[Qemu-devel] [PULL 18/23] target-arm: Make *IS TLB maintenance ops affect all CPUs

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 18/23] target-arm: Make *IS TLB maintenance ops affect all CPUs
Date: Fri, 12 Sep 2014 14:23:49 +0100	[thread overview]
Message-ID: <1410528234-13545-19-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1410528234-13545-1-git-send-email-peter.maydell@linaro.org>

The ARM architecture defines that the "IS" variants of TLB
maintenance operations must affect all TLBs in the Inner Shareable
domain, which for us means all CPUs. We were incorrectly implementing
these to only affect the current CPU, which meant that SMP TCG
operation was unstable.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1410274883-9578-3-git-send-email-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
---
 target-arm/helper.c | 101 +++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 89 insertions(+), 12 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 9984cca..ece9673 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -377,6 +377,47 @@ static void tlbimvaa_write(CPUARMState *env, const ARMCPRegInfo *ri,
     tlb_flush_page(CPU(cpu), value & TARGET_PAGE_MASK);
 }
 
+/* IS variants of TLB operations must affect all cores */
+static void tlbiall_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                             uint64_t value)
+{
+    CPUState *other_cs;
+
+    CPU_FOREACH(other_cs) {
+        tlb_flush(other_cs, 1);
+    }
+}
+
+static void tlbiasid_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                             uint64_t value)
+{
+    CPUState *other_cs;
+
+    CPU_FOREACH(other_cs) {
+        tlb_flush(other_cs, value == 0);
+    }
+}
+
+static void tlbimva_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                             uint64_t value)
+{
+    CPUState *other_cs;
+
+    CPU_FOREACH(other_cs) {
+        tlb_flush_page(other_cs, value & TARGET_PAGE_MASK);
+    }
+}
+
+static void tlbimvaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                             uint64_t value)
+{
+    CPUState *other_cs;
+
+    CPU_FOREACH(other_cs) {
+        tlb_flush_page(other_cs, value & TARGET_PAGE_MASK);
+    }
+}
+
 static const ARMCPRegInfo cp_reginfo[] = {
     { .name = "FCSEIDR", .cp = 15, .crn = 13, .crm = 0, .opc1 = 0, .opc2 = 0,
       .access = PL1_RW, .fieldoffset = offsetof(CPUARMState, cp15.c13_fcse),
@@ -908,13 +949,15 @@ static const ARMCPRegInfo v7_cp_reginfo[] = {
 static const ARMCPRegInfo v7mp_cp_reginfo[] = {
     /* 32 bit TLB invalidates, Inner Shareable */
     { .name = "TLBIALLIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
-      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiall_write },
+      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiall_is_write },
     { .name = "TLBIMVAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
-      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
+      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_is_write },
     { .name = "TLBIASIDIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
-      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbiasid_write },
+      .type = ARM_CP_NO_MIGRATE, .access = PL1_W,
+      .writefn = tlbiasid_is_write },
     { .name = "TLBIMVAAIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
-      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimvaa_write },
+      .type = ARM_CP_NO_MIGRATE, .access = PL1_W,
+      .writefn = tlbimvaa_is_write },
     REGINFO_SENTINEL
 };
 
@@ -1904,6 +1947,39 @@ static void tlbi_aa64_asid_write(CPUARMState *env, const ARMCPRegInfo *ri,
     tlb_flush(CPU(cpu), asid == 0);
 }
 
