qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling
@ 2019-08-12 11:27 David Hildenbrand
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug() David Hildenbrand
                   ` (5 more replies)
  0 siblings, 6 replies; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 11:27 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Cornelia Huck,
	Halil Pasic, Christian Borntraeger, qemu-s390x,
	Richard Henderson

The first two patches are modified patches from:
    [PATCH-for-4.2 v1 0/9] s390x: MMU changes and extensions

This series primarily fixes minor things in the storage key handling code
in the MMU and implements fairly reliable reference and change bit handling
for TCG. To track the reference and change bit, we have to invalidate
TLB entries whenever the storage key is changed by the guest and make sure
not TLB entry is writable in case the storage key does not indicate a
change already.

With this series, the kvm-unit-test "skey" now passes. \o/

David Hildenbrand (6):
  s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
  s390x/tcg: Rework MMU selection for instruction fetches
  s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE
  s390x/mmu: Trace the right value if setting/getting the storage key
    fails
  s390x/mmu: Better storage key reference and change bit handling
  s390x/mmu: Factor out storage key handling

 target/s390x/cpu.h        |   7 ++
 target/s390x/helper.c     |   5 ++
 target/s390x/mem_helper.c |   4 ++
 target/s390x/mmu_helper.c | 131 ++++++++++++++++++++++++--------------
 4 files changed, 98 insertions(+), 49 deletions(-)

-- 
2.21.0



^ permalink raw reply	[flat|nested] 21+ messages in thread

* [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
  2019-08-12 11:27 [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling David Hildenbrand
@ 2019-08-12 11:27 ` David Hildenbrand
  2019-08-12 15:18   ` [Qemu-devel] [qemu-s390x] " Thomas Huth
  2019-08-13 12:51   ` [Qemu-devel] " Cornelia Huck
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches David Hildenbrand
                   ` (4 subsequent siblings)
  5 siblings, 2 replies; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 11:27 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Cornelia Huck,
	Halil Pasic, Christian Borntraeger, qemu-s390x,
	Richard Henderson

Let's select the ASC before calling the function. This is a prepararion
to remove the ASC magic depending on the access mode from mmu_translate.

There is currently no way to distinguish if we have code or data access.
For now, we were using code access, because especially when debugging with
the gdbstub, we want to read and disassemble what we single-step.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/helper.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/s390x/helper.c b/target/s390x/helper.c
index 13ae9909ad..c5fb8966b6 100644
--- a/target/s390x/helper.c
+++ b/target/s390x/helper.c
@@ -58,6 +58,11 @@ hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
         vaddr &= 0x7fffffff;
     }
 
+    /* We want to read the code (e.g., see what we are single-stepping).*/
+    if (asc != PSW_ASC_HOME) {
+        asc = PSW_ASC_PRIMARY;
+    }
+
     if (mmu_translate(env, vaddr, MMU_INST_FETCH, asc, &raddr, &prot, false)) {
         return -1;
     }
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches
  2019-08-12 11:27 [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling David Hildenbrand
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug() David Hildenbrand
@ 2019-08-12 11:27 ` David Hildenbrand
  2019-08-12 13:37   ` David Hildenbrand
  2019-08-13 13:16   ` Cornelia Huck
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 3/6] s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE David Hildenbrand
                   ` (3 subsequent siblings)
  5 siblings, 2 replies; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 11:27 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Cornelia Huck,
	Halil Pasic, Christian Borntraeger, qemu-s390x,
	Richard Henderson

Instructions are always fetched from primary address space, except when
in home address mode. Perform the selection directly in cpu_mmu_index().

get_mem_index() is only used to perform data access, instructions are
fetched via cpu_lduw_code(), which translates to cpu_mmu_index(env, true).

We don't care about restricting the access permissions of the TLB
entries anymore, as we no longer enter PRIMARY entries into the
SECONDARY MMU. Cleanup related code a bit.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/cpu.h        |  7 +++++++
 target/s390x/mmu_helper.c | 35 ++++++++++++++---------------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index a606547b4d..c34992bb2e 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -332,6 +332,13 @@ static inline int cpu_mmu_index(CPUS390XState *env, bool ifetch)
         return MMU_REAL_IDX;
     }
 
+    if (ifetch) {
+        if ((env->psw.mask & PSW_MASK_ASC) == PSW_ASC_HOME) {
+            return MMU_HOME_IDX;
+        }
+        return MMU_PRIMARY_IDX;
+    }
+
     switch (env->psw.mask & PSW_MASK_ASC) {
     case PSW_ASC_PRIMARY:
         return MMU_PRIMARY_IDX;
diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index 6e9c4d6151..2c9bb3acc0 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -349,6 +349,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
 {
     static S390SKeysState *ss;
     static S390SKeysClass *skeyclass;
+    uint64_t asce;
     int r = -1;
     uint8_t key;
 
