Paolo Bonzini [Mon, 13 Oct 2025 16:34:28 +0000 (18:34 +0200)]
target/i386: user: do not set up a valid LDT on reset
In user-mode emulation, QEMU uses the default setting of the LDT base
and limit, which places it at the bottom 64K of virtual address space.
However, by default there is no LDT at all in Linux processes, and
therefore the limit should be 0.
This is visible as a NULL pointer dereference in LSL and LAR instructions
when they try to read the LDT at an unmapped address.
Resolves: #1376 Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 Oct 2025 16:24:54 +0000 (18:24 +0200)]
async: access bottom half flags with qatomic_read
Running test-aio-multithread under TSAN reveals data races on bh->flags.
Because bottom halves may be scheduled or canceled asynchronously,
without taking a lock, adjust aio_compute_bh_timeout() and aio_ctx_check()
to use a relaxed read to access the flags.
Use an acquire load to ensure that anything that was written prior to
qemu_bh_schedule() is visible.
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2749 Closes: https://gitlab.com/qemu-project/qemu/-/issues/851 Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 Oct 2025 16:08:12 +0000 (18:08 +0200)]
target/i386: fix access to the T bit of the TSS
The T bit is bit 0 of the 16-bit word at offset 100 of the TSS. However,
accessing it with a 32-bit word is not really correct, because bytes
102-103 contain the I/O map base address (relative to the base of the
TSS) and bits 1-15 are reserved. In particular, any task switch to a TSS that
has a nonzero I/O map base address is broken.
This fixes the eventinj and taskswitch tests in kvm-unit-tests.
Cc: qemu-stable@nongnu.org Fixes: ad441b8b791 ("target/i386: implement TSS trap bit", 2025-05-12) Reported-by: Thomas Huth <thuth@redhat.com> Closes: https://gitlab.com/qemu-project/qemu/-/issues/3101 Tested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
do_smm_enter and helper_rsm sets the env->dr, but does not sync the
values with cpu_x86_update_dr7. A malicious kernel may control the
instruction pointer in SMM by setting a breakpoint on the SMI
entry point, and after do_smm_enter cpu->breakpoints contains the
stale breakpoint; and because IDT is not reloaded upon SMI entry,
the debug exception handler controlled by the malicious kernel
is invoked.
A different sequence, SMI INIT SIPI, is also buggy in TCG because
INIT is not blocked or latched during SMM. However, it is not
vulnerable to an instruction pointer control in the same way because
x86_cpu_exec_reset clears env->hflags, exiting SMM.
Fixes: a9bad65d2c1f ("target-i386: wake up processors that receive an SMI") Analyzed-by: YiFei Zhu <zhuyifei@google.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jon Kohler [Wed, 8 Oct 2025 20:25:57 +0000 (13:25 -0700)]
i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS
Newer Intel hardware (Sapphire Rapids and higher) sets multiple MDS
immunity bits in MSR_IA32_ARCH_CAPABILITIES but lacks the hardware-level
MSR_ARCH_CAP_FB_CLEAR (bit 17):
ARCH_CAP_MDS_NO
ARCH_CAP_TAA_NO
ARCH_CAP_PSDP_NO
ARCH_CAP_FBSDP_NO
ARCH_CAP_SBDR_SSDP_NO
This prevents VMs with fb-clear=on from migrating from older hardware
(Cascade Lake, Ice Lake) to newer hardware, limiting live migration
capabilities. Note fb-clear was first introduced in v8.1.0 [1].
Expose MSR_ARCH_CAP_FB_CLEAR for MDS-invulnerable systems to enable
seamless migration between hardware generations.
Note: There is no impact when a guest migrates to newer hardware as
the existing bit combinations already mark the host as MMIO-immune and
disable FB_CLEAR operations in the kernel (see Linux's
arch_cap_mmio_immune() and vmx_update_fb_clear_dis()). See kernel side
discussion for [2] for additional context.
[1] 22e1094ca82 ("target/i386: add support for FB_CLEAR feature")
[2] https://patchwork.kernel.org/project/kvm/patch/20250401044931.793203-1-jon@nutanix.com/
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Suggested-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Jon Kohler <jon@nutanix.com> Link: https://lore.kernel.org/r/20251008202557.4141285-1-jon@nutanix.com Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Mathias Krause [Thu, 12 Jun 2025 14:21:55 +0000 (16:21 +0200)]
target/i386: Fix CR2 handling for non-canonical addresses
Commit 3563362ddfae ("target/i386: Introduce structures for mmu_translate")
accidentally modified CR2 for non-canonical address exceptions while these
should lead to a #GP / #SS instead -- without changing CR2.
