[PULL 0/2] tcg patch queue

[PULL 0/2] tcg patch queue

[Richard Henderson]

The following changes since commit eb6490f544388dd24c0d054a96dd304bc7284450:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200703' into staging (2020-07-04 16:08:41 +0100)

are available in the Git repository at:

  https://github.com/rth7680/qemu.git tags/pull-tcg-20200706

for you to fetch changes up to 852f933e482518797f7785a2e017a215b88df815:

  tcg: Fix do_nonatomic_op_* vs signed operations (2020-07-06 10:58:19 -0700)

----------------------------------------------------------------
Fix for ppc shifts
Fix for non-parallel atomic ops

----------------------------------------------------------------
Catherine A. Frederick (1):
      tcg/ppc: Sanitize immediate shifts

Richard Henderson (1):
      tcg: Fix do_nonatomic_op_* vs signed operations

 tcg/ppc/tcg-target.inc.c | 15 ++++++++++-----
 tcg/tcg-op.c             | 10 ++++++----
 2 files changed, 16 insertions(+), 9 deletions(-)

Re: [PULL 0/2] tcg patch queue

[Peter Maydell]

On Mon, 6 Jul 2020 at 19:52, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> The following changes since commit eb6490f544388dd24c0d054a96dd304bc7284450:
>
>   Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200703' into staging (2020-07-04 16:08:41 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/rth7680/qemu.git tags/pull-tcg-20200706
>
> for you to fetch changes up to 852f933e482518797f7785a2e017a215b88df815:
>
>   tcg: Fix do_nonatomic_op_* vs signed operations (2020-07-06 10:58:19 -0700)
>
> ----------------------------------------------------------------
> Fix for ppc shifts
> Fix for non-parallel atomic ops


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM

[PULL 0/2] tcg patch queue

[Richard Henderson]

The following changes since commit 9fed1bca6bc643ce91b6117f4974421aaede4751:

  Merge tag 'pull-target-arm-20220711' of https://git.linaro.org/people/pmaydell/qemu-arm into staging (2022-07-11 22:02:09 +0530)

are available in the Git repository at:

  https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220712

for you to fetch changes up to b0f650f0477ae775e0915e3d60ab5110ad5e9157:

  accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore (2022-07-12 10:43:33 +0530)

----------------------------------------------------------------
Fix for duplicate tlb check on unaligned access.
Fix for w^x code gen buffer mapping.

----------------------------------------------------------------
Ilya Leoshkevich (1):
      accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore

Shaobo Song (1):
      tcg: Fix returned type in alloc_code_gen_buffer_splitwx_memfd()

 accel/tcg/cputlb.c | 8 +++++---
 tcg/region.c       | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

[PULL 1/2] tcg: Fix returned type in alloc_code_gen_buffer_splitwx_memfd()

[Richard Henderson]

From: Shaobo Song <shnusongshaobo@gmail.com>

This fixes a bug in POSIX-compliant environments. Since we had allocated
a buffer named 'tcg-jit' with read-write access protections we need a int
type to combine these access flags and return it, whereas we had inexplicably
return a bool type. It may cause an unnecessary protection change in
tcg_region_init().

Cc: qemu-stable@nongnu.org
Fixes: 7be9ebcf924c ("tcg: Return the map protection from alloc_code_gen_buffer")
Signed-off-by: Shaobo Song <shnusongshaobo@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220624150216.3627-1-shnusongshaobo@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/region.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/region.c b/tcg/region.c
index 71ea81d671..88d6bb273f 100644
--- a/tcg/region.c
+++ b/tcg/region.c
@@ -548,7 +548,7 @@ static int alloc_code_gen_buffer_anon(size_t size, int prot,
 #ifdef CONFIG_POSIX
 #include "qemu/memfd.h"
 
-static bool alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
+static int alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
 {
     void *buf_rw = NULL, *buf_rx = MAP_FAILED;
     int fd = -1;
-- 
2.34.1

[PULL 2/2] accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore

[Richard Henderson]

From: Ilya Leoshkevich <iii@linux.ibm.com>

If low-address-protection is active, unaligned stores to non-protected
parts of lowcore lead to protection exceptions. The reason is that in
such cases tlb_fill() call in store_helper_unaligned() covers
[0, addr + size) range, which contains the protected portion of
lowcore. This range is too large.

