From nobody Sat May 4 22:35:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1501668171814980.5799246169862; Wed, 2 Aug 2017 03:02:51 -0700 (PDT) Received: from localhost ([::1]:46550 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqUM-0005aQ-Hk for importer@patchew.org; Wed, 02 Aug 2017 06:02:50 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36135) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqRD-0003JR-VN for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcqRC-0002cs-Kf for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:36 -0400 Received: from mailapp01.imgtec.com ([195.59.15.196]:59643) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqRC-0002aB-BG for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:34 -0400 Received: from HHMAIL01.hh.imgtec.org (unknown [10.100.10.19]) by Forcepoint Email with ESMTPS id A2D3A29FCA8DE; Wed, 2 Aug 2017 10:59:26 +0100 (IST) Received: from jhogan-linux.le.imgtec.org (192.168.154.110) by HHMAIL01.hh.imgtec.org (10.100.10.21) with Microsoft SMTP Server (TLS) id 14.3.294.0; Wed, 2 Aug 2017 10:59:29 +0100 From: James Hogan To: Date: Wed, 2 Aug 2017 10:59:15 +0100 Message-ID: <753c3960fd4ad5ca5c8ccea15d2c7f6fb95dc25d.1501667615.git-series.james.hogan@imgtec.com> X-Mailer: git-send-email 2.13.2 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [192.168.154.110] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 195.59.15.196 Subject: [Qemu-devel] [PATCH for-2.10 1/3] target/mips: Use BS_EXCP where interrupts are expected X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Yongbok Kim , James Hogan , Aurelien Jarno , Richard Henderson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Commit e350d8ca3ac7 ("target/mips: optimize indirect branches") made indirect branches able to directly find the next TB and jump straight to it without breaking out of translated code and going around the main execution loop. This breaks the assumption in target/mips/translate.c that BS_STOP is sufficient to cause pending interrupts to be handled, since interrupts are only checked in the main loop. Fix a few of these assumptions by using gen_save_pc to update the saved PC and using BS_EXCP instead of BS_STOP: - [D]MFC0 CP0_Count may trigger a timer interrupt which should be immediately handled. - [D]MTC0 CP0_Cause may trigger an interrupt (but in fact translation was only even being stopped in the DMTC0 case). - [D]MTC0 CP0_ when icount is used is assumed could potentially cause interrupts. - EI may trigger an interrupt which was pending. I specifically hit this case when running KVM nested in mipsel-softmmu. A timer interrupt while the 2nd guest was executing is caught by KVM which switches back to the normal Linux exception base and re-enables interrupts with EI. Since the above commit QEMU doesn't leave translated code until the nested KVM has already restored the KVM exception base and returned to the 2nd guest, at which point it is too late to check for pending interrupts and it gets stuck in an infinite loop of unhandled interrupts. Something similar was needed for ARM in commit b29fd33db578 ("target/arm: use DISAS_EXIT for eret handling"). Fixes: e350d8ca3ac7 ("target/mips: optimize indirect branches") Signed-off-by: James Hogan Cc: Aurelien Jarno Cc: Yongbok Kim Cc: Richard Henderson Reviewed-by: Richard Henderson --- Although I've given this a bit of testing, I only actually hit the two EI cases at the end of the patch, and the other cases are mainly just from auditing translate.c for similar issues with BS_STOP, so review appreciated for those other cases. --- target/mips/translate.c | 47 ++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/target/mips/translate.c b/target/mips/translate.c index 51626aead32c..6b41f7b65e00 100644 --- a/target/mips/translate.c +++ b/target/mips/translate.c @@ -5334,8 +5334,10 @@ static void gen_mfc0(DisasContext *ctx, TCGv arg, in= t reg, int sel) gen_io_end(); } /* Break the TB to be able to take timer interrupts immediately - after reading count. */ - ctx->bstate =3D BS_STOP; + after reading count. BS_STOP isn't sufficient, we need to e= nsure + we break completely out of translated code. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; rn =3D "Count"; break; /* 6,7 are implementation dependent */ @@ -6061,6 +6063,11 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, in= t reg, int sel) case 0: save_cpu_state(ctx, 1); gen_helper_mtc0_cause(cpu_env, arg); + /* Stop translation as we may have triggered an interrupt. BS_= STOP + * isn't sufficient, we need to ensure we break out of transla= ted + * code to check for pending interrupts. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; rn =3D "Cause"; break; default: @@ -6397,7 +6404,10 @@ static void gen_mtc0(DisasContext *ctx, TCGv arg, in= t reg, int sel) /* For simplicity assume that all writes can cause interrupts. */ if (ctx->tb->cflags & CF_USE_ICOUNT) { gen_io_end(); - ctx->bstate =3D BS_STOP; + /* BS_STOP isn't sufficient, we need to ensure we break out of + * translated code to check for pending interrupts. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; } return; =20 @@ -6678,8 +6688,10 @@ static void gen_dmfc0(DisasContext *ctx, TCGv arg, i= nt reg, int sel) gen_io_end(); } /* Break the TB to be able to take timer interrupts immediately - after reading count. */ - ctx->bstate =3D BS_STOP; + after reading count. BS_STOP isn't sufficient, we need to e= nsure + we break completely out of translated code. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; rn =3D "Count"; break; /* 6,7 are implementation dependent */ @@ -7400,8 +7412,11 @@ static void gen_dmtc0(DisasContext *ctx, TCGv arg, i= nt reg, int sel) if (ctx->tb->cflags & CF_USE_ICOUNT) { gen_io_end(); } - /* Stop translation as we may have triggered an intetrupt */ - ctx->bstate =3D BS_STOP; + /* Stop translation as we may have triggered an intetrupt. BS_= STOP + * isn't sufficient, we need to ensure we break out of transla= ted + * code to check for pending interrupts. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; rn =3D "Cause"; break; default: @@ -7725,7 +7740,10 @@ static void gen_dmtc0(DisasContext *ctx, TCGv arg, i= nt reg, int sel) /* For simplicity assume that all writes can cause interrupts. */ if (ctx->tb->cflags & CF_USE_ICOUNT) { gen_io_end(); - ctx->bstate =3D BS_STOP; + /* BS_STOP isn't sufficient, we need to ensure we break out of + * translated code to check for pending interrupts. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; } return; =20 @@ -13569,8 +13587,10 @@ static void gen_pool32axf (CPUMIPSState *env, Disa= sContext *ctx, int rt, int rs) save_cpu_state(ctx, 1); gen_helper_ei(t0, cpu_env); gen_store_gpr(t0, rs); - /* Stop translation as we may have switched the execution = mode */ - ctx->bstate =3D BS_STOP; + /* BS_STOP isn't sufficient, we need to ensure we break out + of translated code to check for pending interrupts. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; tcg_temp_free(t0); } break; @@ -19692,9 +19712,10 @@ static void decode_opc(CPUMIPSState *env, DisasCon= text *ctx) save_cpu_state(ctx, 1); gen_helper_ei(t0, cpu_env); gen_store_gpr(t0, rt); - /* Stop translation as we may have switched - the execution mode. */ - ctx->bstate =3D BS_STOP; + /* BS_STOP isn't sufficient, we need to ensure we brea= k out + of translated code to check for pending interrupts.= */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; break; default: /* Invalid */ MIPS_INVAL("mfmc0"); --=20 git-series 0.8.10 From nobody Sat May 4 22:35:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1501668082939883.028752035431; Wed, 2 Aug 2017 03:01:22 -0700 (PDT) Received: from localhost ([::1]:46524 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqSv-0004V1-8T for importer@patchew.org; Wed, 02 Aug 2017 06:01:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36164) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqRH-0003Kc-HW for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcqRG-0002gb-LR for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:39 -0400 Received: from mailapp01.imgtec.com ([195.59.15.196]:36182) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqRG-0002Zu-Fq for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:38 -0400 Received: from HHMAIL01.hh.imgtec.org (unknown [10.100.10.19]) by Forcepoint Email with ESMTPS id 5538AB5D256B4; Wed, 2 Aug 2017 10:59:27 +0100 (IST) Received: from jhogan-linux.le.imgtec.org (192.168.154.110) by HHMAIL01.hh.imgtec.org (10.100.10.21) with Microsoft SMTP Server (TLS) id 14.3.294.0; Wed, 2 Aug 2017 10:59:30 +0100 From: James Hogan To: Date: Wed, 2 Aug 2017 10:59:16 +0100 Message-ID: X-Mailer: git-send-email 2.13.2 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [192.168.154.110] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 195.59.15.196 Subject: [Qemu-devel] [PATCH for-2.10 2/3] target/mips: Drop redundant