From 570ef3093b5ed327249397ad0295cf01c67d9db4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Benn=C3=A9e?= Date: Mon, 20 Jul 2020 13:23:58 +0100 Subject: [PATCH 1/3] tcg: update comments for save_iotlb_data in cputlb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I missed Emilio's review comments: Message-ID: <20200718205107.GA994221@sff> and the patch got merged. Correcting the comments now. Reviewed-by: Emilio G. Cota Signed-off-by: Alex Bennée Message-Id: <20200720122358.26881-1-alex.bennee@linaro.org> Signed-off-by: Richard Henderson --- accel/tcg/cputlb.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index d370aedb47..5698292749 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -1075,10 +1075,8 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry, /* * Save a potentially trashed IOTLB entry for later lookup by plugin. - * - * We also need to track the thread storage address because the RCU - * cleanup that runs when we leave the critical region (the current - * execution) is actually in a different thread. + * This is read by tlb_plugin_lookup if the iotlb entry doesn't match + * because of the side effect of io_writex changing memory layout. */ static void save_iotlb_data(CPUState *cs, hwaddr addr, MemoryRegionSection *section, hwaddr mr_offset) @@ -1408,8 +1406,9 @@ void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr, * This almost never fails as the memory access being instrumented * should have just filled the TLB. The one corner case is io_writex * which can cause TLB flushes and potential resizing of the TLBs - * loosing the information we need. In those cases we need to recover - * data from a copy of the io_tlb entry. + * losing the information we need. In those cases we need to recover + * data from a copy of the iotlbentry. As long as this always occurs + * from the same thread (which a mem callback will be) this is safe. */ bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx, From 79826f99feb7222b7804058f0b4ace9ee0546361 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 20 Jul 2020 10:35:00 -0700 Subject: [PATCH 2/3] target/hppa: Free some temps in do_sub MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two temps allocated but not freed. Do enough subtractions within a single TB and one can run out of temps entirely. Fixes: b2167459ae ("target-hppa: Implement basic arithmetic") Buglink: https://bugs.launchpad.net/qemu/+bug/1880287 Tested-by: Sven Schnelle Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson Message-Id: <20200720174039.517902-1-richard.henderson@linaro.org> --- target/hppa/translate.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/hppa/translate.c b/target/hppa/translate.c index 52d7bea1ea..4bd22d4820 100644 --- a/target/hppa/translate.c +++ b/target/hppa/translate.c @@ -1294,6 +1294,8 @@ static void do_sub(DisasContext *ctx, unsigned rt, TCGv_reg in1, save_or_nullify(ctx, cpu_psw_cb_msb, cb_msb); save_gpr(ctx, rt, dest); tcg_temp_free(dest); + tcg_temp_free(cb); + tcg_temp_free(cb_msb); /* Install the new nullification. */ cond_free(&ctx->null_cond); From 3cb3a7720b01830abd5fbb81819dbb9271bf7821 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 20 Jul 2020 08:30:40 -0700 Subject: [PATCH 3/3] target/i386: Save cc_op before loop insns MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We forgot to update cc_op before these branch insns, which lead to losing track of the current eflags. Buglink: https://bugs.launchpad.net/qemu/+bug/1888165 Reviewed-by: Alex Bennée Signed-off-by: Richard Henderson Message-Id: <20200720154028.477457-1-richard.henderson@linaro.org> --- target/i386/translate.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/translate.c b/target/i386/translate.c index a1d31f09c1..caea6f5fb1 100644 --- a/target/i386/translate.c +++ b/target/i386/translate.c @@ -7148,6 +7148,7 @@ static target_ulong disas_insn(DisasContext *s, CPUState *cpu) l1 = gen_new_label(); l2 = gen_new_label(); l3 = gen_new_label(); + gen_update_cc_op(s); b &= 3; switch(b) { case 0: /* loopnz */