Commit Graph

722 Commits

Author SHA1 Message Date
Alex Bennée
6f15c076da plugins: move reset of plugin data to tb_start
We can't always guarantee we get to the end of a translator loop.
Although this can happen for a variety of reasons it does happen more
often on x86 system emulation when an instruction spans across to an
un-faulted page. This caused confusion of the instruction tracking
data resulting in apparent reverse execution (at least from the
plugins point of view).

Fix this by moving the reset code to plugin_gen_tb_start so we always
start with a clean slate.

We unconditionally reset tcg_ctx->plugin_insn as the
plugin_insn_append code uses this as a proxy for knowing if plugins
are enabled for the current instruction. Otherwise we can hit a race
where a previously instrumented thread leaves a stale value after the
main thread exits and disables instrumentation.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/824
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220204204335.1689602-27-alex.bennee@linaro.org>
2022-02-09 13:26:29 +00:00
Alex Bennée
c51e51005b tracing: remove TCG memory access tracing
If you really want to trace all memory operations TCG plugins gives
you a more flexible interface for doing so.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Luis Vilanova <vilanova@imperial.ac.uk>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220204204335.1689602-19-alex.bennee@linaro.org>
2022-02-09 12:08:42 +00:00
Alex Bennée
92e28c03d6 monitor: move x-query-profile into accel/tcg to fix build
As --enable-profiler isn't defended in CI we missed this breakage.
Move the qmp handler into accel/tcg so we have access to the helpers
we need. While we are at it ensure we gate the feature on CONFIG_TCG.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: 37087fde0e ("qapi: introduce x-query-profile QMP command")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/773
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220105135009.1584676-23-alex.bennee@linaro.org>
2022-01-18 16:42:42 +00:00
Frédéric Pétrot
fc313c6434 exec/memop: Adding signedness to quad definitions
Renaming defines for quad in their various forms so that their signedness is
now explicit.
Done using git grep as suggested by Philippe, with a bit of hand edition to
keep assignments aligned.

Signed-off-by: Frédéric Pétrot <frederic.petrot@univ-grenoble-alpes.fr>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220106210108.138226-2-frederic.petrot@univ-grenoble-alpes.fr
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-01-08 15:46:10 +10:00
Maxim Levitsky
fd2ddd1689 kvm: add support for KVM_GUESTDBG_BLOCKIRQ
Use the KVM_GUESTDBG_BLOCKIRQ debug flag if supported.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211111110604.207376-6-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Maxim Levitsky
12bc5b4cd5 gdbstub, kvm: let KVM report supported singlestep flags
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211111110604.207376-5-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Alex Bennée
aff0e204cb accel/tcg: suppress IRQ check for special TBs
When we set cpu->cflags_next_tb it is because we want to carefully
control the execution of the next TB. Currently there is a race that
causes the second stage of watchpoint handling to get ignored if an
IRQ is processed before we finish executing the instruction that
triggers the watchpoint. Use the new CF_NOIRQ facility to avoid the
race.

We also suppress IRQs when handling precise self modifying code to
avoid unnecessary bouncing.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/245
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211129140932.4115115-3-alex.bennee@linaro.org>
2021-11-29 15:12:37 +00:00
Paolo Bonzini
a399f9143e meson: remove useless libdl test
dlopen is never used after it is sought via cc.find_library, because
plugins use gmodule instead; remove the test.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20211110092454.30916-1-pbonzini@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211115142915.3797652-5-alex.bennee@linaro.org>
2021-11-16 16:19:53 +00:00
Greg Kurz
dd47a8f654 accel/tcg: Register a force_rcu notifier
A TCG vCPU doing a busy loop systematicaly hangs the QEMU monitor
if the user passes 'device_add' without argument. This is because
drain_cpu_all() which is called from qmp_device_add() cannot return
if readers don't exit read-side critical sections. That is typically
what busy-looping TCG vCPUs do:

int cpu_exec(CPUState *cpu)
{
[...]
    rcu_read_lock();
[...]
    while (!cpu_handle_exception(cpu, &ret)) {
        // Busy loop keeps vCPU here
    }
[...]
    rcu_read_unlock();

    return ret;
}

For MTTCG, have all vCPU threads register a force_rcu notifier that will
kick them out of the loop using async_run_on_cpu(). The notifier is called
with the rcu_registry_lock mutex held, using async_run_on_cpu() ensures
there are no deadlocks.