The most straightforward fix would be to make sure we stay within the
original [addr, addr + size) range. However, if an unaligned access
affects a single page, we don't need to call tlb_fill() in
store_helper_unaligned() at all, since it would be identical to
the previous tlb_fill() call in store_helper(), and therefore a no-op.
If an unaligned access covers multiple pages, this situation does not
occur.

Therefore simply skip TLB handling in store_helper_unaligned() if we
are dealing with a single page.

Fixes: 2bcf018340cb ("s390x/tcg: low-address protection support")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220711185640.3558813-2-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/cputlb.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index f90f4312ea..a46f3a654d 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -2248,7 +2248,7 @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
     const size_t tlb_off = offsetof(CPUTLBEntry, addr_write);
     uintptr_t index, index2;
     CPUTLBEntry *entry, *entry2;
-    target_ulong page2, tlb_addr, tlb_addr2;
+    target_ulong page1, page2, tlb_addr, tlb_addr2;
     MemOpIdx oi;
     size_t size2;
     int i;
@@ -2256,15 +2256,17 @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
     /*
      * Ensure the second page is in the TLB.  Note that the first page
      * is already guaranteed to be filled, and that the second page
-     * cannot evict the first.
+     * cannot evict the first.  An exception to this rule is PAGE_WRITE_INV
+     * handling: the first page could have evicted itself.
      */
+    page1 = addr & TARGET_PAGE_MASK;
     page2 = (addr + size) & TARGET_PAGE_MASK;
     size2 = (addr + size) & ~TARGET_PAGE_MASK;
     index2 = tlb_index(env, mmu_idx, page2);
     entry2 = tlb_entry(env, mmu_idx, page2);
 
     tlb_addr2 = tlb_addr_write(entry2);
-    if (!tlb_hit_page(tlb_addr2, page2)) {
+    if (page1 != page2 && !tlb_hit_page(tlb_addr2, page2)) {
         if (!victim_tlb_hit(env, mmu_idx, index2, tlb_off, page2)) {
             tlb_fill(env_cpu(env), page2, size2, MMU_DATA_STORE,
                      mmu_idx, retaddr);
-- 
2.34.1

Re: [PULL 0/2] tcg patch queue

[Richard Henderson]

On 7/12/22 11:50, Richard Henderson wrote:
> The following changes since commit 9fed1bca6bc643ce91b6117f4974421aaede4751:
> 
>    Merge tag 'pull-target-arm-20220711' of https://git.linaro.org/people/pmaydell/qemu-arm into staging (2022-07-11 22:02:09 +0530)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20220712
> 
> for you to fetch changes up to b0f650f0477ae775e0915e3d60ab5110ad5e9157:
> 
>    accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore (2022-07-12 10:43:33 +0530)
> 
> ----------------------------------------------------------------
> Fix for duplicate tlb check on unaligned access.
> Fix for w^x code gen buffer mapping.

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/7.1 as appropriate.


r~


> 
> ----------------------------------------------------------------
> Ilya Leoshkevich (1):
>        accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore
> 
> Shaobo Song (1):
>        tcg: Fix returned type in alloc_code_gen_buffer_splitwx_memfd()
> 
>   accel/tcg/cputlb.c | 8 +++++---
>   tcg/region.c       | 2 +-
>   2 files changed, 6 insertions(+), 4 deletions(-)

[PULL 0/2] tcg patch queue

[Richard Henderson]

Dangit, PULL.

r~

On 2/13/24 15:25, Richard Henderson wrote:
> The following changes since commit bc2e8b18fba33f30f25b7c2d74328493c0a2231d:
> 
>    Merge tag 'hppa64-pull-request' of https://github.com/hdeller/qemu-hppa into staging (2024-02-13 13:56:46 +0000)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20240213
> 
> for you to fetch changes up to e41f1825b43796c3508ef309ed0b150ef89acc44:
> 
>    tcg/arm: Fix goto_tb for large translation blocks (2024-02-13 07:42:45 -1000)
> 
> ----------------------------------------------------------------
> tcg: Increase width of temp_subindex
> tcg/arm: Fix goto_tb for large translation blocks
> 
> ----------------------------------------------------------------
> Richard Henderson (2):
>        tcg: Increase width of temp_subindex
>        tcg/arm: Fix goto_tb for large translation blocks
> 
>   include/tcg/tcg.h        | 2 +-
>   tcg/arm/tcg-target.c.inc | 4 ++--
>   2 files changed, 3 insertions(+), 3 deletions(-)