From nobody Mon Apr 6 21:36:28 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1773769938; cv=none; d=zohomail.com; s=zohoarc; b=YhoXv3AoM6gi7bqp2r76sQsd5apRfYtrWt99HLQZj70ghgCjvcwA0LbGNG4JI30Eg5hpY6xr2zaU39IkEGMyKqHHt64qj5+Mbw+qq1ApPegKtrOL/qjJ3tLLh8Vc9IcpU0qyDl1GmAEN1wgxCrDdXgaNyupmOnDDPVeN2m74Xzg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773769938; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Ly9PsI9iLh01ps0beGN9MgESHnp5XRSdzpqYXfxsVrg=; b=C7VzFfvfgBd+R9Fb3wLuro55I+I4iBEIDnpw5i+XTMTleXejL0GARCFDN9NgZ9yCqFbpBYG7SR6VJrQeGSL7baqqw4gV65vJbUQc/NCLKQ7nlTaVLS6siqFZqyMeRHKloCO1dS+/oGM/2NkpaJYCB9ggS7x1VrEtMXUaXC1GQj8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773769938050973.514228552294; Tue, 17 Mar 2026 10:52:18 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w2YZO-0006pW-Fy; Tue, 17 Mar 2026 13:51:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w2YYx-00064x-HY for qemu-devel@nongnu.org; Tue, 17 Mar 2026 13:50:41 -0400 Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w2YYu-0007RG-QH for qemu-devel@nongnu.org; Tue, 17 Mar 2026 13:50:38 -0400 Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-4853c1ca73aso51323935e9.2 for ; Tue, 17 Mar 2026 10:50:36 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48557c7220dsm118786995e9.30.2026.03.17.10.50.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Mar 2026 10:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1773769835; x=1774374635; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ly9PsI9iLh01ps0beGN9MgESHnp5XRSdzpqYXfxsVrg=; b=FNxvygaBKnXuCauYkw/CQtht9pF2/3RIKBolkLWCpyatari0oNfYfL1Rxsp2yG74lW YPe8NKxniKj9qLjfYYjZgvTpK2bYueeRWD6TzUwumBPxMvbnhYiZWxr6JTf8majcbB6Y aBOpSUwVxnTbnuN0b7Cb5Lm56ev8t3TMw93DOqUXHSos60bpUwGCV96Yv+BQsTbaURBo sSIEi1l2JuufV9v2HcYuAcJA+VzqnrQkoGYxypZREolYEyvWNDxWqkZmye7lyeDizVk/ ySIYohMLFKtP3R3m74eqR3z8SMUkgGGvPSluPZK8h/2fBinvPRx5DfF1LH2I845zYzJ8 FJTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773769835; x=1774374635; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ly9PsI9iLh01ps0beGN9MgESHnp5XRSdzpqYXfxsVrg=; b=HmbfjkjdT9Y0FzqaSxI/zGjdgUmML4SrbuBA1Slw/bLYQn7m9ofRti8WicA1S0EKQo 7QL9YwRDQmgtOpOl6RY+XaQAudR5W0u8iJ8MpwSeLP0p/OpySZWIJG729k0hflEJteqx xG51V8AhW6M7DefjAdsAsougtdlM9QGEN7szGQDNyY9JIIvsABkiReitp/Iyi0M5dRk3 QQykuQ670T4R67EdEN4Uq+APgT6qSSGBma1uK1BWtFTRRMnm4IRyP4A1iedcXbI004az WNIg1uj6uCvzXLnpCMJ/oQ4lsvwuRSWKhN8jWrdOHWobhpPAgMEJ6F9S0nRGGPL2kTbQ 98tg== X-Gm-Message-State: AOJu0YzA0NU/kkkZceDNH7ufl7m2Js3q6BMrgxCNXIOik1UBanzCTJXu sRGm9T5m/csr3xyvz1SOghmSs33uAvxywtM2zW1iCg0/H0ebetJXIUENbw83O/eAdW2IQPjjgHK dNZ0E X-Gm-Gg: ATEYQzzDi9a+p4N2obslojhGwuZFWNCGYvx+SKKZQE5jGbJykvsrJ1QGfCLI4EbyyoB HpwZUzq8RmJcqrM2Gf9Sgt+THJvKBXZViCGmb3rkPgwy/SyyklukL5ifrvsspJjzNtJvN3mfzuY N+qkrYWV+/u1U8B0Dv4W6gdnDiEYpI2Yf5FVfrsQp0qje7QPF/dYGKe9JrLpZFDdaer0XV19vbV kYbOB8Go06cx8cLUsBppASYTtqNinueAsWkzXJkwKnzmZy6YB24tnZEYM55y8KNxZbEJ4dk6Ucf kbdnL7m7xEM/2AzvQS/8NY1oytJMJblJpZp60fibJVuWzBTHgCy7oO+zBaDTeSW0GAjfTE/y+/Y ezVVB4pZoH4TZ/ghQjPak5ixCh9wZ930JqFTwNTvUgz2HS5qYw3bZf4zvlcAuBwjceMqIMGLu+I 3t1TNR4rA/etXjsu8p9tVzYW4amxXBpgf3mn2K29EhRv3c12+Y2O3/BBsAoTWZhe2q93q79Q6Ul MYXj10kGHSzcJ7WXmyaeN5sE+iprz8= X-Received: by 2002:a05:600c:591a:b0:485:3f58:da1 with SMTP id 5b1f17b1804b1-486f4451159mr5563245e9.9.1773769835080; Tue, 17 Mar 2026 10:50:35 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jiaxun Yang , Aleksandar Rikalo Subject: [PATCH 1/3] target/mips: Move 'mvp' field from CPUMIPSState to MIPSCPU Date: Tue, 17 Mar 2026 17:50:28 +0000 Message-ID: <20260317175031.3035740-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260317175031.3035740-1-peter.maydell@linaro.org> References: <20260317175031.3035740-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1773769940985154100 Content-Type: text/plain; charset="utf-8" The 'mvp' field in the