[Qemu-devel] [PATCH v2 0/3] target/s390x: implement idte and improve ipte

[Qemu-devel] [PATCH v2 0/3] target/s390x: implement idte and improve ipte

[David Hildenbrand]

By adding idte, we are now able to expose the DAT-enhancement facility
to our guest. Also, properly simulate and expose the local-tlb-clearing
facility.

To improve the TLB flushing, we will have to remember each used table (or
at least a hash!) for each tlb entry, just like real HW does.

This allows me to start an upstream kernel (having also the mvcos patch
applied) compiled for z9 using:

qemu-system-s390x ... -cpu qemu,mvcos=on,stfle=on,ldisp=on,ldisphp=on,\
                           eimm=on,stckf=on,csst=on,csst2=on,ginste=on,\
                           exrl=on,dateh=on,ltlbc=on

Linux will detect the DAT-enhancement facility and use idte+cspg.

v1 -> v2:
- Allow to enable the DAT-enhancement facility.
- Fix wrong register in idte.
- Simply set m4 to zero in case local-tlb-clearing is not enabled.

David Hildenbrand (3):
  target/s390x: Indicate and check for local tlb clearing
  target/s390x: Improve heuristic for ipte
  target/s390x: Implement idte instruction

 target/s390x/cpu_models.c  |  2 ++
 target/s390x/helper.h      |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 78 +++++++++++++++++++++++++++++++++++++++-------
 target/s390x/translate.c   | 21 ++++++++++++-
 5 files changed, 92 insertions(+), 12 deletions(-)

-- 
2.9.4

[Qemu-devel] [PATCH v2 1/3] target/s390x: Indicate and check for local tlb clearing

[David Hildenbrand]

Let's allow to enable it for the qemu cpu model and correctly emulate
it.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/cpu_models.c | 1 +
 target/s390x/mem_helper.c | 2 --
 target/s390x/translate.c  | 6 +++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 478bcc6..8fce957 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -685,6 +685,7 @@ static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
         S390_FEAT_GENERAL_INSTRUCTIONS_EXT,
         S390_FEAT_EXECUTE_EXT,
         S390_FEAT_STFLE_45,
+        S390_FEAT_LOCAL_TLB_CLEARING,
     };
     int i;
 
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 80caab9..41e5a1d 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1558,8 +1558,6 @@ void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr,
 
     /* XXX we exploit the fact that Linux passes the exact virtual
        address here - it's not obliged to! */
-    /* XXX: the LC bit should be considered as 0 if the local-TLB-clearing
-       facility is not installed.  */
     if (m4 & 1) {
         tlb_flush_page(cs, page);
     } else {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 8c055b7..7efc10b 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2412,7 +2412,11 @@ static ExitStatus op_ipte(DisasContext *s, DisasOps *o)
     TCGv_i32 m4;
 
     check_privileged(s);
-    m4 = tcg_const_i32(get_field(s->fields, m4));
+    if (s390_has_feat(S390_FEAT_LOCAL_TLB_CLEARING)) {
+        m4 = tcg_const_i32(get_field(s->fields, m4));
+    } else {
+        m4 = tcg_const_i32(0);
+    }
     gen_helper_ipte(cpu_env, o->in1, o->in2, m4);
     tcg_temp_free_i32(m4);
     return NO_EXIT;
-- 
2.9.4

Re: [Qemu-devel] [PATCH v2 1/3] target/s390x: Indicate and check for local tlb clearing

[Richard Henderson]

On 06/22/2017 02:41 AM, David Hildenbrand wrote:
> Let's allow to enable it for the qemu cpu model and correctly emulate
> it.
> 
> Signed-off-by: David Hildenbrand<david@redhat.com>
> ---
>   target/s390x/cpu_models.c | 1 +
>   target/s390x/mem_helper.c | 2 --
>   target/s390x/translate.c  | 6 +++++-
>   3 files changed, 6 insertions(+), 3 deletions(-)

Reviewed-by: Richard Henderson <rth@twiddle.net>


r~

[Qemu-devel] [PATCH v2 2/3] target/s390x: Improve heuristic for ipte

[David Hildenbrand]