For RR, a single thread runs all vCPUs. Just register a single notifier
that kicks the current vCPU to the next one.

For MTTCG:
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>

For RR:
Suggested-by: Richard Henderson <richard.henderson@linaro.org>

Fixes: 7bed89958b ("device_core: use drain_call_rcu in in qmp_device_add")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/650
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211109183523.47726-3-groug@kaod.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-10 13:20:15 +01:00
Alex Bennée
357af9be5c plugins: try and make plugin_insn_append more ergonomic
Currently we make the assumption that the guest frontend loads all
op code bytes sequentially. This mostly holds up for regular fixed
encodings but some architectures like s390x like to re-read the
instruction which causes weirdness to occur. Rather than changing the
frontends make the plugin API a little more ergonomic and able to
handle the re-read case.

Stuff will still get strange if we read ahead of the opcode but so far
no front ends have done that and this patch asserts the case so we can
catch it early if they do.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211026102234.3961636-21-alex.bennee@linaro.org>
2021-11-04 10:32:01 +00:00
Richard Henderson
b1fd92137e * Build system fixes and cleanups
* DMA support in the multiboot option ROM
 * Rename default-bus-bypass-iommu
 * Deprecate -watchdog and cleanup -watchdog-action
 * HVF fix for <PAGE_SIZE regions
 * Support TSC scaling for AMD nested virtualization
 * Fix for ESP fuzzing bug
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmGBUeEUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOh+Qf+OMRhRiv6dYjbK/5zXrx81AgxYAY3
 dBUSr8v16LyrMl1U3DZWzhD+MzQsC83m/Xsh4lGxlHDWtkK9QQA5xDG95JZdY26i
 MGCbbjnFHISbyBQV9Y724gPfPjOOODuoFbzafSx6VLITOcyv1ye0cm7TOjOPB+tt
 E4c3JqTZ7g8a5yMe8ItkVhz5pPY+oVw8dxMNRp6Sup5Dbfx0DjacIwLasLsHfPL7
 qBADfqB20ovHUzLjXu7oWgEd4KxJ6kiSCaJJu/KD36hg0wB8+WVP1o43j4PkczHT
 QjU7eZaeaTrN5Cf34ttPge6QReMi5SFNCaA9O9/HLqrQgdEtt/diZWuqjQ==
 =a2mC
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Build system fixes and cleanups
* DMA support in the multiboot option ROM
* Rename default-bus-bypass-iommu
* Deprecate -watchdog and cleanup -watchdog-action
* HVF fix for <PAGE_SIZE regions
* Support TSC scaling for AMD nested virtualization
* Fix for ESP fuzzing bug

# gpg: Signature made Tue 02 Nov 2021 10:57:37 AM EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* remotes/bonzini/tags/for-upstream: (27 commits)
  configure: fix --audio-drv-list help message
  configure: Remove the check for the __thread keyword
  Move the l2tpv3 test from configure to meson.build
  meson: remove unnecessary coreaudio test program
  meson: remove pointless warnings
  meson.build: Allow to disable OSS again
  meson: bump submodule to 0.59.3
  qtest/am53c974-test: add test for cancelling in-flight requests
  esp: ensure in-flight SCSI requests are always cancelled
  KVM: SVM: add migration support for nested TSC scaling
  hw/i386: fix vmmouse registration
  watchdog: remove select_watchdog_action
  vl: deprecate -watchdog
  watchdog: add information from -watchdog help to -device help
  hw/i386: Rename default_bus_bypass_iommu
  hvf: Avoid mapping regions < PAGE_SIZE as ram
  configure: do not duplicate CPU_CFLAGS into QEMU_LDFLAGS
  configure: remove useless NPTL probe
  target/i386: use DMA-enabled multiboot ROM for new-enough QEMU machine types
  optionrom: add a DMA-enabled multiboot ROM
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 13:07:30 -04:00
Richard Henderson
e86e00a249 Initial conversion of HMP debugging commands to QMP
This introduces a new policy that all HMP commands will be converted to
 have QMP equivalents, marked unstable if no formal QAPI modelling is
 intended to be done.
 