@@ -381,35 +382,21 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
     if (!(env->psw.mask & PSW_MASK_DAT)) {
         *raddr = vaddr;
         r = 0;
-        goto out;
+        goto nodat;
     }
 
     switch (asc) {
     case PSW_ASC_PRIMARY:
         PTE_DPRINTF("%s: asc=primary\n", __func__);
-        r = mmu_translate_asce(env, vaddr, asc, env->cregs[1], raddr, flags,
-                               rw, exc);
+        asce = env->cregs[1];
         break;
     case PSW_ASC_HOME:
         PTE_DPRINTF("%s: asc=home\n", __func__);
-        r = mmu_translate_asce(env, vaddr, asc, env->cregs[13], raddr, flags,
-                               rw, exc);
+        asce = env->cregs[13];
         break;
     case PSW_ASC_SECONDARY:
         PTE_DPRINTF("%s: asc=secondary\n", __func__);
-        /*
-         * Instruction: Primary
-         * Data: Secondary
-         */
-        if (rw == MMU_INST_FETCH) {
-            r = mmu_translate_asce(env, vaddr, PSW_ASC_PRIMARY, env->cregs[1],
-                                   raddr, flags, rw, exc);
-            *flags &= ~(PAGE_READ | PAGE_WRITE);
-        } else {
-            r = mmu_translate_asce(env, vaddr, PSW_ASC_SECONDARY, env->cregs[7],
-                                   raddr, flags, rw, exc);
-            *flags &= ~(PAGE_EXEC);
-        }
+        asce = env->cregs[7];
         break;
     case PSW_ASC_ACCREG:
     default:
@@ -417,11 +404,17 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
         break;
     }
 
- out:
+    /* perform the DAT translation */
+    r = mmu_translate_asce(env, vaddr, asc, asce, raddr, flags, rw, exc);
+    if (r) {
+        return r;
+    }
+
+nodat:
     /* Convert real address -> absolute address */
     *raddr = mmu_real2abs(env, *raddr);
 
-    if (r == 0 && *raddr < ram_size) {
+    if (*raddr < ram_size) {
         if (skeyclass->get_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key)) {
             trace_get_skeys_nonzero(r);
             return 0;
@@ -441,7 +434,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
         }
     }
 
-    return r;
+    return 0;
 }
 
 /**
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [Qemu-devel] [PATCH-for-4.2 v1 3/6] s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE
  2019-08-12 11:27 [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling David Hildenbrand
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug() David Hildenbrand
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches David Hildenbrand
@ 2019-08-12 11:27 ` David Hildenbrand
  2019-08-13 13:42   ` Cornelia Huck
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 4/6] s390x/mmu: Trace the right value if setting/getting the storage key fails David Hildenbrand
                   ` (2 subsequent siblings)
  5 siblings, 1 reply; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 11:27 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Cornelia Huck,
	Halil Pasic, Christian Borntraeger, qemu-s390x,
	Richard Henderson

Whenever we modify a storage key, we shuld flush the TLBs of all CPUs,
so the MMU fault handling code can properly consider the changed storage
key (to e.g., properly set the reference and change bit on the next
accesses).

These functions are barely used in modern Linux guests, so the performance
implications are neglectable for now.

This is a preparation for better reference and change bit handling for
TCG, which will require more MMU changes.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/mem_helper.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 29d9eaa5b7..ed54265e03 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1815,6 +1815,8 @@ void HELPER(sske)(CPUS390XState *env, uint64_t r1, uint64_t r2)
 
     key = (uint8_t) r1;
     skeyclass->set_skeys(ss, addr / TARGET_PAGE_SIZE, 1, &key);
+    /* TODO: Flush only entries with this target address */
+    tlb_flush_all_cpus_synced(env_cpu(env));
 }
 
 /* reset reference bit extended */
@@ -1843,6 +1845,8 @@ uint32_t HELPER(rrbe)(CPUS390XState *env, uint64_t r2)
     if (skeyclass->set_skeys(ss, r2 / TARGET_PAGE_SIZE, 1, &key)) {
         return 0;
     }
+    /* TODO: Flush only entries with this target address */
+    tlb_flush_all_cpus_synced(env_cpu(env));
 
     /*
      * cc
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [Qemu-devel] [PATCH-for-4.2 v1 4/6] s390x/mmu: Trace the right value if setting/getting the storage key fails
  2019-08-12 11:27 [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling David Hildenbrand
                   ` (2 preceding siblings ...)
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 3/6] s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE David Hildenbrand
@ 2019-08-12 11:27 ` David Hildenbrand
  2019-08-12 13:01   ` Cornelia Huck
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 5/6] s390x/mmu: Better storage key reference and change bit handling David Hildenbrand
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 6/6] s390x/mmu: Factor out storage key handling David Hildenbrand
  5 siblings, 1 reply; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 11:27 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Cornelia Huck,
	Halil Pasic, Christian Borntraeger, qemu-s390x,
	Richard Henderson

We want to trace the actual return value, not "0".

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/mmu_helper.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index 2c9bb3acc0..227a822e42 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -415,7 +415,8 @@ nodat:
     *raddr = mmu_real2abs(env, *raddr);
 
     if (*raddr < ram_size) {
-        if (skeyclass->get_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key)) {
+        r = skeyclass->get_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key);
+        if (r) {
             trace_get_skeys_nonzero(r);
             return 0;
         }
@@ -428,7 +429,8 @@ nodat:
             key |= SK_C;
         }
 
-        if (skeyclass->set_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key)) {
+        r = skeyclass->set_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key);
+        if (r) {
             trace_set_skeys_nonzero(r);
             return 0;
         }
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [Qemu-devel] [PATCH-for-4.2 v1 5/6] s390x/mmu: Better storage key reference and change bit handling
  2019-08-12 11:27 [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling David Hildenbrand
                   ` (3 preceding siblings ...)
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 4/6] s390x/mmu: Trace the right value if setting/getting the storage key fails David Hildenbrand
@ 2019-08-12 11:27 ` David Hildenbrand
  2019-08-13 14:54   ` Cornelia Huck
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 6/6] s390x/mmu: Factor out storage key handling David Hildenbrand
  5 siblings, 1 reply; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 11:27 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Cornelia Huck,
	Halil Pasic, Christian Borntraeger, qemu-s390x,
	Richard Henderson

Any access sets the reference bit. In case we have a read-fault, we
should not allow writes to the TLB entry if the change bit was not
already set.

