]> git.ipfire.org Git - thirdparty/qemu.git/log
thirdparty/qemu.git
3 months agotarget/riscv: Extend PMP region up to 64
Jay Chang [Thu, 22 May 2025 08:12:35 +0000 (16:12 +0800)] 
target/riscv: Extend PMP region up to 64

According to the RISC-V Privileged Specification (version >1.12),
RV32 supports 16 CSRs (pmpcfg0–pmpcfg15) to configure 64 PMP regions
(pmpaddr0–pmpaddr63).

Signed-off-by: Jay Chang <jay.chang@sifive.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250522081236.4050-2-jay.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agotarget/riscv: add profile->present flag
Daniel Henrique Barboza [Wed, 28 May 2025 18:44:07 +0000 (15:44 -0300)] 
target/riscv: add profile->present flag

Björn reported in [1] a case where a rv64 CPU is going through the
profile code path to enable satp mode. In this case,the amount of
extensions on top of the rv64 CPU made it compliant with the RVA22S64
profile during the validation of CPU 0. When the subsequent CPUs were
initialized the static profile object has the 'enable' flag set,
enabling the profile code path for those CPUs.

This happens because we are initializing and realizing each CPU before
going to the next, i.e. init and realize CPU0, then init and realize
CPU1 and so on. If we change any persistent state during the validation
of CPU N it will interfere with the init/realization of CPU N+1.

We're using the 'enabled' profile flag to do two distinct things: inform
cpu_init() that we want profile extensions to be enabled, and telling
QMP that a profile is currently enabled in the CPU. We want to be
flexible enough to recognize profile support for all CPUs that has the
extension prerequisites, but we do not want to force the profile code
path if a profile wasn't set too.

Add a new 'present' flag for profiles that will coexist with the 'enabled'
flag. Enabling a profile means "we want to switch on all its mandatory
extensions". A profile is 'present' if we asserted during validation
that the CPU has the needed prerequisites.

This means that the case reported by Björn now results in
RVA22S64.enabled=false and RVA22S64.present=true. QMP will recognize it
as a RVA22 compliant CPU and we won't force the CPU into the profile
path.

[1] https://lore.kernel.org/qemu-riscv/87y0usiz22.fsf@all.your.base.are.belong.to.us/

Reported-by: Björn Töpel <bjorn@kernel.org>
Fixes: 2af005d610 ("target/riscv/tcg: validate profiles during finalize")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Björn Töpel <bjorn@rivosinc.com>
Tested-by: Björn Töpel <bjorn@rivosinc.com>
Message-ID: <20250528184407.1451983-4-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agotarget/riscv/tcg: decouple profile enablement from user prop
Daniel Henrique Barboza [Wed, 28 May 2025 18:44:06 +0000 (15:44 -0300)] 
target/riscv/tcg: decouple profile enablement from user prop

We have code in riscv_cpu_add_profiles() to enable a profile right away
in case a CPU chose the profile during its cpu_init(). But we're using
the user callback option to do so, setting profile->user_set.

Create a new helper that does all the grunt work to enable/disable a
given profile. Use this new helper in the cases where we want a CPU to
be compatible to a certain profile, leaving the user callback to be used
exclusively by users.

Fixes: fba92a92e3 ("target/riscv: add 'rva22u64' CPU")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Björn Töpel <bjorn@rivosinc.com>
Tested-by: Björn Töpel <bjorn@rivosinc.com>
Message-ID: <20250528184407.1451983-3-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agotarget/riscv/tcg: restrict satp_mode changes in cpu_set_profile
Daniel Henrique Barboza [Wed, 28 May 2025 18:44:05 +0000 (15:44 -0300)] 
target/riscv/tcg: restrict satp_mode changes in cpu_set_profile

We're changing 'mmu' to true regardless of whether the profile is
being enabled or not, and at the same time we're changing satp_mode to
profile->enabled.

This will promote a situation where we'll set mmu=on without a virtual
memory mode, which is a mistake.

Only touch 'mmu' and satp_mode if the profile is being enabled.

Suggested-by: Andrew Jones <ajones@ventanamicro.com>
Fixes: 55398025e7 ("target/riscv: add satp_mode profile support")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Björn Töpel <bjorn@rivosinc.com>
Tested-by: Björn Töpel <bjorn@rivosinc.com>
Message-ID: <20250528184407.1451983-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agotarget/riscv/cpu.c: fix zama16b order in isa_edata_arr[]
Daniel Henrique Barboza [Thu, 22 May 2025 11:33:44 +0000 (08:33 -0300)] 
target/riscv/cpu.c: fix zama16b order in isa_edata_arr[]

Put it after zalrsc and before zawrs.

Cc: qemu-trivial@nongnu.org
Fixes: a60ce58fd9 ("target/riscv: Support Zama16b extension")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250522113344.823294-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agotarget/riscv: Enable/Disable S/VS-mode Timer when STCE bit is changed
Jim Shu [Mon, 19 May 2025 14:35:18 +0000 (22:35 +0800)] 
target/riscv: Enable/Disable S/VS-mode Timer when STCE bit is changed

Updating STCE will enable/disable SSTC in S-mode or/and VS-mode, so we
also need to update S/VS-mode Timer and S/VSTIP bits in $mip CSR.

Signed-off-by: Jim Shu <jim.shu@sifive.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-5-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agotarget/riscv: Fix VSTIP bit in sstc extension.
Jim Shu [Mon, 19 May 2025 14:35:17 +0000 (22:35 +0800)] 
target/riscv: Fix VSTIP bit in sstc extension.

VSTIP is only writable when both [mh]envcfg.STCE is enabled, or it will
revert it's defined behavior as if sstc extension is not implemented.

Signed-off-by: Jim Shu <jim.shu@sifive.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-4-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agohw/intc: riscv_aclint: Fix mtime write for sstc extension
Jim Shu [Mon, 19 May 2025 14:35:16 +0000 (22:35 +0800)] 
hw/intc: riscv_aclint: Fix mtime write for sstc extension

When changing the mtime value, the period of [s|vs]timecmp timers
should also be updated, similar to the period of mtimecmp timer.

The period of the stimecmp timer is the time until the next S-mode
timer IRQ. The value is calculated as "stimecmp - time". [1]
It is equal to "stimecmp - mtime" since the time CSR is a read-only
shadow of the memory-mapped mtime register.
Thus, changing mtime value will update the period of stimecmp timer.

Similarly, the period of vstimecmp timer is calculated as "vstimecmp -
(mtime + htimedelta)" [2], so changing mtime value will update the
period of vstimecmp timer.

[1] RISC-V Priv spec ch 9.1.1. Supervisor Timer (stimecmp) Register
A supervisor timer interrupt becomes pending, as reflected in the STIP
bit in the mip and sip registers whenever time contains a value
greater than or equal to stimecmp.
[2] RISC-V Priv spec ch19.2.1. Virtual Supervisor Timer (vstimecmp) Register
A virtual supervisor timer interrupt becomes pending, as reflected in
the VSTIP bit in the hip register, whenever (time + htimedelta),
truncated to 64 bits, contains a value greater than or equal to
vstimecmp

Signed-off-by: Jim Shu <jim.shu@sifive.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-3-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agotarget/riscv: Add the checking into stimecmp write function.
Jim Shu [Mon, 19 May 2025 14:35:15 +0000 (22:35 +0800)] 
target/riscv: Add the checking into stimecmp write function.

Preparation commit to let aclint timer to use stimecmp write function.
Aclint timer doesn't call sstc() predicate so we need to check inside
the stimecmp write function.

Signed-off-by: Jim Shu <jim.shu@sifive.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-2-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
3 months agoMerge tag 'pull-request-2025-07-02' of https://gitlab.com/thuth/qemu into staging
Stefan Hajnoczi [Thu, 3 Jul 2025 10:01:41 +0000 (06:01 -0400)] 
Merge tag 'pull-request-2025-07-02' of https://gitlab.com/thuth/qemu into staging

* Fix file names of renamed files in comments and MAINTAINERS
* Fix the "deprecated props" in QOM on s390x
* Fix URL of the aarch64_sbsaref_freebsd functional test
* Fix some trouble with trible

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmhlZckRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbVIZhAAltzQ9+lZYa0A5NcgbFlVSmL/E6qDIMXG
# AJcNul3dgrIVcCrxN17dBmU4ftemjQCpcw7I4fL0G0CrAMdB9Yp991tis1SwycNX
# HEDY8THEE7EiOEKxBHtUFo8JbsnT+lcCwNnpvu6RXwnTN4TjT386OwBSeKv4mhHt
# LFoUnX5yZqJQD1bzcrUeo+OBoXrnMkeJRuOTFXval1AGBT4q0G5mMtAcj93gONNe
# hKdXhYst4XYLZIe2TJAdsbKs5Ics5UZ9rkSIC8tw1drt+iueSSSHNoPsg2AP8Ueg
# iqElX3tzzb/P7QF/LWIfu55WLMbP2C2l6Pb37sdZf8Y1QpRaA/6fxQrNRoVLYfdP
# 2Gqtxd8Ynn74LUxOpW+gi90mmrZpIL+M06Al0bzpI+KmWOaZxpBd0E3r5BIO1Ghb
# /7XIn9svlVpBXd5V3M7Myg1BKAlJJ6GtuMMDBv8Yym6bTD+bdjGk28k/uvt6BSpq
# qiMVjKrmmAO4zBkj3OZUKYoqkktf6mjso0xjXxkI2GTQ44dgvXXluwHF8F5LzBPz
# y2X+KGhf/vfXqP7cAGpmFH3SjDqngdqvuBT/pDO/VWRUhyz8lM6DyPsdVhS7KrXl
# QByt4FkCzYS+o9kc2Hlobj+ujjEPG+1ffSDDweioYYygsZny+8GBgD5D31e5cPsP
# 9/Uc75aJD88=
# =SEr8
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 02 Jul 2025 13:00:57 EDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2025-07-02' of https://gitlab.com/thuth/qemu:
  tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image
  target/s390x: A fix for the trouble with tribles
  target/s390x: set has_deprecated_props flag
  MAINTAINERS: fix paths for relocated files
  treewide: fix paths for relocated files in comments
  treewide: update docs file extensions (.txt -> .rst) in comments
  MAINTAINERS: fix VMware filename typo (vwm -> vmw)
  MAINTAINERS: fix vendor capitalization (Vmware -> VMware)
  MAINTAINERS: update docs file extensions (.txt -> .rst)

