From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MKH2Q-0006aB-PG
	for qemu-devel@nongnu.org; Fri, 26 Jun 2009 15:24:42 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MKH2L-0006Te-Vc
	for qemu-devel@nongnu.org; Fri, 26 Jun 2009 15:24:42 -0400
Received: from [199.232.76.173] (port=49375 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MKH2L-0006TS-Kv
	for qemu-devel@nongnu.org; Fri, 26 Jun 2009 15:24:37 -0400
Received: from mx20.gnu.org ([199.232.41.8]:6131)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <paul@codesourcery.com>)
	id 1MKH2L-0000G5-AO
	for qemu-devel@nongnu.org; Fri, 26 Jun 2009 15:24:37 -0400
Received: from mail.codesourcery.com ([65.74.133.4])
	by mx20.gnu.org with esmtp (Exim 4.60)
	(envelope-from <paul@codesourcery.com>) id 1MKH2I-0008Cg-7t
	for qemu-devel@nongnu.org; Fri, 26 Jun 2009 15:24:34 -0400
From: Paul Brook <paul@codesourcery.com>
Subject: Re: [Qemu-devel] [RFC PATCH] s390x-linux-user
Date: Fri, 26 Jun 2009 20:24:30 +0100
References: <200906261849.43746.uli@suse.de>
	<f43fc5580906261017o1eace71dn8b6483fa354e693d@mail.gmail.com>
	<20090626190714.GA464@miranda.arrow>
In-Reply-To: <20090626190714.GA464@miranda.arrow>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200906262024.31543.paul@codesourcery.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

> Stupid idea, I expect, but would it be possible to handle EXECUTE by
> 'branching' to the 'instruction stored somewhere in memory', using one
> bit to hold the state of R0, and another indicate that the TB is a
> special EXECUTE TB (i.e. only a single instruction should be decoded,
> the LSB of R0 should be ORed, and code must be generated to return to
> the 'caller'), and another bit for the state of the LSB of R0?

I guess s/bit/byte/.

> Presumably, SMC handling would safely deal with the memory holding that
> instruction being written to.  (If all variants of S/390 need precise
> SMC handling, I suppose that shouldn't be a problem?)

You don't need precise SMC here. That's only required if a TB can modify 
itself.

> My only real concern would be that it must not be possible to observe
> this behaviour.  (I.e. an interrupt arriving at the 'wrong' moment or
> the EXECUTEd instruction faulting must be properly handled.)

That's easy to fix. We already do this for other targets (e.g. ARMv7-M 
exception return). You already need an extra TB flag bit to indicate that this 
is part way through an EXECUTE instruction.

> Also, if S/390 has separate read/execute page bits, would access to the
> memory location in question still count as 'execution'?  I suppose this
> would also be possible to work around, though...

This is probably the trickiest bit to get right, especially if the you end up 
causing a fault.

Paul