This is a preparation for proper storage-key reference/change bit handling
in TCG and a fix for KVM whereby read accesses would set the change
bit (old KVM versions without the ioctl to carry out the translation).

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/mmu_helper.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index 227a822e42..ba4b460ac6 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -421,14 +421,28 @@ nodat:
             return 0;
         }
 
-        if (*flags & PAGE_READ) {
-            key |= SK_R;
-        }
-
-        if (*flags & PAGE_WRITE) {
+        switch (rw) {
+        case MMU_DATA_LOAD:
+        case MMU_INST_FETCH:
+            /*
+             * The TLB entry has to remain write-protected on read-faults if
+             * the storage key does not indicate a change already. Otherwise
+             * we might miss setting the change bit on write accesses.
+             */
+            if (!(key & SK_C)) {
+                *flags &= ~PAGE_WRITE;
+            }
+            break;
+        case MMU_DATA_STORE:
             key |= SK_C;
+            break;
+        default:
+            g_assert_not_reached();
         }
 
+        /* Any store/fetch sets the reference bit */
+        key |= SK_R;
+
         r = skeyclass->set_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key);
         if (r) {
             trace_set_skeys_nonzero(r);
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* [Qemu-devel] [PATCH-for-4.2 v1 6/6] s390x/mmu: Factor out storage key handling
  2019-08-12 11:27 [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling David Hildenbrand
                   ` (4 preceding siblings ...)
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 5/6] s390x/mmu: Better storage key reference and change bit handling David Hildenbrand
@ 2019-08-12 11:27 ` David Hildenbrand
  2019-08-13 15:04   ` Cornelia Huck
  5 siblings, 1 reply; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 11:27 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Cornelia Huck,
	Halil Pasic, Christian Borntraeger, qemu-s390x,
	Richard Henderson

Factor it out, add a comment how it all works, and also use it in the
REAL MMU.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 target/s390x/mmu_helper.c | 114 +++++++++++++++++++++++---------------
 1 file changed, 69 insertions(+), 45 deletions(-)

diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
index ba4b460ac6..d2c9285d0a 100644
--- a/target/s390x/mmu_helper.c
+++ b/target/s390x/mmu_helper.c
@@ -334,6 +334,73 @@ static int mmu_translate_asce(CPUS390XState *env, target_ulong vaddr,
     return r;
 }
 
+static void mmu_handle_skey(target_ulong addr, int rw, int *flags)
+{
+    static S390SKeysClass *skeyclass;
+    static S390SKeysState *ss;
+    uint8_t key;
+    int rc;
+
+    if (unlikely(!ss)) {
+        ss = s390_get_skeys_device();
+        skeyclass = S390_SKEYS_GET_CLASS(ss);
+    }
+
+    /*
+     * Whenever we create a new TLB entry, we set the storage key reference
+     * bit. In case we allow write accesses, we set the storage key change
+     * bit. Whenever the guest changes the storage key, we have to flush the
+     * TLBs of all CPUs (the whole TLB or all affected entries), so that the
+     * next reference/change will result in an MMU fault and make us properly
+     * update the storage key here.
+     *
+     * Note 1: "record of references ... is not necessarily accurate",
+     *         "change bit may be set in case no storing has occurred".
+     *         -> We can set reference/change bits even on exceptions.
+     * Note 2: certain accesses seem to ignore storage keys. For example,
+     *         DAT translation does not set reference bits for table accesses.
+     *
+     * TODO: key-controlled protection. Only CPU accesses make use of the
+     *       PSW key. CSS accesses are different - we have to pass in the key.
+     *
+     * TODO: we have races between getting and setting the key.
+     */
+    if (addr < ram_size) {
+        rc = skeyclass->get_skeys(ss, addr / TARGET_PAGE_SIZE, 1, &key);
+        if (rc) {
+            trace_get_skeys_nonzero(rc);
+            return;
+        }
+
+        switch (rw) {
+        case MMU_DATA_LOAD:
+        case MMU_INST_FETCH:
+            /*
+             * The TLB entry has to remain write-protected on read-faults if
+             * the storage key does not indicate a change already. Otherwise
+             * we might miss setting the change bit on write accesses.
+             */
+            if (!(key & SK_C)) {
+                *flags &= ~PAGE_WRITE;
+            }
+            break;
+        case MMU_DATA_STORE:
+            key |= SK_C;
+            break;
+        default:
+            g_assert_not_reached();
+        }
+
+        /* Any store/fetch sets the reference bit */
+        key |= SK_R;
+
+        rc = skeyclass->set_skeys(ss, addr / TARGET_PAGE_SIZE, 1, &key);
+        if (rc) {
+            trace_set_skeys_nonzero(rc);
+        }
+    }
+}
+
 /**
  * Translate a virtual (logical) address into a physical (absolute) address.
  * @param vaddr  the virtual address
@@ -347,16 +414,8 @@ static int mmu_translate_asce(CPUS390XState *env, target_ulong vaddr,
 int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
                   target_ulong *raddr, int *flags, bool exc)
 {
-    static S390SKeysState *ss;
-    static S390SKeysClass *skeyclass;
     uint64_t asce;
     int r = -1;
-    uint8_t key;
-
-    if (unlikely(!ss)) {
-        ss = s390_get_skeys_device();
-        skeyclass = S390_SKEYS_GET_CLASS(ss);
-    }
 