Transient Scheduler Attacks (TSA) are new speculative side channel attacks
related to the execution timing of instructions under specific
microarchitectural conditions. In some cases, an attacker may be able to
use this timing information to infer data from other contexts, resulting in
information leakage
CPUID Fn8000_0021 EAX[5] (VERW_CLEAR). If this bit is 1, the memory form of
the VERW instruction may be used to help mitigate TSA.
target/i386: Add TSA attack variants TSA-SQ and TSA-L1
Transient Scheduler Attacks (TSA) are new speculative side channel attacks
related to the execution timing of instructions under specific
microarchitectural conditions. In some cases, an attacker may be able to
use this timing information to infer data from other contexts, resulting in
information leakage.
AMD has identified two sub-variants two variants of TSA.
CPUID Fn8000_0021 ECX[1] (TSA_SQ_NO).
If this bit is 1, the CPU is not vulnerable to TSA-SQ.
CPUID Fn8000_0021 ECX[2] (TSA_L1_NO).
If this bit is 1, the CPU is not vulnerable to TSA-L1.
Add the new feature word FEAT_8000_0021_ECX and corresponding bits to
detect TSA variants.
Paolo Bonzini [Mon, 13 Oct 2025 14:49:12 +0000 (16:49 +0200)]
rust: hpet: fix fw_cfg handling
HPET ids for fw_cfg are not assigned correctly, because there
is a read but no write. This is caught by nightly Rust as
an unused-assignments warning, so fix it.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 10 Oct 2025 14:57:56 +0000 (16:57 +0200)]
rust: bits: disable double_parens check
It is showing in the output of the bits! macro when using the nightly
toolchain, though it's not clear if it is intentional or a bug.
Shut it up for now.
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEIAB0WIQTKRzxE1qCcGJoZP81FK5aFKyaCFgUCaOeiawAKCRBFK5aFKyaC
# FlFZA/4uTme7RNIpDkcTW37ZieeRkFJXxO6EDvy/684EXUBMcJmhslXxb2vbtDUZ
# Mi2SCt4iB3oewYdDDe9glCGhRSNpARCMQp0rLivOBGWAguEld+M0sZ/Aqpk6Ovub
# zSHZKODKAADNt1lgzQ9iJx3uUBeUMdFKagIOrURPeCItLpoaKA==
# =OnvQ
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 09 Oct 2025 04:54:19 AM PDT
# gpg: using RSA key CA473C44D6A09C189A193FCD452B96852B268216
# gpg: Good signature from "Song Gao <gaosong@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CA47 3C44 D6A0 9C18 9A19 3FCD 452B 9685 2B26 8216
* tag 'pull-loongarch-20251009' of https://github.com/gaosong715/qemu:
target/loongarch: Define loongarch_exception_name() as static
target/loongarch: Move function do_raise_exception() to tcg_cpu.c
target/loongarch: Move TCG specified functions to tcg_cpu.c
tests/data/acpi/loongarch64: Update expected DSDT.*
hw/loongarch/virt: Align VIRT_GED_CPUHP_ADDR to 4 bytes
bios-tables-test-allowed-diff.h: Allow LoongArch DSDT.*
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* i386: fix migration issues in 10.1
* target/i386/mshv: new accelerator
* rust: use glib-sys-rs
* rust: fixes for docker tests
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmjnaOwUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNsFQf/WXKxZLLnItHwDz3UdwjzewPWpz5N
# fpS0E4C03J8pACDgyfl7PQl47P7NlJ08Ig2Lc5l3Z9KiAKgh0orR7Cqd0BY5f9lo
# uk4FgXfXpQyApywAlctadrTfcH8sRv2tMaP6EJ9coLtJtHW9RUGFPaZeMsqrjpAl
# TpwAXPYNDDvvy1ih1LPh5DzOPDXE4pin2tDa94gJei56gY95auK4zppoNYLdB3kR
# GOyR4QK43/yhuxPHOmQCZOE3HK2XrKgMZHWIjAovjZjZFiJs49FaHBOpRfFpsUlG
# PB3UbIMtu69VY20LqbbyInPnyATRQzqIGnDGTErP6lfCGTKTy2ulQYWvHA==
# =KM5O
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 09 Oct 2025 12:49:00 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (35 commits)
rust: fix path to rust_root_crate.sh
tests/docker: make --enable-rust overridable with EXTRA_CONFIGURE_OPTS
MAINTAINERS: Add maintainers for mshv accelerator
docs: Add mshv to documentation
target/i386/mshv: Use preallocated page for hvcall
qapi/accel: Allow to query mshv capabilities
accel/mshv: Handle overlapping mem mappings
target/i386/mshv: Implement mshv_vcpu_run()
target/i386/mshv: Write MSRs to the hypervisor
target/i386/mshv: Integrate x86 instruction decoder/emulator
target/i386/mshv: Register MSRs with MSHV
