}

-static inline void translator_maybe_page_protect(DisasContextBase *dcbase,

- target_ulong pc, size_t len)

+static void *translator_access(CPUArchState *env, DisasContextBase *db,

+ target_ulong pc, size_t len)

-#ifdef CONFIG_USER_ONLY

- target_ulong end = pc + len - 1;

+ void *host;

+ target_ulong base, end;

+ TranslationBlock *tb;

- if (end > dcbase->page_protect_end) {

- translator_page_protect(dcbase, end);

+ tb = db->tb;

+

+ /* Use slow path if first page is MMIO. */

+ if (unlikely(tb->page_addr[0] == -1)) {

+ return NULL;

}

+

+ end = pc + len - 1;

+ if (likely(is_same_page(db, end))) {

+ host = db->host_addr[0];

+ base = db->pc_first;

+ } else {

+ host = db->host_addr[1];

+ base = TARGET_PAGE_ALIGN(db->pc_first);

+ if (host == NULL) {

+ tb->page_addr[1] =

+ get_page_addr_code_hostp(env, base, &db->host_addr[1]);

+#ifdef CONFIG_USER_ONLY

+ page_protect(end);

#endif

+ /* We cannot handle MMIO as second page. */

+ assert(tb->page_addr[1] != -1);

+ host = db->host_addr[1];

+ }

+

+ /* Use slow path when crossing pages. */

+ if (is_same_page(db, pc)) {

+ return NULL;

+ }

+ }

+

+ tcg_debug_assert(pc >= base);

+ return host + (pc - base);

-#define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn) \

- type fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \

- abi_ptr pc, bool do_swap) \

- { \

- translator_maybe_page_protect(dcbase, pc, sizeof(type)); \

- type ret = load_fn(env, pc); \

- if (do_swap) { \

- ret = swap_fn(ret); \

- } \

- plugin_insn_append(pc, &ret, sizeof(ret)); \

- return ret; \

+uint8_t translator_ldub(CPUArchState *env, DisasContextBase *db, abi_ptr pc)

+{

+ uint8_t ret;

+ void *p = translator_access(env, db, pc, sizeof(ret));

+

+ if (p) {

+ plugin_insn_append(pc, p, sizeof(ret));

+ return ldub_p(p);

}

+ ret = cpu_ldub_code(env, pc);

+ plugin_insn_append(pc, &ret, sizeof(ret));

+ return ret;

+}

-FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD)

+uint16_t translator_lduw(CPUArchState *env, DisasContextBase *db, abi_ptr pc)

+{

+ uint16_t ret, plug;

+ void *p = translator_access(env, db, pc, sizeof(ret));

-#undef GEN_TRANSLATOR_LD

+ if (p) {

+ plugin_insn_append(pc, p, sizeof(ret));

+ return lduw_p(p);

+ }

+ ret = cpu_lduw_code(env, pc);

+ plug = tswap16(ret);

+ plugin_insn_append(pc, &plug, sizeof(ret));

+ return ret;

+}

+

+uint32_t translator_ldl(CPUArchState *env, DisasContextBase *db, abi_ptr pc)

+{

+ uint32_t ret, plug;

+ void *p = translator_access(env, db, pc, sizeof(ret));

+

+ if (p) {

+ plugin_insn_append(pc, p, sizeof(ret));

+ return ldl_p(p);

+ }

+ ret = cpu_ldl_code(env, pc);

+ plug = tswap32(ret);

+ plugin_insn_append(pc, &plug, sizeof(ret));

+ return ret;

+}

+

+uint64_t translator_ldq(CPUArchState *env, DisasContextBase *db, abi_ptr pc)

+{

+ uint64_t ret, plug;

+ void *p = translator_access(env, db, pc, sizeof(ret));

+

+ if (p) {

+ plugin_insn_append(pc, p, sizeof(ret));

+ return ldq_p(p);

+ }

+ ret = cpu_ldq_code(env, pc);

+ plug = tswap64(ret);

+ plugin_insn_append(pc, &plug, sizeof(ret));

+ return ret;

+}