     *flags = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
     if (is_low_address(vaddr & TARGET_PAGE_MASK) && lowprot_enabled(env, asc)) {
@@ -414,42 +473,7 @@ nodat:
     /* Convert real address -> absolute address */
     *raddr = mmu_real2abs(env, *raddr);
 
-    if (*raddr < ram_size) {
-        r = skeyclass->get_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key);
-        if (r) {
-            trace_get_skeys_nonzero(r);
-            return 0;
-        }
-
-        switch (rw) {
-        case MMU_DATA_LOAD:
-        case MMU_INST_FETCH:
-            /*
-             * The TLB entry has to remain write-protected on read-faults if
-             * the storage key does not indicate a change already. Otherwise
-             * we might miss setting the change bit on write accesses.
-             */
-            if (!(key & SK_C)) {
-                *flags &= ~PAGE_WRITE;
-            }
-            break;
-        case MMU_DATA_STORE:
-            key |= SK_C;
-            break;
-        default:
-            g_assert_not_reached();
-        }
-
-        /* Any store/fetch sets the reference bit */
-        key |= SK_R;
-
-        r = skeyclass->set_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key);
-        if (r) {
-            trace_set_skeys_nonzero(r);
-            return 0;
-        }
-    }
-
+    mmu_handle_skey(*raddr, rw, flags);
     return 0;
 }
 
@@ -567,6 +591,6 @@ int mmu_translate_real(CPUS390XState *env, target_ulong raddr, int rw,
 
     *addr = mmu_real2abs(env, raddr & TARGET_PAGE_MASK);
 
-    /* TODO: storage key handling */
+    mmu_handle_skey(*addr, rw, flags);
     return 0;
 }
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 4/6] s390x/mmu: Trace the right value if setting/getting the storage key fails
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 4/6] s390x/mmu: Trace the right value if setting/getting the storage key fails David Hildenbrand
@ 2019-08-12 13:01   ` Cornelia Huck
  0 siblings, 0 replies; 21+ messages in thread
From: Cornelia Huck @ 2019-08-12 13:01 UTC (permalink / raw)
  To: David Hildenbrand
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On Mon, 12 Aug 2019 13:27:35 +0200
David Hildenbrand <david@redhat.com> wrote:

> We want to trace the actual return value, not "0".

:) Nice find.

> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/mmu_helper.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches David Hildenbrand
@ 2019-08-12 13:37   ` David Hildenbrand
  2019-08-13 12:52     ` Cornelia Huck
  2019-08-13 13:16   ` Cornelia Huck
  1 sibling, 1 reply; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 13:37 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Janosch Frank, Cornelia Huck, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On 12.08.19 13:27, David Hildenbrand wrote:
> Instructions are always fetched from primary address space, except when
> in home address mode. Perform the selection directly in cpu_mmu_index().
> 
> get_mem_index() is only used to perform data access, instructions are
> fetched via cpu_lduw_code(), which translates to cpu_mmu_index(env, true).
> 
> We don't care about restricting the access permissions of the TLB
> entries anymore, as we no longer enter PRIMARY entries into the
> SECONDARY MMU. Cleanup related code a bit.
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/cpu.h        |  7 +++++++
>  target/s390x/mmu_helper.c | 35 ++++++++++++++---------------------
>  2 files changed, 21 insertions(+), 21 deletions(-)
> 
> diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
> index a606547b4d..c34992bb2e 100644
> --- a/target/s390x/cpu.h
> +++ b/target/s390x/cpu.h
> @@ -332,6 +332,13 @@ static inline int cpu_mmu_index(CPUS390XState *env, bool ifetch)
>          return MMU_REAL_IDX;
>      }
>  
> +    if (ifetch) {
> +        if ((env->psw.mask & PSW_MASK_ASC) == PSW_ASC_HOME) {
> +            return MMU_HOME_IDX;
> +        }
> +        return MMU_PRIMARY_IDX;
> +    }
> +
>      switch (env->psw.mask & PSW_MASK_ASC) {
>      case PSW_ASC_PRIMARY:
>          return MMU_PRIMARY_IDX;
> diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
> index 6e9c4d6151..2c9bb3acc0 100644
> --- a/target/s390x/mmu_helper.c
> +++ b/target/s390x/mmu_helper.c
> @@ -349,6 +349,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
>  {
>      static S390SKeysState *ss;
>      static S390SKeysClass *skeyclass;
> +    uint64_t asce;
>      int r = -1;

I can now stop initializing r.

>      uint8_t key;
>  
> @@ -381,35 +382,21 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
>      if (!(env->psw.mask & PSW_MASK_DAT)) {
>          *raddr = vaddr;
>          r = 0;

and this can go as well.

> -        goto out;
> +        goto nodat;
>      }
>  


-- 

Thanks,

David / dhildenb


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [qemu-s390x] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug() David Hildenbrand
@ 2019-08-12 15:18   ` Thomas Huth
  2019-08-12 15:28     ` David Hildenbrand
  2019-08-13 12:51   ` [Qemu-devel] " Cornelia Huck
  1 sibling, 1 reply; 21+ messages in thread
From: Thomas Huth @ 2019-08-12 15:18 UTC (permalink / raw)
  To: David Hildenbrand, qemu-devel
  Cc: Janosch Frank, Cornelia Huck, Halil Pasic, Christian Borntraeger,
	qemu-s390x, Richard Henderson

On 8/12/19 1:27 PM, David Hildenbrand wrote:
> Let's select the ASC before calling the function. This is a prepararion
> to remove the ASC magic depending on the access mode from mmu_translate.
> 
> There is currently no way to distinguish if we have code or data access.
> For now, we were using code access, because especially when debugging with
> the gdbstub, we want to read and disassemble what we single-step.