target/i386/mshv: Register CPUID entries with MSHV
target/i386/mshv: Set local interrupt controller state
target/i386/mshv: Implement mshv_arch_put_registers()
target/i386/mshv: Implement mshv_get_special_regs()
target/i386/mshv: Implement mshv_get_standard_regs()
target/i386/mshv: Implement mshv_store_regs()
target/i386/mshv: Add CPU create and remove logic
accel/mshv: Add vCPU signal handling
accel/mshv: Add vCPU creation and execution loop
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Bibo Mao [Mon, 29 Sep 2025 03:53:38 +0000 (11:53 +0800)]
target/loongarch: Define loongarch_exception_name() as static
Function loongarch_exception_name() is only called in defined file
target/loongarch/tcg/tcg_cpu.c, set this function as static.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250929035338.2320419-4-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
Bibo Mao [Mon, 29 Sep 2025 03:53:37 +0000 (11:53 +0800)]
target/loongarch: Move function do_raise_exception() to tcg_cpu.c
Function do_raise_exception() is specified with TCG mode, so move
it to file target/loongarch/tcg/tcg_cpu.c
It is only code movement and there is no any function change.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250929035338.2320419-3-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
Bibo Mao [Mon, 29 Sep 2025 03:53:36 +0000 (11:53 +0800)]
target/loongarch: Move TCG specified functions to tcg_cpu.c
New file target/loongarch/tcg/tcg_cpu.c is created, and move TCG
specified functions to here from file target/loongarch/cpu.c
It is only code movement and there is no any function change.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250929035338.2320419-2-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
@@ -11,7 +11,7 @@
* Signature "DSDT"
* Length 0x000011FB (4603)
* Revision 0x01 **** 32-bit table (V1), no 64-bit math support
- * Checksum 0x5D
+ * Checksum 0x5B
* OEM ID "BOCHS "
* OEM Table ID "BXPC "
* OEM Revision 0x00000001 (1)
@@ -1426,11 +1426,11 @@
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
Memory32Fixed (ReadWrite,
- 0x100E001F, // Address Base
+ 0x100E0020, // Address Base
0x0000000C, // Address Length
)
})
- OperationRegion (PRST, SystemMemory, 0x100E001F, 0x0C)
+ OperationRegion (PRST, SystemMemory, 0x100E0020, 0x0C)
Field (PRST, ByteAcc, NoLock, WriteAsZeros)
{
Offset (0x04),
Signed-off-by: Huacai Chen <chenhuacai@kernel.org> Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-ID: <20250923143542.2391576-4-chenhuacai@kernel.org> Signed-off-by: Song Gao <gaosong@loongson.cn>
hw/loongarch/virt: Align VIRT_GED_CPUHP_ADDR to 4 bytes
Now VIRT_GED_CPUHP_ADDR is not aligned to 4 bytes, but if Linux kernel
is built with ACPI_MISALIGNMENT_NOT_SUPPORTED, it assumes the alignment,
otherwise we get ACPI errors at boot phase:
ACPI Error: AE_AML_ALIGNMENT, Returned by Handler for [SystemMemory] (20250404/evregion-301)
ACPI Error: Aborting method \_SB.CPUS.CSTA due to previous error (AE_AML_ALIGNMENT) (20250404/psparse-529)
ACPI Error: Aborting method \_SB.CPUS.C000._STA due to previous error (AE_AML_ALIGNMENT) (20250404/psparse-529)
ACPI Error: Method execution failed \_SB.CPUS.C000._STA due to previous error (AE_AML_ALIGNMENT) (20250404/uteval-68)
VIRT_GED_MEM_ADDR and VIRT_GED_REG_ADDR are already aligned now, but use
QEMU_ALIGN_UP() to explicitly align them can make code more robust.
Reported-by: Nathan Chancellor <nathan@kernel.org> Suggested-by: WANG Rui <wangrui@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn> Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-ID: <20250923143542.2391576-3-chenhuacai@kernel.org> Signed-off-by: Song Gao <gaosong@loongson.cn>
Magnus Kulke [Thu, 2 Oct 2025 07:50:12 +0000 (09:50 +0200)]
target/i386/mshv: Use preallocated page for hvcall
There are hvcalls that are invoked during MMIO exits, the payload is of
dynamic size. To avoid heap allocations we can use preallocated pages as
in/out buffer for those calls. A page is reserved per vCPU and used for
set/get register hv calls.
