]> git.ipfire.org Git - thirdparty/qemu.git/log
thirdparty/qemu.git
2 years agotarget/i386: implement RDPID in TCG
Paolo Bonzini [Tue, 20 Jun 2023 22:47:31 +0000 (00:47 +0200)] 
target/i386: implement RDPID in TCG

RDPID corresponds to a RDMSR(TSC_AUX); however, it is unprivileged
so for user-mode emulation we must provide the value that the kernel
places in the MSR.  For Linux, it is a combination of the current CPU
and the current NUMA node, both of which can be retrieved with getcpu(2).
Also try sched_getcpu(), which might be there on the BSDs.  If there is
no portable way to retrieve the current CPU id from userspace, return 0.

RDTSCP is reimplemented as RDTSC + RDPID ECX; the differences in terms
of serializability are not relevant to QEMU.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: sysret and sysexit are privileged
Paolo Bonzini [Mon, 19 Jun 2023 13:29:12 +0000 (15:29 +0200)] 
target/i386: sysret and sysexit are privileged

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: AMD only supports SYSENTER/SYSEXIT in 32-bit mode
Paolo Bonzini [Mon, 19 Jun 2023 13:41:42 +0000 (15:41 +0200)] 
target/i386: AMD only supports SYSENTER/SYSEXIT in 32-bit mode

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: Intel only supports SYSCALL/SYSRET in long mode
Paolo Bonzini [Mon, 19 Jun 2023 13:41:42 +0000 (15:41 +0200)] 
target/i386: Intel only supports SYSCALL/SYSRET in long mode

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: TCG supports WBNOINVD
Paolo Bonzini [Fri, 16 Jun 2023 21:58:25 +0000 (23:58 +0200)] 
target/i386: TCG supports WBNOINVD

WBNOINVD is the same as INVD or WBINVD as far as TCG is concerned,
since there is no cache in TCG and therefore no invalidation side effect
in WBNOINVD.

With respect to SVM emulation, processors that do not support WBNOINVD
will ignore the prefix and treat it as WBINVD, while those that support
it will generate exactly the same vmexit.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: TCG supports XSAVEERPTR
Paolo Bonzini [Fri, 16 Jun 2023 23:59:35 +0000 (01:59 +0200)] 
target/i386: TCG supports XSAVEERPTR

XSAVEERPTR is actually a fix for an errata; TCG does not have the issue.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: do not accept RDSEED if CPUID bit absent
Paolo Bonzini [Tue, 20 Jun 2023 22:43:22 +0000 (00:43 +0200)] 
target/i386: do not accept RDSEED if CPUID bit absent

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: TCG supports RDSEED
Paolo Bonzini [Fri, 16 Jun 2023 22:05:38 +0000 (00:05 +0200)] 
target/i386: TCG supports RDSEED

TCG implements RDSEED, and in fact uses qcrypto_random_bytes which is
secure enough to match hardware behavior.  Expose it to guests.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: TCG supports 3DNow! prefetch(w)
Paolo Bonzini [Fri, 16 Jun 2023 22:01:58 +0000 (00:01 +0200)] 
target/i386: TCG supports 3DNow! prefetch(w)

The AMD prefetch(w) instructions have not been deprecated together with the rest
of 3DNow!, and in fact are even supported by newer Intel processor.  Mark them
as supported by TCG, as it supports all of 3DNow!.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agotarget/i386: fix INVD vmexit
Paolo Bonzini [Fri, 16 Jun 2023 21:57:30 +0000 (23:57 +0200)] 
target/i386: fix INVD vmexit

Due to a typo or perhaps a brain fart, the INVD vmexit was never generated.
Fix it (but not that fixing just the typo would break both INVD and WBINVD,
due to a case of two wrongs making a right).

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agokvm: reuse per-vcpu stats fd to avoid vcpu interruption
Marcelo Tosatti [Sun, 18 Jun 2023 21:24:40 +0000 (23:24 +0200)] 
kvm: reuse per-vcpu stats fd to avoid vcpu interruption

A regression has been detected in latency testing of KVM guests.
More specifically, it was observed that the cyclictest
numbers inside of an isolated vcpu (running on isolated pcpu) are:

Where a maximum of 50us is acceptable.

The implementation of KVM_GET_STATS_FD uses run_on_cpu to query
per vcpu statistics, which interrupts the vcpu (and is unnecessary).

To fix this, open the per vcpu stats fd on vcpu initialization,
and read from that fd from QEMU's main thread.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agohw/riscv: Validate cluster and NUMA node boundary
Gavin Shan [Tue, 9 May 2023 00:27:39 +0000 (10:27 +1000)] 
hw/riscv: Validate cluster and NUMA node boundary

There are two RISCV machines where NUMA is aware: 'virt' and 'spike'.
Both of them are required to follow cluster-NUMA-node boundary. To
enable the validation to warn about the irregular configuration where
multiple CPUs in one cluster has been associated with multiple NUMA
nodes.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20230509002739.18388-4-gshan@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agohw/arm: Validate cluster and NUMA node boundary
Gavin Shan [Tue, 9 May 2023 00:27:38 +0000 (10:27 +1000)] 
hw/arm: Validate cluster and NUMA node boundary

There are two ARM machines where NUMA is aware: 'virt' and 'sbsa-ref'.
Both of them are required to follow cluster-NUMA-node boundary. To
enable the validation to warn about the irregular configuration where
multiple CPUs in one cluster have been associated with different NUMA
nodes.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230509002739.18388-3-gshan@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agonuma: Validate cluster and NUMA node boundary if required
Gavin Shan [Tue, 9 May 2023 00:27:37 +0000 (10:27 +1000)] 
numa: Validate cluster and NUMA node boundary if required

For some architectures like ARM64, multiple CPUs in one cluster can be
associated with different NUMA nodes, which is irregular configuration
because we shouldn't have this in baremetal environment. The irregular
configuration causes Linux guest to misbehave, as the following warning
messages indicate.

  -smp 6,maxcpus=6,sockets=2,clusters=1,cores=3,threads=1 \
  -numa node,nodeid=0,cpus=0-1,memdev=ram0                \
  -numa node,nodeid=1,cpus=2-3,memdev=ram1                \
  -numa node,nodeid=2,cpus=4-5,memdev=ram2                \

  ------------[ cut here ]------------
  WARNING: CPU: 0 PID: 1 at kernel/sched/topology.c:2271 build_sched_domains+0x284/0x910
  Modules linked in:
  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.14.0-268.el9.aarch64 #1
  pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
  pc : build_sched_domains+0x284/0x910
  lr : build_sched_domains+0x184/0x910
  sp : ffff80000804bd50
  x29: ffff80000804bd50 x28: 0000000000000002 x27: 0000000000000000
  x26: ffff800009cf9a80 x25: 0000000000000000 x24: ffff800009cbf840
  x23: ffff000080325000 x22: ffff0000005df800 x21: ffff80000a4ce508
  x20: 0000000000000000 x19: ffff000080324440 x18: 0000000000000014
  x17: 00000000388925c0 x16: 000000005386a066 x15: 000000009c10cc2e
  x14: 00000000000001c0 x13: 0000000000000001 x12: ffff00007fffb1a0
  x11: ffff00007fffb180 x10: ffff80000a4ce508 x9 : 0000000000000041
  x8 : ffff80000a4ce500 x7 : ffff80000a4cf920 x6 : 0000000000000001
  x5 : 0000000000000001 x4 : 0000000000000007 x3 : 0000000000000002
  x2 : 0000000000001000 x1 : ffff80000a4cf928 x0 : 0000000000000001
  Call trace:
   build_sched_domains+0x284/0x910
   sched_init_domains+0xac/0xe0
   sched_init_smp+0x48/0xc8
   kernel_init_freeable+0x140/0x1ac
   kernel_init+0x28/0x140
   ret_from_fork+0x10/0x20

Improve the situation to warn when multiple CPUs in one cluster have
been associated with different NUMA nodes. However, one NUMA node is
allowed to be associated with different clusters.