IMHO we should add a "instruction" bit to MemTxAttrs and then use the
...page_attrs_debug() interface instead. But ok, that's likely really
something for a separate clean-up, so for the time being:

Reviewed-by: Thomas Huth <thuth@redhat.com>

> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/helper.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/target/s390x/helper.c b/target/s390x/helper.c
> index 13ae9909ad..c5fb8966b6 100644
> --- a/target/s390x/helper.c
> +++ b/target/s390x/helper.c
> @@ -58,6 +58,11 @@ hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
>          vaddr &= 0x7fffffff;
>      }
>  
> +    /* We want to read the code (e.g., see what we are single-stepping).*/
> +    if (asc != PSW_ASC_HOME) {
> +        asc = PSW_ASC_PRIMARY;
> +    }
> +
>      if (mmu_translate(env, vaddr, MMU_INST_FETCH, asc, &raddr, &prot, false)) {
>          return -1;
>      }
> 



^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [qemu-s390x] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
  2019-08-12 15:18   ` [Qemu-devel] [qemu-s390x] " Thomas Huth
@ 2019-08-12 15:28     ` David Hildenbrand
  2019-08-12 15:39       ` David Hildenbrand
  0 siblings, 1 reply; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 15:28 UTC (permalink / raw)
  To: Thomas Huth, qemu-devel
  Cc: Janosch Frank, Cornelia Huck, Halil Pasic, Christian Borntraeger,
	qemu-s390x, Richard Henderson

On 12.08.19 17:18, Thomas Huth wrote:
> On 8/12/19 1:27 PM, David Hildenbrand wrote:
>> Let's select the ASC before calling the function. This is a prepararion
>> to remove the ASC magic depending on the access mode from mmu_translate.
>>
>> There is currently no way to distinguish if we have code or data access.
>> For now, we were using code access, because especially when debugging with
>> the gdbstub, we want to read and disassemble what we single-step.
> 
> IMHO we should add a "instruction" bit to MemTxAttrs and then use the
> ...page_attrs_debug() interface instead. But ok, that's likely really
> something for a separate clean-up, so for the time being:
> 

That sounds like a good idea, and then switching over to
cc->get_phys_page_attrs()

Thanks!

> Reviewed-by: Thomas Huth <thuth@redhat.com>
> 


-- 

Thanks,

David / dhildenb


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [qemu-s390x] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
  2019-08-12 15:28     ` David Hildenbrand
@ 2019-08-12 15:39       ` David Hildenbrand
  2019-08-12 16:04         ` Thomas Huth
  0 siblings, 1 reply; 21+ messages in thread
From: David Hildenbrand @ 2019-08-12 15:39 UTC (permalink / raw)
  To: Thomas Huth, qemu-devel
  Cc: Janosch Frank, Cornelia Huck, Halil Pasic, Christian Borntraeger,
	qemu-s390x, Richard Henderson

On 12.08.19 17:28, David Hildenbrand wrote:
> On 12.08.19 17:18, Thomas Huth wrote:
>> On 8/12/19 1:27 PM, David Hildenbrand wrote:
>>> Let's select the ASC before calling the function. This is a prepararion
>>> to remove the ASC magic depending on the access mode from mmu_translate.
>>>
>>> There is currently no way to distinguish if we have code or data access.
>>> For now, we were using code access, because especially when debugging with
>>> the gdbstub, we want to read and disassemble what we single-step.
>>
>> IMHO we should add a "instruction" bit to MemTxAttrs and then use the
>> ...page_attrs_debug() interface instead. But ok, that's likely really
>> something for a separate clean-up, so for the time being:
>>
> 
> That sounds like a good idea, and then switching over to
> cc->get_phys_page_attrs()

But looking at get_phys_page_attrs_debug() again, "MemTxAttrs *attrs" is
an output value not an input value. So there wouldn't be a way to
specify "what you want" from the caller. At least unless I am missing
something :)

> 
> Thanks!
> 
>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>
> 
> 


-- 

Thanks,

David / dhildenb


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [qemu-s390x] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
  2019-08-12 15:39       ` David Hildenbrand
@ 2019-08-12 16:04         ` Thomas Huth
  0 siblings, 0 replies; 21+ messages in thread
From: Thomas Huth @ 2019-08-12 16:04 UTC (permalink / raw)
  To: David Hildenbrand, qemu-devel
  Cc: Janosch Frank, Cornelia Huck, Halil Pasic, Christian Borntraeger,
	qemu-s390x, Richard Henderson

On 8/12/19 5:39 PM, David Hildenbrand wrote:
> On 12.08.19 17:28, David Hildenbrand wrote:
>> On 12.08.19 17:18, Thomas Huth wrote:
>>> On 8/12/19 1:27 PM, David Hildenbrand wrote:
>>>> Let's select the ASC before calling the function. This is a prepararion
>>>> to remove the ASC magic depending on the access mode from mmu_translate.
>>>>
>>>> There is currently no way to distinguish if we have code or data access.
>>>> For now, we were using code access, because especially when debugging with
>>>> the gdbstub, we want to read and disassemble what we single-step.
>>>
>>> IMHO we should add a "instruction" bit to MemTxAttrs and then use the
>>> ...page_attrs_debug() interface instead. But ok, that's likely really
>>> something for a separate clean-up, so for the time being:
>>>
>>
>> That sounds like a good idea, and then switching over to
>> cc->get_phys_page_attrs()
> 
> But looking at get_phys_page_attrs_debug() again, "MemTxAttrs *attrs" is
> an output value not an input value. So there wouldn't be a way to
> specify "what you want" from the caller. At least unless I am missing
> something :)

Oops, you're right. Too bad :-(

So never mind that idea ... your patch is certainly the best you can do
here right now.