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agoMerge tag 'pull-10.1-maintainer-june-2025-020725-1' of https://gitlab.com/stsquad...
Stefan Hajnoczi [Thu, 3 Jul 2025 09:58:56 +0000 (05:58 -0400)] 
Merge tag 'pull-10.1-maintainer-june-2025-020725-1' of https://gitlab.com/stsquad/qemu into staging

Maintainer updates for June (gitlab, semihosting, plugins, virtio-gpu)

 - mark s390x runner system tests as allow_fail
 - build semihosting once
 - add register write support to plugins
 - add virtual memory write support to plugins
 - add harder memory read/write support to plugins
 - add patcher plugin and tests
 - re-stock virtio-gpu MAINTAINERS
 - fix context init for Venus fences

* tag 'pull-10.1-maintainer-june-2025-020725-1' of https://gitlab.com/stsquad/qemu:
  virtio-gpu: support context init multiple timeline
  MAINTAINERS: add Akihiko and Dmitry as reviewers
  MAINTAINERS: add myself to virtio-gpu for Odd Fixes
  plugins: Update plugin version and add notes
  plugins: Add patcher plugin and test
  tests/tcg: Remove copy-pasted notes and from i386 and add x86_64 system tests to tests
  plugins: Add memory hardware address read/write API
  plugins: Add memory virtual address write API
  plugins: Add enforcement of QEMU_PLUGIN_CB flags in register R/W callbacks
  plugins: Add register write API
  gdbstub: Expose gdb_write_register function to consumers of gdbstub
  semihosting/uaccess: Compile once
  semihosting/uaccess: Remove uses of target_ulong type
  tests/functional: Add PCI hotplug test for aarch64
  gitlab: mark s390x-system to allow failures

Conflicts:
  tests/functional/meson.build

  Context conflict with commit 7bc86ccbb59f ("tests/functional: test
  device passthrough on aarch64"), keep both changes to
  tests_aarch64_system_thorough[].

3 months agotests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image
Thomas Huth [Tue, 1 Jul 2025 10:58:09 +0000 (12:58 +0200)] 
tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image

The original image has been removed from the server, so the test
currently fails if it has to fetch the asset, but we can still
download the ISO from the archive server. While we're at it, prefer
the XZ compressed image, it's much smaller and thus the download
should be faster.

Message-ID: <20250701105809.366180-1-thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotarget/s390x: A fix for the trouble with tribles
Thomas Huth [Tue, 1 Jul 2025 19:42:41 +0000 (21:42 +0200)] 
target/s390x: A fix for the trouble with tribles

While Tribbles are cute, it should be "triple store" here,
not "trible store".

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250701194241.434183-1-thuth@redhat.com>

3 months agotarget/s390x: set has_deprecated_props flag
Collin Walling [Mon, 30 Jun 2025 02:44:04 +0000 (22:44 -0400)] 
target/s390x: set has_deprecated_props flag

Now that the deprecated_props is an optional field, the expansion method
must now set the "has_deprecated_props" flag in order for the data to be
output from the response.

Fixes: 448553bb7c (qapi: Make CpuModelExpansionInfo::deprecated-props optional and generic)
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250630024404.940882-1-walling@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: fix paths for relocated files
Sean Wei [Tue, 1 Jul 2025 18:06:32 +0000 (14:06 -0400)] 
MAINTAINERS: fix paths for relocated files

Several files were renamed in previous commits, causing their entries
in MAINTAINERS to reference outdated paths.
This prevents scripts/get_maintainer.pl from correctly matching
these files to their maintainers.

Update the filenames to reflect their current locations so that
maintainer lookup works properly.

Related commits
---------------

  c45460decbd (Oct 2023)
    hw/input/stellaris_input: Rename to stellaris_gamepad
    Rename  include/hw/input/{gamepad.h => stellaris_gamepad.h}

  4faf359accb (Nov 2020)
    docs: Move virtio-net-failover.rst into the system manual
    Rename  docs/{ => system}/virtio-net-failover.rst

  89857312f32 (Apr 2024)
    hw/usb: move stubs out of stubs/
    Rename  stubs/usb-dev-stub.c => hw/usb/bus-stub.c

  f2604d8508a (Apr 2024)
    hw/virtio: move stubs out of stubs/
    Rename  stubs/virtio-md-pci.c => hw/virtio/virtio-md-stubs.c

  2c888febdfa (Apr 2024)
    memory-device: move stubs out of stubs/
    Rename  stubs/memory_device.c => hw/mem/memory-device-stubs.c

  d481cec7565 (Oct 2024)
    migration: Move cpu-throttle.c from system to migration
    Rename  {system => migration}/cpu-throttle.c

  864a3fa4392 (Jan 2023)
    monitor: Rename misc.c to hmp-target.c
    Rename  monitor/{misc.c => hmp-target.c}

Signed-off-by: Sean Wei <me@sean.taipei>
Message-ID: <374597a7-94e4-45b2-9617-35183db3ea9d@sean.taipei>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotreewide: fix paths for relocated files in comments
Sean Wei [Mon, 16 Jun 2025 15:51:30 +0000 (11:51 -0400)] 
treewide: fix paths for relocated files in comments

After the docs directory restructuring, several comments
refer to paths that no longer exist.

Replace these references to the current file locations
so readers can find the correct files.

Related commits
---------------

  189c099f75f (Jul 2021)
    docs: collect the disparate device emulation docs into one section
    Rename  docs/system/{ => devices}/nvme.rst

  5f4c96b779f (Feb 2023)
    docs/system/loongarch: update loongson3.rst and rename it to virt.rst
    Rename  docs/system/loongarch/{loongson3.rst => virt.rst}

  fe0007f3c1d (Sep 2023)
    exec: Rename cpu.c -> cpu-target.c
    Rename  cpus-common.c => cpu-common.c

  42fa9665e59 (Apr 2025)
    exec: Restrict 'cpu_ldst.h' to accel/tcg/
    Rename  include/{exec/cpu_ldst.h => accel/tcg/cpu-ldst.h}

Signed-off-by: Sean Wei <me@sean.taipei>
Message-ID: <20250616.qemu.relocated.06@sean.taipei>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotreewide: update docs file extensions (.txt -> .rst) in comments
Sean Wei [Mon, 16 Jun 2025 15:50:50 +0000 (11:50 -0400)] 
treewide: update docs file extensions (.txt -> .rst) in comments

Several source comments still refer to docs with the old .txt
extension that were previously converted to reStructuredText.

Update these references to use the correct .rst extensions to
maintain accurate in-tree documentation pointers.

No functional changes.

Related commits:
  50f8174c5c1 (Jul 2021): docs/specs/acpi_nvdimm: Convert to rST
  f054eb1c920 (Jul 2021): docs/specs/acpi_pci_hotplug: Convert to rST
  912fb3678b8 (Sep 2023): docs/specs/vmgenid: Convert to rST
  bb1cff6ee04 (Sep 2023): docs/specs/ivshmem-spec: Convert to rST
  55ff468f781 (Jan 2022): docs: Rename ppc-spapr-hotplug.txt to .rst

Signed-off-by: Sean Wei <me@sean.taipei>
Message-ID: <20250616.qemu.relocated.05@sean.taipei>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: fix VMware filename typo (vwm -> vmw)
Sean Wei [Mon, 16 Jun 2025 15:50:10 +0000 (11:50 -0400)] 
MAINTAINERS: fix VMware filename typo (vwm -> vmw)

The entry for the VMware PVSCSI spec uses "vwm" instead of "vmw",
which does not match any file in the tree.

Correct the path so scripts/get_maintainer.pl can match the file.

Signed-off-by: Sean Wei <me@sean.taipei>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250616.qemu.relocated.04@sean.taipei>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: fix vendor capitalization (Vmware -> VMware)
Sean Wei [Mon, 16 Jun 2025 15:49:30 +0000 (11:49 -0400)] 
MAINTAINERS: fix vendor capitalization (Vmware -> VMware)

"VMware" is the vendor's official spelling.
Adjust the spelling in MAINTAINERS for consistency.

Signed-off-by: Sean Wei <me@sean.taipei>
Message-ID: <20250616.qemu.relocated.03@sean.taipei>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: update docs file extensions (.txt -> .rst)
Sean Wei [Mon, 16 Jun 2025 15:47:30 +0000 (11:47 -0400)] 
MAINTAINERS: update docs file extensions (.txt -> .rst)

The documentation tree has been converted to reStructuredText, but
two entries in MAINTAINERS still point to the removed *.txt files.

This prevents scripts/get_maintainer.pl from matching the documents.

Update those entries to *.rst so the maintainer script works again.