 New unstable commands are added as follows:
 
   - HMP "info roms" => QMP "x-query-roms"
   - HMP "info profile" => QMP "x-query-profile"
   - HMP "info numa" => QMP "x-query-numa"
   - HMP "info usb" => QMP "x-query-usb"
   - HMP "info rdma" => QMP "x-query-rdma"
   - HMP "info ramblock" => QMP "x-query-ramblock"
   - HMP "info irq" => QMP "x-query-irq"
   - HMP "info jit" => QMP "x-query-jit"
   - HMP "info opcount" => QMP "x-query-opcount"
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmGBe1QACgkQvobrtBUQ
 T9+8XA/9Ex3VtJZpW3FEgk29hvCXxBqM7S6vMpJ+BoySzjf9zeN1b7DJx4uE7urI
 GeIB8x9gtwdlin2E7lFZPG0nzJ35YFctsPjWIn2Nm/i5uIYz68R+SwugJJ7z26Ep
 kn2eN814vONTUk0KL6e4+XQ+LkKI26o2R0mAEy+iWOB3lazCkalHY6u/Z/D5Xcqp
 aRBn/VIWnH4LyIGj9vJuc74nsfo6IbaxFQWnXCjgw7NUVHC33q6R+gXKenf5dXL6
 FhGRV8G6JVMIhRmp8n8BNQiysBLcve7r9LOeSlUMYwDMqBreeS7rNwd5jPoXu4v/
 KfYtqQaXV+YhqEoUR3AWBq0Legz2P2gEDxDg+QMIqb+5kX0+tg2/vTvRNsrhnpIm
 d+9TBqZ8BtJEIyz8MJ/R4G6a7Ytx6cyjLPL0CjswD/0Jsg7XWzyIpcUtJ5OH+tT3
 24NB/Aq++iSReAT53TmypAuijL5kNioB00A+RR0hW5ZPuAiqZzXAXoECOxjNSLOC
 9IBWugug3W7vj3HJIEgDGjFNWcdP0KmCL6dkiWjEfWThDeG39ApQmCL+FlKNRKdC
 7EPcuu3G7Yl8dkG4kmpwR9zCC4fin9TxJajagUlJyJkl/EpbWeebswh175kREnRE
 46CdCRcVTJ4HLbRzWlUkZAtmfzFKKvjQTcmH3cTlgH6vWpfCNCY=
 =AQdc
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/hmp-x-qmp-620-pull-request' into staging

Initial conversion of HMP debugging commands to QMP

This introduces a new policy that all HMP commands will be converted to
have QMP equivalents, marked unstable if no formal QAPI modelling is
intended to be done.

New unstable commands are added as follows:

  - HMP "info roms" => QMP "x-query-roms"
  - HMP "info profile" => QMP "x-query-profile"
  - HMP "info numa" => QMP "x-query-numa"
  - HMP "info usb" => QMP "x-query-usb"
  - HMP "info rdma" => QMP "x-query-rdma"
  - HMP "info ramblock" => QMP "x-query-ramblock"
  - HMP "info irq" => QMP "x-query-irq"
  - HMP "info jit" => QMP "x-query-jit"
  - HMP "info opcount" => QMP "x-query-opcount"

# gpg: Signature made Tue 02 Nov 2021 01:54:28 PM EDT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]

* remotes/berrange/tags/hmp-x-qmp-620-pull-request:
  qapi: introduce x-query-opcount QMP command
  qapi: introduce x-query-jit QMP command
  qapi: introduce x-query-irq QMP command
  qapi: introduce x-query-ramblock QMP command
  qapi: introduce x-query-rdma QMP command
  qapi: introduce x-query-usb QMP command
  qapi: introduce x-query-numa QMP command
  qapi: introduce x-query-profile QMP command
  qapi: introduce x-query-roms QMP command
  docs/devel: document expectations for HMP commands in the future
  docs/devel: add example of command returning unstructured text
  docs/devel: document expectations for QAPI data modelling for QMP
  monitor: introduce HumanReadableText and HMP support
  docs/devel: update error handling guidance for HMP commands
  docs/devel: tweak headings in monitor command docs
  docs/devel: rename file for writing monitor commands
  monitor: make hmp_handle_error return a boolean
  monitor: remove 'info ioapic' HMP command