 Thomas



^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug()
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug() David Hildenbrand
  2019-08-12 15:18   ` [Qemu-devel] [qemu-s390x] " Thomas Huth
@ 2019-08-13 12:51   ` Cornelia Huck
  1 sibling, 0 replies; 21+ messages in thread
From: Cornelia Huck @ 2019-08-13 12:51 UTC (permalink / raw)
  To: David Hildenbrand
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On Mon, 12 Aug 2019 13:27:32 +0200
David Hildenbrand <david@redhat.com> wrote:

> Let's select the ASC before calling the function. This is a prepararion
> to remove the ASC magic depending on the access mode from mmu_translate.
> 
> There is currently no way to distinguish if we have code or data access.
> For now, we were using code access, because especially when debugging with
> the gdbstub, we want to read and disassemble what we single-step.
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/helper.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 

Let's go with that for now.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches
  2019-08-12 13:37   ` David Hildenbrand
@ 2019-08-13 12:52     ` Cornelia Huck
  2019-08-13 12:53       ` David Hildenbrand
  0 siblings, 1 reply; 21+ messages in thread
From: Cornelia Huck @ 2019-08-13 12:52 UTC (permalink / raw)
  To: David Hildenbrand
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On Mon, 12 Aug 2019 15:37:39 +0200
David Hildenbrand <david@redhat.com> wrote:

> On 12.08.19 13:27, David Hildenbrand wrote:
> > Instructions are always fetched from primary address space, except when
> > in home address mode. Perform the selection directly in cpu_mmu_index().
> > 
> > get_mem_index() is only used to perform data access, instructions are
> > fetched via cpu_lduw_code(), which translates to cpu_mmu_index(env, true).
> > 
> > We don't care about restricting the access permissions of the TLB
> > entries anymore, as we no longer enter PRIMARY entries into the
> > SECONDARY MMU. Cleanup related code a bit.
> > 
> > Signed-off-by: David Hildenbrand <david@redhat.com>
> > ---
> >  target/s390x/cpu.h        |  7 +++++++
> >  target/s390x/mmu_helper.c | 35 ++++++++++++++---------------------
> >  2 files changed, 21 insertions(+), 21 deletions(-)
> > 
> > diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
> > index a606547b4d..c34992bb2e 100644
> > --- a/target/s390x/cpu.h
> > +++ b/target/s390x/cpu.h
> > @@ -332,6 +332,13 @@ static inline int cpu_mmu_index(CPUS390XState *env, bool ifetch)
> >          return MMU_REAL_IDX;
> >      }
> >  
> > +    if (ifetch) {
> > +        if ((env->psw.mask & PSW_MASK_ASC) == PSW_ASC_HOME) {
> > +            return MMU_HOME_IDX;
> > +        }
> > +        return MMU_PRIMARY_IDX;
> > +    }
> > +
> >      switch (env->psw.mask & PSW_MASK_ASC) {
> >      case PSW_ASC_PRIMARY:
> >          return MMU_PRIMARY_IDX;
> > diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
> > index 6e9c4d6151..2c9bb3acc0 100644
> > --- a/target/s390x/mmu_helper.c
> > +++ b/target/s390x/mmu_helper.c
> > @@ -349,6 +349,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
> >  {
> >      static S390SKeysState *ss;
> >      static S390SKeysClass *skeyclass;
> > +    uint64_t asce;
> >      int r = -1;  
> 
> I can now stop initializing r.
> 
> >      uint8_t key;
> >  
> > @@ -381,35 +382,21 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
> >      if (!(env->psw.mask & PSW_MASK_DAT)) {
> >          *raddr = vaddr;
> >          r = 0;  
> 
> and this can go as well.
> 
> > -        goto out;
> > +        goto nodat;
> >      }
> >    
> 
> 

So, there will be a v2?


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches
  2019-08-13 12:52     ` Cornelia Huck
@ 2019-08-13 12:53       ` David Hildenbrand
  0 siblings, 0 replies; 21+ messages in thread
From: David Hildenbrand @ 2019-08-13 12:53 UTC (permalink / raw)
  To: Cornelia Huck
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On 13.08.19 14:52, Cornelia Huck wrote:
> On Mon, 12 Aug 2019 15:37:39 +0200
> David Hildenbrand <david@redhat.com> wrote:
> 
>> On 12.08.19 13:27, David Hildenbrand wrote:
>>> Instructions are always fetched from primary address space, except when
>>> in home address mode. Perform the selection directly in cpu_mmu_index().
>>>
>>> get_mem_index() is only used to perform data access, instructions are
>>> fetched via cpu_lduw_code(), which translates to cpu_mmu_index(env, true).
>>>
>>> We don't care about restricting the access permissions of the TLB
>>> entries anymore, as we no longer enter PRIMARY entries into the
>>> SECONDARY MMU. Cleanup related code a bit.
>>>
>>> Signed-off-by: David Hildenbrand <david@redhat.com>
>>> ---
>>>  target/s390x/cpu.h        |  7 +++++++
>>>  target/s390x/mmu_helper.c | 35 ++++++++++++++---------------------
>>>  2 files changed, 21 insertions(+), 21 deletions(-)
>>>
>>> diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
>>> index a606547b4d..c34992bb2e 100644
>>> --- a/target/s390x/cpu.h
>>> +++ b/target/s390x/cpu.h
>>> @@ -332,6 +332,13 @@ static inline int cpu_mmu_index(CPUS390XState *env, bool ifetch)
>>>          return MMU_REAL_IDX;
>>>      }
>>>  
>>> +    if (ifetch) {
>>> +        if ((env->psw.mask & PSW_MASK_ASC) == PSW_ASC_HOME) {
>>> +            return MMU_HOME_IDX;
>>> +        }
>>> +        return MMU_PRIMARY_IDX;
>>> +    }
>>> +
>>>      switch (env->psw.mask & PSW_MASK_ASC) {
>>>      case PSW_ASC_PRIMARY:
>>>          return MMU_PRIMARY_IDX;
>>> diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
>>> index 6e9c4d6151..2c9bb3acc0 100644
>>> --- a/target/s390x/mmu_helper.c
>>> +++ b/target/s390x/mmu_helper.c
>>> @@ -349,6 +349,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
>>>  {
>>>      static S390SKeysState *ss;
>>>      static S390SKeysClass *skeyclass;
>>> +    uint64_t asce;
>>>      int r = -1;  
>>
>> I can now stop initializing r.
>>
>>>      uint8_t key;
>>>  
>>> @@ -381,35 +382,21 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
>>>      if (!(env->psw.mask & PSW_MASK_DAT)) {
>>>          *raddr = vaddr;
>>>          r = 0;  
>>
>> and this can go as well.
>>
>>> -        goto out;
>>> +        goto nodat;
>>>      }
>>>    
>>
>>
> 
> So, there will be a v2?

