Hongren Zheng [Mon, 13 Jan 2025 09:38:56 +0000 (17:38 +0800)]
hw/usb/canokey: Fix buffer overflow for OUT packet
When USBPacket in OUT direction has larger payload
than the ep_out_buffer (of size 512), a buffer overflow
would occur.
It could be fixed by limiting the size of usb_packet_copy
to be at most buffer size. Further optimization gets rid
of the ep_out_buffer and directly uses ep_out as the target
buffer.
This is reported by a security researcher who artificially
constructed an OUT packet of size 2047. The report has gone
through the QEMU security process, and as this device is for
testing purpose and no deployment of it in virtualization
environment is observed, it is triaged not to be a security bug.
Cc: qemu-stable@nongnu.org Fixes: d7d34918551dc48 ("hw/usb: Add CanoKey Implementation") Reported-by: Juan Jose Lopez Jaimez <thatjiaozi@gmail.com> Signed-off-by: Hongren Zheng <i@zenithal.me>
Message-id: Z4TfMOrZz6IQYl_h@Sun Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 24 Jan 2025 16:27:46 +0000 (16:27 +0000)]
target/arm: Use FPST_A64_F16 for halfprec-to-other conversions
We should be using the F16-specific float_status for conversions from
half-precision, because halfprec inputs never set Input Denormal.
Without FEAT_AHP, using the wrong fpst here had no effect, because
the only difference between the A64_F16 and A64 fpst is its handling
of flush-to-zero on input and output, and the helper functions
vfp_fcvt_f16_to_* and vfp_fcvt_*_to_f16 all explicitly squash the
relevant flushing flags, and flush_inputs_to_zero was the only way
that IDC could be set.
With FEAT_AHP, the FPCR.AH=1 behaviour sets IDC for
input_denormal_used, which we will only ignore in
vfp_get_fpsr_from_host() for the A64_F16 fpst; so it matters that we
use that one for f16 inputs (and the normal one for single/double to
f16 conversions).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-27-peter.maydell@linaro.org
The advsimd_addh etc helpers defined in helper-a64.c are identical to
the vfp_addh etc helpers defined in helper-vfp.c: both take two
float16 inputs (in a uint32_t type) plus a float_status* and are
simple wrappers around the softfloat float16_* functions.
(The duplication seems to be a historical accident: we added the
advsimd helpers in 2018 as part of the A64 implementation, and at
that time there was no f16 emulation in A32. Then later we added the
A32 f16 handling by extending the existing VFP helper macros to
generate f16 versions as well as f32 and f64, and didn't realise we
could clean things up.)
Remove the now-unnecessary advsimd helpers and make the places that
generated calls to them use the vfp helpers instead. Many of the
helper functions were already unused.
(The remaining advsimd_ helpers are those which don't have vfp
versions.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-26-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:41 +0000 (16:27 +0000)]
fpu: Fix a comment in softfloat-types.h
In softfloat-types.h a comment documents that if the float_status
field flush_to_zero is set then we flush denormalised results to 0
and set the inexact flag. This isn't correct: the status flag that
we set when flush_to_zero causes us to flush an output to zero is
float_flag_output_denormal_flushed.
Correct the comment.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-22-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:40 +0000 (16:27 +0000)]
fpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed
Our float_flag_output_denormal exception flag is set when
the fpu code flushes an output denormal to zero. Rename
it to float_flag_output_denormal_flushed:
* this keeps it parallel with the flag for flushing
input denormals, which we just renamed
* it makes it clearer that it doesn't mean "set when
the output is a denormal"
Commit created with
for f in `git grep -l float_flag_output_denormal`; do sed -i -e 's/float_flag_output_denormal/float_flag_output_denormal_flushed/' $f; done
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-21-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:39 +0000 (16:27 +0000)]
fpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed
Our float_flag_input_denormal exception flag is set when the fpu code
flushes an input denormal to zero. This is what many guest
architectures (eg classic Arm behaviour) require, but it is not the
only donarmal-related reason we might want to set an exception flag.
The x86 behaviour (which we do not currently model correctly) wants
to see an exception flag when a denormal input is *not* flushed to
zero and is actually used in an arithmetic operation. Arm's FEAT_AFP
also wants these semantics.
Rename float_flag_input_denormal to float_flag_input_denormal_flushed
to make it clearer when it is set and to allow us to add a new
float_flag_input_denormal_used next to it for the x86/FEAT_AFP
semantics.
Commit created with
for f in `git grep -l float_flag_input_denormal`; do sed -i -e 's/float_flag_input_denormal/float_flag_input_denormal_flushed/' $f; done
and manual editing of softfloat-types.h and softfloat.c to clean
up the indentation afterwards and to fix a comment which wasn't
using the full name of the flag.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-20-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:38 +0000 (16:27 +0000)]
target/arm: Remove now-unused vfp.fp_status_f16 and FPST_FPCR_F16
Now we have moved all the uses of vfp.fp_status_f16 and FPST_FPCR_F16
to the new A32 or A64 fields, we can remove these.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-19-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:37 +0000 (16:27 +0000)]
target/arm: Use FPST_A64_F16 in A64 decoder
In the A32 decoder, use FPST_A64_F16 rather than FPST_FPCR_F16.
By doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR_F16(?!_)/FPST_A64_F16/g' target/arm/tcg/translate-{a64,sve,sme}.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-18-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:36 +0000 (16:27 +0000)]
target/arm: Use FPST_A32_F16 in A32 decoder
In the A32 decoder, use FPST_A32_F16 rather than FPST_FPCR_F16.
By doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR_F16(?!_)/FPST_A32_F16/g' target/arm/tcg/translate-vfp.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-17-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:35 +0000 (16:27 +0000)]
target/arm: Use fp_status_f16_a64 in AArch64-only helpers
We directly use fp_status_f16 in a handful of helpers that are
AArch64-specific; switch to fp_status_f16_a64 for these.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-16-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:34 +0000 (16:27 +0000)]
target/arm: Use fp_status_f16_a32 in AArch32-only helpers
We directly use fp_status_f16 in a handful of helpers that
are AArch32-specific; switch to fp_status_f16_a32 for these.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-15-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:33 +0000 (16:27 +0000)]
target/arm: Define new fp_status_f16_a32 and fp_status_f16_a64
As the first part of splitting the existing fp_status_f16
into separate float_status fields for AArch32 and AArch64
(so that we can make FEAT_AFP control bits apply only
for AArch64), define the two new fp_status_f16_a32 and
fp_status_f16_a64 fields, but don't use them yet.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-14-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:32 +0000 (16:27 +0000)]
target/arm: Remove now-unused vfp.fp_status and FPST_FPCR
Now we have moved all the uses of vfp.fp_status and FPST_FPCR
to either the A32 or A64 fields, we can remove these.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-13-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:31 +0000 (16:27 +0000)]
target/arm: Use FPST_A64 in A64 decoder
In the A64 decoder, use FPST_A64 rather than FPST_FPCR. By
doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-12-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:30 +0000 (16:27 +0000)]
target/arm: Use FPST_A32 in A32 decoder
In the A32 decoder, use FPST_A32 rather than FPST_FPCR. By
doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR(?!_)/FPST_A32/g' target/arm/tcg/translate-vfp.c
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-11-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:29 +0000 (16:27 +0000)]
target/arm: Use fp_status_a32 in vfp_cmp helpers
The helpers vfp_cmps, vfp_cmpes, vfp_cmpd, vfp_cmped are used only from
the A32 decoder; the A64 decoder uses separate vfp_cmps_a64 etc helpers
(because for A64 we update the main NZCV flags and for A32 we update
the FPSCR NZCV flags). So we can make these helpers use the fp_status_a32
field instead of fp_status.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-10-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:28 +0000 (16:27 +0000)]
target/arm: Use fp_status_a32 in vjvct helper
Use fp_status_a32 in the vjcvt helper function; this is called only
from the A32/T32 decoder and is not used inside a
set_rmode/restore_rmode sequence.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-9-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:27 +0000 (16:27 +0000)]
target/arm: Use vfp.fp_status_a64 in A64-only helper functions
Switch from vfp.fp_status to vfp.fp_status_a64 for helpers which:
* directly reference an fp_status field
* are called only from the A64 decoder
* are not called inside a set_rmode/restore_rmode sequence
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250124162836.2332150-8-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 24 Jan 2025 16:27:26 +0000 (16:27 +0000)]
target/arm: Define new fp_status_a32 and fp_status_a64
We want to split the existing fp_status in the Arm CPUState into
separate float_status fields for AArch32 and AArch64. (This is
because new control bits defined by FEAT_AFP only have an effect for
AArch64, not AArch32.) To make this split we will:
* define new fp_status_a32 and fp_status_a64 which have
identical behaviour to the existing fp_status
* move existing uses of fp_status to fp_status_a32 or
fp_status_a64 as appropriate
* delete the old fp_status when it has no uses left
In this patch we add the new float_status fields.
We will also need to split fp_status_f16, but we will do that
as a separate series of patches.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-7-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:25 +0000 (16:27 +0000)]
target/arm: Use uint32_t in vfp_exceptbits_from_host()
In vfp_exceptbits_from_host(), we accumulate the FPSR flags in
an "int", and our return type is also "int". However, the only
callsite returns the same information as a uint32_t, and
more generally we handle FPSR values in the code as uint32_t,
not int. Bring this function in to line with that convention.
There is no behaviour change because none of the FPSR bits
we set in this function are bit 31. The input argument to
the function remains 'int' because that is the return type
of the softfloat get_float_exception_flags().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-6-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:24 +0000 (16:27 +0000)]
target/arm: Use FPSR_ constants in vfp_exceptbits_from_host()
Use the FPSR_ named constants in vfp_exceptbits_from_host(),
rather than hardcoded magic numbers.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-5-peter.maydell@linaro.org
Peter Maydell [Fri, 24 Jan 2025 16:27:23 +0000 (16:27 +0000)]
target/arm: arm_reset_sve_state() should set FPSR, not FPCR
The pseudocode ResetSVEState() does:
FPSR = ZeroExtend(0x0800009f<31:0>, 64);
but QEMU's arm_reset_sve_state() called vfp_set_fpcr() by accident.
