qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check
@ 2021-04-16 15:49 Alex Bennée
  2021-04-16 16:06 ` Peter Maydell
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Alex Bennée @ 2021-04-16 15:49 UTC (permalink / raw)
  To: qemu-devel
  Cc: peter.maydell, open list:ARM TCG CPUs, Alex Bennée,
	Cédric Le Goater

This is a left over erroneous check from the days front-ends handled
io start/end themselves. Regardless just because IO could be performed
on the last instruction doesn't obligate the front end to do so.

This fixes an abort faced by the aspeed execute-in-place support which
will necessarily trigger this state (even before the one-shot
CF_LAST_IO fix). The test still seems to hang once it attempts to boot
the Linux kernel but I suspect this is an unrelated issue with icount
and the timer handling code.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Cédric Le Goater <clg@kaod.org>
---
 target/arm/translate.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 62b1c2081b..7103da2d7a 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -9199,11 +9199,6 @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-    if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
-        /* FIXME: This can theoretically happen with self-modifying code. */
-        cpu_abort(cpu, "IO on conditional branch instruction");
-    }
-
     /* At this stage dc->condjmp will only be set when the skipped
        instruction was a conditional branch or trap, and the PC has
        already been written.  */
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check
  2021-04-16 15:49 [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check Alex Bennée
@ 2021-04-16 16:06 ` Peter Maydell
  2021-04-16 16:07 ` Richard Henderson
  2021-04-16 16:28 ` Cédric Le Goater
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Maydell @ 2021-04-16 16:06 UTC (permalink / raw)
  To: Alex Bennée
  Cc: open list:ARM TCG CPUs, QEMU Developers, Cédric Le Goater

On Fri, 16 Apr 2021 at 16:49, Alex Bennée <alex.bennee@linaro.org> wrote:
>
> This is a left over erroneous check from the days front-ends handled
> io start/end themselves. Regardless just because IO could be performed
> on the last instruction doesn't obligate the front end to do so.
>
> This fixes an abort faced by the aspeed execute-in-place support which
> will necessarily trigger this state (even before the one-shot
> CF_LAST_IO fix). The test still seems to hang once it attempts to boot
> the Linux kernel but I suspect this is an unrelated issue with icount
> and the timer handling code.
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Cédric Le Goater <clg@kaod.org>

Here's some expanded text explaining why this is safe to remove,
which I think would be useful to include in the commit message:

====begin===
The original intention of the cpu_abort (added in commit 2e70f6efa8b9
when the icount stuff was first added) seems to have been to act as
an assert() to catch an unhandled corner case where the generated code
would be something like:
    conditional branch to condlabel if its cc failed
    implementation of the insn (a conditional branch or trap)
    code emitted by gen_io_end()
 condlabel:
    gen_goto_tb or equivalent thing to go to next insn

At runtime the cc-failed case would skip over the code emitted by
gen_io_end(), leaving the can_do_io flag incorrectly set.

In commit ba3e7926691ed33 we switched to an implementation which
always clears can_do_io at the start of the following TB instead
of trying to clear it at the end of a TB that did IO. So the corner
case that this cpu_abort() was trying to flag is no longer possible,
because the gen_io_end() call has been deleted. We can therefore
safely remove the no-longer-valid assertion.
===endit===

> ---
>  target/arm/translate.c | 5 -----
>  1 file changed, 5 deletions(-)
>
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 62b1c2081b..7103da2d7a 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -9199,11 +9199,6 @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
>  {
>      DisasContext *dc = container_of(dcbase, DisasContext, base);
>
> -    if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
> -        /* FIXME: This can theoretically happen with self-modifying code. */
> -        cpu_abort(cpu, "IO on conditional branch instruction");
> -    }
> -
>      /* At this stage dc->condjmp will only be set when the skipped
>         instruction was a conditional branch or trap, and the PC has
>         already been written.  */

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check
  2021-04-16 15:49 [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check Alex Bennée
  2021-04-16 16:06 ` Peter Maydell
@ 2021-04-16 16:07 ` Richard Henderson
  2021-04-16 16:28 ` Cédric Le Goater
  2 siblings, 0 replies; 4+ messages in thread
From: Richard Henderson @ 2021-04-16 16:07 UTC (permalink / raw)
  To: Alex Bennée, qemu-devel
  Cc: peter.maydell, open list:ARM TCG CPUs, Cédric Le Goater

On 4/16/21 8:49 AM, Alex Bennée wrote:
> This is a left over erroneous check from the days front-ends handled
> io start/end themselves. Regardless just because IO could be performed
> on the last instruction doesn't obligate the front end to do so.
> 
> This fixes an abort faced by the aspeed execute-in-place support which
> will necessarily trigger this state (even before the one-shot
> CF_LAST_IO fix). The test still seems to hang once it attempts to boot
> the Linux kernel but I suspect this is an unrelated issue with icount
> and the timer handling code.
> 
> Signed-off-by: Alex Bennée<alex.bennee@linaro.org>
> Cc: Cédric Le Goater<clg@kaod.org>
> ---
>   target/arm/translate.c | 5 -----
>   1 file changed, 5 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check
  2021-04-16 15:49 [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check Alex Bennée
  2021-04-16 16:06 ` Peter Maydell
  2021-04-16 16:07 ` Richard Henderson
@ 2021-04-16 16:28 ` Cédric Le Goater
  2 siblings, 0 replies; 4+ messages in thread
From: Cédric Le Goater @ 2021-04-16 16:28 UTC (permalink / raw)
  To: Alex Bennée, qemu-devel; +Cc: peter.maydell, open list:ARM TCG CPUs

On 4/16/21 5:49 PM, Alex Bennée wrote:
> This is a left over erroneous check from the days front-ends handled
> io start/end themselves. Regardless just because IO could be performed
> on the last instruction doesn't obligate the front end to do so.
> 
> This fixes an abort faced by the aspeed execute-in-place support which
> will necessarily trigger this state (even before the one-shot
> CF_LAST_IO fix). The test still seems to hang once it attempts to boot
> the Linux kernel but I suspect this is an unrelated issue with icount
> and the timer handling code.
> 
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> Cc: Cédric Le Goater <clg@kaod.org>


Tested-by: Cédric Le Goater <clg@kaod.org>

Thanks,

C. 


> ---
>  target/arm/translate.c | 5 -----
>  1 file changed, 5 deletions(-)
> 
> diff --git a/target/arm/translate.c b/target/arm/translate.c
> index 62b1c2081b..7103da2d7a 100644
> --- a/target/arm/translate.c
> +++ b/target/arm/translate.c
> @@ -9199,11 +9199,6 @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
>  {
>      DisasContext *dc = container_of(dcbase, DisasContext, base);
>  
> -    if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
> -        /* FIXME: This can theoretically happen with self-modifying code. */
> -        cpu_abort(cpu, "IO on conditional branch instruction");
> -    }
> -
>      /* At this stage dc->condjmp will only be set when the skipped
>         instruction was a conditional branch or trap, and the PC has
>         already been written.  */
> 



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-16 16:38 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-16 15:49 [RFC PATCH] target/arm: drop CF_LAST_IO/dc->condjump check Alex Bennée
2021-04-16 16:06 ` Peter Maydell
2021-04-16 16:07 ` Richard Henderson
2021-04-16 16:28 ` Cédric Le Goater

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).