If only the page index is set, most likely we don't have a valid
virtual address. Let's do a full tlb flush for that case.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/mem_helper.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 41e5a1d..1507175 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1559,16 +1559,23 @@ void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr,
     /* XXX we exploit the fact that Linux passes the exact virtual
        address here - it's not obliged to! */
     if (m4 & 1) {
-        tlb_flush_page(cs, page);
-    } else {
-        tlb_flush_page_all_cpus_synced(cs, page);
-    }
-
-    /* XXX 31-bit hack */
-    if (m4 & 1) {
-        tlb_flush_page(cs, page ^ 0x80000000);
+        if (vaddr & ~VADDR_PX) {
+            tlb_flush_page(cs, page);
+            /* XXX 31-bit hack */
+            tlb_flush_page(cs, page ^ 0x80000000);
+        } else {
+            /* looks like we don't have a valid virtual address */
+            tlb_flush(cs);
+        }
     } else {
-        tlb_flush_page_all_cpus_synced(cs, page ^ 0x80000000);
+        if (vaddr & ~VADDR_PX) {
+            tlb_flush_page_all_cpus_synced(cs, page);
+            /* XXX 31-bit hack */
+            tlb_flush_page_all_cpus_synced(cs, page ^ 0x80000000);
+        } else {
+            /* looks like we don't have a valid virtual address */
+            tlb_flush_all_cpus_synced(cs);
+        }
     }
 }
 
-- 
2.9.4

[Qemu-devel] [PATCH v2 3/3] target/s390x: Implement idte instruction

[David Hildenbrand]

Let's keep it very simple for now and flush the complete tlb,
we currently can't find the right entries in our tlb, we would have
to store the used tables for each element.

As we now fully implement the DAT-enhancement facility, we can allow to
enable it for the qemu CPU model.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/cpu_models.c  |  1 +
 target/s390x/helper.h      |  1 +
 target/s390x/insn-data.def |  2 ++
 target/s390x/mem_helper.c  | 51 ++++++++++++++++++++++++++++++++++++++++++++++
 target/s390x/translate.c   | 15 ++++++++++++++
 5 files changed, 70 insertions(+)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 8fce957..74e3369 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -675,6 +675,7 @@ static void check_compatibility(const S390CPUModel *max_model,
 static void add_qemu_cpu_model_features(S390FeatBitmap fbm)
 {
     static const int feats[] = {
+        S390_FEAT_DAT_ENH,
         S390_FEAT_STFLE,
         S390_FEAT_EXTENDED_IMMEDIATE,
         S390_FEAT_EXTENDED_TRANSLATION_2,
diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 69249a5..d219ae4 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -130,6 +130,7 @@ DEF_HELPER_4(mvcs, i32, env, i64, i64, i64)
 DEF_HELPER_4(mvcp, i32, env, i64, i64, i64)
 DEF_HELPER_4(sigp, i32, env, i64, i32, i64)
 DEF_HELPER_FLAGS_2(sacf, TCG_CALL_NO_WG, void, env, i64)
+DEF_HELPER_FLAGS_4(idte, TCG_CALL_NO_RWG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_4(ipte, TCG_CALL_NO_RWG, void, env, i64, i64, i32)
 DEF_HELPER_FLAGS_1(ptlb, TCG_CALL_NO_RWG, void, env)
 DEF_HELPER_FLAGS_1(purge, TCG_CALL_NO_RWG, void, env)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index d089707..82c5d53 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -900,6 +900,8 @@
     C(0x8300, DIAG,    RSI,   Z,   0, 0, 0, 0, diag, 0)
 /* INSERT STORAGE KEY EXTENDED */
     C(0xb229, ISKE,    RRE,   Z,   0, r2_o, new, r1_8, iske, 0)
+/* INVALIDATE DAT TABLE ENTRY */
+    C(0xb98e, IPDE,    RRF_b, Z,   r1_o, r2_o, 0, 0, idte, 0)
 /* INVALIDATE PAGE TABLE ENTRY */
     C(0xb221, IPTE,    RRF_a, Z,   r1_o, r2_o, 0, 0, ipte, 0)
 /* LOAD CONTROL */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 1507175..6224da5 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1539,6 +1539,57 @@ uint32_t HELPER(mvcp)(CPUS390XState *env, uint64_t l, uint64_t a1, uint64_t a2)
     return cc;
 }
 