Signed-off-by: Gavin Shan <gshan@redhat.com>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230509002739.18388-2-gshan@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agohw/remote/proxy: Remove dubious 'event_notifier-posix.c' include
Philippe Mathieu-Daudé [Tue, 6 Jun 2023 13:49:13 +0000 (15:49 +0200)] 
hw/remote/proxy: Remove dubious 'event_notifier-posix.c' include

event_notifier-posix.c is registered in meson's util_ss[] source
set, which is built as libqemuutil.a.p library. Both tools and
system emulation binaries are linked with qemuutil, so there is
no point in including this source file.

Introduced in commit bd36adb8df ("multi-process: create IOHUB
object to handle irq").

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230606134913.93724-1-philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agobuild: further refine build.ninja rules
Paolo Bonzini [Tue, 23 May 2023 15:56:33 +0000 (17:56 +0200)] 
build: further refine build.ninja rules

In commit b0fcc6fc7fc1 ("build: rebuild build.ninja using
"meson setup --reconfigure"", 2023-05-19) I changed the build.ninja
rule in the Makefile to use "meson setup" so that the Makefile would
pick up a changed path to the meson binary.

However, there was a reason why build.ninja was rebuilt using $(NINJA)
itself.  Namely, ninja has its own cache of file modification times,
and if it does not know about the modification that was done outside
its control, it will *also* try to regenerate build.ninja.  This can be
simply by running "make" on a fresh tree immediately after "configure";
that will trigger an unnecessary meson run.

So, apply a refinement to the rule in order to cover both cases:

- track the meson binary that was used (and that is embedded in
  build.ninja's reconfigure rules); to do this, write build.ninja.stamp
  right after executing meson successfully

- if it changed, force usage of "$(MESON) setup --reconfigure" to
  update the path in the reconfigure rule

- if it didn't change, use "$(NINJA) build.ninja" just like before
  commit b0fcc6fc7fc1.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 years agoMerge tag 'hppa-boot-reboot-fixes-pull-request' of https://github.com/hdeller/qemu...
Richard Henderson [Sun, 25 Jun 2023 06:58:49 +0000 (08:58 +0200)] 
Merge tag 'hppa-boot-reboot-fixes-pull-request' of https://github.com/hdeller/qemu-hppa into staging

target/hppa: Fix boot and reboot for SMP machines

Fix some SMP-related boot and reboot issues with HP-UX and Linux by
correctly initializing the CPU PSW bits, disabling data and instruction
translations and unhalting the CPU in the qemu hppa_machine_reset()
function.

To work correctly some fixes are needed in the SeaBIOS-hppa firmware too,
which is why this series updates it to version 8 which includes those
fixes and enhancements:

Fixes
- boot of HP-UX with SMP, and
- reboot of Linux and HP-UX with SMP

Enhancements:
- show qemu version in boot menu
- adds exit menu entry in boot menu to quit emulation
- allow to trace PCD_CHASSIS codes more specifically

Signed-off-by: Helge Deller <deller@gmx.de>
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZJbYWAAKCRD3ErUQojoP
# X6ExAQCmOXqwJw3SjSE/+hvphJ2mMTJe3i6dU3AWOGlACxxVzAEA7dKSU4d8EtRj
# NZpGKB9NE9eWwQFGJVbVgFeikap44gs=
# =8zCK
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 24 Jun 2023 01:49:44 PM CEST
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'hppa-boot-reboot-fixes-pull-request' of https://github.com/hdeller/qemu-hppa:
  target/hppa: Update to SeaBIOS-hppa version 8
  target/hppa: Provide qemu version via fw_cfg to firmware
  target/hppa: Fix OS reboot issues

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agoMerge tag 'pull-target-arm-20230623' of https://git.linaro.org/people/pmaydell/qemu...
Richard Henderson [Sun, 25 Jun 2023 06:58:13 +0000 (08:58 +0200)] 
Merge tag 'pull-target-arm-20230623' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Add (experimental) support for FEAT_RME
 * host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
 * target/arm: Restructure has_vfp_d32 test
 * hw/arm/sbsa-ref: add ITS support in SBSA GIC
 * target/arm: Fix sve predicate store, 8 <= VQ <= 15
 * pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmSVkGcZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3tUZEACGBkfRmEa3CRVdOzRWeJS8
# vcvcHEVDUVBTMKvpBah5YC5mK8fx040fymoSiYtxiWyf4l7U2Zr/kYouIbqos5Wy
# KW6It3Sq2IXHdl0n34D1GAWXujcJp/RP+jt+SZy1cWv9aPOy0xOpofMusytkLLeT
# 4+8il6t8eGDVxqBam5jwTi2vskosP4IsDmuqZk4/o3Yg5Gg2NGFaS+SMf/V5pJSv
# M/aH09sYtsTMoAIihpGbQsQeUtUjRXijr/WOKKwa4LeDd/abA7ZTiIGkfkzCOxOa
# 82LmoSFarIkfe5xgtfF3DArkN+ajvrJHLbsB0PwuYFqjSUAfcB7gs4r+I7IdvjN+
# hdY2oTxa8nDerPDdiW61i4xg6qtNRc87l/y2qX6xMrqBEQ743V/e/4cNsGLsLxou
# R1iHq2R8LZ00051pZeXYrOUW3Bu6GK/b30nDFgTb4uLStA/OtlXKWspeGj4JIgzi
# 04xwndUMbq6eZp89BDHc52AEF9SreCz8/YVu32W1JWvRgGWV1uv6E5rYQMXsrf/3
# CVNVBOyNeDuGcKNaXGFd2bvpebyEMbtM29kpYP8Xl6YFDdopC2J99NZS+829c+/w
# Zl6gVTEpWOOIYif/z2VgwP74MvMDxSRsuyfxNei+eAnkoIDXpMdRvQZDRqbvooU6
# nIFnyoEgiDX051C9UZa+mg==
# =Q2Ei
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 23 Jun 2023 02:30:31 PM CEST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]

* tag 'pull-target-arm-20230623' of https://git.linaro.org/people/pmaydell/qemu-arm: (26 commits)
  pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
  target/arm: Fix sve predicate store, 8 <= VQ <= 15
  hw/arm/sbsa-ref: add ITS support in SBSA GIC
  target/arm: Restructure has_vfp_d32 test
  host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
  docs/system/arm: Document FEAT_RME
  target/arm: Add cpu properties for enabling FEAT_RME
  target/arm: Implement the granule protection check
  target/arm: Implement GPC exceptions
  target/arm: Add GPC syndrome
  target/arm: Use get_phys_addr_with_struct for stage2
  target/arm: Move s1_is_el0 into S1Translate
  target/arm: Use get_phys_addr_with_struct in S1_ptw_translate
  target/arm: Handle no-execute for Realm and Root regimes
  target/arm: Handle Block and Page bits for security space
  target/arm: NSTable is RES0 for the RME EL3 regime
  target/arm: Pipe ARMSecuritySpace through ptw.c
  target/arm: Remove __attribute__((nonnull)) from ptw.c
  target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}
  target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agotarget/hppa: Update to SeaBIOS-hppa version 8
Helge Deller [Sat, 24 Jun 2023 09:45:52 +0000 (11:45 +0200)] 
target/hppa: Update to SeaBIOS-hppa version 8

Update SeaBIOS-hppa to version 8.