gen_io_start/stop() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Yongbok Kim , James Hogan , Aurelien Jarno Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" DMTC0 CP0_Cause does a redundant gen_io_start() and gen_io_end() pair, even though this is done for all DMTC0 operations outside of the switch statement. Remove these redundant calls. Fixes: 5dc5d9f055c5 ("mips: more fixes to the MIPS interrupt glue logic") Signed-off-by: James Hogan Cc: Yongbok Kim Cc: Aurelien Jarno Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Richard Henderson --- target/mips/translate.c | 8 -------- 1 file changed, 0 insertions(+), 8 deletions(-) diff --git a/target/mips/translate.c b/target/mips/translate.c index 6b41f7b65e00..6e724ac71dcd 100644 --- a/target/mips/translate.c +++ b/target/mips/translate.c @@ -7403,15 +7403,7 @@ static void gen_dmtc0(DisasContext *ctx, TCGv arg, i= nt reg, int sel) switch (sel) { case 0: save_cpu_state(ctx, 1); - /* Mark as an IO operation because we may trigger a software - interrupt. */ - if (ctx->tb->cflags & CF_USE_ICOUNT) { - gen_io_start(); - } gen_helper_mtc0_cause(cpu_env, arg); - if (ctx->tb->cflags & CF_USE_ICOUNT) { - gen_io_end(); - } /* Stop translation as we may have triggered an intetrupt. BS_= STOP * isn't sufficient, we need to ensure we break out of transla= ted * code to check for pending interrupts. */ --=20 git-series 0.8.10 From nobody Sat May 4 22:35:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1501668077095969.7867451202808; Wed, 2 Aug 2017 03:01:17 -0700 (PDT) Received: from localhost ([::1]:46523 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqSp-0004Sa-Qi for importer@patchew.org; Wed, 02 Aug 2017 06:01:15 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36133) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqRD-0003JQ-Ns for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcqRC-0002cG-4N for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:35 -0400 Received: from mailapp01.imgtec.com ([195.59.15.196]:23078) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcqRB-0002aN-Uf for qemu-devel@nongnu.org; Wed, 02 Aug 2017 05:59:34 -0400 Received: from HHMAIL01.hh.imgtec.org (unknown [10.100.10.19]) by Forcepoint Email with ESMTPS id 03EE45F07D05; Wed, 2 Aug 2017 10:59:28 +0100 (IST) Received: from jhogan-linux.le.imgtec.org (192.168.154.110) by HHMAIL01.hh.imgtec.org (10.100.10.21) with Microsoft SMTP Server (TLS) id 14.3.294.0; Wed, 2 Aug 2017 10:59:30 +0100 From: James Hogan To: Date: Wed, 2 Aug 2017 10:59:17 +0100 Message-ID: <248e7141b59e3cce8768f8210ade7f19108c92fa.1501667615.git-series.james.hogan@imgtec.com> X-Mailer: git-send-email 2.13.2 In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [192.168.154.110] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 195.59.15.196 Subject: [Qemu-devel] [PATCH for-2.10 3/3] target/mips: Fix RDHWR CC with icount X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Yongbok Kim , James Hogan , Aurelien Jarno Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" RDHWR CC reads the CPU timer like MFC0 CP0_Count, so with icount enabled it must set can_do_io while it calls the helper to avoid the "Bad icount read" error. It should also break out of the translation loop to ensure that timer interrupts are immediately handled. Fixes: 2e70f6efa8b9 ("Add instruction counter.") Signed-off-by: James Hogan Cc: Aurelien Jarno Cc: Yongbok Kim Reviewed-by: Richard Henderson --- I've based this on MFC0 Count, but this instruction is also available to usermode (e.g. CONFIG_USER_ONLY), which I presume is still fine. --- target/mips/translate.c | 11 +++++++++++ 1 file changed, 11 insertions(+), 0 deletions(-) diff --git a/target/mips/translate.c b/target/mips/translate.c index 6e724ac71dcd..f29092f6d4ac 100644 --- a/target/mips/translate.c +++ b/target/mips/translate.c @@ -10759,8 +10759,19 @@ static void gen_rdhwr(DisasContext *ctx, int rt, i= nt rd, int sel) gen_store_gpr(t0, rt); break; case 2: + if (ctx->tb->cflags & CF_USE_ICOUNT) { + gen_io_start(); + } gen_helper_rdhwr_cc(t0, cpu_env); + if (ctx->tb->cflags & CF_USE_ICOUNT) { + gen_io_end(); + } gen_store_gpr(t0, rt); + /* Break the TB to be able to take timer interrupts immediately + after reading count. BS_STOP isn't sufficient, we need to ensure + we break completely out of translated code. */ + gen_save_pc(ctx->pc + 4); + ctx->bstate =3D BS_EXCP; break; case 3: gen_helper_rdhwr_ccres(t0, cpu_env); --=20 git-series 0.8.10