CPUMIPSState is a pointer to memory allocated in mvp_init(). This is in theory fine, but in practice it clashes with the current linux-user implementation of cpu_copy(), which assumes it can do a shallow memcpy() copy of the CPU env struct in order to clone the CPU when creating a new thread. Almost all of the MIPS env struct is actually memcpy() copyable; one of the exceptions is the mvp pointer. We don't need this to be in the env struct; move it to the CPU object struct instead. At the moment the memcpy() of the env->mvp pointer doesn't have any obvious ill-effects, because we never free the memory and it doesn't contain anything that varies at runtime for user-mode. So thread 2 ends up pointing at thread 1's mvp struct, but it still works OK. However, we would like to free the mvp memory to avoid a leak when a user-mode thread exits, and unless we avoid the shallow copy this will end up with a double-free when both thread 1 and thread 2 free the same mvp struct. Signed-off-by: Peter Maydell --- hw/mips/malta.c | 4 ++-- target/mips/cpu-defs.c.inc | 10 +++++---- target/mips/cpu.c | 2 +- target/mips/cpu.h | 3 ++- target/mips/internal.h | 3 ++- target/mips/system/machine.c | 2 +- target/mips/tcg/system/cp0_helper.c | 35 ++++++++++++++++++----------- target/mips/tcg/translate.c | 6 +++-- 8 files changed, 40 insertions(+), 25 deletions(-) diff --git a/hw/mips/malta.c b/hw/mips/malta.c index 812ff64d83..dfd537f44a 100644 --- a/hw/mips/malta.c +++ b/hw/mips/malta.c @@ -968,10 +968,10 @@ static void malta_mips_config(MIPSCPU *cpu) CPUState *cs =3D CPU(cpu); =20 if (ase_mt_available(env)) { - env->mvp->CP0_MVPConf0 =3D deposit32(env->mvp->CP0_MVPConf0, + cpu->mvp->CP0_MVPConf0 =3D deposit32(cpu->mvp->CP0_MVPConf0, CP0MVPC0_PTC, 8, smp_cpus * cs->nr_threads - 1); - env->mvp->CP0_MVPConf0 =3D deposit32(env->mvp->CP0_MVPConf0, + cpu->mvp->CP0_MVPConf0 =3D deposit32(cpu->mvp->CP0_MVPConf0, CP0MVPC0_PVPE, 4, smp_cpus - 1); } } diff --git a/target/mips/cpu-defs.c.inc b/target/mips/cpu-defs.c.inc index d93b9d341a..faefab0473 100644 --- a/target/mips/cpu-defs.c.inc +++ b/target/mips/cpu-defs.c.inc @@ -1034,7 +1034,9 @@ static void fpu_init (CPUMIPSState *env, const mips_d= ef_t *def) =20 static void mvp_init(CPUMIPSState *env) { - env->mvp =3D g_malloc0(sizeof(CPUMIPSMVPContext)); + MIPSCPU *cpu =3D env_archcpu(env); + + cpu->mvp =3D g_malloc0(sizeof(CPUMIPSMVPContext)); =20 if (!ase_mt_available(env)) { return; @@ -1044,7 +1046,7 @@ static void mvp_init(CPUMIPSState *env) programmable cache partitioning implemented, number of allocatable and shareable TLB entries, MVP has allocatable TCs, 2 VPEs implemented, 5 TCs implemented. */ - env->mvp->CP0_MVPConf0 =3D (1U << CP0MVPC0_M) | (1 << CP0MVPC0_TLBS) | + cpu->mvp->CP0_MVPConf0 =3D (1U << CP0MVPC0_M) | (1 << CP0MVPC0_TLBS) | (0 << CP0MVPC0_GS) | (1 << CP0MVPC0_PCP) | // TODO: actually do 2 VPEs. // (1 << CP0MVPC0_TCA) | (0x1 << CP0MVPC0_PVPE= ) | @@ -1053,12 +1055,12 @@ static void mvp_init(CPUMIPSState *env) (0x00 << CP0MVPC0_PTC); #if !defined(CONFIG_USER_ONLY) /* Usermode has no TLB support */ - env->mvp->CP0_MVPConf0 |=3D (env->tlb->nb_tlb << CP0MVPC0_PTLBE); + cpu->mvp->CP0_MVPConf0 |=3D (env->tlb->nb_tlb << CP0MVPC0_PTLBE); #endif =20 /* Allocatable CP1 have media extensions, allocatable CP1 have FP supp= ort, no UDI implemented, no CP2 implemented, 1 CP1 implemented. */ - env->mvp->CP0_MVPConf1 =3D (1U << CP0MVPC1_CIM) | (1 << CP0MVPC1_CIF) | + cpu->mvp->CP0_MVPConf1 =3D (1U << CP0MVPC1_CIM) | (1 << CP0MVPC1_CIF) | (0x0 << CP0MVPC1_PCX) | (0x0 << CP0MVPC1_PCP2= ) | (0x1 << CP0MVPC1_PCP1); } diff --git a/target/mips/cpu.c b/target/mips/cpu.c index 5f88c077db..789ca188b5 100644 --- a/target/mips/cpu.c +++ b/target/mips/cpu.c @@ -339,7 +339,7 @@ static void mips_cpu_reset_hold(Object *obj, ResetType = type) =20 if (cs->cpu_index =3D=3D 0) { /* VPE0 starts up enabled. */ - env->mvp->CP0_MVPControl |=3D (1 << CP0MVPCo_EVP); + cpu->mvp->CP0_MVPControl |=3D (1 << CP0MVPCo_EVP); env->CP0_VPEConf0 |=3D (1 << CP0VPEC0_MVP) | (1 << CP0VPEC0_VP= A); =20 /* TC0 starts up unhalted. */ diff --git a/target/mips/cpu.h b/target/mips/cpu.h index ed662135cb..8de3178b6d 100644 --- a/target/mips/cpu.h +++ b/target/mips/cpu.h @@ -1174,7 +1174,6 @@ typedef struct CPUArchState { struct {} end_reset_fields; =20 /* Fields from here on are preserved across CPU reset. */ - CPUMIPSMVPContext *mvp; #if !defined(CONFIG_USER_ONLY) CPUMIPSTLBContext *tlb; qemu_irq irq[8]; @@ -1209,6 +1208,8 @@ struct ArchCPU { Clock *clock; Clock *count_div; /* Divider for CP0_Count clock */ =20 + CPUMIPSMVPContext *mvp; + /* Properties */ bool is_big_endian; }; diff --git a/target/mips/internal.h b/target/mips/internal.h index 28eb28936b..95b8b7bb9c 100644 --- a/target/mips/internal.h +++ b/target/mips/internal.h @@ -246,10 +246,11 @@ static inline void restore_pamask(CPUMIPSState *env) =20 static inline int mips_vpe_active(CPUMIPSState *env) { + MIPSCPU *cpu =3D env_archcpu(env); int active =3D 1; =20 /* Check that the VPE is enabled. */ - if (!(env->mvp->CP0_MVPControl & (1 << CP0MVPCo_EVP))) { + if (!(cpu->mvp->CP0_MVPControl & (1 << CP0MVPCo_EVP))) { active =3D 0; } /* Check that the VPE is activated. */ diff --git a/target/mips/system/machine.c b/target/mips/system/machine.c index 8af11fd896..67f6f414d9 100644 --- a/target/mips/system/machine.c +++ b/target/mips/system/machine.c @@ -233,7 +233,7 @@ const VMStateDescription vmstate_mips_cpu =3D { CPUMIPSFPUContext), =20 /* MVP */ - VMSTATE_STRUCT_POINTER(env.mvp, MIPSCPU, vmstate_mvp, + VMSTATE_STRUCT_POINTER(mvp, MIPSCPU, vmstate_mvp, CPUMIPSMVPContext), =20 /* TLB */ diff --git a/target/mips/tcg/system/cp0_helper.c b/target/mips/tcg/system/c= p0_helper.c index b69e70d7fc..123d5c217c 100644 --- a/target/mips/tcg/system/cp0_helper.c +++ b/target/mips/tcg/system/cp0_helper.c @@ -229,17 +229,20 @@ uint32_t cpu_mips_get_random(CPUMIPSState *env) /* CP0 helpers */ target_ulong helper_mfc0_mvpcontrol(CPUMIPSState *env) { - return env->mvp->CP0_MVPControl; + MIPSCPU *cpu =3D env_archcpu(env); + return cpu->mvp->CP0_MVPControl; } =20 target_ulong helper_mfc0_mvpconf0(CPUMIPSState *env) { - return env->mvp->CP0_MVPConf0; + MIPSCPU *cpu =3D env_archcpu(env); + return cpu->mvp->CP0_MVPConf0; } =20 target_ulong helper_mfc0_mvpconf1(CPUMIPSState *env) { - return env->mvp->CP0_MVPConf1; + MIPSCPU *cpu =3D env_archcpu(env); + return cpu->mvp->CP0_MVPConf1; } =20 target_ulong helper_mfc0_random(CPUMIPSState *env) @@ -514,6 +517,7 @@ void helper_mtc0_index(CPUMIPSState *env, target_ulong = arg1) =20 void helper_mtc0_mvpcontrol(CPUMIPSState *env, target_ulong arg1) { + MIPSCPU *cpu =3D env_archcpu(env); uint32_t mask =3D 0; uint32_t newval; =20 @@ -521,14 +525,14 @@ void helper_mtc0_mvpcontrol(CPUMIPSState *env, target= _ulong arg1) mask |=3D (1 << CP0MVPCo_CPA) | (1 << CP0MVPCo_VPC) | (1 << CP0MVPCo_EVP); } - if (env->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) { + if (cpu->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) { mask |=3D (1 << CP0MVPCo_STLB); } - newval =3D (env->mvp->CP0_MVPControl & ~mask) | (arg1 & mask); + newval =3D (cpu->mvp->CP0_MVPControl & ~mask) | (arg1 & mask); =20 /* TODO: Enable/disable shared TLB, enable/disable VPEs. */ =20 - env->mvp->CP0_MVPControl =3D newval; + cpu->mvp->CP0_MVPControl =3D newval; } =20 void helper_mtc0_vpecontrol(CPUMIPSState *env, target_ulong arg1) @@ -616,10 +620,11 @@ void helper_mttc0_vpeconf0(CPUMIPSState *env, target_= ulong arg1) =20 void helper_mtc0_vpeconf1(CPUMIPSState *env, target_ulong arg1) { + MIPSCPU *cpu =3D env_archcpu(env); uint32_t mask =3D 0; uint32_t