Related commits:
  8472cc5dbe6 (Sep 2023): docs/specs/vmw_pvscsi-spec: Convert to rST
  8e72ceee5cd (Jun 2022): Rename docs/specs/fw_cfg.txt to .rst

Signed-off-by: Sean Wei <me@sean.taipei>
Message-ID: <20250616.qemu.relocated.01@sean.taipei>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agovirtio-gpu: support context init multiple timeline
Yiwei Zhang [Fri, 27 Jun 2025 11:25:11 +0000 (12:25 +0100)] 
virtio-gpu: support context init multiple timeline

Venus and later native contexts have their own fence context along with
multiple timelines within. Fences wtih VIRTIO_GPU_FLAG_INFO_RING_IDX in
the flags must be dispatched to be created on the target context. Fence
signaling also has to be handled on the specific timeline within that
target context.

Before this change, venus fencing is completely broken if the host
driver doesn't support implicit fencing with external memory objects.
Frames can go backwards along with random artifacts on screen if the
host driver doesn't attach an implicit fence to the render target. The
symptom could be hidden by certain guest wsi backend that waits on a
venus native VkFence object for the actual payload with limited present
modes or under special configs. e.g. x11 mailbox or xwayland.

After this change, everything related to venus fencing starts making
sense. Confirmed this via guest and host side perfetto tracing.

Cc: qemu-stable@nongnu.org
Fixes: 94d0ea1c1928 ("virtio-gpu: Support Venus context")
Signed-off-by: Yiwei Zhang <zzyiwei@gmail.com>
Reviewed-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20250518152651.334115-1-zzyiwei@gmail.com>
[AJB: remove version history from commit message]
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20250627112512.1880708-16-alex.bennee@linaro.org>

3 months agoMAINTAINERS: add Akihiko and Dmitry as reviewers
Alex Bennée [Fri, 27 Jun 2025 11:25:10 +0000 (12:25 +0100)] 
MAINTAINERS: add Akihiko and Dmitry as reviewers

Thanks for volunteering to help.

Cc: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-ID: <20250603110204.838117-9-alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-15-alex.bennee@linaro.org>

3 months agoMAINTAINERS: add myself to virtio-gpu for Odd Fixes
Alex Bennée [Fri, 27 Jun 2025 11:25:09 +0000 (12:25 +0100)] 
MAINTAINERS: add myself to virtio-gpu for Odd Fixes

Seeing as I've taken a few patches to here now I might as well put
myself forward to maintain virtio-gpu. I've marked it as Odd Fixes as
it is not my core focus. If someone with more GPU experience comes
forward we can always update again.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250603110204.838117-8-alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-14-alex.bennee@linaro.org>

3 months agoplugins: Update plugin version and add notes
Rowan Hart [Fri, 27 Jun 2025 11:25:08 +0000 (12:25 +0100)] 
plugins: Update plugin version and add notes

This patch updates the plugin version to gate new APIs and adds notes
describing what has been added.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-9-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-13-alex.bennee@linaro.org>

3 months agoplugins: Add patcher plugin and test
Rowan Hart [Fri, 27 Jun 2025 11:25:07 +0000 (12:25 +0100)] 
plugins: Add patcher plugin and test

This patch adds a plugin that exercises the virtual and hardware memory
read-write API functions added in a previous patch. The plugin takes a
target and patch byte sequence, and will overwrite any instruction
matching the target byte sequence with the patch.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-8-rowanbhart@gmail.com>
[AJB: tweak Makefile, use uintptr_t for pointer stuffing]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-12-alex.bennee@linaro.org>

3 months agotests/tcg: Remove copy-pasted notes and from i386 and add x86_64 system tests to...
Rowan Hart [Fri, 27 Jun 2025 11:25:06 +0000 (12:25 +0100)] 
tests/tcg: Remove copy-pasted notes and from i386 and add x86_64 system tests to tests

The x86_64-softmmu Makefile seems to have been copy-pasted from the i386
Makefile at some point in the past. Cleaning up a vestigial unused
variable and removing some outdated comments.

Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-7-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-11-alex.bennee@linaro.org>

3 months agoplugins: Add memory hardware address read/write API
Rowan Hart [Fri, 27 Jun 2025 11:25:05 +0000 (12:25 +0100)] 
plugins: Add memory hardware address read/write API

This patch adds functions to the plugins API to allow plugins to read
and write memory via hardware addresses. The functions use the current
address space of the current CPU in order to avoid exposing address
space information to users. A later patch may want to add a function to
permit a specified address space, for example to facilitate
architecture-specific plugins that want to operate on them, for example
reading ARM secure memory.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-6-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-10-alex.bennee@linaro.org>

3 months agoplugins: Add memory virtual address write API
Rowan Hart [Fri, 27 Jun 2025 11:25:04 +0000 (12:25 +0100)] 
plugins: Add memory virtual address write API

This patch adds functions to the plugins API to allow reading and
writing memory via virtual addresses. These functions only permit doing
so on the current CPU, because there is no way to ensure consistency if
plugins are allowed to read or write to other CPUs that aren't currently
in the context of the plugin.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-5-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-9-alex.bennee@linaro.org>

3 months agoplugins: Add enforcement of QEMU_PLUGIN_CB flags in register R/W callbacks
Rowan Hart [Fri, 27 Jun 2025 11:25:03 +0000 (12:25 +0100)] 
plugins: Add enforcement of QEMU_PLUGIN_CB flags in register R/W callbacks

This patch adds functionality to enforce the requested QEMU_PLUGIN_CB_
flags level passed when registering a callback function using the
plugins API. Each time a callback is about to be invoked, a thread-local
variable will be updated with the level that callback requested. Then,
called API functions (in particular, the register read and write API)
will call qemu_plugin_get_cb_flags() to check the level is at least the
level they require.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-4-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-8-alex.bennee@linaro.org>

3 months agoplugins: Add register write API
Rowan Hart [Fri, 27 Jun 2025 11:25:02 +0000 (12:25 +0100)] 
plugins: Add register write API

This patch adds a function to the plugins API to allow plugins to write
register contents. It also moves the qemu_plugin_read_register function
so all the register-related functions are grouped together in the file.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-3-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-7-alex.bennee@linaro.org>

3 months agogdbstub: Expose gdb_write_register function to consumers of gdbstub
Rowan Hart [Fri, 27 Jun 2025 11:25:01 +0000 (12:25 +0100)] 
gdbstub: Expose gdb_write_register function to consumers of gdbstub

This patch exposes the gdb_write_register function from
gdbstub/gdbstub.c via the exec/gdbstub.h header file to support use in
plugins to write register contents.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Julian Ganz <neither@nut.email>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-2-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-6-alex.bennee@linaro.org>

3 months agosemihosting/uaccess: Compile once
Philippe Mathieu-Daudé [Fri, 27 Jun 2025 11:25:00 +0000 (12:25 +0100)] 
semihosting/uaccess: Compile once

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250526095213.14113-3-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-5-alex.bennee@linaro.org>

3 months agosemihosting/uaccess: Remove uses of target_ulong type
Philippe Mathieu-Daudé [Fri, 27 Jun 2025 11:24:59 +0000 (12:24 +0100)] 
semihosting/uaccess: Remove uses of target_ulong type

Replace target_ulong by vaddr or size_t types to match
cpu_memory_rw_debug() prototype in "exec/cpu-common.h":

 >  int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
 >                          void *ptr, size_t len,
 >                          bool is_write);

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250526095213.14113-2-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-4-alex.bennee@linaro.org>

3 months agotests/functional: Add PCI hotplug test for aarch64
Gustavo Romero [Fri, 27 Jun 2025 11:24:58 +0000 (12:24 +0100)] 
tests/functional: Add PCI hotplug test for aarch64

Add a functional test, aarch64_hotplug_pci, to exercise PCI hotplug and
hot-unplug on arm64.

Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250528203137.1654964-1-gustavo.romero@linaro.org>
[AJB: trimmed boilerplate for checkpatch, simplified invocations]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-3-alex.bennee@linaro.org>

3 months agogitlab: mark s390x-system to allow failures
Alex Bennée [Fri, 27 Jun 2025 11:24:57 +0000 (12:24 +0100)] 
gitlab: mark s390x-system to allow failures

The system tests (usually qos-test or migration-test) prove to be very
susceptible on the s390x runners. Although we have boosted memory and
virtual CPUs on the runners problems persist. For now mark test as
allow_failure so the its clear on the CI UI when checking test
results.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-2-alex.bennee@linaro.org>

3 months agoMerge tag 'pull-target-arm-20250701-1' of https://gitlab.com/pm215/qemu into staging
Stefan Hajnoczi [Wed, 2 Jul 2025 08:24:14 +0000 (04:24 -0400)] 
Merge tag 'pull-target-arm-20250701-1' of https://gitlab.com/pm215/qemu into staging

target-arm queue:
 * MAINTAINERS update for arm hvf
 * target/arm: Make RETA[AB] UNDEF when pauth is not implemented
 * target/arm: Refactoring of ID register value storage
 * target/arm: Various refactoring/cleanup patches
 * virt: Don't show an ITS in ACPI tables when no ITS is present
 * tests/functional: test device passthrough on aarch64
 * tests/functional: Expand Aarch64 SMMU tests to run on HVF accelerator