Magnus Kulke [Tue, 16 Sep 2025 16:48:43 +0000 (18:48 +0200)]
accel/mshv: Handle overlapping mem mappings
QEMU maps certain regions into the guest multiple times, as seen in the
trace below. Currently the MSHV kernel driver will reject those
mappings. To workaround this, a record is kept (a static global list of
"slots", inspired by what the HVF accelerator has implemented). An
overlapping region is not registered at the hypervisor, and marked as
mapped=false. If there is an UNMAPPED_GPA exit, we can look for a slot
that is unmapped and would cover the GPA. In this case we map out the
conflicting slot and map in the requested region.
The mapping table is guarded by a mutex for concurrent modification and
RCU mechanisms for concurrent reads. Writes occur rarely, but we'll have
to verify whether an unmapped region exist for each UNMAPPED_GPA exit,
which happens frequently.
Magnus Kulke [Tue, 16 Sep 2025 16:48:40 +0000 (18:48 +0200)]
target/i386/mshv: Integrate x86 instruction decoder/emulator
Connect the x86 instruction decoder and emulator to the MSHV backend
to handle intercepted instructions. This enables software emulation
of MMIO operations in MSHV guests. MSHV has a translate_gva hypercall
that is used to accessing the physical guest memory.
A guest might read from unmapped memory regions (e.g. OVMF will probe
0xfed40000 for a vTPM). In those cases 0xFF bytes is returned instead of
aborting the execution.
Magnus Kulke [Tue, 16 Sep 2025 16:48:38 +0000 (18:48 +0200)]
target/i386/mshv: Register CPUID entries with MSHV
Convert the guest CPU's CPUID model into MSHV's format and register it
with the hypervisor. This ensures that the guest observes the correct
CPU feature set during CPUID instructions.
Fetch standard register state from MSHV vCPUs to support debugging,
migration, and other introspection features in QEMU.
Fetch standard register state from a MHSV vCPU's. A generic get_regs()
function and a mapper to map the different register representations are
introduced.
Magnus Kulke [Thu, 2 Oct 2025 16:13:31 +0000 (18:13 +0200)]
target/i386/mshv: Implement mshv_store_regs()
Add support for writing general-purpose registers to MSHV vCPUs
during initialization or migration using the MSHV register interface. A
generic set_register call is introduced to abstract the HV call over
the various register types.
Magnus Kulke [Tue, 16 Sep 2025 16:48:30 +0000 (18:48 +0200)]
accel/mshv: Add vCPU creation and execution loop
Create MSHV vCPUs using MSHV_CREATE_VP and initialize their state.
Register the MSHV CPU execution loop loop with the QEMU accelerator
framework to enable guest code execution.
The target/i386 functionality is still mostly stubbed out and will be
populated in a later commit in this series.
Magnus Kulke [Thu, 2 Oct 2025 16:28:16 +0000 (18:28 +0200)]
accel/mshv: Initialize VM partition
Create the MSHV virtual machine by opening a partition and issuing
the necessary ioctl to initialize it. This sets up the basic VM
structure and initial configuration used by MSHV to manage guest state.
Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com> Link: https://lore.kernel.org/r/20250916164847.77883-10-magnuskulke@linux.microsoft.com
[Add stubs; fix format strings for trace-events; make mshv_hvcall
available only in per-target files; mshv.h/mshv_int.h split. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Magnus Kulke [Tue, 16 Sep 2025 16:48:28 +0000 (18:48 +0200)]
accel/mshv: Register memory region listeners
Add memory listener hooks for the MSHV accelerator to track guest
memory regions. This enables the backend to respond to region
additions, removals and will be used to manage guest memory mappings
inside the hypervisor.
Actually registering physical memory in the hypervisor is still stubbed
out.
Magnus Kulke [Thu, 2 Oct 2025 16:25:02 +0000 (18:25 +0200)]
accel/mshv: Add accelerator skeleton
Introduce the initial scaffold for the MSHV (Microsoft Hypervisor)
accelerator backend. This includes the basic directory structure and
stub implementations needed to integrate with QEMU's accelerator
framework.
Magnus Kulke [Tue, 16 Sep 2025 16:48:24 +0000 (18:48 +0200)]
hw/intc: Generalize APIC helper names from kvm_* to accel_*
Rename APIC helper functions to use an accel_* prefix instead of kvm_*
to support use by accelerators other than KVM. This is a preparatory
step for integrating MSHV support with common APIC logic.