Yes, but waiting for more feedback.

-- 

Thanks,

David / dhildenb


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches David Hildenbrand
  2019-08-12 13:37   ` David Hildenbrand
@ 2019-08-13 13:16   ` Cornelia Huck
  1 sibling, 0 replies; 21+ messages in thread
From: Cornelia Huck @ 2019-08-13 13:16 UTC (permalink / raw)
  To: David Hildenbrand
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On Mon, 12 Aug 2019 13:27:33 +0200
David Hildenbrand <david@redhat.com> wrote:

> Instructions are always fetched from primary address space, except when
> in home address mode. Perform the selection directly in cpu_mmu_index().
> 
> get_mem_index() is only used to perform data access, instructions are
> fetched via cpu_lduw_code(), which translates to cpu_mmu_index(env, true).
> 
> We don't care about restricting the access permissions of the TLB
> entries anymore, as we no longer enter PRIMARY entries into the
> SECONDARY MMU. Cleanup related code a bit.
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/cpu.h        |  7 +++++++
>  target/s390x/mmu_helper.c | 35 ++++++++++++++---------------------
>  2 files changed, 21 insertions(+), 21 deletions(-)

Looks sane to me; will wait for v2 to give a tag.


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 3/6] s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 3/6] s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE David Hildenbrand
@ 2019-08-13 13:42   ` Cornelia Huck
  0 siblings, 0 replies; 21+ messages in thread
From: Cornelia Huck @ 2019-08-13 13:42 UTC (permalink / raw)
  To: David Hildenbrand
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On Mon, 12 Aug 2019 13:27:34 +0200
David Hildenbrand <david@redhat.com> wrote:

> Whenever we modify a storage key, we shuld flush the TLBs of all CPUs,
> so the MMU fault handling code can properly consider the changed storage
> key (to e.g., properly set the reference and change bit on the next
> accesses).
> 
> These functions are barely used in modern Linux guests, so the performance
> implications are neglectable for now.
> 
> This is a preparation for better reference and change bit handling for
> TCG, which will require more MMU changes.
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/mem_helper.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
> index 29d9eaa5b7..ed54265e03 100644
> --- a/target/s390x/mem_helper.c
> +++ b/target/s390x/mem_helper.c
> @@ -1815,6 +1815,8 @@ void HELPER(sske)(CPUS390XState *env, uint64_t r1, uint64_t r2)
>  
>      key = (uint8_t) r1;
>      skeyclass->set_skeys(ss, addr / TARGET_PAGE_SIZE, 1, &key);
> +    /* TODO: Flush only entries with this target address */
> +    tlb_flush_all_cpus_synced(env_cpu(env));
>  }
>  
>  /* reset reference bit extended */
> @@ -1843,6 +1845,8 @@ uint32_t HELPER(rrbe)(CPUS390XState *env, uint64_t r2)
>      if (skeyclass->set_skeys(ss, r2 / TARGET_PAGE_SIZE, 1, &key)) {
>          return 0;
>      }
> +    /* TODO: Flush only entries with this target address */
> +    tlb_flush_all_cpus_synced(env_cpu(env));
>  
>      /*
>       * cc

Seems reasonable.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 5/6] s390x/mmu: Better storage key reference and change bit handling
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 5/6] s390x/mmu: Better storage key reference and change bit handling David Hildenbrand
@ 2019-08-13 14:54   ` Cornelia Huck
  2019-08-14  7:20     ` [Qemu-devel] [qemu-s390x] " David Hildenbrand
  0 siblings, 1 reply; 21+ messages in thread
From: Cornelia Huck @ 2019-08-13 14:54 UTC (permalink / raw)
  To: David Hildenbrand
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On Mon, 12 Aug 2019 13:27:36 +0200
David Hildenbrand <david@redhat.com> wrote:

> Any access sets the reference bit. In case we have a read-fault, we
> should not allow writes to the TLB entry if the change bit was not
> already set.
> 
> This is a preparation for proper storage-key reference/change bit handling
> in TCG and a fix for KVM whereby read accesses would set the change
> bit (old KVM versions without the ioctl to carry out the translation).