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmhkE/IZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vNeD/9ZcHiqTxLyuurYntf63VLP
# 55NRozF0By7f83dOja5r+NWeGSPqhDBO05PpBVArt+giE2dkkVCoJ5stNrls5ACl
# oi5glXQL/bW+A3nN+WmcD+s2RMVHn5jZ6f5ChRsFo2bWYl0rtrR1raC/wl415ag/
# MMRjbXj6sabEITY7794KBN4M5RDVS+Zcu7dzPZecsttbxLIGLBvvJ0bFSmh91tH4
# Tyy889v2GHou1BxSWVcSWNCTQ9jLYV7a+VHHs4uTlsBc3Pw7LXS4DcPhEdfZ3+gy
# RaZUu1Eq213qd3r75FqFgR4mrY/nIm/CXd+mWjC5LsLOX0BYQKlAFiDH599AeZV3
# f1Wa0+POJDSKLDux+hPu3/2eeggI4d5XKAW9dgCYKicCtfhFEKXmTtaJtZyW+vTR
# Vpl8SDVoljDd3q/045CXzOdM5N+5xj2WNNNKYYW4stHJrAIxa88pBeK2bqzT372x
# V8FENVzK+7owTibi63XEshgdVlBcCB9Xpp+9p4TEbMZcd8EEUVDFC5F6iF9hNUYT
# s1cqphTVscWDXxkTSok6POHOIvotRdT7EcIVQ9VfJxVREGrtWkioDii1O+olMhyF
# uoeoxkFE1Jih4LQz937pqCCgP0PPd9DMtXdX/WeiAcZSDEHlO8gbRiIIyf11qL2i
# aiMIF0rHY9PvxIisnukkLQ==
# =x5Ur
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Jul 2025 12:59:30 EDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20250701-1' of https://gitlab.com/pm215/qemu: (43 commits)
  tests/functional: test device passthrough on aarch64
  tests/functional: Expand Aarch64 SMMU tests to run on HVF accelerator
  tests/functional: Add hvf_available() helper
  tests/functional: Require TCG to run Aarch64 imx8mp-evk test
  tests/functional: Restrict nested Aarch64 Xen test to TCG
  tests/functional: Set sbsa-ref machine type in each test function
  hw/arm/sbsa-ref: Tidy up use of RAMLIMIT_GB definition
  hw/arm/virt: Rename cpu_post_init() -> post_cpus_gic_realized()
  hw/arm/virt: Make EL2 accelerator check an accept-list
  hw/arm/virt: Make EL3-guest accel check an accept-list
  target/arm: Restrict system register properties to system binary
  target/arm/hvf: Pass @target_el argument to hvf_raise_exception()
  target/arm: Correct KVM & HVF dtb_compatible value
  target/arm/hvf: Log $pc in hvf_unknown_hvc() trace event
  accel/hvf: Trace VM memory mapping
  target/arm/hvf: Trace hv_vcpu_run() failures
  target/arm/hvf: Directly re-lock BQL after hv_vcpu_run()
  target/arm: Unify gen_exception_internal()
  target/arm: Reduce arm_cpu_post_init() declaration scope
  target/arm: Remove arm_handle_psci_call() stub
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agoMerge tag 'qga-pull-2025-07-01' of https://github.com/kostyanf14/qemu into staging
Stefan Hajnoczi [Wed, 2 Jul 2025 08:24:03 +0000 (04:24 -0400)] 
Merge tag 'qga-pull-2025-07-01' of https://github.com/kostyanf14/qemu into staging

qga-pull-2025-07-01

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAmhj0ygACgkQ711egWG6
# hOfapA//VwouBLZL0LvytJSm2kSjwkzYGCcEwnvywjrVwhVBUI0BpV6MeWg3uZ6i
# 51wgFLrjLEiqFdYAPv9OyBM8mZe7iZ4G4vvTHeajwrdxGWQ241N6eg1zcmXhawiR
# NqvcdccIJmjtbb92VpbcXv2viZGsLBCn44Cv3GODpOPu1C/LUuNBo7YY8DL20ta2
# j9ojWauO3Qih1TadToPTUQ9Mu8Ysh86osKshq+XUIGO1y+Rgb7VYMbPg5dbVFxm0
# OPAmO+lIEh79jBwaITPE4wSlQVNZ8CoMbnS6jBYFDTw9ybi+Klr3NUQQkzc+ATbZ
# 1ybvtlpy9Ungqxa3A5nFqVgRhs+x6k9q+yQNL9dsOOtEJDVJdHKz5CgoJgrHMCdV
# jSKA00T49iTcSrvjCOv8SSY0Tey9HVmLBJ5Gl1WKZzpUfSz/W/aqNNHnfEf25GYN
# OhMei7nSi8y76TrTVize378UOctKQbWDaXfnzCHiLoNxioVg4Kl3iooLqsMA8oth
# EXfHbpz5xl2gRDp7KshU5xB0dL5LrWoN+Qo+9FiPZmXY7Yw1xflFNXTLvp8b2lQV
# 4y7AiZMY+dalENuGk0SyuP8STucDayc0pSSNTCY0vsi1+cC0NHixg9paO1xiCkNG
# asefLMQf2lP/zcoahVCGEK0IY6GSmnKy1dV0zFpFeVg7KN8geF0=
# =ON5m
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Jul 2025 08:23:04 EDT
# gpg:                using RSA key C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423  EB84 EF5D 5E81 61BA 84E7

* tag 'qga-pull-2025-07-01' of https://github.com/kostyanf14/qemu:
  qga/vss-win32: Add VSS provider unregistration retry
  qga-vss: Exit with non-zero code when register fail
  MAINTAINERS: Update Kostiantyn Kostiuk transliteration

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agotests/functional: test device passthrough on aarch64
Pierrick Bouvier [Fri, 27 Jun 2025 20:02:22 +0000 (13:02 -0700)] 
tests/functional: test device passthrough on aarch64

This test allows to document and exercise device passthrough, using a
nested virtual machine setup. Two disks are generated and passed to the
VM, and their content is compared to original images.

Guest and nested guests commands are executed through two scripts, and
init used in both system is configured to trigger a kernel panic in case
any command fails. This is more reliable and readable than executing all
commands through prompt injection and trying to guess what failed.

Initially, this test was supposed to test smmuv3 nested emulation
(combining both stages of translation), but I could not find any setup
(kernel + vmm) able to do the passthrough correctly, despite several
tries.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20250627200222.5172-1-pierrick.bouvier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotests/functional: Expand Aarch64 SMMU tests to run on HVF accelerator
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:36 +0000 (15:08 +0100)] 
tests/functional: Expand Aarch64 SMMU tests to run on HVF accelerator

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250623121845.7214-27-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotests/functional: Add hvf_available() helper
Peter Maydell [Tue, 1 Jul 2025 16:22:27 +0000 (17:22 +0100)] 
tests/functional: Add hvf_available() helper

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20250623121845.7214-26-philmd@linaro.org
[PMM: tweaks to satisfy the python linter CI job]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotests/functional: Require TCG to run Aarch64 imx8mp-evk test
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:36 +0000 (15:08 +0100)] 
tests/functional: Require TCG to run Aarch64 imx8mp-evk test

The imx8mp-evk machine can only run with the TCG accelerator.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20250623121845.7214-25-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotests/functional: Restrict nested Aarch64 Xen test to TCG
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:35 +0000 (15:08 +0100)] 
tests/functional: Restrict nested Aarch64 Xen test to TCG

Currently QEMU only support accelerating EL0 and EL1, so features
requiring EL2 (like virtualization) or EL3 must be emulated with TCG.

On macOS this test fails:

  qemu-system-aarch64: mach-virt: HVF does not support providing Virtualization extensions to the guest CPU

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-24-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotests/functional: Set sbsa-ref machine type in each test function
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:35 +0000 (15:08 +0100)] 
tests/functional: Set sbsa-ref machine type in each test function

fetch_firmware() is only about fetching firmware.
Set the machine type and its default console in
test_sbsaref_edk2_firmware().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
Message-id: 20250623121845.7214-23-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/sbsa-ref: Tidy up use of RAMLIMIT_GB definition
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:35 +0000 (15:08 +0100)] 
hw/arm/sbsa-ref: Tidy up use of RAMLIMIT_GB definition

Define RAMLIMIT_BYTES using the TiB definition and display
the error parsed with size_to_str():

  $ qemu-system-aarch64-unsigned -M sbsa-ref -m 9T
  qemu-system-aarch64-unsigned: sbsa-ref: cannot model more than 8 TiB of RAM

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-22-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt: Rename cpu_post_init() -> post_cpus_gic_realized()
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:35 +0000 (15:08 +0100)] 
hw/arm/virt: Rename cpu_post_init() -> post_cpus_gic_realized()

QDev uses _post_init() during instance creation, before being
realized. Since here both vCPUs and GIC are REALIZED, rename
as virt_post_cpus_gic_realized() for clarity.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-21-philmd@linaro.org
[PMM: also fixed up comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt: Make EL2 accelerator check an accept-list
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:34 +0000 (15:08 +0100)] 
hw/arm/virt: Make EL2 accelerator check an accept-list

Currently only the TCG and qtest accelerators can handle an EL2
guest.  Instead of making the condition check be "fail if KVM or HVF"
(an exclude-list), make it a be "allow if TCG or qtest" (an
accept-list).

This is better for if/when we add new accelerators, as it makes the
default be that we forbid an EL2 guest.  This is the most likely to
be correct and also "fails safe"; if the new accelerator really can
support EL2 guests then the implementor will see that they need to
add it to the accept-list.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250623121845.7214-20-philmd@linaro.org
[PMM: rewrote commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt: Make EL3-guest accel check an accept-list
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:34 +0000 (15:08 +0100)] 
hw/arm/virt: Make EL3-guest accel check an accept-list

Currently only the TCG and qtest accelerators can handle an EL3
guest.  Instead of making the condition check be "fail if KVM or HVF"
(an exclude-list), make it a be "allow if TCG or qtest" (an
accept-list).