newval; =20 - if (env->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) + if (cpu->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) mask |=3D (0xff << CP0VPEC1_NCX) | (0xff << CP0VPEC1_NCP2) | (0xff << CP0VPEC1_NCP1); newval =3D (env->CP0_VPEConf1 & ~mask) | (arg1 & mask); @@ -689,10 +694,11 @@ void helper_mttc0_tcstatus(CPUMIPSState *env, target_= ulong arg1) =20 void helper_mtc0_tcbind(CPUMIPSState *env, target_ulong arg1) { + MIPSCPU *cpu =3D env_archcpu(env); uint32_t mask =3D (1 << CP0TCBd_TBE); uint32_t newval; =20 - if (env->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) { + if (cpu->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) { mask |=3D (1 << CP0TCBd_CurVPE); } newval =3D (env->active_tc.CP0_TCBind & ~mask) | (arg1 & mask); @@ -705,8 +711,9 @@ void helper_mttc0_tcbind(CPUMIPSState *env, target_ulon= g arg1) uint32_t mask =3D (1 << CP0TCBd_TBE); uint32_t newval; CPUMIPSState *other =3D mips_cpu_map_tc(env, &other_tc); + MIPSCPU *other_cpu =3D env_archcpu(other); =20 - if (other->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) { + if (other_cpu->mvp->CP0_MVPControl & (1 << CP0MVPCo_VPC)) { mask |=3D (1 << CP0TCBd_CurVPE); } if (other_tc =3D=3D other->current_tc) { @@ -1560,14 +1567,15 @@ target_ulong helper_emt(void) target_ulong helper_dvpe(CPUMIPSState *env) { CPUState *other_cs =3D first_cpu; - target_ulong prev =3D env->mvp->CP0_MVPControl; + MIPSCPU *cpu =3D env_archcpu(env); + target_ulong prev =3D cpu->mvp->CP0_MVPControl; =20 if (env->CP0_VPEConf0 & (1 << CP0VPEC0_MVP)) { CPU_FOREACH(other_cs) { MIPSCPU *other_cpu =3D MIPS_CPU(other_cs); /* Turn off all VPEs except the one executing the dvpe. */ if (&other_cpu->env !=3D env) { - other_cpu->env.mvp->CP0_MVPControl &=3D ~(1 << CP0MVPCo_EV= P); + other_cpu->mvp->CP0_MVPControl &=3D ~(1 << CP0MVPCo_EVP); mips_vpe_sleep(other_cpu); } } @@ -1578,7 +1586,8 @@ target_ulong helper_dvpe(CPUMIPSState *env) target_ulong helper_evpe(CPUMIPSState *env) { CPUState *other_cs =3D first_cpu; - target_ulong prev =3D env->mvp->CP0_MVPControl; + MIPSCPU *cpu =3D env_archcpu(env); + target_ulong prev =3D cpu->mvp->CP0_MVPControl; =20 if (env->CP0_VPEConf0 & (1 << CP0VPEC0_MVP)) { CPU_FOREACH(other_cs) { @@ -1588,7 +1597,7 @@ target_ulong helper_evpe(CPUMIPSState *env) /* If the VPE is WFI, don't disturb its sleep. */ && !mips_vpe_is_wfi(other_cpu)) { /* Enable the VPE. */ - other_cpu->env.mvp->CP0_MVPControl |=3D (1 << CP0MVPCo_EVP= ); + other_cpu->mvp->CP0_MVPControl |=3D (1 << CP0MVPCo_EVP); mips_vpe_wake(other_cpu); /* And wake it up. */ } } diff --git a/target/mips/tcg/translate.c b/target/mips/tcg/translate.c index 54849e9ff1..6991f0a521 100644 --- a/target/mips/tcg/translate.c +++ b/target/mips/tcg/translate.c @@ -8085,6 +8085,7 @@ cp0_unimplemented: static void gen_mftr(CPUMIPSState *env, DisasContext *ctx, int rt, int rd, int u, int sel, int h) { + MIPSCPU *cpu =3D env_archcpu(env); int other_tc =3D env->CP0_VPEControl & (0xff << CP0VPECo_TargTC); TCGv t0 =3D tcg_temp_new(); =20 @@ -8093,7 +8094,7 @@ static void gen_mftr(CPUMIPSState *env, DisasContext = *ctx, int rt, int rd, (env->active_tc.CP0_TCBind & (0xf << CP0TCBd_CurVPE)))) { tcg_gen_movi_tl(t0, -1); } else if ((env->CP0_VPEControl & (0xff << CP0VPECo_TargTC)) > - (env->mvp->CP0_MVPConf0 & (0xff << CP0MVPC0_PTC))) { + (cpu->mvp->CP0_MVPConf0 & (0xff << CP0MVPC0_PTC))) { tcg_gen_movi_tl(t0, -1); } else if (u =3D=3D 0) { switch (rt) { @@ -8309,6 +8310,7 @@ die: static void gen_mttr(CPUMIPSState *env, DisasContext *ctx, int rd, int rt, int u, int sel, int h) { + MIPSCPU *cpu =3D env_archcpu(env); int other_tc =3D env->CP0_VPEControl & (0xff << CP0VPECo_TargTC); TCGv t0 =3D tcg_temp_new(); =20 @@ -8319,7 +8321,7 @@ static void gen_mttr(CPUMIPSState *env, DisasContext = *ctx, int rd, int rt, /* NOP */ ; } else if ((env->CP0_VPEControl & (0xff << CP0VPECo_TargTC)) > - (env->mvp->CP0_MVPConf0 & (0xff << CP0MVPC0_PTC))) { + (cpu->mvp->CP0_MVPConf0 & (0xff << CP0MVPC0_PTC))) { /* NOP */ ; } else if (u =3D=3D 0) { --=20 2.43.0 From nobody Mon Apr 6 21:36:28 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1773769879; cv=none; d=zohomail.com; s=zohoarc; b=RO8RHg4Bg7wG9D8PuuFZ3wuBYZB4i4IoN4Eipk0dyxLHmpY8bqrNhvlLucqrXLzYnaEwVqaB6IN3L2lCnXny4cUYUGQysM5NIlXXfvkgeOTj/3NCj/hgMYkh6MMv/nZkGJvIwuKwP/2GMaIfOp0lYT1y4RNbaP5bjIla/R6ldaI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773769879; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=QFaMGZ66GEVxgBo88H6zll0QV5dpg233EdqdQXAs2WE=; b=Q606BvPmlMjCCKX8qyVqNdt1si3glDCyGzJEhMdRc1F2gGTvWGK/K9o598Pw9eiSN8h36MqW6lKlgnwOd304zceZyM0wjpxUlpf3S7B07cHiCAJP7WnZFooLVAlVsFef/yQU/JONy7Q6eEphm9MRX+SrF+bNvKguB1NiWXM0ijU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773769879766696.1021108408687; Tue, 17 Mar 2026 10:51:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w2YZG-0006Wq-70; Tue, 17 Mar 2026 13:50:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w2YYz-00068T-Mq for qemu-devel@nongnu.org; Tue, 17 Mar 2026 13:50:45 -0400 Received: from mail-wm1-x332.google.com ([2a00:1450:4864:20::332]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w2YYx-0007Ri-8x for qemu-devel@nongnu.org; Tue, 17 Mar 2026 13:50:40 -0400 Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-4853c1ca73aso51324285e9.2 for ; Tue, 17 Mar 2026 10:50:38 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48557c7220dsm118786995e9.30.2026.03.17.10.50.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Mar 2026 10:50:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1773769837; x=1774374637; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QFaMGZ66GEVxgBo88H6zll0QV5dpg233EdqdQXAs2WE=; b=Qr9oVmn72wtvD66n7s9757bWFxSc3a6JRb4Ou9nxo3jnQhEzuaC86NQF3DcrbUViqY z/j8bvUUhmB0e5cmIKF2J+heSKyAxxzpSxvjw0HvGgkAHe1druyFSej6vNrTVRDMffy1 mis3IyWmFc2XPY9gxle4tNag8um2lQwLbMAcjP20txm5u1mAWUS1MfMY21gDFKiBDnFT qtXBcsGnlqDuuP8YyzmVmxUu5FzRAcbpPc2aMkxBjT3vex0HbfHg2X8Bu6gzZtOaeVSO GzsjsXFoOh0+bl5DkN8EkcMOr+/hVrPtHv0hK6UgTWGH1E8/jAnPP71nrJoWMn6mjfKT WqFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773769837; x=1774374637; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=QFaMGZ66GEVxgBo88H6zll0QV5dpg233EdqdQXAs2WE=; b=i7BAsFUHFegyP0kjcq3VNWM21dh1XZjHYZ/ysWs9euLtEVGP7YbSKs0b7z8OgEB1Nw YTN+k32Fh97x2uq0+hnLIpVb1tZeDWMIDelIjUIoQk4mynjqzimMWsUi392qKXR2Kfrw iX43sOcfIaguJxn63JRqFEzvBC7aGUDMjL8tRyq5vp2joaueKEpc/FZbbtebB6xNMVDU qwb6/B+XHBzfRiIP1TuDEcNNpOCnqIryBecCVt7P0s+JICpxPzDUgw+o+LW3elW4E5+n 5EUN/4/3WYyRkX1DBw5r7lWRru4mHVSvc8xCu8FJJLb+5C1wrzAXGUNMic8lRLAO79ku JHKg== X-Gm-Message-State: AOJu0YyvIG+eVXdtcsVQcc7U8JbsjJSnHJlIOBI0f2Ml4XFiCLT5Wvnv u5SN+Nrnm2k0c0oMrSdkCzc+VGQmwR5kwaaRV8HopKIN4fls1t8YZzzUutJXTStVX7gIJva0zWy Asdrp X-Gm-Gg: ATEYQzwpSZo/OjnQtbf+/vup6G0Z1V8o7UO4tkJKX7BOZrQRFdfTW/Vo4iJoHYusqdZ mcKF/AZfseFZ491WvGCZwr/cPLiZGmitXf7tLermPcwsAJNZqMzPQbaPTr+RP2QhANdZND6KX7Z 4E9DZRGTVxdSM1sl6TEP2CrTRN89Yt8mTsAohm8Gvt+IIG6hMOSOBrtYjrttcfvTM9m8A+aBI4B iitsi49yU56jB4IYeVxboiEGs6sc7B/lrkK+NN2Et1uujJBIZbT78zue+CldYbXp+pFxdfv2q8d kaXwFQzcHdFirksuATXF0wI9w5ElTHLV2/zPV3+UMozx0Ux2KqRZ5zQ/kKCf+w53d+2WqEMy/r7 IGiSX9LNBzVGRNlFH0d3jK1HSZrpN5sI1NMuzof9nvjAxr04hkFUEEBjbOmYqHVNNS3M8rm+koC kWpqOUqBed4sHuLDeamo7YiwDc9uyY1lw2OG96vehDG94LPjMo4nKnNtLIi2hlLWnDHwhWuFlAk Fde7fKuy7vxHobOhRQcjYmFpYNQhEE= X-Received: by 2002:a05:600c:19d4:b0:483:6a8d:b2f9 with SMTP id 5b1f17b1804b1-486f4440f10mr7730165e9.5.1773769836688; Tue, 17 Mar 2026 10:50:36 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jiaxun Yang , Aleksandar Rikalo Subject: [PATCH 2/3] target/mips: Free mvp in unrealize Date: Tue, 17 Mar 2026 17:50:29 +0000 Message-ID: <20260317175031.3035740-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260317175031.3035740-1-peter.maydell@linaro.org> References: <20260317175031.3035740-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::332; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x332.