Fixes:
- boot of HP-UX with SMP, and
- reboot of Linux and HP-UX with SMP

Enhancements:
- show qemu version in boot menu
- adds exit menu entry in boot menu to quit emulation
- allow to trace PCD_CHASSIS codes & machine run status

Signed-off-by: Helge Deller <deller@gmx.de>
2 years agotarget/hppa: Provide qemu version via fw_cfg to firmware
Helge Deller [Fri, 23 Jun 2023 22:28:44 +0000 (00:28 +0200)] 
target/hppa: Provide qemu version via fw_cfg to firmware

Give current QEMU version string to SeaBIOS-hppa via fw_cfg interface so
that the firmware can show the QEMU version in the boot menu info.

Signed-off-by: Helge Deller <deller@gmx.de>
2 years agotarget/hppa: Fix OS reboot issues
Helge Deller [Fri, 23 Jun 2023 06:24:30 +0000 (08:24 +0200)] 
target/hppa: Fix OS reboot issues

When the OS triggers a reboot, the reset helper function sends a
qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET) together with an
EXCP_HLT exception to halt the CPUs.

So, at reboot when initializing the CPUs again, make sure to set all
instruction pointers to the firmware entry point, disable any interrupts,
disable data and instruction translations, enable PSW_Q bit  and tell qemu
to unhalt (halted=0) the CPUs again.

This fixes the various reboot issues which were seen when rebooting a
Linux VM, including the case where even the monarch CPU has been virtually
halted from the OS (e.g. via "chcpu -d 0" inside the Linux VM).

Signed-off-by: Helge Deller <deller@gmx.de>
2 years agopc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym
Peter Maydell [Tue, 20 Jun 2023 16:20:24 +0000 (17:20 +0100)] 
pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym

The xkb official name for the Arabic keyboard layout is 'ara'.
However xkb has for at least the past 15 years also permitted it to
be named via the legacy synonym 'ar'.  In xkeyboard-config 2.39 this
synoynm was removed, which breaks compilation of QEMU:

FAILED: pc-bios/keymaps/ar
/home/fred/qemu-git/src/qemu/build-full/qemu-keymap -f pc-bios/keymaps/ar -l ar
xkbcommon: ERROR: Couldn't find file "symbols/ar" in include paths
xkbcommon: ERROR: 1 include paths searched:
xkbcommon: ERROR:  /usr/share/X11/xkb
xkbcommon: ERROR: 3 include paths could not be added:
xkbcommon: ERROR:  /home/fred/.config/xkb
xkbcommon: ERROR:  /home/fred/.xkb
xkbcommon: ERROR:  /etc/xkb
xkbcommon: ERROR: Abandoning symbols file "(unnamed)"
xkbcommon: ERROR: Failed to compile xkb_symbols
xkbcommon: ERROR: Failed to compile keymap

The upstream xkeyboard-config change removing the compat
mapping is:
https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/commit/470ad2cd8fea84d7210377161d86b31999bb5ea6

Make QEMU always ask for the 'ara' xkb layout, which should work on
both older and newer xkeyboard-config.  We leave the QEMU name for
this keyboard layout as 'ar'; it is not the only one where our name
for it deviates from the xkb standard name.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20230620162024.1132013-1-peter.maydell@linaro.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1709

2 years agotarget/arm: Fix sve predicate store, 8 <= VQ <= 15
Richard Henderson [Tue, 20 Jun 2023 13:46:59 +0000 (15:46 +0200)] 
target/arm: Fix sve predicate store, 8 <= VQ <= 15

Brown bag time: store instead of load results in uninitialized temp.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1704
Reported-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620134659.817559-1-richard.henderson@linaro.org
Fixes: e6dd5e782be ("target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld, st}r")
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agohw/arm/sbsa-ref: add ITS support in SBSA GIC
Shashi Mallela [Mon, 19 Jun 2023 17:09:13 +0000 (19:09 +0200)] 
hw/arm/sbsa-ref: add ITS support in SBSA GIC

Create ITS as part of SBSA platform GIC initialization.

GIC ITS information is in DeviceTree so TF-A can pass it to EDK2.

Bumping platform version to 0.2 as this is important hardware change.

Signed-off-by: Shashi Mallela <shashi.mallela@linaro.org>
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20230619170913.517373-2-marcin.juszkiewicz@linaro.org
Co-authored-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Restructure has_vfp_d32 test
Richard Henderson [Mon, 19 Jun 2023 14:02:16 +0000 (16:02 +0200)] 
target/arm: Restructure has_vfp_d32 test

One cannot test for feature aa32_simd_r32 without first
testing if AArch32 mode is supported at all.  This leads to

qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither

for Apple M1 cpus.

We already have a check for ARMv8-A never setting vfp-d32 true,
so restructure the code so that AArch64 avoids the test entirely.

Reported-by: Mads Ynddal <mads@ynddal.dk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Mads Ynddal <m.ynddal@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Mads Ynddal <m.ynddal@samsung.com>
Message-id: 20230619140216.402530-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agohost-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
Peter Maydell [Thu, 22 Jun 2023 13:08:23 +0000 (14:08 +0100)] 
host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang

We use __builtin_subcll() to do a 64-bit subtract with borrow-in and
borrow-out when the host compiler supports it.  Unfortunately some
versions of Apple Clang have a bug in their implementation of this
intrinsic which means it returns the wrong value.  The effect is that
a QEMU built with the affected compiler will hang when emulating x86
or m68k float80 division.

The upstream LLVM issue is:
https://github.com/llvm/llvm-project/issues/55253

The commit that introduced the bug apparently never made it into an
upstream LLVM release without the subsequent fix
https://github.com/llvm/llvm-project/commit/fffb6e6afdbaba563189c1f715058ed401fbc88d
but unfortunately it did make it into Apple Clang 14.0, as shipped
in Xcode 14.3 (14.2 is reported to be OK). The Apple bug number is
FB12210478.

Add ifdefs to avoid use of __builtin_subcll() on Apple Clang version
14 or greater.  There is not currently a version of Apple Clang which
has the bug fix -- when one appears we should be able to add an upper
bound to the ifdef condition so we can start using the builtin again.
We make the lower bound a conservative "any Apple clang with major
version 14 or greater" because the consequences of incorrectly
disabling the builtin when it would work are pretty small and the
consequences of not disabling it when we should are pretty bad.