Before the advent of FEAT_AFP, this was only setting a collection of
RES0 bits, which vfp_set_fpsr() would then ignore, so the only effect
was that we didn't actually set the FPSR the way we are supposed to
do. Once FEAT_AFP is implemented, setting the bottom bits of FPSR
will change the floating point behaviour.
Call vfp_set_fpsr(), as we ought to.
(Note for stable backports: commit 7f2a01e7368f9 moved this function
from sme_helper.c to helper.c, but it had the same bug before the
move too.)
Cc: qemu-stable@nongnu.org Fixes: f84734b87461 ("target/arm: Implement SMSTART, SMSTOP") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250124162836.2332150-4-peter.maydell@linaro.org
Thomas Huth [Fri, 24 Jan 2025 10:17:09 +0000 (11:17 +0100)]
tests/functional: Add a test for the arm microbit machine
We don't have any functional tests for this machine yet, thus let's
add a test with a MicroPython binary that is available online
(thanks to Joel Stanley for providing it, see:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg606064.html ).
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250124101709.1591761-1-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There are 2 I2C controllers, map them both, removing
the unimplemented one. Keep the OLED controller on the
first I2C bus.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-7-philmd@linaro.org
[PMM: tweak to appease maybe-use-uninitialized warning] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/stellaris: Use DEVCAP macro to access DeviceCapability registers
Add definitions (DCx_periph) for the DeviceCapability bits,
replace direct bitmask checks with the DEV_CAP() macro,
which use the extract/deposit API.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-6-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/stellaris: Replace magic numbers by definitions
Add definitions for the number of controllers.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-5-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-4-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-3-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Board schematic is useful to corroborate GPIOs/IRQs wiring.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250110160204.74997-2-philmd@linaro.org
[PMM: Use https:// URLs] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sat, 11 Jan 2025 18:37:02 +0000 (19:37 +0100)]
hw/pci-host/designware: Expose MSI IRQ
Fixes INTD and MSI interrupts poking the same IRQ line without keeping track of
each other's IRQ level. Furthermore, SoCs such as the i.MX 8M Plus don't share
the MSI IRQ with the INTx lines, so expose it as a dedicated pin.
Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sat, 11 Jan 2025 18:37:01 +0000 (19:37 +0100)]
hw/char/imx_serial: Update all state before restarting ageing timer
Fixes characters to be "echoed" after each keystroke rather than after every
other since imx_serial_rx_fifo_ageing_timer_restart() would see ~UTS1_RXEMPTY
only after every other keystroke.
Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sat, 11 Jan 2025 18:37:00 +0000 (19:37 +0100)]
hw/char/imx_serial: Fix reset value of UFCR register
The value of the UCFR register is respected when echoing characters to the
terminal, but its reset value is reserved. Fix the reset value to the one
documented in the datasheet.
While at it move the related attribute out of the section of unimplemented
registers since its value is actually respected.
Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/v7m: Remove use of &first_cpu in machine_init()
When instanciating the machine model, the machine_init()
implementations usually create the CPUs, so have access
to its first CPU. Use that rather then the &first_cpu
global.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Samuel Tardieu <sam@rfc1149.net>
Message-id: 20250112225614.33723-4-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
While the TYPE_ARMV7M object forward its NVIC interrupt lines,
it is somehow misleading to name it 'nvic'. Add the 'armv7m'
local variable for clarity, but also keep the 'nvic' variable
behaving like before when used for wiring IRQ lines.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20250112225614.33723-3-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The ARMv7MState object is not simply a CPU, it also
contains the NVIC, SysTick timer, and various MemoryRegions.
Rename the field as 'armv7m', like other Cortex-M boards.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20250112225614.33723-2-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Fri, 24 Jan 2025 15:02:01 +0000 (10:02 -0500)]
Merge tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCZ5M4AwAKCRAfewwSUazn
# 0aJAAP45/9qfbGSYiMCrBXpRFlyvtRN+GEXHEsERfk9Q1V+tQgEA/mMiUEcyc/xc
# Z1Z27cDoqUFRhPmxbd6/KyTGHzo2+As=
# =Zanw
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Jan 2025 01:49:39 EST
# gpg: using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7 13C4 8E86 8FB7 A176 9D4C
# Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3 D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu:
target/loongarch: Dump all generic CSR registers
target/loongarch: Set unused flag with CSR registers
target/loongarch: Add common source file for CSR register
target/loongarch: Add common header file for CSR registers
target/loongarch: Add generic csr function type
target/loongarch: Remove static CSR function setting
target/loongarch: Add dynamic function access with CSR register
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes various warnings in the testsuite while building gupnp:
gssdp-net-DEBUG: Failed to send netlink message: Operation not supported
gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: 127.0.0.1)
gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
gupnp-context-DEBUG: Mismatch between host header and host IP (192.168.1.2, expected: 127.0.0.1)
gupnp-context-DEBUG: Mismatch between host header and host IP (fe80::01, expected: 127.0.0.1)
gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
gupnp-context-DEBUG: Failed to parse HOST header from request: Invalid IPv6 address ?[fe80::01%1]? in URI
gupnp-context-DEBUG: Failed to parse HOST header from request: Invalid IPv6 address ?[fe80::01%eth0]? in URI
gupnp-context-DEBUG: Failed to parse HOST header from request: Could not parse port ?:1? in URI
gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)
gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)
gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)
Helge Deller [Sun, 19 Jan 2025 04:26:10 +0000 (05:26 +0100)]
linux-user: netlink: Add emulation of IP_MULTICAST_IF
Add IP_MULTICAST_IF and share the code with IP_ADD_MEMBERSHIP / IP_DROP_MEMBERSHIP.