This is better for if/when we add new accelerators, as it makes the
default be that we forbid an EL3 guest.  This is the most likely to
be correct and also "fails safe"; if the new accelerator really can
support EL3 guests then the implementor will see that they need to
add it to the accept-list.

Reported-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-19-philmd@linaro.org
[PMM: rewrote commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Restrict system register properties to system binary
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:34 +0000 (15:08 +0100)] 
target/arm: Restrict system register properties to system binary

Do not expose the following system-specific properties on user-mode
binaries:

 - psci-conduit
 - cntfrq (ARM_FEATURE_GENERIC_TIMER)
 - rvbar (ARM_FEATURE_V8)
 - has-mpu (ARM_FEATURE_PMSA)
 - pmsav7-dregion (ARM_FEATURE_PMSA)
 - reset-cbar (ARM_FEATURE_CBAR)
 - reset-hivecs (ARM_FEATURE_M)
 - init-nsvtor (ARM_FEATURE_M)
 - init-svtor (ARM_FEATURE_M_SECURITY)
 - idau (ARM_FEATURE_M_SECURITY)

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-13-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm/hvf: Pass @target_el argument to hvf_raise_exception()
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:34 +0000 (15:08 +0100)] 
target/arm/hvf: Pass @target_el argument to hvf_raise_exception()

In preparation of raising exceptions at EL2, add the 'target_el'
argument to hvf_raise_exception().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-12-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Correct KVM & HVF dtb_compatible value
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:33 +0000 (15:08 +0100)] 
target/arm: Correct KVM & HVF dtb_compatible value

Linux kernel knows how to parse "arm,armv8", not "arm,arm-v8".

See arch/arm64/boot/dts/foundation-v8.dts:

  https://github.com/torvalds/linux/commit/90556ca1ebdd

Cc: qemu-stable@nongnu.org
Fixes: 26861c7ce06 ("target-arm: Add minimal KVM AArch64 support")
Fixes: 585df85efea ("hvf: arm: Implement -cpu host")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-10-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm/hvf: Log $pc in hvf_unknown_hvc() trace event
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:33 +0000 (15:08 +0100)] 
target/arm/hvf: Log $pc in hvf_unknown_hvc() trace event

Tracing $PC for unknown HVC instructions to not have to
look at the disassembled flow of instructions.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-9-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoaccel/hvf: Trace VM memory mapping
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:33 +0000 (15:08 +0100)] 
accel/hvf: Trace VM memory mapping

Trace memory mapped / unmapped in the guest.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-8-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm/hvf: Trace hv_vcpu_run() failures
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:32 +0000 (15:08 +0100)] 
target/arm/hvf: Trace hv_vcpu_run() failures

Allow distinguishing HV_ILLEGAL_GUEST_STATE in trace events.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-7-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm/hvf: Directly re-lock BQL after hv_vcpu_run()
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:32 +0000 (15:08 +0100)] 
target/arm/hvf: Directly re-lock BQL after hv_vcpu_run()

Keep bql_unlock() / bql_lock() close.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20250623121845.7214-6-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Unify gen_exception_internal()
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:32 +0000 (15:08 +0100)] 
target/arm: Unify gen_exception_internal()

Same code, use the generic variant.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-4-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Reduce arm_cpu_post_init() declaration scope
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:32 +0000 (15:08 +0100)] 
target/arm: Reduce arm_cpu_post_init() declaration scope

arm_cpu_post_init() is only used within the same file unit.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-3-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Remove arm_handle_psci_call() stub
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:31 +0000 (15:08 +0100)] 
target/arm: Remove arm_handle_psci_call() stub

Since commit 0c1aaa66c24 ("target/arm: wrap psci call with
tcg_enabled") the arm_handle_psci_call() call is elided
when TCG is disabled.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250623121845.7214-2-philmd@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoqtest/bios-tables-test: Update blobs for its=off test on aarch64
Gustavo Romero [Tue, 1 Jul 2025 14:08:31 +0000 (15:08 +0100)] 
qtest/bios-tables-test: Update blobs for its=off test on aarch64

Update blobs for the its=off test on aarch64 after fix.

Basically, all structs related to ITS are gone in MADT and IORT
tables after the fix (previously ITS was not properly disabled
when "its=off" option was passed to the machine).

MADT diff:

 [000h 0000   4]                    Signature : "APIC"    [Multiple APIC Description Table (MADT)]
-[004h 0004   4]                 Table Length : 000000B8
+[004h 0004   4]                 Table Length : 000000A4
 [008h 0008   1]                     Revision : 04
-[009h 0009   1]                     Checksum : C1
+[009h 0009   1]                     Checksum : 08
 [00Ah 0010   6]                       Oem ID : "BOCHS "
 [010h 0016   8]                 Oem Table ID : "BXPC    "
 [018h 0024   4]                 Oem Revision : 00000001
 [01Ch 0028   4]              Asl Compiler ID : "BXPC"
 [020h 0032   4]        Asl Compiler Revision : 00000001

 [024h 0036   4]           Local Apic Address : 00000000
 [028h 0040   4]        Flags (decoded below) : 00000000
                          PC-AT Compatibility : 0

 [02Ch 0044   1]                Subtable Type : 0C [Generic Interrupt Distributor]
 [02Dh 0045   1]                       Length : 18
 [02Eh 0046   2]                     Reserved : 0000
 [030h 0048   4]        Local GIC Hardware ID : 00000000
 [034h 0052   8]                 Base Address : 0000000008000000
 [03Ch 0060   4]               Interrupt Base : 00000000
@@ -48,37 +48,29 @@
 [064h 0100   8]                 Base Address : 0000000000000000
 [06Ch 0108   8]     Virtual GIC Base Address : 0000000000000000
 [074h 0116   8]  Hypervisor GIC Base Address : 0000000000000000
 [07Ch 0124   4]        Virtual GIC Interrupt : 00000000
 [080h 0128   8]   Redistributor Base Address : 0000000000000000
 [088h 0136   8]                    ARM MPIDR : 0000000000000000
 [090h 0144   1]             Efficiency Class : 00
 [091h 0145   1]                     Reserved : 00
 [092h 0146   2]       SPE Overflow Interrupt : 0000

 [094h 0148   1]                Subtable Type : 0E [Generic Interrupt Redistributor]
 [095h 0149   1]                       Length : 10
 [096h 0150   2]                     Reserved : 0000
 [098h 0152   8]                 Base Address : 00000000080A0000
 [0A0h 0160   4]                       Length : 00F60000

-[0A4h 0164   1]                Subtable Type : 0F [Generic Interrupt Translator]
-[0A5h 0165   1]                       Length : 14
-[0A6h 0166   2]                     Reserved : 0000
-[0A8h 0168   4]               Translation ID : 00000000
-[0ACh 0172   8]                 Base Address : 0000000008080000
-[0B4h 0180   4]                     Reserved : 00000000

IORT diff:

 [000h 0000   4]                    Signature : "IORT"    [IO Remapping Table]
-[004h 0004   4]                 Table Length : 000000EC
+[004h 0004   4]                 Table Length : 000000AC
 [008h 0008   1]                     Revision : 03
-[009h 0009   1]                     Checksum : 57
+[009h 0009   1]                     Checksum : 97
 [00Ah 0010   6]                       Oem ID : "BOCHS "
 [010h 0016   8]                 Oem Table ID : "BXPC    "
 [018h 0024   4]                 Oem Revision : 00000001
 [01Ch 0028   4]              Asl Compiler ID : "BXPC"
 [020h 0032   4]        Asl Compiler Revision : 00000001

-[024h 0036   4]                   Node Count : 00000003
+[024h 0036   4]                   Node Count : 00000002
 [028h 0040   4]                  Node Offset : 00000030
 [02Ch 0044   4]                     Reserved : 00000000

-[030h 0048   1]                         Type : 00
-[031h 0049   2]                       Length : 0018
-[033h 0051   1]                     Revision : 01
+[030h 0048   1]                         Type : 04
+[031h 0049   2]                       Length : 0044
+[033h 0051   1]                     Revision : 04
 [034h 0052   4]                     Reserved : 00000000
 [038h 0056   4]                Mapping Count : 00000000
 [03Ch 0060   4]               Mapping Offset : 00000000