Magnus Kulke [Tue, 16 Sep 2025 16:48:23 +0000 (18:48 +0200)]
target/i386/mshv: Add x86 decoder/emu implementation
The MSHV accelerator requires a x86 decoder/emulator in userland to
emulate MMIO instructions. This change contains the implementations for
the generalized i386 instruction decoder/emulator.
Magnus Kulke [Tue, 16 Sep 2025 16:48:22 +0000 (18:48 +0200)]
target/i386/emulate: Allow instruction decoding from stream
Introduce a new helper function to decode x86 instructions from a
raw instruction byte stream. MSHV delivers an instruction stream in a
buffer of the vm_exit message. It can be used to speed up MMIO
emulation, since instructions do not have to be fetched and translated.
Added "fetch_instruction()" op to x86_emul_ops() to improve
traceability.
Merge tag 'pull-10.2-maintainer-071025-1' of https://gitlab.com/stsquad/qemu into staging
testing updates
- tweak .gitpublish base to origin/master
- restore .gitmodules to qemu-project hosts
- drop 64 bits guests from i686
- update aarch64/s390x custom runners to 24.04
- tweak gitlab-runner registration method
- make check-venv dependency for functional tests
- replace avocado's gdb support with pygdbmi
- remove avocado dependencies from reverse_debug tests
- ensure replay.bin doesn't loose events after SHUTDOWN_HOST_QMP
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmjk1K8ACgkQ+9DbCVqe
# KkSMAQf/X/vltf2njNMiBtlEh3H5j7RHFYs83V+UYa1m2DRSrx9B8dBDwTv+kqeh
# KRSnHMufdVuqKhaPAavvI4v4E1kqjjTy1U4YjjMA7zKPrTafJHGhI6QGiQ3i7vhA
# 3/XTiqYhTJZfVFGDWlTkE8GbmTsT+mQVwt2BCoKjazibGVNWvRwUcWk81cNw/YI5
# e28dRbDCB+K03y+QVhyEOVBm59r0Qft0v3nLMq8+kGxW/Nh0oGKpuagWT2D24Tp0
# bEMlkcMJv20fVV9wd5f8NmAyMucczkt2vuLhghA/wUQveO0jBJwMxoMfgiGtlI1s
# iy1Q1iFx7bMEOeHO2fDQSvAfSXzvSw==
# =m/Gd
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 07 Oct 2025 01:51:59 AM PDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-10.2-maintainer-071025-1' of https://gitlab.com/stsquad/qemu:
record/replay: fix race condition on test_aarch64_reverse_debug
tests/functional: Adapt arches to reverse_debugging w/o Avocado
tests/functional: Adapt reverse_debugging to run w/o Avocado
tests/functional: Add decorator to skip test on missing env vars
tests/functional: drop datadrainer class in reverse debugging
tests/functional: replace avocado process with subprocess
tests/functional: Add GDB class
tests/functional: Provide GDB to the functional tests
python: Install pygdbmi in meson's venv
tests/functional: Re-activate the check-venv target
scripts/ci: use recommended registration command
gitlab: move custom runners to Ubuntu 24.04
tests/lcitool: bump custom runner packages to Ubuntu 24.04
tests/lcitool: drop 64 bit guests from i686 cross build
.gitmodules: restore qemu-project mirror of u-boot-sam460ex
.gitmodules: restore qemu-project mirror of u-boot
.gitpublish: use origin/master as default base
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-target-arm-20251007' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* target/arm: Don't set HCR.RW for AArch32 only CPUs
* new board model: amd-versal2-virt
* xlnx-zynqmp: model the GIC for the Cortex-R5 RPU cluster
* hw/arm: Remove sl_bootparam_write() and 'hw/arm/sharpsl.h' header
* Emulate FEAT_RME_GPC2
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmjlH0AZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gvaD/92LoDOIPQYCw72nwr/hiC8