Sharing the code makes sense, because the manpage of ip(7) says:
IP_MULTICAST_IF (since Linux 1.2)
Set the local device for a multicast socket. The argument
for setsockopt(2) is an ip_mreqn or (since Linux 3.5)
ip_mreq structure similar to IP_ADD_MEMBERSHIP, or an
in_addr structure. (The kernel determines which structure
is being passed based on the size passed in optlen.) For
getsockopt(2), the argument is an in_addr structure.
Helge Deller [Mon, 20 Jan 2025 21:20:41 +0000 (22:20 +0100)]
linux-user: netlink: Add missing IFA_PROTO to host_to_target_data_addr_rtattr()
Fix this warning:
Unknown host IFA type: 11
While adding IFA_PROTO, convert all IFA_XXX values over to QEMU_IFA_XXX values
to avoid a build failure on Ubuntu 22.04 (kernel v5.18 which does not know
IFA_PROTO yet).
Bibo Mao [Thu, 16 Jan 2025 11:09:25 +0000 (19:09 +0800)]
target/loongarch: Set unused flag with CSR registers
On LA464, some CSR registers are not used such as CSR_SAVE8 -
CSR_SAVE15, also CSR registers relative with MCE is not used now.
Flag CSRFL_UNUSED is added for these registers, so that it will
not dumped. In order to keep compatiblity, these CSR registers are
not removed since it is used in vmstate already.
Bibo Mao [Thu, 16 Jan 2025 06:22:19 +0000 (14:22 +0800)]
target/loongarch: Add common source file for CSR register
Common source file csr.c is added here, it can be used by both
TCG mode and kvm mode. The common code is removed from file
tcg/insn_trans/trans_privileged.c.inc to csrc.c
Bibo Mao [Wed, 22 Jan 2025 07:13:41 +0000 (15:13 +0800)]
target/loongarch: Add generic csr function type
Parameter type TCGv and TCGv_ptr for function GenCSRRead and GenCSRWrite
is not used in non-TCG mode. Generic csr function type is added here
with parameter void type, so that it passes to compile with non-TCG mode.
Stefan Hajnoczi [Wed, 22 Jan 2025 14:59:02 +0000 (09:59 -0500)]
Merge tag 'pull-request-2025-01-21v2' of https://gitlab.com/thuth/qemu into staging
* Fix bugs related to the new "boot order" feature in the s390-ccw bios
* Fix crash that occurs when introspecting older s390-virtio-ccw machines
* Fix error in pbkdf code on fast machines (e.g. s390x with crypto adapter)
* Convert kvm_xen_guest avocado test to the functional framework
* tag 'pull-request-2025-01-21v2' of https://gitlab.com/thuth/qemu:
pc-bios: Update the s390 bios images with the recent changes
pc-bios/s390-ccw: Abort IPL on invalid loadparm
pc-bios/s390-ccw/netmain: Fix error messages with regards to the TFTP server
pc-bios/s390-ccw: Fix boot problem with virtio-net devices
pc-bios/s390-ccw/virtio: Add a function to reset a virtio device
hw/s390x: Fix crash that occurs when inspecting older versioned machines types
crypto: fix bogus error benchmarking pbkdf on fast machines
MAINTAINERS: Remove myself as Avocado Framework reviewer
tests/functional: Convert the kvm_xen_guest avocado test
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Jared Rossi [Fri, 17 Jan 2025 21:22:35 +0000 (16:22 -0500)]
pc-bios/s390-ccw: Abort IPL on invalid loadparm
Because the loadparm specifies an exact kernel the user wants to boot, if the
loadparm is invalid it must represent a misconfiguration of the guest. Thus we
should abort the IPL immediately, without attempting to use other devices, to
avoid booting into an unintended guest image.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250117212235.1324063-2-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 16 Jan 2025 11:58:26 +0000 (12:58 +0100)]
pc-bios/s390-ccw/netmain: Fix error messages with regards to the TFTP server
The code in net_init_ip() currently bails out early if "rc" is less
than 0, so the if-statements that check for negative "rc" codes to
print out some specific error messages with regards to the TFTP server
are never reached. Move them earlier to bring that dead code back to
life.
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Eric Farman <farman@linux.ibm.com> Tested-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250116115826.192047-4-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 16 Jan 2025 11:58:25 +0000 (12:58 +0100)]
pc-bios/s390-ccw: Fix boot problem with virtio-net devices
When we are trying to boot from virtio-net devices, the
s390-ccw bios currently leaves the virtio-net device enabled
after using it. That means that the receiving virt queues will
continue to happily write incoming network packets into memory.