-[040h 0064   4]                     ItsCount : 00000001
-[044h 0068   4]                  Identifiers : 00000000
-
-[048h 0072   1]                         Type : 04
-[049h 0073   2]                       Length : 0058
-[04Bh 0075   1]                     Revision : 04
-[04Ch 0076   4]                     Reserved : 00000001
-[050h 0080   4]                Mapping Count : 00000001
-[054h 0084   4]               Mapping Offset : 00000044
-
-[058h 0088   8]                 Base Address : 0000000009050000
-[060h 0096   4]        Flags (decoded below) : 00000001
+[040h 0064   8]                 Base Address : 0000000009050000
+[048h 0072   4]        Flags (decoded below) : 00000001
                              COHACC Override : 1
                                HTTU Override : 0
                       Proximity Domain Valid : 0
-[064h 0100   4]                     Reserved : 00000000
-[068h 0104   8]                VATOS Address : 0000000000000000
-[070h 0112   4]                        Model : 00000000
-[074h 0116   4]                   Event GSIV : 0000006A
-[078h 0120   4]                     PRI GSIV : 0000006B
-[07Ch 0124   4]                    GERR GSIV : 0000006D
-[080h 0128   4]                    Sync GSIV : 0000006C
-[084h 0132   4]             Proximity Domain : 00000000
-[088h 0136   4]      Device ID Mapping Index : 00000000
-
-[08Ch 0140   4]                   Input base : 00000000
-[090h 0144   4]                     ID Count : 0000FFFF
-[094h 0148   4]                  Output Base : 00000000
-[098h 0152   4]             Output Reference : 00000030
-[09Ch 0156   4]        Flags (decoded below) : 00000000
-                              Single Mapping : 0
-
-[0A0h 0160   1]                         Type : 02
-[0A1h 0161   2]                       Length : 004C
-[0A3h 0163   1]                     Revision : 03
-[0A4h 0164   4]                     Reserved : 00000002
-[0A8h 0168   4]                Mapping Count : 00000002
-[0ACh 0172   4]               Mapping Offset : 00000024
-
-[0B0h 0176   8]            Memory Properties : [IORT Memory Access Properties]
-[0B0h 0176   4]              Cache Coherency : 00000001
-[0B4h 0180   1]        Hints (decoded below) : 00
+[04Ch 0076   4]                     Reserved : 00000000
+[050h 0080   8]                VATOS Address : 0000000000000000
+[058h 0088   4]                        Model : 00000000
+[05Ch 0092   4]                   Event GSIV : 0000006A
+[060h 0096   4]                     PRI GSIV : 0000006B
+[064h 0100   4]                    GERR GSIV : 0000006D
+[068h 0104   4]                    Sync GSIV : 0000006C
+[06Ch 0108   4]             Proximity Domain : 00000000
+[070h 0112   4]      Device ID Mapping Index : 00000000
+
+[074h 0116   1]                         Type : 02
+[075h 0117   2]                       Length : 0038
+[077h 0119   1]                     Revision : 03
+[078h 0120   4]                     Reserved : 00000001
+[07Ch 0124   4]                Mapping Count : 00000001
+[080h 0128   4]               Mapping Offset : 00000024
+
+[084h 0132   8]            Memory Properties : [IORT Memory Access Properties]
+[084h 0132   4]              Cache Coherency : 00000001
+[088h 0136   1]        Hints (decoded below) : 00
                                    Transient : 0
                               Write Allocate : 0
                                Read Allocate : 0
                                     Override : 0
-[0B5h 0181   2]                     Reserved : 0000
-[0B7h 0183   1] Memory Flags (decoded below) : 03
+[089h 0137   2]                     Reserved : 0000
+[08Bh 0139   1] Memory Flags (decoded below) : 03
                                    Coherency : 1
                             Device Attribute : 1
-[0B8h 0184   4]                ATS Attribute : 00000000
-[0BCh 0188   4]           PCI Segment Number : 00000000
-[0C0h 0192   1]            Memory Size Limit : 40
-[0C1h 0193   3]                     Reserved : 000000
-
-[0C4h 0196   4]                   Input base : 00000000
-[0C8h 0200   4]                     ID Count : 000000FF
-[0CCh 0204   4]                  Output Base : 00000000
-[0D0h 0208   4]             Output Reference : 00000048
-[0D4h 0212   4]        Flags (decoded below) : 00000000
-                              Single Mapping : 0
-
-[0D8h 0216   4]                   Input base : 00000100
-[0DCh 0220   4]                     ID Count : 0000FEFF
-[0E0h 0224   4]                  Output Base : 00000100
-[0E4h 0228   4]             Output Reference : 00000030
-[0E8h 0232   4]        Flags (decoded below) : 00000000
+[08Ch 0140   4]                ATS Attribute : 00000000
+[090h 0144   4]           PCI Segment Number : 00000000
+[094h 0148   1]            Memory Size Limit : 40
+[095h 0149   3]                     Reserved : 000000
+
+[098h 0152   4]                   Input base : 00000000
+[09Ch 0156   4]                     ID Count : 000000FF
+[0A0h 0160   4]                  Output Base : 00000000
+[0A4h 0164   4]             Output Reference : 00000030
+[0A8h 0168   4]        Flags (decoded below) : 00000000
                               Single Mapping : 0

Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20250628195722.977078-10-gustavo.romero@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt-acpi-build: Fix ACPI IORT and MADT tables when its=off
Gustavo Romero [Tue, 1 Jul 2025 14:08:31 +0000 (15:08 +0100)] 
hw/arm/virt-acpi-build: Fix ACPI IORT and MADT tables when its=off

Currently, the ITS Group nodes in the IORT table and the GIC ITS Struct
in the MADT table are always generated, even if GIC ITS is not available
on the machine.

This commit fixes it by not generating the ITS Group nodes, not mapping
any other node to them, and not advertising the GIC ITS in the MADT
table, when GIC ITS is not available on the machine.

Since the fix changes the MADT and IORT tables, add the blobs for the
"its=off" test to the allow list and update them in the next commit.

This commit also renames the smmu_idmaps and its_idmaps variables in
build_iort() to rc_smmu_idmaps and rc_its_idmaps, respectively, to make
it clearer which nodes are involved in the mappings associated with
these variables.

Reported-by: Udo Steinberg <udo@hypervisor.org>
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20250628195722.977078-9-gustavo.romero@linaro.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2886
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Co-authored-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMM: wrapped an overlong comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoqtest/bios-tables-test: Add blobs for its=off test on aarch64
Gustavo Romero [Tue, 1 Jul 2025 14:08:31 +0000 (15:08 +0100)] 
qtest/bios-tables-test: Add blobs for its=off test on aarch64

Add blobs for test_acpi_aarch64_virt_tcg_its_off(), which introduces a
new variant, .its_off, that requires variations of the MADT and IORT
tables.

MADT (aka APIC) diff:

+[000h 0000   4]                    Signature : "APIC"    [Multiple APIC Description Table (MADT)]
+[004h 0004   4]                 Table Length : 000000B8
+[008h 0008   1]                     Revision : 04
+[009h 0009   1]                     Checksum : C1
+[00Ah 0010   6]                       Oem ID : "BOCHS "
+[010h 0016   8]                 Oem Table ID : "BXPC    "
+[018h 0024   4]                 Oem Revision : 00000001
+[01Ch 0028   4]              Asl Compiler ID : "BXPC"
+[020h 0032   4]        Asl Compiler Revision : 00000001
+
+[024h 0036   4]           Local Apic Address : 00000000
+[028h 0040   4]        Flags (decoded below) : 00000000
+                         PC-AT Compatibility : 0
+
+[02Ch 0044   1]                Subtable Type : 0C [Generic Interrupt Distributor]
+[02Dh 0045   1]                       Length : 18
+[02Eh 0046   2]                     Reserved : 0000
+[030h 0048   4]        Local GIC Hardware ID : 00000000
+[034h 0052   8]                 Base Address : 0000000008000000
+[03Ch 0060   4]               Interrupt Base : 00000000
+[040h 0064   1]                      Version : 03
+[041h 0065   3]                     Reserved : 000000
+
+[044h 0068   1]                Subtable Type : 0B [Generic Interrupt Controller]
+[045h 0069   1]                       Length : 50
+[046h 0070   2]                     Reserved : 0000
+[048h 0072   4]         CPU Interface Number : 00000000
+[04Ch 0076   4]                Processor UID : 00000000
+[050h 0080   4]        Flags (decoded below) : 00000001
+                           Processor Enabled : 1
+          Performance Interrupt Trigger Mode : 0
+          Virtual GIC Interrupt Trigger Mode : 0
+[054h 0084   4]     Parking Protocol Version : 00000000
+[058h 0088   4]        Performance Interrupt : 00000017
+[05Ch 0092   8]               Parked Address : 0000000000000000
+[064h 0100   8]                 Base Address : 0000000000000000
+[06Ch 0108   8]     Virtual GIC Base Address : 0000000000000000
+[074h 0116   8]  Hypervisor GIC Base Address : 0000000000000000
+[07Ch 0124   4]        Virtual GIC Interrupt : 00000000
+[080h 0128   8]   Redistributor Base Address : 0000000000000000
+[088h 0136   8]                    ARM MPIDR : 0000000000000000
+[090h 0144   1]             Efficiency Class : 00
+[091h 0145   1]                     Reserved : 00
+[092h 0146   2]       SPE Overflow Interrupt : 0000
+
+[094h 0148   1]                Subtable Type : 0E [Generic Interrupt Redistributor]
+[095h 0149   1]                       Length : 10
+[096h 0150   2]                     Reserved : 0000
+[098h 0152   8]                 Base Address : 00000000080A0000
+[0A0h 0160   4]                       Length : 00F60000
+
+[0A4h 0164   1]                Subtable Type : 0F [Generic Interrupt Translator]
+[0A5h 0165   1]                       Length : 14
+[0A6h 0166   2]                     Reserved : 0000
+[0A8h 0168   4]               Translation ID : 00000000
+[0ACh 0172   8]                 Base Address : 0000000008080000
+[0B4h 0180   4]                     Reserved : 00000000

IORT diff:

