[Qemu-devel] [PATCH 0/5] s390x: Random emulation fixes

[Qemu-devel] [PATCH 0/5] s390x: Random emulation fixes

[Alexander Graf]

While trying to use the s390x emulation target in a real world use case,
we stumbled over a number of shortcomings. These patches fell out there,
giving us comparable functionality to a real KVM virtual machine on s390x.


Alex

Alexander Graf (5):
  s390x: add ldeb instruction
  s390x: make ipte 31-bit aware
  s390x: update R and C bits in storage key
  s390x: implement rrbe instruction properly
  s390x: implement SIGP restart and shutdown

 target-s390x/cpu.h       |    4 ++++
 target-s390x/helper.c    |   12 ++++++++++++
 target-s390x/helpers.h   |    1 +
 target-s390x/op_helper.c |   43 +++++++++++++++++++++++++++++++++++++------
 target-s390x/translate.c |    4 ++++
 5 files changed, 58 insertions(+), 6 deletions(-)

[Qemu-devel] [PATCH 1/5] s390x: add ldeb instruction

[Alexander Graf]

While running perl, we encountered the ldeb instruction to be used,
so we implement it :).

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-s390x/helpers.h   |    1 +
 target-s390x/op_helper.c |    9 +++++++++
 target-s390x/translate.c |    4 ++++
 3 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/target-s390x/helpers.h b/target-s390x/helpers.h
index 6ca48eb..01c8d0e 100644
--- a/target-s390x/helpers.h
+++ b/target-s390x/helpers.h
@@ -102,6 +102,7 @@ DEF_HELPER_3(madb, void, i32, i64, i32)
 DEF_HELPER_3(maebr, void, i32, i32, i32)
 DEF_HELPER_3(madbr, void, i32, i32, i32)
 DEF_HELPER_3(msdbr, void, i32, i32, i32)
+DEF_HELPER_2(ldeb, void, i32, i64)
 DEF_HELPER_2(lxdb, void, i32, i64)
 DEF_HELPER_FLAGS_2(tceb, TCG_CALL_PURE, i32, i32, i64)
 DEF_HELPER_FLAGS_2(tcdb, TCG_CALL_PURE, i32, i32, i64)
diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index cd33f99..1db6f5e 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -1630,6 +1630,15 @@ void HELPER(maebr)(uint32_t f1, uint32_t f3, uint32_t f2)
                                          &env->fpu_status);
 }
 
+/* convert 32-bit float to 64-bit float */
+void HELPER(ldeb)(uint32_t f1, uint64_t a2)
+{
+    u32 v2;
+    v2 = ldl(a2);
+    env->fregs[f1].d = float32_to_float64(v2,
+                                          &env->fpu_status);
+}
+
 /* convert 64-bit float to 128-bit float */
 void HELPER(lxdb)(uint32_t f1, uint64_t a2)
 {
diff --git a/target-s390x/translate.c b/target-s390x/translate.c
index 77fb448..7ec98e2 100644
--- a/target-s390x/translate.c
+++ b/target-s390x/translate.c
@@ -2214,6 +2214,10 @@ static void disas_ed(DisasContext *s, int op, int r1, int x2, int b2, int d2,
     addr = get_address(s, x2, b2, d2);
     tmp_r1 = tcg_const_i32(r1);
     switch (op) {
+    case 0x4: /* LDEB R1,D2(X2,B2) [RXE] */
+        potential_page_fault(s);
+        gen_helper_ldeb(tmp_r1, addr);
+        break;
     case 0x5: /* LXDB R1,D2(X2,B2) [RXE] */
         potential_page_fault(s);
         gen_helper_lxdb(tmp_r1, addr);
-- 
1.6.0.2

[Qemu-devel] [PATCH 2/5] s390x: make ipte 31-bit aware

[Alexander Graf]

When running 31-bit code we can potentially map the same virtual
address twice - once as 0x0yyyyyyy and once as 0x8yyyyyyy, because
the upper bit gets ignored.

This also should be reflected in the tlb invalidation path, so we
really invalidate also the transparently created tlb entries.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-s390x/op_helper.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 1db6f5e..245fb2c 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -2949,6 +2949,13 @@ void HELPER(ipte)(uint64_t pte_addr, uint64_t vaddr)
     /* XXX we exploit the fact that Linux passes the exact virtual
            address here - it's not obliged to! */
     tlb_flush_page(env, page);
+
+    /* XXX 31-bit hack */
+    if (page & 0x80000000) {
+        tlb_flush_page(env, page & ~0x80000000);
+    } else {
+        tlb_flush_page(env, page | 0x80000000);
+    }
 }
 
 /* flush local tlb */
-- 
1.6.0.2

[Qemu-devel] [PATCH 3/5] s390x: update R and C bits in storage key

[Alexander Graf]