This can corrupt data of the following boot process. For example,
if you set up a second guest on a virtual network and create a
lot of broadcast traffic there, e.g. with:
ping -i 0.02 -s 1400 -b 192.168.1.255
and then you try to boot a guest with two boot devices, a network
device first (which should not be bootable) and e.g. a bootable SCSI
CD second, then this guest will fail to load the kernel from the CD
image:
Network boot device detected
Network boot starting...
Using MAC address: 52:54:00:12:34:56
Requesting information via DHCP: done
Using IPv4 address: 192.168.1.76
Using TFTP server: 192.168.1.1
Trying pxelinux.cfg files...
TFTP error: ICMP ERROR "port unreachable"
Receiving data: 0 KBytes
Repeating TFTP read request...
TFTP error: ICMP ERROR "port unreachable"
Failed to load OS from network.
Failed to IPL from this network!
LOADPARM=[ ]
Using virtio-scsi.
! virtio-scsi:setup:inquiry: response VS RESP=ff !
ERROR: No suitable device for IPL. Halting...
We really have to shut up the virtio-net devices after we're not
using it anymore. The easiest way to do this is to simply reset
the device, so let's do that now.
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Eric Farman <farman@linux.ibm.com> Tested-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250116115826.192047-3-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 16 Jan 2025 11:58:24 +0000 (12:58 +0100)]
pc-bios/s390-ccw/virtio: Add a function to reset a virtio device
To be able to properly silence a virtio device after using it,
we need a global function to reset the device.
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Eric Farman <farman@linux.ibm.com> Tested-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250116115826.192047-2-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
The problem is that the versioned s390-ccw-virtio machine types
use instance_init() to set global state that should be initialized
before the CPUs get instantiated. But instance_init() is not called
only for the machine that is finally used, it is also called for
temporary instances of objects that are e.g. just created for
introspection. That means that those instance_init() functions can
also be called while a machine (and its CPUs) is already created,
which triggers the assertion in cpu_models.c.
So we must not use instance_init() for setting global state, but
use the machine->init() function instead, which is really only called
once when the machine comes to life.
Fixes: 3b00f702c2 ("s390x/cpumodel: add zpci, aen and ais facilities")
Message-ID: <20250120085059.239345-1-thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
crypto: run qcrypto_pbkdf2_count_iters in a new thread
Unfortunately this has a subtle bug on machines which are very fast.
On the first time around the loop, the 'iterations' value is quite
small (1 << 15), and so will run quite fast. Testing has shown that
some machines can complete this benchmarking task in as little as
7 milliseconds.
Unfortunately the 'getrusage' data is not updated at the time of
the 'getrusage' call, it is done asynchronously by the scheduler.
The 7 millisecond completion time for the benchmark is short
enough that 'getrusage' sometimes reports 0 accumulated execution
time.
As a result the 'delay_ms == 0' sanity check in the above commit
is triggering non-deterministically on such machines.
The benchmarking loop intended to run multiple times, increasing
the 'iterations' value until the benchmark ran for > 500 ms, but
the sanity check doesn't allow this to happen.
To fix it, we keep a loop counter and only run the sanity check
after we've been around the loop more than 5 times. At that point
the 'iterations' value is high enough that even with infrequent
updates of 'getrusage' accounting data on fast machines, we should
see a non-zero value.
Fixes: https://lore.kernel.org/qemu-devel/ffe542bb-310c-4616-b0ca-13182f849fd1@redhat.com/ Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2336437 Reported-by: Thomas Huth <thuth@redhat.com> Reported-by: Richard W.M. Jones <rjones@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250109093746.1216300-1-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
MAINTAINERS: Remove myself as Avocado Framework reviewer
While I was very enthusiastic when Avocado was presented to
the QEMU community and pushed forward to have it integrated,
time passed and I lost interest. Be honest, remove my R: tag
to not give fake expectation I'd review patches related to
Avocado anymore.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250106055024.70139-1-philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Stefan Hajnoczi [Tue, 21 Jan 2025 13:27:20 +0000 (08:27 -0500)]
Merge tag 'pull-tcg-20250117' of https://gitlab.com/rth7680/qemu into staging
tcg:
- Add TCGOP_TYPE, TCGOP_FLAGS.
- Pass type and flags to tcg_op_supported, tcg_target_op_def.
- Split out tcg-target-has.h and unexport from tcg.h.
- Reorg constraint processing; constify TCGOpDef.
- Make extract, sextract, deposit opcodes mandatory.