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-03 08:04:32 -04:00
Richard Henderson
102f39b32d - Split out host signal handing from accel/tcg/user-exec.c
to linux-user/host/arch/host-signal.h
 - Replace TCGCPUOps.tlb_fill with TCGCPUOps.record_sigsegv for user-only
 - Add TCGCPUOps.record_sigbus for user-only
 - Remove a lot of target-specific cpu_loop handling for signals,
   now accomplished with generic code.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmGBG6YdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+6Lwf6A03bNhdXQjSjwUOD
 tW0qGiZ5jtomitHdR04xawkGYWyAoojg7QMm8ZsOgGaGHVRaycmIXaOhIbX7S9/I
 aV0nSn4GHhCWtvFUFvsYdptN/sf1AtuG6L1T4uzJ3qog1G6aKbdbRl85aWWR4w6P
 +YTsQIQaU16k7vG7WwItMyga2fcAgT1qkofCHokw5CCJfni6mfNF1Ku8cWSVHSwF
 5KXs7G5nGLHLKEAtrE+R7xzJPPwwmWR3BNHeTWSd0YDEMWEMxSzLZEHnnTeos4EF
 Hl1WNNO7d8W6KWud4nsMBuPumIMtJwDtqUqSyW4DfvO+Dw+dgvAqoxt8bV/jtJp+
 QCLE0g==
 =Vv/u
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20211102' into staging

- Split out host signal handing from accel/tcg/user-exec.c
  to linux-user/host/arch/host-signal.h
- Replace TCGCPUOps.tlb_fill with TCGCPUOps.record_sigsegv for user-only
- Add TCGCPUOps.record_sigbus for user-only
- Remove a lot of target-specific cpu_loop handling for signals,
  now accomplished with generic code.

# gpg: Signature made Tue 02 Nov 2021 07:06:14 AM EDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* remotes/rth/tags/pull-tcg-20211102: (60 commits)
  linux-user: Handle BUS_ADRALN in host_signal_handler
  tcg: Add helper_unaligned_{ld,st} for user-only sigbus
  accel/tcg: Report unaligned load/store for user-only
  accel/tcg: Report unaligned atomics for user-only
  target/sparc: Set fault address in sparc_cpu_do_unaligned_access
  target/sparc: Split out build_sfsr
  target/sparc: Remove DEBUG_UNALIGNED
  target/sh4: Set fault address in superh_cpu_do_unaligned_access
  target/s390x: Implement s390x_cpu_record_sigbus
  linux-user/ppc: Remove POWERPC_EXCP_ALIGN handling
  target/ppc: Restrict ppc_cpu_do_unaligned_access to sysemu
  target/ppc: Set fault address in ppc_cpu_do_unaligned_access
  target/ppc: Move SPR_DSISR setting to powerpc_excp
  target/microblaze: Do not set MO_ALIGN for user-only
  linux-user/hppa: Remove EXCP_UNALIGN handling
  target/arm: Implement arm_cpu_record_sigbus
  target/alpha: Implement alpha_cpu_record_sigbus
  linux-user: Add cpu_loop_exit_sigbus
  hw/core: Add TCGCPUOps.record_sigbus
  accel/tcg: Restrict TCGCPUOps::tlb_fill() to sysemu
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 13:44:53 -04:00
Daniel P. Berrangé
b6a7f3e0d2 qapi: introduce x-query-opcount QMP command
This is a counterpart to the HMP "info opcount" command. It is being
added with an "x-" prefix because this QMP command is intended as an
ad hoc debugging tool and will thus not be modelled in QAPI as fully
structured data, nor will it have long term guaranteed stability.
The existing HMP command is rewritten to call the QMP command.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02 15:57:20 +00:00
Daniel P. Berrangé
3a841ab53f qapi: introduce x-query-jit QMP command
This is a counterpart to the HMP "info jit" command. It is being
added with an "x-" prefix because this QMP command is intended as an
ad hoc debugging tool and will thus not be modelled in QAPI as fully
structured data, nor will it have long term guaranteed stability.
The existing HMP command is rewritten to call the QMP command.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-11-02 15:57:20 +00:00
Alexander Graf
a443c3e225 hvf: Avoid mapping regions < PAGE_SIZE as ram
HVF has generic memory listener code that adds all RAM regions as HVF RAM
regions. However, HVF can only handle page aligned, page granule regions.