# DAJddqKL1VvirtcrTuwytB1+w/tM2FdNx4ADzryHiNEDay2gXl0g4X4Pq6QFwu8B
# u2gxQhZZc1XWJgvX06CDJZPIUoazQgri21359c+9mJrI94igq1Gisj+KJ2gaMJ/J
# hrtsbovKuuKwMyCwCSK0hqvrUFyechfvJ0MzwVXyHn80lvSeYVbHf8ahdM72Lqdt
# PFJuM6hM/bBbclMRrcgRZJ3gi6HGHdKQ+LyYeQkvpHtaO3FWBgyJE7dtzs3mj4c9
# zw7kFJi56/19G6Fx3CESCIjoUQxLPZ1wDljqcQ9+mIwhQ4Dm7cy/D5z018TotIws
# mNLpMyEYiyC6dl1TxaJkha9jB6MB+nlglpbOGyRDYD1xwV8o5lidAahKxtmZUrGp
# sErUqCL5f+e/inwkFLxKrA2Hk1mjFDzf9/aEF/CyA30JYzRrhCfMoffiqtpPpU5D
# +OD1OAnj+W7HSBzO6N2I+4bfsaILw61YvckaBbO9+Br9yx8QseXHwXGh+RgsMhY4
# yJdde//tRusT32SAVoQKCMTJM5Rkrt4wu1D0F4LFL/4rJaqkAhqirNP4v5JEjrlk
# UDNa19E1TfmLbCG0TfQBWd3kwLYizqjTO0006jpTMX+KIu5aInEIHzzVrKEKK4t5
# fCw9fUM8T4fSTV71wJ/28Q==
# =jFB3
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 07 Oct 2025 07:10:08 AM PDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251007' of https://gitlab.com/pm215/qemu: (62 commits)
target/arm: Enable FEAT_RME_GPC2 for -cpu max with x-rme
target/arm: Implement APPSAA
target/arm: Fix GPT fault type for address outside PPS
target/arm: Implement SPAD, NSPAD, RLPAD
target/arm: Implement GPT_NonSecureOnly
target/arm: GPT_Secure is reserved without FEAT_SEL2
target/arm: Add cur_space to S1Translate
target/arm: Enable FEAT_RME_GPC2 bits in gpccr_write
target/arm: Add GPCCR fields from ARM revision L.b
target/arm: Add isar feature test for FEAT_RME_GPC2
hw/arm: Remove sl_bootparam_write() and 'hw/arm/sharpsl.h' header
hw/arm/xlnx-zynqmp: wire a second GIC for the Cortex-R5
hw/arm/xlnx-zynqmp: introduce helper to compute RPU number
hw/arm/xlnx-zynqmp: move GIC_NUM_SPI_INTR define in header
tests/functional/test_aarch64_xlnx_versal: test the versal2 machine
hw/arm/xlnx-versal-virt: add the xlnx-versal2-virt machine
docs/system/arm/xlnx-versal-virt: add a note about dumpdtb
docs/system/arm/xlnx-versal-virt: update supported devices
hw/arm/xlnx-versal-virt: tidy up
hw/arm/xlnx-versal-virt: split into base/concrete classes
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Hector Cao [Tue, 23 Sep 2025 10:16:41 +0000 (12:16 +0200)]
target/i386: add compatibility property for pdcm feature
The pdcm feature is supposed to be disabled when PMU is not
available. Up until v10.1, pdcm feature is enabled even when PMU
is off. This behavior has been fixed but this change breaks the
migration of VMs that are run with QEMU < 10.0 and expect the pdcm
feature to be enabled on the destination host.
This commit restores the legacy behavior for machines with version
prior to 10.1 to allow the migration from older QEMU to QEMU 10.1.
Signed-off-by: Hector Cao <hector.cao@canonical.com> Link: https://lore.kernel.org/r/20250910115733.21149-3-hector.cao@canonical.com Fixes: e68ec298090 ("i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check", 2025-06-20)
[Move property from migration object to CPU. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 23 Sep 2025 10:22:54 +0000 (12:22 +0200)]
target/i386: add compatibility property for arch_capabilities
Prior to v10.1, if requested by user, arch-capabilities is always on
despite the fact that CPUID advertises it to be off/unvailable.
This causes a migration issue for VMs that are run on a machine
without arch-capabilities and expect this feature to be present
on the destination host with QEMU 10.1.
Add a compatibility property to restore the legacy behavior for all
machines with version prior to 10.1.
To preserve the functionality (added by 10.1) of turning off
ARCH_CAPABILITIES where Windows does not like it, use directly
the guest CPU vendor: x86_cpu_get_supported_feature_word is not
KVM-specific and therefore should not necessarily use the host
CPUID.
Co-authored-by: Hector Cao <hector.cao@canonical.com> Signed-off-by: Hector Cao <hector.cao@canonical.com> Fixes: d3a24134e37 ("target/i386: do not expose ARCH_CAPABILITIES on AMD CPU", 2025-07-17) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
hw/arm: Remove sl_bootparam_write() and 'hw/arm/sharpsl.h' header
When removing the spitz and tosa board, commit b62151489ae
("hw/arm: Remove deprecated akita, borzoi spitz, terrier,
tosa boards") removed the last calls to sl_bootparam_write().