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1773769880995158500 Content-Type: text/plain; charset="utf-8" We allocate memory for cpu->mvp in mips_cpu_realizefn(), but we never free it, which causes memory leaks like this: Direct leak of 24 byte(s) in 2 object(s) allocated from: #0 0x5f9458e61c8d in calloc (/home/pm215/qemu/build/san/qemu-mips+0= x4d8c8d) (BuildId: 4153e33b3d08657a71ce2a04a82d0c2954966d9c) #1 0x74761891a771 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.s= o.0+0x63771) (BuildId: 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3) #2 0x5f94590687aa in mvp_init /home/pm215/qemu/build/san/../../targ= et/mips/cpu-defs.c.inc:1037:16 #3 0x5f94590687aa in mips_cpu_realizefn /home/pm215/qemu/build/san/= ../../target/mips/cpu.c:489:5 #4 0x5f9459366a3a in device_set_realized /home/pm215/qemu/build/san= /../../hw/core/qdev.c:523:13 #5 0x5f9459380a49 in property_set_bool /home/pm215/qemu/build/san/.= ./../qom/object.c:2376:5 #6 0x5f945937bace in object_property_set /home/pm215/qemu/build/san= /../../qom/object.c:1450:5 #7 0x5f945938816c in object_property_set_qobject /home/pm215/qemu/b= uild/san/../../qom/qom-qobject.c:28:10 #8 0x5f94592cc100 in cpu_copy /home/pm215/qemu/build/san/../../linu= x-user/main.c:240:25 #9 0x5f9459309931 in do_syscall1 /home/pm215/qemu/build/san/../../l= inux-user/syscall.c #10 0x5f94593058d8 in do_syscall /home/pm215/qemu/build/san/../../l= inux-user/syscall.c:14422:15 #11 0x5f945905c73e in cpu_loop /home/pm215/qemu/build/san/../../lin= ux-user/mips/cpu_loop.c:124:23 for linux-user, where each new guest thread is a new CPU object that we need to destroy on thread exit. Add an unrealize method which frees this memory. Signed-off-by: Peter Maydell --- target/mips/cpu.c | 12 ++++++++++++ target/mips/cpu.h | 1 + 2 files changed, 13 insertions(+) diff --git a/target/mips/cpu.c b/target/mips/cpu.c index 789ca188b5..0663cda003 100644 --- a/target/mips/cpu.c +++ b/target/mips/cpu.c @@ -502,6 +502,16 @@ static void mips_cpu_realizefn(DeviceState *dev, Error= **errp) mcc->parent_realize(dev, errp); } =20 +static void mips_cpu_unrealizefn(DeviceState *dev) +{ + MIPSCPU *cpu =3D MIPS_CPU(dev); + MIPSCPUClass *mcc =3D MIPS_CPU_GET_CLASS(dev); + + g_free(cpu->mvp); + + mcc->parent_unrealize(dev); +} + static void mips_cpu_initfn(Object *obj) { MIPSCPU *cpu =3D MIPS_CPU(obj); @@ -606,6 +616,8 @@ static void mips_cpu_class_init(ObjectClass *c, const v= oid *data) device_class_set_props(dc, mips_cpu_properties); device_class_set_parent_realize(dc, mips_cpu_realizefn, &mcc->parent_realize); + device_class_set_parent_unrealize(dc, mips_cpu_unrealizefn, + &mcc->parent_unrealize); resettable_class_set_parent_phases(rc, NULL, mips_cpu_reset_hold, NULL, &mcc->parent_phases); =20 diff --git a/target/mips/cpu.h b/target/mips/cpu.h index 8de3178b6d..ca36ca0d6f 100644 --- a/target/mips/cpu.h +++ b/target/mips/cpu.h @@ -1225,6 +1225,7 @@ struct MIPSCPUClass { CPUClass parent_class; =20 DeviceRealize parent_realize; + DeviceUnrealize parent_unrealize; ResettablePhases parent_phases; const struct mips_def_t *cpu_def; =20 --=20 2.43.0 From nobody Mon Apr 6 21:36:28 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1773769922; cv=none; d=zohomail.com; s=zohoarc; b=J/k6VRNWdtTHk22lP+eM4XuQWeaZnbGqnefS7b7qfjQk02BIbmpq2CMzhlCBl90f57HOFC5lHtq1JDoSUPgxcse/3Xj2RH/HzgujZo7H7Rlj3MJ9XNURAHEGW0NFZX5rRm5BJHvDsoD0jqh/8+VQcPcv+xzZNgl4xCe0j4Mdvyg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1773769922; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=pM5hm7GqrPWghq8ry8U3cW8j2X5kOQKZL/qNbWyN25Y=; b=JBdzvCLl9Sf9yQFS/KI9Yhb8k4SVNNx5et8xPn9KBb6L9BpzJb+93nfYBC8v6Y95u4/MsSGzZuMH+UcoDNgQp501v31AVLzZereksJqbi1vhrEzHzSkVg63Rbfs3NtL1kHz2QnOlIx4g24C35S/bkhJDflRTVQreOSz7bglCgUM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1773769922468605.2341419149174; Tue, 