So let's ignore regions that are not page aligned and sized. They will be
trapped as MMIO instead.

Signed-off-by: Alexander Graf <agraf@csgraf.de>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211025132147.28308-1-agraf@csgraf.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-02 15:57:27 +01:00
Richard Henderson
37e891e38f tcg: Add helper_unaligned_{ld,st} for user-only sigbus
To be called from tcg generated code on hosts that support
unaligned accesses natively, in response to an access that
is supposed to be aligned.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:52 -04:00
Richard Henderson
9395cd0a38 accel/tcg: Report unaligned load/store for user-only
Use the new cpu_loop_exit_sigbus for cpu_mmu_lookup.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:52 -04:00
Richard Henderson
fce3f47430 accel/tcg: Report unaligned atomics for user-only
Use the new cpu_loop_exit_sigbus for atomic_mmu_lookup, which
has access to complete alignment info from the TCGMemOpIdx arg.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:52 -04:00
Richard Henderson
72d2bbf9ff linux-user: Add cpu_loop_exit_sigsegv
This is a new interface to be provided by the os emulator for
raising SIGSEGV on fault.  Use the new record_sigsegv target hook.

Reviewed by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:52 -04:00
Richard Henderson
97be8c6a95 linux-user/host/riscv: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:51 -04:00
Richard Henderson
b12161120a linux-user/host/mips: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:50 -04:00
Richard Henderson
66ee11d407 linux-user/host/s390: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:46 -04:00
Richard Henderson
cf5f42fd07 linux-user/host/aarch64: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.
Drop the *BSD code, to be re-created under bsd-user/ later.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:45 -04:00
Richard Henderson
a30bfaa7bd linux-user/host/arm: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.
Drop the *BSD code, to be re-created under bsd-user/ later.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:44 -04:00
Richard Henderson
8b5bd46193 linux-user/host/sparc: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.
Drop the *BSD code, to be re-created under bsd-user/ later.
Drop the Solaris code as completely unused.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:43 -04:00
Richard Henderson
44c8f2cd90 linux-user/host/alpha: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:42 -04:00
Richard Henderson
8cc7b85d56 linux-user/host/ppc: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.
Drop the *BSD code, to be re-created under bsd-user/ later.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:41 -04:00
Richard Henderson
85442fce49 linux-user/host/x86: Populate host_signal.h
Split host_signal_pc and host_signal_write out of user-exec.c.
Drop the *BSD code, to be re-created under bsd-user/ later.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-02 07:00:38 -04:00
Hyman Huang(黄勇)
7786ae40ba KVM: introduce dirty_pages and kvm_dirty_ring_enabled
dirty_pages is used to calculate dirtyrate via dirty ring, when
enabled, kvm-reaper will increase the dirty pages after gfns
being dirtied.

kvm_dirty_ring_enabled shows if kvm-reaper is working. dirtyrate
thread could use it to check if measurement can base on dirty
ring feature.