- Merge ext{8,16,32}{s,u} opcodes into {s}extract.
tcg/mips: Expand bswap unconditionally
tcg/riscv: Use SRAIW, SRLIW for {s}extract_i64
tcg/riscv: Use BEXTI for single-bit extractions
tcg/sparc64: Use SRA, SRL for {s}extract_i64
disas/riscv: Guard dec->cfg dereference for host disassemble
util/cpuinfo-riscv: Detect Zbs
accel/tcg: Call tcg_tb_insert() for one-insn TBs
linux-user: Add missing /proc/cpuinfo fields for sparc
* tag 'pull-tcg-20250117' of https://gitlab.com/rth7680/qemu: (68 commits)
softfloat: Constify helpers returning float_status field
accel/tcg: Call tcg_tb_insert() for one-insn TBs
tcg: Document tb_lookup() and tcg_tb_lookup()
linux-user: Add missing /proc/cpuinfo fields for sparc
tcg/riscv: Use BEXTI for single-bit extractions
util/cpuinfo-riscv: Detect Zbs
tcg: Remove TCG_TARGET_HAS_deposit_{i32,i64}
tcg: Remove TCG_TARGET_HAS_{s}extract_{i32,i64}
tcg/tci: Remove assertions for deposit and extract
tcg/tci: Provide TCG_TARGET_{s}extract_valid
tcg/sparc64: Use SRA, SRL for {s}extract_i64
tcg/s390x: Fold the ext{8,16,32}[us] cases into {s}extract
tcg/riscv: Use SRAIW, SRLIW for {s}extract_i64
tcg/riscv64: Fold the ext{8,16,32}[us] cases into {s}extract
tcg/ppc: Fold the ext{8,16,32}[us] cases into {s}extract
tcg/mips: Fold the ext{8,16,32}[us] cases into {s}extract
tcg/loongarch64: Fold the ext{8,16,32}[us] cases into {s}extract
tcg/arm: Add full [US]XT[BH] into {s}extract
tcg/aarch64: Expand extract with offset 0 with andi
tcg/aarch64: Provide TCG_TARGET_{s}extract_valid
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Sun, 19 Jan 2025 13:55:46 +0000 (08:55 -0500)]
Merge tag 'pull-riscv-to-apply-20250119-1' of https://github.com/alistair23/qemu into staging
Second RISC-V PR for 10.0
* Reduce the overhead for simple RISC-V vector unit-stride loads and stores
* Add V bit to GDB priv reg
* Add 'sha' support
* Add traces for exceptions in user mode
* Update Pointer Masking to Zjpm v1.0
* Add Smrnmi support
* Fix timebase-frequency when using KVM acceleration
* Add RISC-V Counter delegation ISA extension support
* Add support for Smdbltrp and Ssdbltrp extensions
* Introduce a translation tag for the IOMMU page table cache
* Support Supm and Sspm as part of Zjpm v1.0
* Convert htif debug prints to trace event
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmeMUUwACgkQr3yVEwxT
# gBNgDQ/+JeqcsbJRX+PZQJEV06tDIJpk+mfaBHUYSGdNkjI9fzowNaxFIEB2vaLt
# 4+xAGMnJ4vMcjJyBcPOn1FKAlowM7MsUNITOF9Rstnyriqnj2UsUZ9YBtkuG6gWH
# ZHoYEKu7mAZoZw5RRx4TatHDXw7TYfUsrDPrn+x6yeCZTq9ruRTlHkzp2LC725Vq
# KTnbWAP7WlqiJaSxB5eIFYT5tYP1Blp0yD358B037C57EU9j5zm2FQdFmVK1+xRF
# dFg/urBIzfAjjkCS/t9DmH+S6NgMEut6udUhllk/KUJAzWvsggc4wZZlWjFOJFJY
# fIxx3alhY3pcm1PYjFpf15Poz6Pqva/KGjwgZafirKQtPbRSzfRkUwcHOYRTQT9j
# abeiB44XPaeIl8Jvw7GLxcWtlJ5NmBrZho+2Z9mIhB/Ix5H3PDgs18Oc/s73P2qQ
# JFLRb7cpYy1HbRc0ugvwAmOTY1t6HX8HAtT+3rNhiXpXnj4RW2C/WU1cEqrg8QkM
# cTPiy2zHoBhAWt9aDK1Kvbhb1vur3JaF7rk9jeKlriFr87Ly+yPU+8mnEDw40NMR
# Tc9nivqmOqqXS5AM9O/W1uzTWzpxIUy7XBy3cuSk0uZCoge4IE2Or7P2Rb2uyaNZ
# RkAo/PL2N1cMjP7gB3kLRtYY7FA+nal66KhfbHPRHqj+ZwUAxzs=
# =F3IG
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 18 Jan 2025 20:11:40 EST
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20250119-1' of https://github.com/alistair23/qemu: (50 commits)
hw/char/riscv_htif: Convert HTIF_DEBUG() to trace events
target/riscv: Support Supm and Sspm as part of Zjpm v1.0
hw/riscv/riscv-iommu.c: Introduce a translation tag for the page table cache
target/riscv: Add Smdbltrp ISA extension enable switch
target/riscv: Implement Smdbltrp behavior
target/riscv: Implement Smdbltrp sret, mret and mnret behavior
target/riscv: Add Smdbltrp CSRs handling
target/riscv: Add Ssdbltrp ISA extension enable switch
target/riscv: Implement Ssdbltrp exception handling
target/riscv: Implement Ssdbltrp sret, mret and mnret behavior
target/riscv: Add Ssdbltrp CSRs handling
target/riscv: Fix henvcfg potentially containing stale bits
target/riscv: Add configuration for S[m|s]csrind, Smcdeleg/Ssccfg
target/riscv: Add implied rule for counter delegation extensions
target/riscv: Invoke pmu init after feature enable
target/riscv: Add counter delegation/configuration support
target/riscv: Add select value range check for counter delegation
target/riscv: Add counter delegation definitions
target/riscv: Add properties for counter delegation ISA extensions
target/riscv: Support generic CSR indirect access
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
hw/char/riscv_htif: Convert HTIF_DEBUG() to trace events
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250116223609.81594-1-philmd@linaro.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alexey Baturo [Mon, 13 Jan 2025 19:44:09 +0000 (22:44 +0300)]
target/riscv: Support Supm and Sspm as part of Zjpm v1.0
The Zjpm v1.0 spec states there should be Supm and Sspm extensions that
are used in profile specification. Enabling Supm extension enables both
Ssnpm and Smnpm, while Sspm enables only Smnpm.
Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250113194410.1307494-1-baturo.alexey@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jason Chien [Fri, 8 Nov 2024 11:01:47 +0000 (19:01 +0800)]
hw/riscv/riscv-iommu.c: Introduce a translation tag for the page table cache
This commit introduces a translation tag to avoid invalidating an entry
that should not be invalidated when IOMMU executes invalidation commands.
E.g. IOTINVAL.VMA with GV=0, AV=0, PSCV=1 invalidates both a mapping
of single stage translation and a mapping of nested translation with
the same PSCID, but only the former one should be invalidated.
Signed-off-by: Jason Chien <jason.chien@sifive.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20241108110147.11178-1-jason.chien@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Clément Léger [Thu, 16 Jan 2025 13:15:36 +0000 (14:15 +0100)]
target/riscv: Add Smdbltrp ISA extension enable switch
Add the switch to enable the Smdbltrp ISA extension and disable it for
the max cpu. Indeed, OpenSBI when Smdbltrp is present, M-mode double
trap is enabled by default and MSTATUS.MDT needs to be cleared to avoid
taking a double trap. OpenSBI does not currently support it so disable
it for the max cpu to avoid breaking regression tests.
Signed-off-by: Clément Léger <cleger@rivosinc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250116131539.2475785-1-cleger@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Clément Léger [Fri, 10 Jan 2025 12:54:39 +0000 (13:54 +0100)]
target/riscv: Implement Smdbltrp behavior
When the Smsdbltrp ISA extension is enabled, if a trap happens while
MSTATUS.MDT is already set, it will trigger an abort or an NMI is the
Smrnmi extension is available.
Signed-off-by: Clément Léger <cleger@rivosinc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-9-cleger@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Clément Léger [Fri, 10 Jan 2025 12:54:38 +0000 (13:54 +0100)]
target/riscv: Implement Smdbltrp sret, mret and mnret behavior
When the Ssdbltrp extension is enabled, SSTATUS.MDT field is cleared
when executing sret if executed in M-mode. When executing mret/mnret,
SSTATUS.MDT is cleared.
Signed-off-by: Clément Léger <cleger@rivosinc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-8-cleger@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Clément Léger [Fri, 10 Jan 2025 12:54:34 +0000 (13:54 +0100)]
target/riscv: Implement Ssdbltrp sret, mret and mnret behavior
When the Ssdbltrp extension is enabled, SSTATUS.SDT field is cleared
when executing sret. When executing mret/mnret, SSTATUS.SDT is cleared
when returning to U, VS or VU and VSSTATUS.SDT is cleared when returning
to VU from HS.
Signed-off-by: Clément Léger <cleger@rivosinc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-4-cleger@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Clément Léger [Fri, 10 Jan 2025 12:54:33 +0000 (13:54 +0100)]
target/riscv: Add Ssdbltrp CSRs handling
Add ext_ssdbltrp in RISCVCPUConfig and implement MSTATUS.SDT,
{H|M}ENVCFG.DTE and modify the availability of MTVAL2 based on the
presence of the Ssdbltrp ISA extension.
Signed-off-by: Clément Léger <cleger@rivosinc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-3-cleger@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Clément Léger [Fri, 10 Jan 2025 12:54:32 +0000 (13:54 +0100)]
target/riscv: Fix henvcfg potentially containing stale bits
With the current implementation, if we had the following scenario:
- Set bit x in menvcfg
- Set bit x in henvcfg
- Clear bit x in menvcfg
then, the internal variable env->henvcfg would still contain bit x due
to both a wrong menvcfg mask used in write_henvcfg() as well as a
missing update of henvcfg upon menvcfg update.
This can lead to some wrong interpretation of the context. In order to
update henvcfg upon menvcfg writing, call write_henvcfg() after writing
menvcfg. Clearing henvcfg upon writing the new value is also needed in
write_henvcfg() as well as clearing henvcfg upper part when writing it
with write_henvcfgh().