+[000h 0000   4]                    Signature : "IORT"    [IO Remapping Table]
+[004h 0004   4]                 Table Length : 000000EC
+[008h 0008   1]                     Revision : 03
+[009h 0009   1]                     Checksum : 57
+[00Ah 0010   6]                       Oem ID : "BOCHS "
+[010h 0016   8]                 Oem Table ID : "BXPC    "
+[018h 0024   4]                 Oem Revision : 00000001
+[01Ch 0028   4]              Asl Compiler ID : "BXPC"
+[020h 0032   4]        Asl Compiler Revision : 00000001
+
+[024h 0036   4]                   Node Count : 00000003
+[028h 0040   4]                  Node Offset : 00000030
+[02Ch 0044   4]                     Reserved : 00000000
+
+[030h 0048   1]                         Type : 00
+[031h 0049   2]                       Length : 0018
+[033h 0051   1]                     Revision : 01
+[034h 0052   4]                     Reserved : 00000000
+[038h 0056   4]                Mapping Count : 00000000
+[03Ch 0060   4]               Mapping Offset : 00000000
+
+[040h 0064   4]                     ItsCount : 00000001
+[044h 0068   4]                  Identifiers : 00000000
+
+[048h 0072   1]                         Type : 04
+[049h 0073   2]                       Length : 0058
+[04Bh 0075   1]                     Revision : 04
+[04Ch 0076   4]                     Reserved : 00000001
+[050h 0080   4]                Mapping Count : 00000001
+[054h 0084   4]               Mapping Offset : 00000044
+
+[058h 0088   8]                 Base Address : 0000000009050000
+[060h 0096   4]        Flags (decoded below) : 00000001
+                             COHACC Override : 1
+                               HTTU Override : 0
+                      Proximity Domain Valid : 0
+[064h 0100   4]                     Reserved : 00000000
+[068h 0104   8]                VATOS Address : 0000000000000000
+[070h 0112   4]                        Model : 00000000
+[074h 0116   4]                   Event GSIV : 0000006A
+[078h 0120   4]                     PRI GSIV : 0000006B
+[07Ch 0124   4]                    GERR GSIV : 0000006D
+[080h 0128   4]                    Sync GSIV : 0000006C
+[084h 0132   4]             Proximity Domain : 00000000
+[088h 0136   4]      Device ID Mapping Index : 00000000
+
+[08Ch 0140   4]                   Input base : 00000000
+[090h 0144   4]                     ID Count : 0000FFFF
+[094h 0148   4]                  Output Base : 00000000
+[098h 0152   4]             Output Reference : 00000030
+[09Ch 0156   4]        Flags (decoded below) : 00000000
+                              Single Mapping : 0
+
+[0A0h 0160   1]                         Type : 02
+[0A1h 0161   2]                       Length : 004C
+[0A3h 0163   1]                     Revision : 03
+[0A4h 0164   4]                     Reserved : 00000002
+[0A8h 0168   4]                Mapping Count : 00000002
+[0ACh 0172   4]               Mapping Offset : 00000024
+
+[0B0h 0176   8]            Memory Properties : [IORT Memory Access Properties]
+[0B0h 0176   4]              Cache Coherency : 00000001
+[0B4h 0180   1]        Hints (decoded below) : 00
+                                   Transient : 0
+                              Write Allocate : 0
+                               Read Allocate : 0
+                                    Override : 0
+[0B5h 0181   2]                     Reserved : 0000
+[0B7h 0183   1] Memory Flags (decoded below) : 03
+                                   Coherency : 1
+                            Device Attribute : 1
+[0B8h 0184   4]                ATS Attribute : 00000000
+[0BCh 0188   4]           PCI Segment Number : 00000000
+[0C0h 0192   1]            Memory Size Limit : 40
+[0C1h 0193   3]                     Reserved : 000000
+
+[0C4h 0196   4]                   Input base : 00000000
+[0C8h 0200   4]                     ID Count : 000000FF
+[0CCh 0204   4]                  Output Base : 00000000
+[0D0h 0208   4]             Output Reference : 00000048
+[0D4h 0212   4]        Flags (decoded below) : 00000000
+                              Single Mapping : 0
+
+[0D8h 0216   4]                   Input base : 00000100
+[0DCh 0220   4]                     ID Count : 0000FEFF
+[0E0h 0224   4]                  Output Base : 00000100
+[0E4h 0228   4]             Output Reference : 00000030
+[0E8h 0232   4]        Flags (decoded below) : 00000000
+                              Single Mapping : 0

Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20250628195722.977078-8-gustavo.romero@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoqtest/bios-tables-test: Add test for when ITS is off on aarch64
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:30 +0000 (15:08 +0100)] 
qtest/bios-tables-test: Add test for when ITS is off on aarch64

Arm64 GIC ITS (Interrupt Translation Service) is an optional piece of
hardware introduced in GICv3 and, being optional, it can be disabled
in QEMU aarch64 VMs that support it using machine option "its=off",
like, for instance: "-M virt,its=off".

In ACPI, the ITS is advertised, if present, in the MADT (aka APIC)
table, while the ID mappings from the Root Complex (RC) and from the
SMMU nodes to the ITS Group nodes are described in the IORT table.

This new test verifies that when the "its=off" option is passed to the
machine the ITS-related data is correctly pruned from the ACPI tables.

The new blobs for this test will be added in a following commit.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20250628195722.977078-7-gustavo.romero@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt-acpi-build: Factor out create_its_idmaps
Gustavo Romero [Tue, 1 Jul 2025 14:08:30 +0000 (15:08 +0100)] 
hw/arm/virt-acpi-build: Factor out create_its_idmaps

Factor out a new function, create_its_idmaps(), from the current
build_iort code. Add proper comments to it clarifying how the ID ranges
that go directly to the ITS Group node are computed based on the ones
that are directed to the SMMU node.

Suggested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20250628195722.977078-6-gustavo.romero@linaro.org
[PMM: drop hardcoded tabs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt-acpi-build: Improve comment in build_iort
Gustavo Romero [Tue, 1 Jul 2025 14:08:30 +0000 (15:08 +0100)] 
hw/arm/virt-acpi-build: Improve comment in build_iort

When building the Root Complex table, the comment about the code that
maps the RC node to SMMU node is misleading because it reads
"RC -> SMMUv3 -> ITS", but the code is only mapping the RCs IDs to the
SMMUv3 node. The step of mapping from the SMMUv3 IDs to the ITS Group
node is actually defined in another table (in the SMMUv3 node). So
change the comment to read "RC -> SMMUv3" instead.

Signed-off-by Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20250628195722.977078-5-gustavo.romero@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt: Simplify create_its()
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:30 +0000 (15:08 +0100)] 
hw/arm/virt: Simplify create_its()

No need to strstr() check the class name when we can use
kvm_irqchip_in_kernel() to check if the ITS from the host can be used.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20250628195722.977078-4-gustavo.romero@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/arm/virt: Simplify logic for setting instance's 'tcg_its' variable
Gustavo Romero [Tue, 1 Jul 2025 14:08:29 +0000 (15:08 +0100)] 
hw/arm/virt: Simplify logic for setting instance's 'tcg_its' variable

Because 'tcg_its' in the machine instance is set based on the machine
class’s negated variable 'no_tcg_its', 'tcg_its' is the opposite of
'no_tcg_its' and hence the code in question can be simplified as:
tcg_its = !no_tcg_its.

Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20250628195722.977078-3-gustavo.romero@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/intc/gicv3_its: Do not check its_class_name()
Philippe Mathieu-Daudé [Tue, 1 Jul 2025 14:08:29 +0000 (15:08 +0100)] 
hw/intc/gicv3_its: Do not check its_class_name()

Since commit cc5e719e2c8 ("kvm: require KVM_CAP_SIGNAL_MSI"), the single
implementation of its_class_name() no longer returns NULL (it now always
returns a valid char pointer). Hence, update the prototype docstring and
remove the tautological checks that use the its_class_name() returned
value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20250628195722.977078-2-gustavo.romero@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/kvm: use fd instead of fdarray[2]
Cornelia Huck [Tue, 1 Jul 2025 14:08:29 +0000 (15:08 +0100)] 
arm/kvm: use fd instead of fdarray[2]

We have fd, so might as well neaten things up.

Suggested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-15-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store id_mmfr0-5 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:29 +0000 (15:08 +0100)] 
arm/cpu: Store id_mmfr0-5 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-12-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store id_dfr0/1 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:28 +0000 (15:08 +0100)] 
arm/cpu: Store id_dfr0/1 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-11-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store id_pfr0/1/2 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:28 +0000 (15:08 +0100)] 
arm/cpu: Store id_pfr0/1/2 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-10-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store id_isar0-7 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:28 +0000 (15:08 +0100)] 
arm/cpu: Store id_isar0-7 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-9-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store aa64smfr0 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:27 +0000 (15:08 +0100)] 
arm/cpu: Store aa64smfr0 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-8-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store aa64dfr0/1 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:27 +0000 (15:08 +0100)] 
arm/cpu: Store aa64dfr0/1 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-7-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store aa64mmfr0-3 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:27 +0000 (15:08 +0100)] 
arm/cpu: Store aa64mmfr0-3 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-6-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store aa64pfr0/1 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:26 +0000 (15:08 +0100)] 
arm/cpu: Store aa64pfr0/1 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-5-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store aa64isar1/2 into the idregs array
Eric Auger [Tue, 1 Jul 2025 14:08:26 +0000 (15:08 +0100)] 
arm/cpu: Store aa64isar1/2 into the idregs array

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-4-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Store aa64isar0/aa64zfr0 into the idregs arrays
Eric Auger [Tue, 1 Jul 2025 14:08:26 +0000 (15:08 +0100)] 
arm/cpu: Store aa64isar0/aa64zfr0 into the idregs arrays

Also add kvm accessors for storing host features into idregs.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-3-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoarm/cpu: Add sysreg definitions in cpu-sysregs.h
Eric Auger [Tue, 1 Jul 2025 14:08:26 +0000 (15:08 +0100)] 
arm/cpu: Add sysreg definitions in cpu-sysregs.h

This new header contains macros that define aarch64 registers.
In a subsequent patch, this will be replaced by a more exhaustive
version that will be generated from linux arch/arm64/tools/sysreg
file. Those macros are sufficient to migrate the storage of those
ID regs from named fields in isar struct to an array cell.