Many thanks to those users who both reported this bug and also
did a lot of work in identifying the root cause; in particular
to Daniel Bertalan and osy.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1631
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1659
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Daniel Bertalan <dani@danielbertalan.dev>
Tested-by: Tested-By: Solra Bizna <solra@bizna.name>
Message-id: 20230622130823.1631719-1-peter.maydell@linaro.org

2 years agodocs/system/arm: Document FEAT_RME
Richard Henderson [Thu, 22 Jun 2023 14:30:46 +0000 (16:30 +0200)] 
docs/system/arm: Document FEAT_RME

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20230622143046.1578160-1-richard.henderson@linaro.org
[PMM: fixed typo; note experimental status in emulation.rst too]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Add cpu properties for enabling FEAT_RME
Richard Henderson [Fri, 23 Jun 2023 10:15:48 +0000 (11:15 +0100)] 
target/arm: Add cpu properties for enabling FEAT_RME

Add an x-rme cpu property to enable FEAT_RME.
Add an x-l0gptsz property to set GPCCR_EL3.L0GPTSZ,
for testing various possible configurations.

We're not currently completely sure whether FEAT_RME will
be OK to enable purely as a CPU-level property, or if it will
need board co-operation, so we're making these experimental
x- properties, so that the people developing the system
level software for RME can try to start using this and let
us know how it goes. The command line syntax for enabling
this will change in future, without backwards-compatibility.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-21-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Implement the granule protection check
Richard Henderson [Fri, 23 Jun 2023 10:15:48 +0000 (11:15 +0100)] 
target/arm: Implement the granule protection check

Place the check at the end of get_phys_addr_with_struct,
so that we check all physical results.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-20-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Implement GPC exceptions
Richard Henderson [Fri, 23 Jun 2023 10:15:48 +0000 (11:15 +0100)] 
target/arm: Implement GPC exceptions

Handle GPC Fault types in arm_deliver_fault, reporting as
either a GPC exception at EL3, or falling through to insn
or data aborts at various exception levels.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-19-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Add GPC syndrome
Richard Henderson [Fri, 23 Jun 2023 10:15:47 +0000 (11:15 +0100)] 
target/arm: Add GPC syndrome

The function takes the fields as filled in by
the Arm ARM pseudocode for TakeGPCException.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-18-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Use get_phys_addr_with_struct for stage2
Richard Henderson [Fri, 23 Jun 2023 10:15:47 +0000 (11:15 +0100)] 
target/arm: Use get_phys_addr_with_struct for stage2

This fixes a bug in which we failed to initialize
the result attributes properly after the memset.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-17-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Move s1_is_el0 into S1Translate
Richard Henderson [Fri, 23 Jun 2023 10:15:47 +0000 (11:15 +0100)] 
target/arm: Move s1_is_el0 into S1Translate

Instead of passing this to get_phys_addr_lpae, stash it
in the S1Translate structure.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-16-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Use get_phys_addr_with_struct in S1_ptw_translate
Richard Henderson [Fri, 23 Jun 2023 10:15:47 +0000 (11:15 +0100)] 
target/arm: Use get_phys_addr_with_struct in S1_ptw_translate

Do not provide a fast-path for physical addresses,
as those will need to be validated for GPC.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-15-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Handle no-execute for Realm and Root regimes
Richard Henderson [Fri, 23 Jun 2023 10:15:46 +0000 (11:15 +0100)] 
target/arm: Handle no-execute for Realm and Root regimes

While Root and Realm may read and write data from other spaces,
neither may execute from other pa spaces.

This happens for Stage1 EL3, EL2, EL2&0, and Stage2 EL1&0.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-14-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Handle Block and Page bits for security space
Richard Henderson [Fri, 23 Jun 2023 10:15:46 +0000 (11:15 +0100)] 
target/arm: Handle Block and Page bits for security space

With Realm security state, bit 55 of a block or page descriptor during
the stage2 walk becomes the NS bit; during the stage1 walk the bit 5
NS bit is RES0.  With Root security state, bit 11 of the block or page
descriptor during the stage1 walk becomes the NSE bit.

Rather than collecting an NS bit and applying it later, compute the
output pa space from the input pa space and unconditionally assign.
This means that we no longer need to adjust the output space earlier
for the NSTable bit.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: NSTable is RES0 for the RME EL3 regime
Richard Henderson [Fri, 23 Jun 2023 10:15:46 +0000 (11:15 +0100)] 
target/arm: NSTable is RES0 for the RME EL3 regime

Test in_space instead of in_secure so that we don't
switch out of Root space.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Pipe ARMSecuritySpace through ptw.c
Richard Henderson [Fri, 23 Jun 2023 10:15:45 +0000 (11:15 +0100)] 
target/arm: Pipe ARMSecuritySpace through ptw.c

Add input and output space members to S1Translate.  Set and adjust
them in S1_ptw_translate, and the various points at which we drop
secure state.  Initialize the space in get_phys_addr; for now leave
get_phys_addr_with_secure considering only secure vs non-secure spaces.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Remove __attribute__((nonnull)) from ptw.c
Richard Henderson [Fri, 23 Jun 2023 10:15:45 +0000 (11:15 +0100)] 
target/arm: Remove __attribute__((nonnull)) from ptw.c

This was added in 7e98e21c098 as part of a reorg in which
one of the argument had been legally NULL, and this caught
actual instances.  Now that the reorg is complete, this
serves little purpose.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}
Richard Henderson [Fri, 23 Jun 2023 10:15:45 +0000 (11:15 +0100)] 
target/arm: Introduce ARMMMUIdx_Phys_{Realm,Root}

With FEAT_RME, there are four physical address spaces.
For now, just define the symbols, and mention them in
the same spots as the other Phys indexes in ptw.c.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Adjust the order of Phys and Stage2 ARMMMUIdx
Richard Henderson [Fri, 23 Jun 2023 10:15:45 +0000 (11:15 +0100)] 
target/arm: Adjust the order of Phys and Stage2 ARMMMUIdx

It will be helpful to have ARMMMUIdx_Phys_* to be in the same
relative order as ARMSecuritySpace enumerators. This requires
the adjustment to the nstable check. While there, check for being
in secure state rather than rely on clearing the low bit making
no change to non-secure state.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agoinclude/exec/memattrs: Add two bits of space to MemTxAttrs
Richard Henderson [Fri, 23 Jun 2023 10:15:44 +0000 (11:15 +0100)] 
include/exec/memattrs: Add two bits of space to MemTxAttrs

We will need 2 bits to represent ARMSecurityState.

