From: Richard Henderson <richard.henderson@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH 22/36] cputlb: Fold TLB_RECHECK into TLB_INVALID_MASK
Date: Fri, 6 Sep 2019 10:58:00 -0400 [thread overview]
Message-ID: <61271010-51d0-c711-82da-7a7210db05b5@linaro.org> (raw)
In-Reply-To: <CAFEAcA9g-nyCPafbjmdL6Ka03rEhH3LyZL2aBPqH7UdR36TihA@mail.gmail.com>
On 9/6/19 7:02 AM, Peter Maydell wrote:
> On Tue, 3 Sep 2019 at 17:09, Richard Henderson
> <richard.henderson@linaro.org> wrote:
>>
>> We had two different mechanisms to force a recheck of the tlb.
>>
>> Before TLB_RECHECK was introduced, we had a PAGE_WRITE_INV bit
>> that would immediate set TLB_INVALID_MASK, which automatically
>> means that a second check of the tlb entry fails.
>>
>> We can use the same mechanism to handle small pages.
>> Conserve TLB_* bits by removing TLB_RECHECK.
>>
>> Reviewed-by: David Hildenbrand <david@redhat.com>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>
>> @@ -1265,27 +1269,6 @@ load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
>> if ((addr & (size - 1)) != 0) {
>> goto do_unaligned_access;
>> }
>> -
>> - if (tlb_addr & TLB_RECHECK) {
>> - /*
>> - * This is a TLB_RECHECK access, where the MMU protection
>> - * covers a smaller range than a target page, and we must
>> - * repeat the MMU check here. This tlb_fill() call might
>> - * longjump out if this access should cause a guest exception.
>> - */
>> - tlb_fill(env_cpu(env), addr, size,
>> - access_type, mmu_idx, retaddr);
>> - index = tlb_index(env, mmu_idx, addr);
>> - entry = tlb_entry(env, mmu_idx, addr);
>> -
>> - tlb_addr = code_read ? entry->addr_code : entry->addr_read;
>> - tlb_addr &= ~TLB_RECHECK;
>> - if (!(tlb_addr & ~TARGET_PAGE_MASK)) {
>> - /* RAM access */
>> - goto do_aligned_access;
>> - }
>> - }
>> -
>> return io_readx(env, &env_tlb(env)->d[mmu_idx].iotlb[index],
>> mmu_idx, addr, retaddr, access_type, op);
>> }
>
> In the old version of this code, we do the "tlb fill if TLB_RECHECK
> is set", and then we say "now we've done the refill have we actually
> got RAM", and we avoid calling io_readx() if that is the case.
I don't think that's the case, since,
if (!victim_tlb_hit(env, mmu_idx, index, tlb_off,
addr & TARGET_PAGE_MASK)) {
tlb_fill(env_cpu(env), addr, size,
access_type, mmu_idx, retaddr);
index = tlb_index(env, mmu_idx, addr);
entry = tlb_entry(env, mmu_idx, addr);
}
tlb_addr = code_read ? entry->addr_code : entry->addr_read;
tlb_addr &= ~TLB_INVALID_MASK;
}
the last line here clears INVALID. The only bits that could remain should be
WATCHPOINT and MMIO. (NOTDIRTY can only be set for entry->addr_write, not for
addr_read/addr_code.)
And for that matter, once we've processed the watchpoint we remove
TLB_WATCHPOINT as well, so that we only enter io_readx() if MMIO is set.
> This is necessary because io_readx() will misbehave if you try to
> call it on RAM (notably if what we have is notdirty-mem then we
> need to do the read-from-actual-host-ram because the IO ops backing
> notdirty-mem are intended for writes only).
>
> With this patch applied, we seem to have lost the handling for
> if the tlb_fill in a TLB_RECHECK case gives us back some real RAM.
> (Similarly for store_helper().)
Again, I disagree. I think there must be some other explanation.