+static void tlbi_aa64_va_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                  uint64_t value)
+{
+    CPUState *other_cs;
+    uint64_t pageaddr = sextract64(value << 12, 0, 56);
+
+    CPU_FOREACH(other_cs) {
+        tlb_flush_page(other_cs, pageaddr);
+    }
+}
+
+static void tlbi_aa64_vaa_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                  uint64_t value)
+{
+    CPUState *other_cs;
+    uint64_t pageaddr = sextract64(value << 12, 0, 56);
+
+    CPU_FOREACH(other_cs) {
+        tlb_flush_page(other_cs, pageaddr);
+    }
+}
+
+static void tlbi_aa64_asid_is_write(CPUARMState *env, const ARMCPRegInfo *ri,
+                                  uint64_t value)
+{
+    CPUState *other_cs;
+    int asid = extract64(value, 48, 16);
+
+    CPU_FOREACH(other_cs) {
+        tlb_flush(other_cs, asid == 0);
+    }
+}
+
 static CPAccessResult aa64_zva_access(CPUARMState *env, const ARMCPRegInfo *ri)
 {
     /* We don't implement EL2, so the only control on DC ZVA is the
@@ -2021,27 +2097,27 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
     { .name = "TLBI_VMALLE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 0,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
-      .writefn = tlbiall_write },
+      .writefn = tlbiall_is_write },
     { .name = "TLBI_VAE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 1,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
-      .writefn = tlbi_aa64_va_write },
+      .writefn = tlbi_aa64_va_is_write },
     { .name = "TLBI_ASIDE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 2,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
-      .writefn = tlbi_aa64_asid_write },
+      .writefn = tlbi_aa64_asid_is_write },
     { .name = "TLBI_VAAE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 3,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
-      .writefn = tlbi_aa64_vaa_write },
+      .writefn = tlbi_aa64_vaa_is_write },
     { .name = "TLBI_VALE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
-      .writefn = tlbi_aa64_va_write },
+      .writefn = tlbi_aa64_va_is_write },
     { .name = "TLBI_VAALE1IS", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
-      .writefn = tlbi_aa64_vaa_write },
+      .writefn = tlbi_aa64_vaa_is_write },
     { .name = "TLBI_VMALLE1", .state = ARM_CP_STATE_AA64,
       .opc0 = 1, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 0,
       .access = PL1_W, .type = ARM_CP_NO_MIGRATE,
@@ -2083,9 +2159,10 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
 #endif
     /* TLB invalidate last level of translation table walk */
     { .name = "TLBIMVALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 5,
-      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
+      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_is_write },
     { .name = "TLBIMVAALIS", .cp = 15, .opc1 = 0, .crn = 8, .crm = 3, .opc2 = 7,
-      .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimvaa_write },
+      .type = ARM_CP_NO_MIGRATE, .access = PL1_W,
+      .writefn = tlbimvaa_is_write },
     { .name = "TLBIMVAL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 5,
       .type = ARM_CP_NO_MIGRATE, .access = PL1_W, .writefn = tlbimva_write },
     { .name = "TLBIMVAAL", .cp = 15, .opc1 = 0, .crn = 8, .crm = 7, .opc2 = 7,
-- 
1.9.1

next prev parent reply	other threads:[~2014-09-12 13:24 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-12 13:23 [Qemu-devel] [PULL 00/23] target-arm queue Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 01/23] hw/arm/virt: add linux, stdout-path to /chosen DT node Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 02/23] cpu-exec.c: Allow disabling of IRQs on ARM Cortex-M CPUs Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 03/23] pl061: implement input interrupt logic Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 04/23] target-arm: Fix resetting issues on ARMv7-M CPUs Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 05/23] target-arm: Fix broken indentation in arm_cpu_reest() Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 06/23] hw/arm/virt: Provide flash devices for boot ROMs Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 07/23] exec.c: Relax restrictions on watchpoint length and alignment Peter Maydell
2014-09-18  4:48   ` Max Filippov
2014-09-18  4:58     ` Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 08/23] exec.c: Provide full set of dummy wp remove functions in user-mode Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 09/23] exec.c: Record watchpoint fault address and direction Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 10/23] cpu-exec: Make debug_excp_handler a QOM CPU method Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 11/23] target-arm: Implement setting of watchpoints Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 12/23] target-arm: Move extended_addresses_enabled() to internals.h Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 13/23] target-arm: Implement handling of fired watchpoints Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 14/23] target-arm: Set DBGDSCR.MOE for debug exceptions taken to AArch32 Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 15/23] target-arm: Remove comment about MDSCR_EL1 being dummy implementation Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 16/23] target-arm: Implement minimal DBGVCR, OSDLR_EL1, MDCCSR_EL0 Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 17/23] target-arm: Push legacy wildcard TLB ops back into v6 Peter Maydell
2014-09-12 13:23 ` Peter Maydell [this message]
2014-09-12 13:23 ` [Qemu-devel] [PULL 19/23] hw/arm/virt: fix pl011 and pl031 irq flags Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 20/23] hw/arm/boot: load DTB as a ROM image Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 21/23] hw/arm/boot: pass an address limit to and return size from load_dtb() Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 22/23] hw/arm/boot: load device tree to base of DRAM if no -kernel option was passed Peter Maydell
2014-09-12 13:23 ` [Qemu-devel] [PULL 23/23] hw/arm/boot: enable DTB support when booting ELF images Peter Maydell
2014-09-12 15:55 ` [Qemu-devel] [PULL 00/23] target-arm queue Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9984cca dfblob:ece9673 )
 OR (
bs:"[Qemu-devel] [PULL 18/23] target-arm: Make *IS TLB maintenance ops affect all CPUs" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1410528234-13545-19-git-send-email-peter.maydell@linaro.org \
    --to=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).