When the s390x maps a page or writes happen to a page, the R and C
bits get updated. The easiest way to implement this in qemu is to
simply update them whenever we map a TLB translation and act according
to the permissions.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-s390x/cpu.h       |    4 ++++
 target-s390x/helper.c    |   12 ++++++++++++
 target-s390x/op_helper.c |    1 -
 3 files changed, 16 insertions(+), 1 deletions(-)

diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index d48a9b7..8ec61f8 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -819,6 +819,10 @@ struct sysib_322 {
 #define _PAGE_RO        0x200            /* HW read-only bit  */
 #define _PAGE_INVALID   0x400            /* HW invalid bit    */
 
+#define SK_C                    (0x1 << 1)
+#define SK_R                    (0x1 << 2)
+#define SK_F                    (0x1 << 3)
+#define SK_ACC_MASK             (0xf << 4)
 
 
 /* EBCDIC handling */
diff --git a/target-s390x/helper.c b/target-s390x/helper.c
index 1ce7079..f38859d 100644
--- a/target-s390x/helper.c
+++ b/target-s390x/helper.c
@@ -348,6 +348,7 @@ int mmu_translate(CPUState *env, target_ulong vaddr, int rw, uint64_t asc,
                   target_ulong *raddr, int *flags)
 {
     int r = -1;
+    uint8_t *sk;
 
     *flags = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
     vaddr &= TARGET_PAGE_MASK;
@@ -390,6 +391,17 @@ out:
         *raddr = *raddr + env->psa;
     }
 
+    if (*raddr <= ram_size) {
+        sk = &env->storage_keys[*raddr / TARGET_PAGE_SIZE];
+        if (*flags & PAGE_READ) {
+            *sk |= SK_R;
+        }
+    
+        if (*flags & PAGE_WRITE) {
+            *sk |= SK_C;
+        }
+    }
+
     return r;
 }
 
diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 245fb2c..7583172 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -2760,7 +2760,6 @@ uint64_t HELPER(iske)(uint64_t r2)
         return 0;
     }
 
-    /* XXX maybe use qemu's internal keys? */
     return env->storage_keys[addr / TARGET_PAGE_SIZE];
 }
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 4/5] s390x: implement rrbe instruction properly

[Alexander Graf]

The rrbe instruction resets the reference bit in the given storage key.
So far, we merely made it a nop and also returned an invalid CC value,
so that the kernel never knew if a page actually got accessed.

This patch implements it properly, flushing the R bit and returning the
correct CC value.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-s390x/op_helper.c |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 7583172..356eac8 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -2778,14 +2778,15 @@ void HELPER(sske)(uint32_t r1, uint64_t r2)
 /* reset reference bit extended */
 uint32_t HELPER(rrbe)(uint32_t r1, uint64_t r2)
 {
+    uint8_t re;
+    uint8_t key;
     if (r2 > ram_size) {
         return 0;
     }
 
-    /* XXX implement */
-#if 0
-    env->storage_keys[r2 / TARGET_PAGE_SIZE] &= ~SK_REFERENCED;
-#endif
+    key = env->storage_keys[r2 / TARGET_PAGE_SIZE];
+    re = key & (SK_R | SK_C);
+    env->storage_keys[r2 / TARGET_PAGE_SIZE] = (key & ~SK_R);
 
     /*
      * cc
@@ -2795,7 +2796,8 @@ uint32_t HELPER(rrbe)(uint32_t r1, uint64_t r2)
      * 2  Reference bit one; change bit zero
      * 3  Reference bit one; change bit one
      */
-    return 0;
+
+    return re >> 1;
 }
 
 /* compare and swap and purge */
-- 
1.6.0.2

[Qemu-devel] [PATCH 5/5] s390x: implement SIGP restart and shutdown

[Alexander Graf]

An s390x OS does reboot and shutdown triggers through hypercalls that
we didn't implement on the TCG backend yet. That means that so far we
couldn't shut down virtual machines for example, having them hang on
shutdown when not using KVM.

With this patch, this restriction is gone. We can now shut down and
reboot s390x virtual machines even when using the TCG backend.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-s390x/op_helper.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 356eac8..bbc2002 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -28,6 +28,10 @@
 #include <linux/kvm.h>
 #endif
 
+#if !defined (CONFIG_USER_ONLY)
+#include "sysemu.h"
+#endif
+
 /*****************************************************************************/
 /* Softmmu support */
 #if !defined (CONFIG_USER_ONLY)
@@ -2900,6 +2904,16 @@ uint32_t HELPER(sigp)(uint64_t order_code, uint32_t r1, uint64_t cpu_addr)
         env->regs[r1] &= 0xffffffff00000000ULL;
         cc = 1;
         break;
+#if !defined (CONFIG_USER_ONLY)
+    case SIGP_RESTART:
+        qemu_system_reset_request();
+        cpu_loop_exit(env);
+        break;
+    case SIGP_STOP:
+        qemu_system_shutdown_request();
+        cpu_loop_exit(env);
+        break;
+#endif
     default:
         /* unknown sigp */
         fprintf(stderr, "XXX unknown sigp: 0x%" PRIx64 "\n", order_code);
-- 
1.6.0.2