> More generally, I don't really understand why this merging
> is correct -- "TLB needs a recheck" is not the same thing as
> "TLB is invalid" and I don't think we can merge the two
> bits.
"TLB is invalid" means that we cannot use an existing tlb entry, therefore we
must go back to tlb_fill. "TLB needs a recheck" means we must go back to
tlb_fill -- exactly the same.
The only odd bit about "TLB is invalid" is that it applies to the *next*
lookup. If we have just returned from tlb_fill, then the tlb entry *must* be
valid. If it were not valid, then tlb_fill would not return at all.
So, on the paths that use tlb_fill, we clear TLB_INVALID_MASK, indicating that
the lookup has just been done.
Which, honestly, ought to have happened with TLB_RECHECK because it was not
uncommon to perform two tlb_fill in a row -- the first because of a true tlb
miss and the second because the entry supplied by the fill has TLB_RECHECK set.
r~
next prev parent reply other threads:[~2019-09-06 14:59 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-03 16:08 [Qemu-devel] [PATCH 00/36] tcg patch queue Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 01/36] tcg: TCGMemOp is now accelerator independent MemOp Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 02/36] memory: Introduce size_memop Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 03/36] target/mips: Access MemoryRegion with MemOp Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 04/36] hw/s390x: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 05/36] hw/intc/armv7m_nic: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 06/36] hw/virtio: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 07/36] hw/vfio: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 08/36] exec: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 09/36] cputlb: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 10/36] memory: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 11/36] hw/s390x: Hard code size with MO_{8|16|32|64} Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 12/36] target/mips: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 13/36] exec: " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 14/36] memory: Access MemoryRegion with endianness Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 15/36] cputlb: Replace size and endian operands for MemOp Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 16/36] memory: Single byte swap along the I/O path Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 17/36] cputlb: Byte swap memory transaction attribute Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 18/36] target/sparc: Add TLB entry with attributes Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 19/36] target/sparc: sun4u Invert Endian TTE bit Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 20/36] exec: Move user-only watchpoint stubs inline Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 21/36] exec: Factor out core logic of check_watchpoint() Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 22/36] cputlb: Fold TLB_RECHECK into TLB_INVALID_MASK Richard Henderson
2019-09-06 11:02 ` Peter Maydell
2019-09-06 14:58 ` Richard Henderson [this message]
2019-09-03 16:08 ` [Qemu-devel] [PATCH 23/36] exec: Factor out cpu_watchpoint_address_matches Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 24/36] cputlb: Fix size operand for tlb_fill on unaligned store Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 25/36] cputlb: Remove double-alignment in store_helper Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 26/36] cputlb: Handle watchpoints via TLB_WATCHPOINT Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 27/36] tcg: Check for watchpoints in probe_write() Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 28/36] s390x/tcg: Use guest_addr_valid() instead of h2g_valid() in probe_write_access() Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 29/36] s390x/tcg: Fix length calculation " Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 30/36] tcg: Factor out CONFIG_USER_ONLY probe_write() from s390x code Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 31/36] tcg: Enforce single page access in probe_write() Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 32/36] mips/tcg: Call probe_write() for CONFIG_USER_ONLY as well Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 33/36] hppa/tcg: Call probe_write() also for CONFIG_USER_ONLY Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 34/36] s390x/tcg: Pass a size to probe_write() in do_csst() Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 35/36] tcg: Make probe_write() return a pointer to the host page Richard Henderson
2019-09-03 16:08 ` [Qemu-devel] [PATCH 36/36] tcg: Factor out probe_write() logic into probe_access() Richard Henderson
2019-09-03 16:58 ` [Qemu-devel] [PATCH 00/36] tcg patch queue Mark Cave-Ayland
2019-09-04 8:15 ` Peter Maydell
2019-09-03 17:06 ` Philippe Mathieu-Daudé
2019-09-04 16:22 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=61271010-51d0-c711-82da-7a7210db05b5@linaro.org \
--to=richard.henderson@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.