Signed-off-by: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Message-Id: <fee5fb2ab17ec2159405fc54a3cff8e02322f816.1624040308.git.huangy81@chinatelecom.cn>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2021-11-01 22:56:43 +01:00
Richard Henderson
940b30904e accel/tcg: Fold cpu_exit_tb_from_sighandler into caller
Remove the comment about siglongjmp.  We do use sigsetjmp
in the main cpu loop, but we do not save the signal mask
as most exits from the cpu loop do not require them.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-30 09:52:04 -07:00
Richard Henderson
5e38ba7dde accel/tcg: Split out handle_sigsegv_accerr_write
This is the major portion of handle_cpu_signal which is specific
to tcg, handling the page protections for the translations.
Most of the rest will migrate to linux-user/ shortly.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Pass guest address to handle_sigsegv_accerr_write.
2021-10-30 09:52:04 -07:00
Richard Henderson
f920ffdd8e accel/tcg: Move clear_helper_retaddr to cpu loop
Currently there are only two places that require we reset this
value before exiting to the main loop, but that will change.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-30 09:52:04 -07:00
Richard Henderson
0fdbb7d2c1 accel/tcg: Split out adjust_signal_pc
Split out a function to adjust the raw signal pc into a
value that could be passed to cpu_restore_state.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
v2: Adjust pc in place; return MMUAccessType.
2021-10-30 09:52:04 -07:00
Richard Henderson
c9460d75c5 accel/tcg: Handle gdb singlestep in cpu_tb_exec
Currently the change in cpu_tb_exec is masked by the debug exception
being raised by the translators.  But this allows us to remove that code.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-15 16:39:14 -07:00
Richard Henderson
e5b2333f24 Use MO_128 for 16-byte atomic memory operations.
Add cpu_ld/st_mmu memory primitives.
 Move helper_ld/st memory helpers out of tcg.h.
 Canonicalize alignment flags in MemOp.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmFnG/0dHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/P8Qf/TIb+nP/q4ZesoHV5
 hNuKIMcGMiIWjP7YkuXg7H8n4QQxSK+nKXI3qlWCTIVtKOQFC3jkqNnxV8ncHUyS
 RW6ePEcmJfb+yv20MnDLObxMcAq6mIkHtOjARQcvcHiXxMNEZdIvJ8f8/qrkYib1
 RRJarqIGlYFJvGyfbplq/JA/WYcJleIElEUx7JPSewz38Kk0gDIH2+BR2TBFrWAD
 TDfh+GvlHeX8IYU19rWnt7pFv8TVPVQODqJBtlRPEYnl+LGdpJPCP2ATUAggWHiA
 hucYKsuMWXXXhGx2nsurkpSNrBfGe6OHybOE5d1ARqmq0MnyHJat+ryh6qTx3Z9w
 oZKi+Q==
 =QpK0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20211013' into staging

Use MO_128 for 16-byte atomic memory operations.
Add cpu_ld/st_mmu memory primitives.
Move helper_ld/st memory helpers out of tcg.h.
Canonicalize alignment flags in MemOp.

# gpg: Signature made Wed 13 Oct 2021 10:48:45 AM PDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* remotes/rth/tags/pull-tcg-20211013:
  tcg: Canonicalize alignment flags in MemOp
  tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
  target/arm: Use cpu_*_mmu instead of helper_*_mmu
  target/sparc: Use cpu_*_mmu instead of helper_*_mmu
  target/s390x: Use cpu_*_mmu instead of helper_*_mmu
  target/mips: Use 8-byte memory ops for msa load/store
  target/mips: Use cpu_*_data_ra for msa load/store
  accel/tcg: Move cpu_atomic decls to exec/cpu_ldst.h
  accel/tcg: Add cpu_{ld,st}*_mmu interfaces
  target/hexagon: Implement cpu_mmu_index
  target/s390x: Use MO_128 for 16 byte atomics
  target/ppc: Use MO_128 for 16 byte atomics
  target/i386: Use MO_128 for 16 byte atomics
  target/arm: Use MO_128 for 16 byte atomics
  memory: Log access direction for invalid accesses

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-13 11:43:29 -07:00
Richard Henderson
d2ba802657 tcg: Move helper_*_mmu decls to tcg/tcg-ldst.h
These functions have been replaced by cpu_*_mmu as the
most proper interface to use from target code.

Hide these declarations from code that should not use them.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-13 08:46:42 -07:00
Richard Henderson
f83bcecb1f accel/tcg: Add cpu_{ld,st}*_mmu interfaces
These functions are much closer to the softmmu helper
functions, in that they take the complete MemOpIdx,
and from that they may enforce required alignment.

The previous cpu_ldst.h functions did not have alignment info,
and so did not enforce it.  Retain this by adding MO_UNALN to
the MemOp that we create in calling the new functions.

Note that we are not yet enforcing alignment for user-only,
but we now have the information with which to do so.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-13 08:09:53 -07:00
Alexander Graf
dec490db8b hvf: Determine slot count from struct layout
We can handle up to a static amount of memory slots, capped by the size of
an internal array.

Let's make sure that array size is the only source of truth for the number
of elements in that array.

Signed-off-by: Alexander Graf <agraf@csgraf.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211008054616.43828-1-agraf@csgraf.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-10-13 10:47:49 +02:00
Philippe Mathieu-Daudé
773ab6cb16 target/i386/kvm: Restrict SEV stubs to x86 architecture
SEV is x86-specific, no need to add its stub to other
architectures. Move the stub file to target/i386/kvm/.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211007161716.453984-5-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-10-13 10:47:49 +02:00
Alex Bennée
453d50ce75 accel/tcg: re-factor plugin_inject_cb so we can assert insn_idx is valid
Coverity doesn't know enough about how we have arranged our plugin TCG
ops to know we will always have incremented insn_idx before injecting
the callback. Let us assert it for the benefit of Coverity and protect
ourselves from accidentally breaking the assumption and triggering
harder to grok errors deeper in the code if we attempt a negative
indexed array lookup.