Signed-off-by: Clément Léger <cleger@rivosinc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-2-cleger@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Atish Patra [Fri, 10 Jan 2025 08:21:37 +0000 (00:21 -0800)]
target/riscv: Invoke pmu init after feature enable
The dependant ISA features are enabled at the end of cpu_realize
in finalize_features. Thus, PMU init should be invoked after that
only. Move the init invocation to riscv_tcg_cpu_finalize_features.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-9-e83d797ae294@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Kaiwen Xue [Fri, 10 Jan 2025 08:21:35 +0000 (00:21 -0800)]
target/riscv: Add select value range check for counter delegation
This adds checks in ops performed on xireg and xireg2-xireg6 so that the
counter delegation function will receive a valid xiselect value with the
proper extensions enabled.
Atish Patra [Fri, 10 Jan 2025 08:21:33 +0000 (00:21 -0800)]
target/riscv: Add properties for counter delegation ISA extensions
This adds the properties for counter delegation ISA extensions
(Smcdeleg/Ssccfg). Definitions of new registers and and implementation
will come in the next set of patches.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-5-e83d797ae294@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Kaiwen Xue [Fri, 10 Jan 2025 08:21:32 +0000 (00:21 -0800)]
target/riscv: Support generic CSR indirect access
This adds the indirect access registers required by sscsrind/smcsrind
and the operations on them. Note that xiselect and xireg are used for
both AIA and sxcsrind, and the behavior of accessing them depends on
whether each extension is enabled and the value stored in xiselect.
Co-developed-by: Atish Patra <atishp@rivosinc.com> Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-4-e83d797ae294@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
hw/riscv/virt: Remove unnecessary use of &first_cpu
virt_machine_init() creates the HARTs vCPUs, then later
virt_machine_done() calls create_fdt_sockets(), so the
latter has access to the first vCPU via:
Directly use that instead of the &first_cpu global.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250112231344.34632-3-philmd@linaro.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv: Have kvm_riscv_get_timebase_frequency() take RISCVCPU cpu
Keep kvm_riscv_get_timebase_frequency() prototype aligned with
the other ones declared in "kvm_riscv.h", have it take a RISCVCPU
cpu as argument. Include "target/riscv/cpu-qom.h" which declares
the RISCVCPU typedef.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250112231344.34632-2-philmd@linaro.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Frank Chang [Mon, 6 Jan 2025 05:43:36 +0000 (13:43 +0800)]
target/riscv: Add Zicfilp support for Smrnmi
Zicfilp extension introduces the MNPELP (bit 9) in mnstatus.
The MNPELP field holds the previous ELP.
When a RNMI trap is delivered, the MNPELP is set to ELP and ELP set
to NO_LP_EXPECTED. Upon a mnret, if the mnstatus.MNPP holds the
value y, then ELP is set to the value of MNPELP if yLPE is 1;
otherwise, it is set to NO_LP_EXPECTED.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-7-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Tommy Wu [Mon, 6 Jan 2025 05:43:35 +0000 (13:43 +0800)]
target/riscv: Add Smrnmi cpu extension
This adds the properties for ISA extension Smrnmi.
Also, when Smrnmi is present, the firmware (e.g., OpenSBI) must set
mnstatus.NMIE to 1 before enabling any interrupts. Otherwise, all
interrupts will be disabled. Since our current OpenSBI does not
support Smrnmi yet, let's disable Smrnmi for the 'max' type CPU for
now. We can re-enable it once OpenSBI includes proper support for it.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Signed-off-by: Tommy Wu <tommy.wu@sifive.com> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-6-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Tommy Wu [Mon, 6 Jan 2025 05:43:34 +0000 (13:43 +0800)]
target/riscv: Add Smrnmi mnret instruction
This patch adds a new instruction 'mnret'. 'mnret' is an M-mode-only
instruction that uses the values in `mnepc` and `mnstatus` to return to the
program counter, privilege mode, and virtualization mode of the
interrupted context.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Signed-off-by: Tommy Wu <tommy.wu@sifive.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-5-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Tommy Wu [Mon, 6 Jan 2025 05:43:33 +0000 (13:43 +0800)]
target/riscv: Handle Smrnmi interrupt and exception
Because the RNMI interrupt trap handler address is implementation defined.
We add the 'rnmi-interrupt-vector' and 'rnmi-exception-vector' as the property
of the harts. It’s very easy for users to set the address based on their
expectation. This patch also adds the functionality to handle the RNMI signals.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Signed-off-by: Tommy Wu <tommy.wu@sifive.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-4-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Tommy Wu [Mon, 6 Jan 2025 05:43:32 +0000 (13:43 +0800)]
target/riscv: Add Smrnmi CSRs
The Smrnmi extension adds the 'mnscratch', 'mnepc', 'mncause',
'mnstatus' CSRs.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Signed-off-by: Tommy Wu <tommy.wu@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-3-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Tommy Wu [Mon, 6 Jan 2025 05:43:31 +0000 (13:43 +0800)]
target/riscv: Add 'ext_smrnmi' in the RISCVCPUConfig
The boolean variable 'ext_smrnmi' is used to determine whether the
Smrnmi extension exists.
Signed-off-by: Frank Chang <frank.chang@sifive.com> Signed-off-by: Tommy Wu <tommy.wu@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-2-frank.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
projects / thirdparty / qemu.git / log