Remove it, along with the "hw/arm/sharpsl.h" header.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251001084047.67423-1-philmd@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Frederic Konrad [Tue, 30 Sep 2025 11:57:18 +0000 (13:57 +0200)]
hw/arm/xlnx-zynqmp: wire a second GIC for the Cortex-R5
This wires a second GIC for the Cortex-R5, all the IRQs are split when there
is an RPU instanciated.
Signed-off-by: Clément Chigot <chigot@adacore.com> Acked-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-id: 20250930115718.437100-4-chigot@adacore.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/xlnx-zynqmp: introduce helper to compute RPU number
This helper will avoid repeating the MIN/MAX formula everytime the
number of RPUs available is requested.
Signed-off-by: Clément Chigot <chigot@adacore.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-id: 20250930115718.437100-3-chigot@adacore.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/xlnx-zynqmp: move GIC_NUM_SPI_INTR define in header
This define will be needed in a later patch in XlnxZynqMPState
structure, hence move it within xlnx-zynqmp header.
Add XLXN_ZYNQMP prefix as it's now public.
Signed-off-by: Clément Chigot <chigot@adacore.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-id: 20250930115718.437100-2-chigot@adacore.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:08:05 +0000 (09:08 +0200)]
tests/functional/test_aarch64_xlnx_versal: test the versal2 machine
Add a test for the amd-versal2-virt machine using the same command line,
kernel, initrd than the ones used for amd-versal-virt.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-48-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:08:04 +0000 (09:08 +0200)]
hw/arm/xlnx-versal-virt: add the xlnx-versal2-virt machine
Add the Versal Gen 2 Virtual development machine embedding a
versal2 SoC. This machine follows the same principle than the
xlnx-versal-virt machine. It creates its own DTB and feeds it to the
software payload. This way only implemented devices are exposed to the
guest and the user does not need to provide a DTB.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-47-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:08:03 +0000 (09:08 +0200)]
docs/system/arm/xlnx-versal-virt: add a note about dumpdtb
Add a note in the DTB section explaining how to dump the generated DTB
using the dumpdtb machine option.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-46-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Update the list of supported devices in the Versal SoCs.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-45-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:08:01 +0000 (09:08 +0200)]
hw/arm/xlnx-versal-virt: tidy up
Remove now unused clock nodes. They have been replaced by the ones
created in the SoC. Remove the unused cfg.secure VersalVirt field.
Remove unecessary include directives.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-44-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:08:00 +0000 (09:08 +0200)]
hw/arm/xlnx-versal-virt: split into base/concrete classes
Split the xlnx-versal-virt machine type into a base abstract type and a
concrete type. There is no functional change. This is in preparation for
the versal2 machine.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-43-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:59 +0000 (09:07 +0200)]
hw/arm/xlnx-versal-virt: rename the machine to amd-versal-virt
To align with current branding and ensure coherency with the upcoming
versal2 machine, rename the xlnx-versal-virt machine to amd-versal-virt.
Keep an alias of the old name to the new one for command-line backward
compatibility.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-42-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:58 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: add versal2 SoC
Add the Versal Gen 2 (versal2) version of the Versal SoC family.
This version embeds up to 8 Cortex-A78AE cores (split into 4 clusters)
and 10 Cortex-R52 cores (split into 5 clusters). The similarities
between versal and versal2 in term of architecture allow to reuse the
VersalMap structure to almost fully describe the implemented parts of
versal2.
The versal2 eFuse device differs quite a lot from the versal one and is
left as future work.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-41-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:57 +0000 (09:07 +0200)]
target/arm/tcg/cpu64: add the cortex-a78ae CPU
Add support for the ARM Cortex-A78AE CPU.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-40-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:56 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: add the target field in IRQ descriptor
Add the target field in the IRQ descriptor. This allows to target an IRQ
to another IRQ controller than the GIC(s). Other supported targets are
the PMC PPU1 CPU interrupt controller and the EAM (Error management)
device. Those two devices are currently not implemented so IRQs
targeting those will be left unconnected. This is in preparation for
versal2.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-39-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:55 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: add a per_cluster_gic switch to VersalCpuClusterMap
Add the per_cluster_gic switch to the VersalCpuClusterMap structure.