+void HELPER(idte)(CPUS390XState *env, uint64_t r1, uint64_t r2, uint32_t m4)
+{
+    CPUState *cs = CPU(s390_env_get_cpu(env));
+    const uintptr_t ra = GETPC();
+    uint64_t table, entry, raddr;
+    uint16_t entries, i, index = 0;
+
+    if (r2 & 0xff000) {
+        cpu_restore_state(cs, ra);
+        program_interrupt(env, PGM_SPECIFICATION, 4);
+    }
+
+    if (!(r2 & 0x800)) {
+        /* invalidation-and-clearing operation */
+        table = r1 & _ASCE_ORIGIN;
+        entries = (r2 & 0x7ff) + 1;
+
+        switch (r1 & _ASCE_TYPE_MASK) {
+        case _ASCE_TYPE_REGION1:
+            index = (r2 >> 53) & 0x7ff;
+            break;
+        case _ASCE_TYPE_REGION2:
+            index = (r2 >> 42) & 0x7ff;
+            break;
+        case _ASCE_TYPE_REGION3:
+            index = (r2 >> 31) & 0x7ff;
+            break;
+        case _ASCE_TYPE_SEGMENT:
+            index = (r2 >> 20) & 0x7ff;
+            break;
+        }
+        for (i = 0; i < entries; i++) {
+            /* addresses are not wrapped in 24/31bit mode but table index is */
+            raddr = table + ((index + i) & 0x7ff) * sizeof(entry);
+            entry = ldq_phys(cs->as, raddr);
+            if (!(entry & _REGION_ENTRY_INV)) {
+                /* we are allowed to not store if already invalid */
+                entry |= _REGION_ENTRY_INV;
+                stq_phys(cs->as, raddr, entry);
+            }
+        }
+    }
+
+    /* We simply flush the complete tlb, therefore we can ignore r3. */
+    if (m4 & 1) {
+        tlb_flush(cs);
+    } else {
+        tlb_flush_all_cpus_synced(cs);
+    }
+}
+
 /* invalidate pte */
 void HELPER(ipte)(CPUS390XState *env, uint64_t pto, uint64_t vaddr,
                   uint32_t m4)
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 7efc10b..1be4c3a 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -2407,6 +2407,21 @@ static ExitStatus op_ipm(DisasContext *s, DisasOps *o)
 }
 
 #ifndef CONFIG_USER_ONLY
+static ExitStatus op_idte(DisasContext *s, DisasOps *o)
+{
+    TCGv_i32 m4;
+
+    check_privileged(s);
+    if (s390_has_feat(S390_FEAT_LOCAL_TLB_CLEARING)) {
+        m4 = tcg_const_i32(get_field(s->fields, m4));
+    } else {
+        m4 = tcg_const_i32(0);
+    }
+    gen_helper_idte(cpu_env, o->in1, o->in2, m4);
+    tcg_temp_free_i32(m4);
+    return NO_EXIT;
+}
+
 static ExitStatus op_ipte(DisasContext *s, DisasOps *o)
 {
     TCGv_i32 m4;
-- 
2.9.4

Re: [Qemu-devel] [PATCH v2 0/3] target/s390x: implement idte and improve ipte

[Richard Henderson]

On 06/22/2017 02:41 AM, David Hildenbrand wrote:
> By adding idte, we are now able to expose the DAT-enhancement facility
> to our guest. Also, properly simulate and expose the local-tlb-clearing
> facility.
> 
> To improve the TLB flushing, we will have to remember each used table (or
> at least a hash!) for each tlb entry, just like real HW does.
> 
> This allows me to start an upstream kernel (having also the mvcos patch
> applied) compiled for z9 using:
> 
> qemu-system-s390x ... -cpu qemu,mvcos=on,stfle=on,ldisp=on,ldisphp=on,\
>                             eimm=on,stckf=on,csst=on,csst2=on,ginste=on,\
>                             exrl=on,dateh=on,ltlbc=on
> 
> Linux will detect the DAT-enhancement facility and use idte+cspg.
> 
> v1 -> v2:
> - Allow to enable the DAT-enhancement facility.
> - Fix wrong register in idte.
> - Simply set m4 to zero in case local-tlb-clearing is not enabled.

Reviewed and applied to my target/s390x tree.


r~