Do not attempt to replace or widen secure, even though it
logically overlaps the new field -- there are uses within
e.g. hw/block/pflash_cfi01.c, which don't know anything
specific about ARM.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Introduce ARMSecuritySpace
Richard Henderson [Fri, 23 Jun 2023 10:15:44 +0000 (11:15 +0100)] 
target/arm: Introduce ARMSecuritySpace

Introduce both the enumeration and functions to retrieve
the current state, and state outside of EL3.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Add RME cpregs
Richard Henderson [Fri, 23 Jun 2023 10:15:44 +0000 (11:15 +0100)] 
target/arm: Add RME cpregs

This includes GPCCR, GPTBR, MFAR, the TLB flush insns PAALL, PAALLOS,
RPALOS, RPAOS, and the cache flush insns CIPAPA and CIGDPAPA.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: SCR_EL3.NS may be RES1
Richard Henderson [Fri, 23 Jun 2023 10:15:43 +0000 (11:15 +0100)] 
target/arm: SCR_EL3.NS may be RES1

With RME, SEL2 must also be present to support secure state.
The NS bit is RES1 if SEL2 is not present.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Update SCR and HCR for RME
Richard Henderson [Fri, 23 Jun 2023 10:15:43 +0000 (11:15 +0100)] 
target/arm: Update SCR and HCR for RME

Define the missing SCR and HCR bits, allow SCR_NSE and {SCR,HCR}_GPF
to be set, and invalidate TLBs when NSE changes.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agotarget/arm: Add isar_feature_aa64_rme
Richard Henderson [Fri, 23 Jun 2023 10:15:43 +0000 (11:15 +0100)] 
target/arm: Add isar_feature_aa64_rme

Add the missing field for ID_AA64PFR0, and the predicate.
Disable it if EL3 is forced off by the board or command-line.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230620124418.805717-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2 years agoMerge tag 'q800-for-8.1-pull-request' of https://github.com/vivier/qemu-m68k into...
Richard Henderson [Thu, 22 Jun 2023 08:18:32 +0000 (10:18 +0200)] 
Merge tag 'q800-for-8.1-pull-request' of https://github.com/vivier/qemu-m68k into staging

Q800 branch pull request 20230622

Cleanup to introduce support of MacOS Classic

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmST/loSHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L748dQcQAKjU2vMketVOc5jXCtF7Jej/F6j21kpk
# Wmt/XuR8FDeohHVyWvQ1quxcewn6DfA+aPx1xqnn0nRBcnuqT/g4IHdXFzwMUxMo
# R3CSUHhMbT/tv8gkbn0q+vg1DffGRr65tc+UUOSkyIttF0Lw6ZgZSoUIcUN4zCvk
# zx+Z8T7UEJl/EMGGe6awS2cuCZcFB4pdLzkKUKOrAtaJ35eBnBPTClfijHwW7c+5
# tsiH/O/AenRP4oxYu/r4Z2tsYTSIkU8a5MAFQNxEIuupbrLDYixoV3yS7NuR9Ylg
# KurOLqdNIlW4vhH2080JijMm1JeX9oXboPc5XMe69v+jFEcdBbpKLvd8ryIhG9SA
# RItGkTJDOBp9ALho9rdQDH/W3JxSDX3ohsDVdn8e3nCR9UBRIlO/OFrLS73siHcD
# mOatC1mMjZwo+6/liTQwhKvCjSkQp+vh7bw/+zhyprmHkkZXs9FASr8EGLrryq4G
# 5wV0qIyNmRrpRXBGcMKGlnmXZ4CZ1XqcGL9xvG5VYVImcjJMEJBBs2aNYLrW1d4Q
# 8FkuqeFunRIf5LcG2EMBgBnIBA28Rgm5AtUMAeu6N8kM5oLYG8mFPOevvN4Da8Mp
# Fluyjtl4vT6xwqV4l0dGcxYtHnV98j7oXXuKx7g2L5ko7l7ZpfrNbkgF9bD4VnWv
# 7HTL0KK8nLEs
# =f/mF
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 Jun 2023 09:55:06 AM CEST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [undefined]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'q800-for-8.1-pull-request' of https://github.com/vivier/qemu-m68k: (24 commits)
  mac_via: fix rtc command decoding for the PRAM seconds registers
  mac_via: fix rtc command decoding from PRAM addresses 0x0 to 0xf
  q800: move macfb device to Q800MachineState
  q800: don't access Nubus bus directly from the mac-nubus-bridge device
  q800: move mac-nubus-bridge device to Q800MachineState
  q800: move SWIM device to Q800MachineState
  q800: move ESP device to Q800MachineState
  q800: move escc_orgate device to Q800MachineState
  q800: move ESCC device to Q800MachineState
  q800: move dp8393x device to Q800MachineState
  hw/net/dp8393x.c: move TYPE_DP8393X and dp8393xState into dp8393x.h
  q800: move VIA2 device to Q800MachineState
  q800: move VIA1 device to Q800MachineState
  q800: reimplement mac-io region aliasing using IO memory region
  q800: introduce mac-io container memory region
  q800: move GLUE device to Q800MachineState
  q800-glue.c: switch TypeInfo registration to use DEFINE_TYPES() macro
  q800: move GLUE device into separate q800-glue.c file
  q800: move ROM memory region to Q800MachineState
  q800: move CPU object into Q800MachineState
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agomac_via: fix rtc command decoding for the PRAM seconds registers
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:53 +0000 (09:53 +0100)] 
mac_via: fix rtc command decoding for the PRAM seconds registers

Analysis of the MacOS toolbox ROM code shows that on startup it attempts 2
separate reads of the seconds registers with commands 0x9d...0x91 followed by
0x8d..0x81 without resetting the command to its initial value. The PRAM seconds
value is only accepted when the values of the 2 separate reads match.

From this we conclude that bit 4 of the rtc command is not decoded or we don't
care about its value when reading the PRAM seconds registers. Implement this
decoding change so that both reads return successfully which allows the MacOS
toolbox ROM to correctly set the date/time.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-25-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agomac_via: fix rtc command decoding from PRAM addresses 0x0 to 0xf
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:52 +0000 (09:53 +0100)] 
mac_via: fix rtc command decoding from PRAM addresses 0x0 to 0xf

A comparison between the rtc command table included in the comment and the code
itself shows that the decoding for PRAM addresses 0x0 to 0xf is being done on
the raw command, and not the shifted version held in value.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-24-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move macfb device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:51 +0000 (09:53 +0100)] 
q800: move macfb device to Q800MachineState

Also change the instantiation of the macfb device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-23-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: don't access Nubus bus directly from the mac-nubus-bridge device
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:50 +0000 (09:53 +0100)] 
q800: don't access Nubus bus directly from the mac-nubus-bridge device

Instead use the qdev_get_child_bus() function which is intended for this exact
purpose.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-22-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move mac-nubus-bridge device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:49 +0000 (09:53 +0100)] 
q800: move mac-nubus-bridge device to Q800MachineState

Also change the instantiation of the mac-nubus-bridge device to use
object_initialize_child() and map the Nubus address space using
memory_region_add_subregion() instead of sysbus_mmio_map().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-21-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move SWIM device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:48 +0000 (09:53 +0100)] 
q800: move SWIM device to Q800MachineState

Also change the instantiation of the SWIM device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-20-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move ESP device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:47 +0000 (09:53 +0100)] 
q800: move ESP device to Q800MachineState

Also change the instantiation of the ESP device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-19-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move escc_orgate device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:46 +0000 (09:53 +0100)] 
q800: move escc_orgate device to Q800MachineState

Also change the instantiation of the escc_orgate device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-18-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move ESCC device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:45 +0000 (09:53 +0100)] 
q800: move ESCC device to Q800MachineState

Also change the instantiation of the ESCC device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-17-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move dp8393x device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:44 +0000 (09:53 +0100)] 
q800: move dp8393x device to Q800MachineState