[CH: reworked to use different structures]
[CH: moved accessors from the patches first using them to here,
     dropped interaction with writable registers, which will happen
     later]
[CH: use DEF magic suggested by rth]
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250617153931.1330449-2-cohuck@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/arm: Make RETA[AB] UNDEF when pauth is not implemented
Solomon Tan [Tue, 1 Jul 2025 14:08:25 +0000 (15:08 +0100)] 
target/arm: Make RETA[AB] UNDEF when pauth is not implemented

According to the Arm A-profile A64 Instruction Set Architecture,
RETA[AB] should be decoded as UNDEF if the pauth feature is not
implemented.

We got this right in the initial implementation, but accidentally
dropped the feature-check when we converted these insns to
decodetree.

Cc: qemu-stable@nongnu.org
Fixes: 0ebbe9021254f ("target/arm: Convert BRA[AB]Z, BLR[AB]Z, RETA[AB] to decodetree")
Signed-off-by: Solomon Tan <root@wjsota.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250616171549.59190-1-root@wjsota.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMAINTAINERS: add myself as reviewer for Apple Silicon HVF
Mads Ynddal [Tue, 1 Jul 2025 14:08:25 +0000 (15:08 +0100)] 
MAINTAINERS: add myself as reviewer for Apple Silicon HVF

I've both publicly and private been digging around the Apple Silicon HVF code,
and use it daily as part of my job. I feel I have a solid understanding of it,
so I thought I'd step up and assist.

I've added myself as reviewer to the common "HVF" as well, to be informed of
changes that might affect the Apple Silicon HVF code, which will be my primary
focus.

Signed-off-by: Mads Ynddal <mads@ynddal.dk>
Message-id: 20250617093001.70080-1-mads@ynddal.dk
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge tag 'pull-tcg-20250630' of https://gitlab.com/rth7680/qemu into staging
Stefan Hajnoczi [Tue, 1 Jul 2025 08:25:07 +0000 (04:25 -0400)] 
Merge tag 'pull-tcg-20250630' of https://gitlab.com/rth7680/qemu into staging

tcg/optimize: Build and use one's mask in logical operations
tcg/optimize: Use fold_and in do_constant_folding_cond[12]
tcg/optimize: Fold and to extract during optimize
tcg/optimize: Simplify some fold constant checks
tcg/riscv: Fix typo in tgen_extract
tcg: Fix constant propagation in tcg_reg_alloc_dup

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmhirQYdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9uvAgArBOTndFCLuPAubS/
# 3wg4L1TivXm/uEkZeNUSZ/x9i0eDE9/tDb5iRTH4vVkySndCgIQHbahrgNV349iM
# hny7pONlZxpNyfbEsvfsgY1wdy5vdHD+EpCV4ycO579DEHwZM0Q/CfXKQjbMP2oq
# 95zXgoIO5aCqTFZ8Eqa3WpiRvCQe9yHFMNBfm5btsmtyKHAvB+vSYwQskngwVYCJ
# 5KWpzOVwBOgXZ7wRBAojOODizw7z9C32uTT5D1o0fxuuOUdtiU7rQbLgiomno/FM
# BFz4cLY5+EehJSmXRbw7XbgsL5cICFSgTsFlnH9D8iqSnJFk//JMRQTUsHH42BGM
# Sa9sWg==
# =DuOD
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 30 Jun 2025 11:28:06 EDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20250630' of https://gitlab.com/rth7680/qemu: (29 commits)
  tcg: Fix constant propagation in tcg_reg_alloc_dup
  tcg/riscv: Fix typo in tgen_extract
  tcg/optimize: Simplify fold_eqv constant checks
  tcg/optimize: Simplify fold_orc constant checks
  tcg/optimize: Simplify fold_andc constant checks
  tcg/optimize: Simplify fold_and constant checks
  tcg/optimize: Fold and to extract during optimize
  tcg/optimize: Use fold_and in do_constant_folding_cond[12]
  tcg/optimize: Build and use o_bits in fold_shift
  tcg/optimize: Build and use o_bits in fold_sextract
  tcg/optimize: Build and use o_bits in fold_movcond
  tcg/optimize: Build and use o_bits in fold_extu
  tcg/optimize: Build and use o_bits in fold_exts
  tcg/optimize: Build and use z_bits and o_bits in fold_extract2
  tcg/optimize: Build and use o_bits in fold_extract
  tcg/optimize: Build and use o_bits in fold_deposit
  tcg/optimize: Build and use o_bits in fold_bswap
  tcg/optimize: Build and use o_bits in fold_xor
  tcg/optimize: Build and use zero, one and affected bits in fold_orc
  tcg/optimize: Build and use one and affected bits in fold_or
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agotcg: Fix constant propagation in tcg_reg_alloc_dup
Richard Henderson [Sat, 28 Jun 2025 15:57:53 +0000 (09:57 -0600)] 
tcg: Fix constant propagation in tcg_reg_alloc_dup

The scalar constant must be replicated for dup.

Cc: qemu-stable@nongnu.org
Fixes: bab1671f0fa ("tcg: Manually expand INDEX_op_dup_vec")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3002
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/riscv: Fix typo in tgen_extract
Richard Henderson [Fri, 27 Jun 2025 13:22:27 +0000 (06:22 -0700)] 
tcg/riscv: Fix typo in tgen_extract

Fix the direction of the shift, introduced when converting
the codebase to TCGOutOp* and small tgen_* helpers.

Fixes: 5a4d034f3cb ("tcg: Convert extract to TCGOutOpExtract")
Reported-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Andrea Bolognani <abologna@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
3 months agotcg/optimize: Simplify fold_eqv constant checks
Richard Henderson [Tue, 10 Dec 2024 14:30:50 +0000 (08:30 -0600)] 
tcg/optimize: Simplify fold_eqv constant checks

Both cases are handled by fold_xor after conversion.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Simplify fold_orc constant checks
Richard Henderson [Tue, 10 Dec 2024 14:14:35 +0000 (08:14 -0600)] 
tcg/optimize: Simplify fold_orc constant checks

If operand 2 is constant, then the computation of z_mask and a_mask
will produce the same results as the explicit check via fold_xi_to_i.
Shift the calls of fold_xx_to_i and fold_ix_to_not down below the
i2->is_const check.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Simplify fold_andc constant checks
Richard Henderson [Mon, 9 Dec 2024 23:56:10 +0000 (17:56 -0600)] 
tcg/optimize: Simplify fold_andc constant checks

If operand 2 is constant, then the computation of z_mask and a_mask
will produce the same results as the explicit check via fold_xi_to_i.
Shift the calls of fold_xx_to_i and fold_ix_to_not down below the
i2->is_const check.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Simplify fold_and constant checks
Richard Henderson [Mon, 9 Dec 2024 23:48:02 +0000 (17:48 -0600)] 
tcg/optimize: Simplify fold_and constant checks

If operand 2 is constant, then the computation of z_mask
and a_mask will produce the same results as the explicit
checks via fold_xi_to_i and fold_xi_to_x.  Shift the call
of fold_xx_to_x down below the ti_is_const(t2) check.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Fold and to extract during optimize
Richard Henderson [Mon, 23 Oct 2023 21:29:46 +0000 (14:29 -0700)] 
tcg/optimize: Fold and to extract during optimize

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Use fold_and in do_constant_folding_cond[12]
Richard Henderson [Mon, 9 Dec 2024 20:05:01 +0000 (14:05 -0600)] 
tcg/optimize: Use fold_and in do_constant_folding_cond[12]

When lowering tst comparisons, completely fold the and
opcode that we generate.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_shift
Richard Henderson [Tue, 10 Dec 2024 22:49:02 +0000 (16:49 -0600)] 
tcg/optimize: Build and use o_bits in fold_shift

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_sextract
Richard Henderson [Tue, 10 Dec 2024 22:40:24 +0000 (16:40 -0600)] 
tcg/optimize: Build and use o_bits in fold_sextract

This was the last use of fold_affected_mask,
now fully replaced by fold_masks_zosa.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_movcond
Richard Henderson [Tue, 10 Dec 2024 22:30:12 +0000 (16:30 -0600)] 
tcg/optimize: Build and use o_bits in fold_movcond

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_extu
Richard Henderson [Tue, 10 Dec 2024 21:58:04 +0000 (15:58 -0600)] 
tcg/optimize: Build and use o_bits in fold_extu

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_exts
Richard Henderson [Tue, 10 Dec 2024 21:55:33 +0000 (15:55 -0600)] 
tcg/optimize: Build and use o_bits in fold_exts

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use z_bits and o_bits in fold_extract2
Richard Henderson [Tue, 10 Dec 2024 21:48:16 +0000 (15:48 -0600)] 
tcg/optimize: Build and use z_bits and o_bits in fold_extract2

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_extract
Richard Henderson [Tue, 10 Dec 2024 21:34:12 +0000 (15:34 -0600)] 
tcg/optimize: Build and use o_bits in fold_extract

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_deposit
Richard Henderson [Tue, 10 Dec 2024 20:45:44 +0000 (14:45 -0600)] 
tcg/optimize: Build and use o_bits in fold_deposit

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_bswap
Richard Henderson [Tue, 10 Dec 2024 21:02:41 +0000 (15:02 -0600)] 
tcg/optimize: Build and use o_bits in fold_bswap

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use o_bits in fold_xor
Richard Henderson [Tue, 10 Dec 2024 14:39:56 +0000 (08:39 -0600)] 
tcg/optimize: Build and use o_bits in fold_xor

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
3 months agotcg/optimize: Build and use zero, one and affected bits in fold_orc
Richard Henderson [Tue, 10 Dec 2024 04:22:27 +0000 (22:22 -0600)] 
tcg/optimize: Build and use zero, one and affected bits in fold_orc

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>