When set, this indicates that a GIC instance should by created
per-cluster instead of globally for the whole RPU or APU. This is in
preparation for versal2.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-38-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:54 +0000 (09:07 +0200)]
hw/misc/xlnx-versal-crl: add the versal2 version
Add the versal2 version of the CRL device. For the implemented part, it
is similar to the versal version but drives reset line of more devices.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-37-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:53 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: tidy up
Remove now unused macros in xlnx-versal.[ch]. Those macros have been
replaced by the VersalMap structure that serves as a central description
for the SoC. The ones still in use in the versal_unimp function are
inlined.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-36-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:52 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: use hw/arm/bsa.h for timer IRQ indices
Use the bsa.h header for ARM timer and maintainance IRQ indices instead
of redefining our owns.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-35-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:51 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: reconnect the CRL to the other devices
The CRL connects to various devices through link properties to be able
to reset them. The connections were dropped during the SoC refactoring.
Reintroduce them now.
Rely on the QOM tree to retrieve the devices to connect. The component
parts of the device names are chosen to match the properties on the CRL.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-34-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Refactor the device reset logic to have a common register write callback
for all the devices. This uses a decode function to map the register
address to the actual peripheral to reset. This refactoring changes the
CPU property name from cpu_r5[*] to rpu[*] to ease with the connections
in the Versal SoC. It also fixes a bug where the gem device pointer
was mapped to the usb link property.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-33-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:49 +0000 (09:07 +0200)]
hw/misc/xlnx-versal-crl: split into base/concrete classes
Split the TYPE_XLNX_VERSAL_CRL type into base and concrete classes. This
is in preparation for the versal2 version of the CRL.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-32-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:48 +0000 (09:07 +0200)]
hw/misc/xlnx-versal-crl: remove unnecessary include directives
Drop unused include directives from xlnx-versal-crl.c
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-31-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:47 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: add the versal_get_num_cpu accessor
Add the versal_get_num_cpu accessor to the Versal SoC to retrieve the
number of CPUs in the SoC. Use it in the xlnx-versal-virt machine.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-30-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:46 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: ddr: refactor creation
Refactor the DDR aperture regions creation using the VersalMap
structure. Device creation and FDT node creation are split into two
functions because the later must happen during ARM virtual bootloader
modify_dtb callback.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-29-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:45 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: ocm: refactor creation
Refactor the OCM creation using the VersalMap structure.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-28-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:44 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: rpu: refactor creation
Refactor the RPU cluster creation using the VersalMap structure. This
effectively instantiate the RPU GICv2 which was not instantiated before.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-27-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:43 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: add support for GICv2
Add support for GICv2 instantiation in the Versal SoC. This is in
preparation for the RPU refactoring.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-26-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:42 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: add support for multiple GICs
The Versal SoC contains two GICs: one GICv3 in the APU and one GICv2 in
the RPU (currently not instantiated). To prepare for the GICv2
instantiation, add support for multiple GICs when connecting interrupts.
When a GIC is created, the first-cpu-index property is set on it, and a
pointer to the GIC is stored in the intc array. When connecting an IRQ,
a TYPE_SPLIT_IRQ device is created with its num-lines property set to
the number of GICs in the SoC. The split device is used to fan out the
IRQ to all the GICs.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-25-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/intc/arm_gicv3: Introduce a 'first-cpu-index' property
Introduce a 'first-cpu-index' property for specifying the first QEMU CPU
connected to the GICv3. This makes it possible to have multiple instances
of the GICv3 connected to different CPU clusters.
For KVM, mark this property has unsupported. It probably does not make
much sense as it is intented to be used to model non-SMP systems.
Signed-off-by: Luc Michel <luc.michel@amd.com> Signed-off-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Sai Pavan Boddu <sai.pavan.boddu@amd.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-24-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:40 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: instantiate the GIC ITS in the APU
Add the instance of the GIC ITS in the APU.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-23-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:39 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: add the mp_affinity property to the CPU mapping
Add a way to configure the MP affinity value of the CPUs given their
core and cluster IDs. For the Versal APU CPUs, the MP affinity value is
given by the core ID in Aff0.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-22-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Luc Michel [Fri, 26 Sep 2025 07:07:38 +0000 (09:07 +0200)]
hw/arm/xlnx-versal: refactor CPU cluster creation
Refactor the CPU cluster creation using the VersalMap structure. There
is no functional change. The clusters properties are now described in
the VersalMap structure. For now only the APU is converted. The RPU will
be taken care of by next commits.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-21-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Refactor the creation of virtio devices. Use the accessors provided by
the Versal SoC to retrieve the reserved MMIO and IRQ space. Those are
defined in the VersalMap structure.
Signed-off-by: Luc Michel <luc.michel@amd.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250926070806.292065-20-luc.michel@amd.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / thirdparty / qemu.git / log