Also change the instantiation of the dp8393x device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Jason Wang <jasowang@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-16-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agohw/net/dp8393x.c: move TYPE_DP8393X and dp8393xState into dp8393x.h
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:43 +0000 (09:53 +0100)] 
hw/net/dp8393x.c: move TYPE_DP8393X and dp8393xState into dp8393x.h

This is to enable them to be used outside of dp8393x.c.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
CC: Jason Wang <jasowang@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-15-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move VIA2 device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:42 +0000 (09:53 +0100)] 
q800: move VIA2 device to Q800MachineState

Also change the instantiation of the VIA2 device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-14-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move VIA1 device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:41 +0000 (09:53 +0100)] 
q800: move VIA1 device to Q800MachineState

Also change the instantiation of the VIA1 device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-13-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: reimplement mac-io region aliasing using IO memory region
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:40 +0000 (09:53 +0100)] 
q800: reimplement mac-io region aliasing using IO memory region

The current use of aliased memory regions causes us 2 problems: firstly the
output of "info qom-tree" is absolutely huge and difficult to read, and
secondly we have already reached the internal limit for memory regions as
adding any new memory region into the mac-io region causes QEMU to assert
with "phys_section_add: Assertion `map->sections_nb < TARGET_PAGE_SIZE'
failed".

Implement the mac-io region aliasing using a single IO memory region that
applies IO_SLICE_MASK representing the maximum size of the aliased region and
then forwarding the access to the existing mac-io memory region using the
address space API.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-12-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: introduce mac-io container memory region
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:39 +0000 (09:53 +0100)] 
q800: introduce mac-io container memory region

Move all devices from the IO region to within the container in preparation
for updating the IO aliasing mechanism.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-11-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move GLUE device to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:38 +0000 (09:53 +0100)] 
q800: move GLUE device to Q800MachineState

Also change the instantiation of the GLUE device to use object_initialize_child().

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-10-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800-glue.c: switch TypeInfo registration to use DEFINE_TYPES() macro
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:37 +0000 (09:53 +0100)] 
q800-glue.c: switch TypeInfo registration to use DEFINE_TYPES() macro

The use of the DEFINE_TYPES() macro will soon be recommended over the use of
calling type_init() directly.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-9-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move GLUE device into separate q800-glue.c file
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:36 +0000 (09:53 +0100)] 
q800: move GLUE device into separate q800-glue.c file

This will allow the q800-glue.h header to be included separately so that the
GLUE device can be referenced externally.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-8-mark.cave-ayland@ilande.co.uk>
[lv: update comment]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move ROM memory region to Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:35 +0000 (09:53 +0100)] 
q800: move ROM memory region to Q800MachineState

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-7-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: move CPU object into Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:34 +0000 (09:53 +0100)] 
q800: move CPU object into Q800MachineState

Also change the instantiation of the CPU to use object_initialize_child()
followed by a separate realisation.
Restrict valid CPU types to m68040.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-6-mark.cave-ayland@ilande.co.uk>
[lv: update commit message]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: rename q800_init() to q800_machine_init()
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:33 +0000 (09:53 +0100)] 
q800: rename q800_init() to q800_machine_init()

This will enable us later to distinguish between QOM initialisation and machine
initialisation.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-5-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: introduce Q800MachineState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:32 +0000 (09:53 +0100)] 
q800: introduce Q800MachineState

This provides an overall container and owner for Machine-related objects such
as MemoryRegions.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-4-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: add missing space after parent object in GLUEState
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:31 +0000 (09:53 +0100)] 
q800: add missing space after parent object in GLUEState

This brings GLUEState in line with our current QOM guidelines.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230621085353.113233-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoq800: fix up minor spacing issues in hw_compat_q800 GlobalProperty array
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:30 +0000 (09:53 +0100)] 
q800: fix up minor spacing issues in hw_compat_q800 GlobalProperty array

Ensure there is a space before the final closing brace for all global
properties.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2 years agoMerge tag 'pull-tricore-20230621-1' of https://github.com/bkoppelmann/qemu into staging
Richard Henderson [Wed, 21 Jun 2023 18:08:48 +0000 (20:08 +0200)] 
Merge tag 'pull-tricore-20230621-1' of https://github.com/bkoppelmann/qemu into staging

- Implement privilege levels for TriCore
- Fix missing REG_PAIR() for insns using two 32 regs
- Fix erroneously saving PSW.CDC on CALL insns
- Added some missing v1.6.2 insns

# -----BEGIN PGP SIGNATURE-----
#
# iQJTBAABCgA9FiEEbmNqfoPy3Qz6bm43CtLGOWtpyhQFAmSTIWsfHGtiYXN0aWFu
# QG1haWwudW5pLXBhZGVyYm9ybi5kZQAKCRAK0sY5a2nKFEVCEACQFRGj/7ADOWm3
# lhkHGgkwpTgx+YKgeI4rfQ5/AKie9b7BUNljPVp1m2AvPFHU/r/0POzziCTDM+Ty
# M90h5gsEgxNRRVS1T+VkfFTKop7yImo48niDBF4mByP9DZGweCvGEvPD2g/FYvLP
# 0Up13F0NiWKMvocKp/jjI5qejpJqwtn1hjWHTpEXya3u+K/iEku1alI72Xo2oMKW
# pKW2iO/mC4cuEzOdpZt4LSzs9ZMsVpFzVn81VIda9CU2rlSpu+oQevgdWWJhgZGa
# 520JnIsrervsJumBWPxh9R0nrjuhHu34I4HXD38eGhD+Ioz2DQnHy2bA99pIVR7B
# qtHoDNhl7wqWgXBqntS9HvnvDAFyYdVM6aLqw9C7AxKXdRBuxy14R3/hrwMZghRs
# vYx3GUcFHSMJT1tkc8a/P14/mz5SB6/cdjVgPQtTCPBJccly4oc4EG3qn7wYqowZ
# Pbq48h+3+QZ7BsC9sT2AiPq+AmLjxRZRq7SE6YrYrjRDIJz/3IoTR600KW5XsFsj
# gZu/SYWdbNXAVr4c7CCg77lXXQ2/GhPHgCYFjL3djIKwlPP79bhT4cvLXK71yF/4
# 3RcCBt9kRggxDz6E/4I+u5cE4oMbyN1f6AoIn80GUheDstWMACYph5RhbIskxRhY
# PWwJ8ML0c7SOy0A74UbCT82gn1He1A==
# =IKrz
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Jun 2023 06:12:27 PM CEST
# gpg:                using RSA key 6E636A7E83F2DD0CFA6E6E370AD2C6396B69CA14
# gpg:                issuer "kbastian@mail.uni-paderborn.de"
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6E63 6A7E 83F2 DD0C FA6E  6E37 0AD2 C639 6B69 CA14