That would be really old kvm versions, right? So no real need to e.g.
cc:stable?

> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/mmu_helper.c | 24 +++++++++++++++++++-----
>  1 file changed, 19 insertions(+), 5 deletions(-)
> 
> diff --git a/target/s390x/mmu_helper.c b/target/s390x/mmu_helper.c
> index 227a822e42..ba4b460ac6 100644
> --- a/target/s390x/mmu_helper.c
> +++ b/target/s390x/mmu_helper.c
> @@ -421,14 +421,28 @@ nodat:
>              return 0;
>          }
>  
> -        if (*flags & PAGE_READ) {
> -            key |= SK_R;
> -        }
> -
> -        if (*flags & PAGE_WRITE) {
> +        switch (rw) {
> +        case MMU_DATA_LOAD:
> +        case MMU_INST_FETCH:
> +            /*
> +             * The TLB entry has to remain write-protected on read-faults if
> +             * the storage key does not indicate a change already. Otherwise
> +             * we might miss setting the change bit on write accesses.
> +             */
> +            if (!(key & SK_C)) {
> +                *flags &= ~PAGE_WRITE;
> +            }
> +            break;
> +        case MMU_DATA_STORE:
>              key |= SK_C;
> +            break;
> +        default:
> +            g_assert_not_reached();
>          }
>  
> +        /* Any store/fetch sets the reference bit */
> +        key |= SK_R;
> +
>          r = skeyclass->set_skeys(ss, *raddr / TARGET_PAGE_SIZE, 1, &key);
>          if (r) {
>              trace_set_skeys_nonzero(r);

I've stared at this for quite some time now and have convinced myself
that it looks sane.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [PATCH-for-4.2 v1 6/6] s390x/mmu: Factor out storage key handling
  2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 6/6] s390x/mmu: Factor out storage key handling David Hildenbrand
@ 2019-08-13 15:04   ` Cornelia Huck
  0 siblings, 0 replies; 21+ messages in thread
From: Cornelia Huck @ 2019-08-13 15:04 UTC (permalink / raw)
  To: David Hildenbrand
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On Mon, 12 Aug 2019 13:27:37 +0200
David Hildenbrand <david@redhat.com> wrote:

> Factor it out, add a comment how it all works, and also use it in the
> REAL MMU.
> 
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>  target/s390x/mmu_helper.c | 114 +++++++++++++++++++++++---------------
>  1 file changed, 69 insertions(+), 45 deletions(-)

Looks good to me.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>



^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [Qemu-devel] [qemu-s390x] [PATCH-for-4.2 v1 5/6] s390x/mmu: Better storage key reference and change bit handling
  2019-08-13 14:54   ` Cornelia Huck
@ 2019-08-14  7:20     ` David Hildenbrand
  0 siblings, 0 replies; 21+ messages in thread
From: David Hildenbrand @ 2019-08-14  7:20 UTC (permalink / raw)
  To: Cornelia Huck
  Cc: Thomas Huth, Janosch Frank, qemu-devel, Halil Pasic,
	Christian Borntraeger, qemu-s390x, Richard Henderson

On 13.08.19 16:54, Cornelia Huck wrote:
> On Mon, 12 Aug 2019 13:27:36 +0200
> David Hildenbrand <david@redhat.com> wrote:
> 
>> Any access sets the reference bit. In case we have a read-fault, we
>> should not allow writes to the TLB entry if the change bit was not
>> already set.
>>
>> This is a preparation for proper storage-key reference/change bit handling
>> in TCG and a fix for KVM whereby read accesses would set the change
>> bit (old KVM versions without the ioctl to carry out the translation).
> 
> That would be really old kvm versions, right? So no real need to e.g.
> cc:stable?

Yes - nothing a distribution ever supported AFAIK.

-- 

Thanks,

David / dhildenb


^ permalink raw reply	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2019-08-14  7:21 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-12 11:27 [Qemu-devel] [PATCH-for-4.2 v1 0/6] s390x/mmu: Storage key reference and change bit handling David Hildenbrand
2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 1/6] s390x/mmu: ASC selection in s390_cpu_get_phys_page_debug() David Hildenbrand
2019-08-12 15:18   ` [Qemu-devel] [qemu-s390x] " Thomas Huth
2019-08-12 15:28     ` David Hildenbrand
2019-08-12 15:39       ` David Hildenbrand
2019-08-12 16:04         ` Thomas Huth
2019-08-13 12:51   ` [Qemu-devel] " Cornelia Huck
2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 2/6] s390x/tcg: Rework MMU selection for instruction fetches David Hildenbrand
2019-08-12 13:37   ` David Hildenbrand
2019-08-13 12:52     ` Cornelia Huck
2019-08-13 12:53       ` David Hildenbrand
2019-08-13 13:16   ` Cornelia Huck
2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 3/6] s390x/tcg: Flush the TLB of all CPUs on SSKE and RRBE David Hildenbrand
2019-08-13 13:42   ` Cornelia Huck
2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 4/6] s390x/mmu: Trace the right value if setting/getting the storage key fails David Hildenbrand
2019-08-12 13:01   ` Cornelia Huck
2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 5/6] s390x/mmu: Better storage key reference and change bit handling David Hildenbrand
2019-08-13 14:54   ` Cornelia Huck
2019-08-14  7:20     ` [Qemu-devel] [qemu-s390x] " David Hildenbrand
2019-08-12 11:27 ` [Qemu-devel] [PATCH-for-4.2 v1 6/6] s390x/mmu: Factor out storage key handling David Hildenbrand
2019-08-13 15:04   ` Cornelia Huck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).