17 Mar 2026 10:52:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w2YZG-0006Ut-7x; Tue, 17 Mar 2026 13:50:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w2YZ1-0006Ar-FW for qemu-devel@nongnu.org; Tue, 17 Mar 2026 13:50:46 -0400 Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w2YYz-0007S5-EC for qemu-devel@nongnu.org; Tue, 17 Mar 2026 13:50:43 -0400 Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-485345e1013so948745e9.1 for ; Tue, 17 Mar 2026 10:50:39 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48557c7220dsm118786995e9.30.2026.03.17.10.50.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Mar 2026 10:50:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1773769838; x=1774374638; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pM5hm7GqrPWghq8ry8U3cW8j2X5kOQKZL/qNbWyN25Y=; b=HQb8Ma6e/NKS4HUEMlAQDhL6cNJ1LcnyRFF8NevQ+2LHjHIPiXV9hoOTqHziT8vpfp n93BFsPOH+hhuF7SCnPJ+fwpc+C7ugh96WvAsrqVdVPqruBc9Hz08+fD/AtePFcyTSZa ctIhUo519rUhhZXwir/2d/d7vRhBhTAkDjEycC/ri+SlrTHZ9QnXzvYD9EDuriJ7WNsR AdT7vWb+Ze9GrCTRFvSwr770EROSudS6eDX5lzp9G4qUVxuOKaOggPJ/X4FZbVCP7GBp sUvZXN0fne+9MZf5q3GzMeXnfW7nFYEL2SUdBOZhdKHISHzFfDkcNW8RjkdKYJHmhKcn NKRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773769838; x=1774374638; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=pM5hm7GqrPWghq8ry8U3cW8j2X5kOQKZL/qNbWyN25Y=; b=SEZ8j4VsDIIrZINu0/zvLs47/jrL2hmzvrDTqvJBJGC8v8ccvRpk1az4NqaXLk5zqF kcGIHYnEpTNAQJDMIQ1dkI6Yvn+RE9O0KtHzqHGxN67D75mRALLBfnGd0J7JZJNnLIFI TvceIpej4Ci+p9YEmQPKRk2OkOkP91T2upwyBxIg8gP+4mDhbCsps6gF/HVRcWn4gKs9 pkO8PxBJLtelPGFf3kngn6dEaV4TTriRPgB/o9tVhG04TvCp7JVprUQXyW1NMa3VuBfl 9IU5j1X/hQXquIrDYF1Ik9JecLw8WqQqYfYcPAV2km8FNbxJ2f+GmngWAPHzXbojKOoU XMBg== X-Gm-Message-State: AOJu0Yw32iBxzfFd0DrgBAvRI2w3vdCWGwGQYLN0rSHMhVtFhPAmgT7f Nt/Gq303LWrxI7PMfthmFioluLkAxpFUmlhcvibmHNuviVEVmnNSXn/Aq5YXyHSQZRnHDO73n75 9SFWr X-Gm-Gg: ATEYQzwghI2xYlSWNhIvUNR+lo/yrJKm7z+DZpnjj1Jq2kHWkRzYNZLeNnAnQneF05H 7HVCQ1S+WYfF9LNGz5Te2bTSqfXU61tZ0lM1+9XxgbgIHPRBjK2z5dTlEaYM/w6Qo0gsMqXGVXt q8WkgNVZn4SB5ydadBBfE9Aq29MVNEFuJRqbRPBwkFoEGJYJY/LWe/xOt/cGVcajI82ts9tH3cC DMeE5DgMNzSyZ0ljst+Ur+w8wu1U+UIJjJDIRf02aTIsyFQs4nRzMuwdVxEuGkOX0nJsqq11LuE 6eSLfjjcfxAkdkFeaiTV5HQrRZbZLHUOKlmYCkXTCl8fE3M73AN9Ng3N6JPsfG3ht5Bmtch9leV Wj4MdKBuFt7gn07nRjJjsIYPtXg2jAji7Lh8uCoy8Lfvl0Yev8VvTu50MNh1YpZmZsB7rXkjqa7 cm4Fu3O3Q3TJPPAuOeLI2YEOOS+eUW9BY1GQ9YSB4LXw/lxAXR3+E/AUvpdbIC6KsqOIuleP8LA 1CZ3Xd6GVFxh2TrYjh4UVHx1zqBtOI= X-Received: by 2002:a05:600c:699a:b0:477:9890:9ab8 with SMTP id 5b1f17b1804b1-486f40a0d0emr10793575e9.3.1773769838335; Tue, 17 Mar 2026 10:50:38 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jiaxun Yang , Aleksandar Rikalo Subject: [PATCH 3/3] target/mips: Move count_clock to MIPSCPU struct Date: Tue, 17 Mar 2026 17:50:30 +0000 Message-ID: <20260317175031.3035740-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260317175031.3035740-1-peter.maydell@linaro.org> References: <20260317175031.3035740-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::330; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x330.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1773769924552154100 Content-Type: text/plain; charset="utf-8" The count_clock pointer is not something we can do a shallow copy of, as linux-user cpu_copy() does, and although it is a system-mode piece of state we unconditionally create it, so it is present also in user-mode. There isn't any need to keep this in the env struct rather than the CPU struct, so move it to avoid possible memory leaks or double-usage. This also puts it next to the other Clocks that this CPU has. I haven't seen any sanitizer reports about this field, so this is averting a possible problem rather than correcting an observed one. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- target/mips/cpu.c | 4 ++-- target/mips/cpu.h | 2 +- target/mips/system/cp0_timer.c | 12 ++++++++---- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/target/mips/cpu.c b/target/mips/cpu.c index 0663cda003..f803d47763 100644 --- a/target/mips/cpu.c +++ b/target/mips/cpu.c @@ -449,7 +449,7 @@ static void mips_cp0_period_set(MIPSCPU *cpu) =20 clock_set_mul_div(cpu->count_div, env->cpu_model->CCRes, 1); clock_set_source(cpu->count_div, cpu->clock); - clock_set_source(env->count_clock, cpu->count_div); + clock_set_source(cpu->count_clock, cpu->count_div); } =20 static void mips_cpu_realizefn(DeviceState *dev, Error **errp) @@ -520,7 +520,7 @@ static void mips_cpu_initfn(Object *obj) =20 cpu->clock =3D qdev_init_clock_in(DEVICE(obj), "clk-in", NULL, cpu, 0); cpu->count_div =3D clock_new(OBJECT(obj), "clk-div-count"); - env->count_clock =3D clock_new(OBJECT(obj), "clk-count"); + cpu->count_clock =3D clock_new(OBJECT(obj), "clk-count"); env->cpu_model =3D mcc->cpu_def; } =20 diff --git a/target/mips/cpu.h b/target/mips/cpu.h index ca36ca0d6f..cb72be9336 100644 --- a/target/mips/cpu.h +++ b/target/mips/cpu.h @@ -1188,7 +1188,6 @@ typedef struct CPUArchState { =20 const mips_def_t *cpu_model; QEMUTimer *timer; /* Internal timer */ - Clock *count_clock; /* CP0_Count clock */ target_ulong exception_base; /* ExceptionBase input to the core */ } CPUMIPSState; =20 @@ -1206,6 +1205,7 @@ struct ArchCPU { CPUMIPSState env; =20 Clock *clock; + Clock *count_clock; /* CP0_Count clock */ Clock *count_div; /* Divider for CP0_Count clock */ =20 CPUMIPSMVPContext *mvp; diff --git a/target/mips/system/cp0_timer.c b/target/mips/system/cp0_timer.c index afa163c319..634c2a66bb 100644 --- a/target/mips/system/cp0_timer.c +++ b/target/mips/system/cp0_timer.c @@ -29,14 +29,16 @@ /* MIPS R4K timer */ static uint32_t cpu_mips_get_count_val(CPUMIPSState *env) { + MIPSCPU *cpu =3D env_archcpu(env); int64_t now_ns; now_ns =3D qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); return env->CP0_Count + - (uint32_t)clock_ns_to_ticks(env->count_clock, now_ns); + (uint32_t)clock_ns_to_ticks(cpu->count_clock, now_ns); } =20 static void cpu_mips_timer_update(CPUMIPSState *env) { + MIPSCPU *cpu =3D env_archcpu(env); uint64_t now_ns, next_ns; uint32_t wait; =20 @@ -46,7 +48,7 @@ static void cpu_mips_timer_update(CPUMIPSState *env) if (!wait) { wait =3D UINT32_MAX; } - next_ns =3D now_ns + clock_ticks_to_ns(env->count_clock, wait); + next_ns =3D now_ns + clock_ticks_to_ns(cpu->count_clock, wait); timer_mod(env->timer, next_ns); } =20 @@ -85,11 +87,12 @@ void cpu_mips_store_count(CPUMIPSState *env, uint32_t c= ount) * So env->timer may be NULL, which is also the case with KVM enabled = so * treat timer as disabled in that case. */ + MIPSCPU *cpu =3D env_archcpu(env); if (env->CP0_Cause & (1 << CP0Ca_DC) || !env->timer) { env->CP0_Count =3D count; } else { /* Store new count register */ - env->CP0_Count =3D count - (uint32_t)clock_ns_to_ticks(env->count_= clock, + env->CP0_Count =3D count - (uint32_t)clock_ns_to_ticks(cpu->count_= clock, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)); /* Update timer timer */ cpu_mips_timer_update(env); @@ -116,7 +119,8 @@ void cpu_mips_start_count(CPUMIPSState *env) void cpu_mips_stop_count(CPUMIPSState *env) { /* Store the current value */ - env->CP0_Count +=3D (uint32_t)clock_ns_to_ticks(env->count_clock, + MIPSCPU *cpu =3D env_archcpu(env); + env->CP0_Count +=3D (uint32_t)clock_ns_to_ticks(cpu->count_clock, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)); } =20 --=20 2.43.0