* tag 'pull-tricore-20230621-1' of https://github.com/bkoppelmann/qemu:
  target/tricore: Fix ICR.IE offset in RESTORE insn
  target/tricore: Honour privilege changes on PSW write
  target/tricore: Implement privilege level for all insns
  target/tricore: Introduce priv tb flag
  target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr()
  target/tricore: ENABLE exit to main-loop
  target/tricore: Introduce DISAS_TARGET_EXIT
  target/tricore: Fix RR_JLI clobbering reg A[11]
  target/tricore: Fix helper_ret() not correctly restoring PSW
  target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs
  target/tricore: Correctly fix saving PSW.CDE to CSA on call
  target/tricore: Fix out-of-bounds index in imask instruction
  target/tricore: Add DISABLE insn variant
  target/tricore: Implement SYCSCALL insn
  target/tricore: Add shuffle insn
  target/tricore: Add crc32.b insn
  target/tricore: Add crc32l.w insn
  target/tricore: Add LHA insn
  target/tricore: Add popcnt.w insn
  target/tricore: Introduce ISA 1.6.2 feature

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agotarget/tricore: Fix ICR.IE offset in RESTORE insn
Bastian Koppelmann [Wed, 21 Jun 2023 14:23:02 +0000 (16:23 +0200)] 
target/tricore: Fix ICR.IE offset in RESTORE insn

from ISA v1.6.1 onwards the bit position of ICR.IE changed.
ctx->icr_ie_offset contains the correct value for the ISA version used
by the vCPU. We also need to exit this tb here, as we might have enabled
interrupts.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-9-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Honour privilege changes on PSW write
Bastian Koppelmann [Wed, 21 Jun 2023 14:23:01 +0000 (16:23 +0200)] 
target/tricore: Honour privilege changes on PSW write

the CPU can change the privilege level by writing the corresponding bits
in PSW. If this happens all instructions after this 'mtcr' in the TB are
translated with the wrong privilege level. So we have to exit to the
cpu_loop() and start translating again with the new privilege level.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-8-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Implement privilege level for all insns
Bastian Koppelmann [Wed, 21 Jun 2023 14:23:00 +0000 (16:23 +0200)] 
target/tricore: Implement privilege level for all insns

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-7-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Introduce priv tb flag
Bastian Koppelmann [Wed, 21 Jun 2023 14:22:59 +0000 (16:22 +0200)] 
target/tricore: Introduce priv tb flag

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-6-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr()
Bastian Koppelmann [Wed, 21 Jun 2023 14:22:58 +0000 (16:22 +0200)] 
target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr()

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-5-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: ENABLE exit to main-loop
Bastian Koppelmann [Wed, 21 Jun 2023 14:22:57 +0000 (16:22 +0200)] 
target/tricore: ENABLE exit to main-loop

so we can recognize exceptions after re-enabling interrupts.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reported-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-4-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Introduce DISAS_TARGET_EXIT
Bastian Koppelmann [Wed, 21 Jun 2023 14:22:56 +0000 (16:22 +0200)] 
target/tricore: Introduce DISAS_TARGET_EXIT

this replaces all calls to tcg_gen_exit_tb() and moves them to
tricore_tb_stop().

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-3-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Fix RR_JLI clobbering reg A[11]
Bastian Koppelmann [Wed, 21 Jun 2023 14:22:55 +0000 (16:22 +0200)] 
target/tricore: Fix RR_JLI clobbering reg A[11]

if A[r1] == A[11], then we would overwrite the destination address of
the jump with the return address.

Reported-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-2-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Fix helper_ret() not correctly restoring PSW
Bastian Koppelmann [Mon, 12 Jun 2023 11:32:45 +0000 (13:32 +0200)] 
target/tricore: Fix helper_ret() not correctly restoring PSW

We are always taking the TRICORE_FEATURE_13 branch as every CPU has TRICORE_FEATURE_13.
For CPUs with ISA > 1.3 we have to take the else branch.

We fix this by inverting the condition. We check for
TRICORE_FEATURE_131, which every CPU except TRICORE_FEATURE_13 CPUs
have.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1700
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612113245.56667-5-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs
Bastian Koppelmann [Mon, 12 Jun 2023 11:32:44 +0000 (13:32 +0200)] 
target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs

some insns were not checking if an even index was used to access a 64
bit register. In the worst case that could lead to a buffer overflow as
reported in https://gitlab.com/qemu-project/qemu/-/issues/1698.

Reported-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612113245.56667-4-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Correctly fix saving PSW.CDE to CSA on call
Bastian Koppelmann [Mon, 12 Jun 2023 11:32:43 +0000 (13:32 +0200)] 
target/tricore: Correctly fix saving PSW.CDE to CSA on call

we don't want to save PSW.CDC to the CSA, but PSW.CDE must be saved.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1699
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612113245.56667-3-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Fix out-of-bounds index in imask instruction
Siqi Chen [Mon, 12 Jun 2023 11:32:42 +0000 (13:32 +0200)] 
target/tricore: Fix out-of-bounds index in imask instruction

When translating  "imask" instruction of Tricore architecture, QEMU did not check whether the register index was out of bounds, resulting in a global-buffer-overflow.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698
Reported-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com>
Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Add DISABLE insn variant
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:39 +0000 (12:00 +0200)] 
target/tricore: Add DISABLE insn variant

this variant saves the 'IE' bit to a 'd' register. The 'IE' bitfield
changed from ISA version 1.6.1, so we add icr_ie_offset to DisasContext
as with the other DISABLE insn.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-9-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Implement SYCSCALL insn
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:38 +0000 (12:00 +0200)] 
target/tricore: Implement SYCSCALL insn

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1452
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-8-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Add shuffle insn
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:37 +0000 (12:00 +0200)] 
target/tricore: Add shuffle insn

this is based on code by volumit (https://github.com/volumit/qemu/).

Reported in https://gitlab.com/qemu-project/qemu/-/issues/1667
and https://gitlab.com/qemu-project/qemu/-/issues/1452.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-7-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Add crc32.b insn
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:36 +0000 (12:00 +0200)] 
target/tricore: Add crc32.b insn

reported in https://gitlab.com/qemu-project/qemu/-/issues/1667

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-6-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Add crc32l.w insn
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:35 +0000 (12:00 +0200)] 
target/tricore: Add crc32l.w insn

reported in https://gitlab.com/qemu-project/qemu/-/issues/1667

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-5-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Add LHA insn
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:34 +0000 (12:00 +0200)] 
target/tricore: Add LHA insn

reported in https://gitlab.com/qemu-project/qemu/-/issues/1667

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-4-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Add popcnt.w insn
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:33 +0000 (12:00 +0200)] 
target/tricore: Add popcnt.w insn

reported in https://gitlab.com/qemu-project/qemu/-/issues/1667

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-3-kbastian@mail.uni-paderborn.de>

2 years agotarget/tricore: Introduce ISA 1.6.2 feature
Bastian Koppelmann [Wed, 14 Jun 2023 10:00:32 +0000 (12:00 +0200)] 
target/tricore: Introduce ISA 1.6.2 feature

we also introduce the tc37x CPU that implements that ISA version.

Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-2-kbastian@mail.uni-paderborn.de>

2 years agoRevert "cputlb: Restrict SavedIOTLB to system emulation"
Peter Maydell [Tue, 20 Jun 2023 17:57:12 +0000 (18:57 +0100)] 
Revert "cputlb: Restrict SavedIOTLB to system emulation"

This reverts commit d7ee93e24359703debf4137f4cc632563aa4e8d1.