However to get to this point we re-factor the code and remove the
second hand instruction boundary detection in favour of scanning the
full set of ops and using the existing INDEX_op_insn_start to cleanly
detect when the instruction has started. As we no longer need the
plugin specific list of ops we delete that.

My initial benchmarks shows no discernible impact of dropping the
plugin specific ops list.

Fixes: Coverity 1459509
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210917162332.3511179-12-alex.bennee@linaro.org>
2021-10-12 08:38:10 +01:00
Richard Henderson
0583f775d2 trace: Split guest_mem_before
There is no point in encoding load/store within a bit of
the memory trace info operand.  Represent atomic operations
as a single read-modify-write tracepoint.  Use MemOpIdx
instead of inventing a form specifically for traces.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-05 16:53:17 -07:00
Richard Henderson
37aff08726 plugins: Reorg arguments to qemu_plugin_vcpu_mem_cb
Use the MemOpIdx directly, rather than the rearrangement
of the same bits currently done by the trace infrastructure.
Pass in enum qemu_plugin_mem_rw so that we are able to treat
read-modify-write operations as a single operation.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-05 16:53:17 -07:00
Richard Henderson
c3e83e376c accel/tcg: Pass MemOpIdx to atomic_trace_*_post
We will shortly use the MemOpIdx directly, but in the meantime
re-compute the trace meminfo.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-05 16:53:17 -07:00
Richard Henderson
b0702c91c6 trace/mem: Pass MemOpIdx to trace_mem_get_info
We (will) often have the complete MemOpIdx handy, so use that.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-05 16:53:17 -07:00
Richard Henderson
9002ffcb72 tcg: Rename TCGMemOpIdx to MemOpIdx
We're about to move this out of tcg.h, so rename it
as we did when moving MemOp.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-05 16:53:17 -07:00
Richard Henderson
c433e298d9 accel/tcg: Drop signness in tracing in cputlb.c
We are already inconsistent about whether or not
MO_SIGN is set in trace_mem_get_info.  Dropping it
entirely allows some simplification.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-10-05 16:53:17 -07:00
Peter Xu
142518bda5 memory: Name all the memory listeners
Provide a name field for all the memory listeners.  It can be used to identify
which memory listener is which.

Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210817013553.30584-2-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-09-30 15:30:24 +02:00
Philippe Mathieu-Daudé
0596fa11f1 accel/tcg: Restrict cpu_handle_halt() to sysemu
Commit 372579427a ("tcg: enable thread-per-vCPU") added the following
comment describing EXCP_HALTED in qemu_tcg_cpu_thread_fn():

    case EXCP_HALTED:
         /* during start-up the vCPU is reset and the thread is
          * kicked several times. If we don't ensure we go back
          * to sleep in the halted state we won't cleanly
          * start-up when the vCPU is enabled.
          *
          * cpu->halted should ensure we sleep in wait_io_event
          */
         g_assert(cpu->halted);
         break;

qemu_wait_io_event() is sysemu-specific, so we can restrict the
cpu_handle_halt() call in cpu_exec() to system emulation.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210912172731.789788-2-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-09-21 19:36:44 -07:00
Peter Collingbourne
219c101fa7 arm/hvf: Add a WFI handler
Sleep on WFI until the VTIMER is due but allow ourselves to be woken
up on IPI.

In this implementation IPI is blocked on the CPU thread at startup and
pselect() is used to atomically unblock the signal and begin sleeping.
The signal is sent unconditionally so there's no need to worry about
races between actually sleeping and the "we think we're sleeping"
state. It may lead to an extra wakeup but that's better than missing
it entirely.

Signed-off-by: Peter Collingbourne <pcc@google.com>
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Acked-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Message-id: 20210916155404.86958-6-agraf@csgraf.de
[agraf: Remove unused 'set' variable, always advance PC on WFX trap,
        support vm stop / continue operations and cntv offsets]
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Acked-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-09-21 16:28:26 +01:00