That commit tries to make a field in the CPUState struct not be
present when CONFIG_USER_ONLY is set.  Unfortunately, you can't
conditionally omit fields in structs like this based on ifdefs that
are set per-target.  If you try it, then code in files compiled
per-target (where CONFIG_USER_ONLY is or can be set) will disagree
about the struct layout with files that are compiled once-only (where
this kind of ifdef is never set).

This manifests specifically in 'make check-tcg' failing, because code
in cpus-common.c that sets up the CPUState::cpu_index field puts it
at a different offset from the code in plugins/core.c in
qemu_plugin_vcpu_init_hook() which reads the cpu_index field.  The
latter then hits an assert because from its point of view every
thread has a 0 cpu_index. There might be other weird behaviour too.

Mostly we catch this kind of bug because the CONFIG_whatever is
listed in include/exec/poison.h and so the reference to it in
build-once source files will then cause a compiler error.
Unfortunately CONFIG_USER_ONLY is an exception to that: we have some
places where we use it in "safe" ways in headers that will be seen by
once-only source files (e.g.  ifdeffing out function prototypes) and
it would be a lot of refactoring to be able to get to a position
where we could poison it.  This leaves us in a "you have to be
careful to walk around the bear trap" situation...

Fixes: d7ee93e243597 ("cputlb: Restrict SavedIOTLB to system emulation")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230620175712.1331625-1-peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agoMerge tag 'seabios-hppa-v7-pull-request' of https://github.com/hdeller/qemu-hppa...
Richard Henderson [Wed, 21 Jun 2023 05:12:45 +0000 (07:12 +0200)] 
Merge tag 'seabios-hppa-v7-pull-request' of https://github.com/hdeller/qemu-hppa into staging

hppa: New SeaBIOS-hppa version 7 ROM

New SeaBIOS-hppa version 7 ROM to fix Debian-12
CD-ROM boot issues.

Signed-off-by: Helge Deller <deller@gmx.de>
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZJIExQAKCRD3ErUQojoP
# XypaAP9j0YWdl1ovPiyw8fTdY5U6yCKGIjqtkXzk4egPbzkU1AD7BxMY+GbDSKv8
# Lt9K+R4cu0EVxfYsz17e780wSMLPcwc=
# =M8NU
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Jun 2023 09:57:57 PM CEST
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'seabios-hppa-v7-pull-request' of https://github.com/hdeller/qemu-hppa:
  target/hppa: New SeaBIOS-hppa version 7

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agotarget/hppa: New SeaBIOS-hppa version 7
Helge Deller [Tue, 20 Jun 2023 19:39:47 +0000 (21:39 +0200)] 
target/hppa: New SeaBIOS-hppa version 7

Update SeaBIOS-hppa to version 7 which fixes a boot problem
with Debian-12 install CD images.

The problem with Debian-12 is, that the ramdisc got bigger
than what the firmware could load in one call to the LSI
scsi driver.

Signed-off-by: Helge Deller <deller@gmx.de>
2 years agoMerge tag 'pull-tcg-20230620' of https://gitlab.com/rth7680/qemu into staging
Richard Henderson [Tue, 20 Jun 2023 08:26:53 +0000 (10:26 +0200)] 
Merge tag 'pull-tcg-20230620' of https://gitlab.com/rth7680/qemu into staging

tcg: Define _CALL_AIX for clang on ppc64
accel/tcg: Build fix for macos catalina
accel/tcg: Handle MO_ATOM_WITHIN16 in do_st16_leN
accel/tcg: Restrict SavedIOTLB to system emulation
accel/tcg: Use generic 'helper-proto-common.h' header
plugins: Remove unused 'exec/helper-proto.h' header
*: Check for CONFIG_USER_ONLY instead of CONFIG_SOFTMMU

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmSRYmIdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8zbAgAlX4GcShS1OU1BDRe
# b0HHHj1fFBB/9yk8f/5WuQb2snYS+pcZCez9XeT175ugovXSOz+shvmFrbRPvpfj
# q8C88CIKCJRsXnhWqKWOKDqgTttu2WNXOvCe0eCZbUoGQ9K1seMvUBq6T50fNv2H
# fXeHtLSu/+jiHIN3+woJqdgrkp0cko2rrpnwIpjuIsY1iz/J/VKEHmnv7Ah+GsRs
# OTYnR7iN6uhBXVll14r3UCylbgdEz58sSSEi3dYYfaTRuijDwOzM0evhk6+5XzHP
# DYwGdbtDE5HJOrCLiKegk80Gh6v1XVZQWnn9PdiN1eJcQsWNT9mYV9/4IsCVrsF4
# 8r5KUg==
# =JmjK
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Jun 2023 10:25:06 AM CEST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-tcg-20230620' of https://gitlab.com/rth7680/qemu:
  cputlb: Restrict SavedIOTLB to system emulation
  exec/cpu-defs: Check for SOFTMMU instead of !USER_ONLY
  accel/tcg/cpu-exec: Use generic 'helper-proto-common.h' header
  plugins: Remove unused 'exec/helper-proto.h' header
  meson: Replace softmmu_ss -> system_ss
  meson: Replace CONFIG_SOFTMMU -> CONFIG_SYSTEM_ONLY
  meson: Alias CONFIG_SOFTMMU -> CONFIG_SYSTEM_ONLY
  accel/tcg: Check for USER_ONLY definition instead of SOFTMMU one
  hw/core/cpu: Check for USER_ONLY definition instead of SOFTMMU one
  target/ppc: Check for USER_ONLY definition instead of SOFTMMU one
  target/m68k: Check for USER_ONLY definition instead of SOFTMMU one
  target/tricore: Remove pointless CONFIG_SOFTMMU guard
  target/i386: Simplify i386_tr_init_disas_context()
  tcg/ppc: Define _CALL_AIX for clang on ppc64(be)
  accel/tcg: Handle MO_ATOM_WITHIN16 in do_st16_leN
  host/include/x86_64: Use __m128i for "x" constraints

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agocputlb: Restrict SavedIOTLB to system emulation
Philippe Mathieu-Daudé [Fri, 16 Dec 2022 21:55:16 +0000 (22:55 +0100)] 
cputlb: Restrict SavedIOTLB to system emulation

Commit 2f3a57ee47 ("cputlb: ensure we save the IOTLB data in
case of reset") added the SavedIOTLB structure -- which is
system emulation specific -- in the generic CPUState structure.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20221216215519.5522-3-philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agoexec/cpu-defs: Check for SOFTMMU instead of !USER_ONLY
Philippe Mathieu-Daudé [Mon, 5 Jun 2023 23:02:16 +0000 (01:02 +0200)] 
exec/cpu-defs: Check for SOFTMMU instead of !USER_ONLY

We want to check the softmmu tlb availability, not
if we are targetting system emulation. Besides, this
code could be used by user emulation in the future.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230605230216.17202-1-philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2 years agoaccel/tcg/cpu-exec: Use generic 'helper-proto-common.h' header
Philippe Mathieu-Daudé [Sun, 11 Jun 2023 08:58:22 +0000 (10:58 +0200)] 
accel/tcg/cpu-exec: Use generic 'helper-proto-common.h' header

We only need lookup_tb_ptr() prototype.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230611085846.21415-3-philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>