* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
gitlab-ci: add manual job to run Coverity
run-coverity-scan: add --check-upload-only option
mips: do not list individual devices from configs/
oslib-posix: fix memory leak in touch_all_pages
hw/intc/apic: fix memory leak
hw/scsi/lsi53c895a: stop script on phase mismatch
meson: Remove --warn-common ldflag
system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add()
hw/scsi/lsi53c895a: add timer to scripts processing
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Sat, 9 Mar 2024 15:01:33 +0000 (15:01 +0000)]
Merge tag 'pull-hv-balloon-20240308' of https://github.com/maciejsszmigiero/qemu into staging
Hyper-V Dynamic Memory and VMBus misc small patches
This pull request contains two small patches to hv-balloon:
the first one replacing alloca() usage with g_malloc0() + g_autofree
and the second one adding additional declaration of a protocol message
struct with an optional field explicitly defined to avoid a Coverity
warning.
Also included is a VMBus patch to print a warning when it is enabled
without the recommended set of Hyper-V features (enlightenments) since
some Windows versions crash at boot in this case.
# -----BEGIN PGP SIGNATURE-----
#
# iQGzBAABCAAdFiEE4ndqq6COJv9aG0oJUrHW6VHQzgcFAmXrQeMACgkQUrHW6VHQ
# zgcvWwv9GUCDnidnDka8WGF2wgBEaPPdC2JXcqRFFLADISBAn/3fhsOERO6FwYuN
# pouhVEJnHpp9ueNAx+et51ySRzGCaL+VdOGGeReQllIOZGsnOnB8JfM58UE4lX4Z
# prCr72bxFsunxRqlqxssejrc8fBhgEQRPo5lQabl73rxftpXkNTHY0CGTwlvnaY1
# CzEBTBuowzkZJbQYDL8Qim2HrYqrSnOaend6bbrj9P6P+UFw9wLJU5tkfYCiHUjg
# Ux2Fjjx+5+qD9yE7khtxSHqjwWYkR7xA9di1yv4Znqg18gzdbuqnlrKR7F0v98yh
# sWFy+fyfVRDg+G2yh2F+vAUjmAJUrfw5+GL3uZTWIevoQUoSHBQfgUEJrlIKvykZ
# WP1XuAZRH3m2akDOXOWZVcDhkb3zPKtPJYZ2WncBZk+DLCs/vg94Taq0FcZefBTn
# 6qsFjs2lHz96uOSzgqICfU34ghcxfU5xgzmvKxKAiriOItmRMHgIYOXLHRfaIJhV
# MT/9OMuW
# =kVny
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 08 Mar 2024 16:50:43 GMT
# gpg: using RSA key E2776AABA08E26FF5A1B4A0952B1D6E951D0CE07
# gpg: Good signature from "Maciej S. Szmigiero <mail@maciej.szmigiero.name>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 727A 0D4D DB9E D9F6 039B ECEF 847F 5E37 90CE 0977
# Subkey fingerprint: E277 6AAB A08E 26FF 5A1B 4A09 52B1 D6E9 51D0 CE07
* tag 'pull-hv-balloon-20240308' of https://github.com/maciejsszmigiero/qemu:
vmbus: Print a warning when enabled without the recommended set of features
hv-balloon: define dm_hot_add_with_region to avoid Coverity warning
hv-balloon: avoid alloca() usage
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 8 Mar 2024 18:19:25 +0000 (18:19 +0000)]
Merge tag 'darwin-20240305' of https://github.com/philmd/qemu into staging
Darwin Cocoa patches:
- Add 'zoom-interpolation' to smooth scaled display with 'zoom-to-fit' (Carwyn)
- Set clipsToBounds on macOS 14 to fix window clipping (David)
- Use NSWindow's ability to resize (Akihiko)
Peter Maydell [Fri, 8 Mar 2024 18:19:09 +0000 (18:19 +0000)]
Merge tag 'pull-target-arm-20240308' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Implement FEAT_ECV
* STM32L4x5: Implement GPIO device
* Fix 32-bit SMOPA
* Refactor v7m related code from cpu32.c into its own file
* hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later
* tag 'pull-target-arm-20240308' of https://git.linaro.org/people/pmaydell/qemu-arm:
target/arm: Move v7m-related code from cpu32.c into a separate file
hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later
target/arm: Fix 32-bit SMOPA
tests/qtest: Add STM32L4x5 GPIO QTest testcase
hw/arm: Connect STM32L4x5 GPIO to STM32L4x5 SoC
hw/gpio: Implement STM32L4x5 GPIO
target/arm: Enable FEAT_ECV for 'max' CPU
target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling
target/arm: Define CNTPCTSS_EL0 and CNTVCTSS_EL0
target/arm: Implement new FEAT_ECV trap bits
target/arm: Don't allow RES0 CNTHCTL_EL2 bits to be written
target/arm: use FIELD macro for CNTHCTL bit definitions
target/arm: Timer _EL02 registers UNDEF for E2H == 0
target/arm: Move some register related defines to internals.h
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Mon, 4 Mar 2024 18:16:50 +0000 (13:16 -0500)]
gitlab-ci: add manual job to run Coverity
Add a job that can be run, either manually or on a schedule, to upload
a build to Coverity Scan. The job uses the run-coverity-scan script
in multiple phases of check, download tools and upload, in order to
avoid both wasting time (skip everything if you are above the upload
quota) and avoid filling the log with the progress of downloading
the tools.
The job is intended to run on a scheduled pipeline run, and scheduled
runs will not get any other job. It requires two variables to be in
GitLab CI, COVERITY_TOKEN and COVERITY_EMAIL. Those are already set up
in qemu-project's configuration as protected and masked variables.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 4 Mar 2024 18:06:57 +0000 (13:06 -0500)]
run-coverity-scan: add --check-upload-only option
Add an option to check if upload is permitted without actually
attempting a build. This can be useful to add a third outcome
beyond success and failure---namely, a CI job can self-cancel
if the uploading quota has been reached.
There is a small change here in that a failure to do the upload
check changes the exit code from 1 to 99. 99 was chosen because
it is what Autotools and Meson use to represent a problem in the
setup (as opposed to a failure in the test).
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 29 Jan 2024 13:21:36 +0000 (14:21 +0100)]
mips: do not list individual devices from configs/
Add new "select" and "imply" directives if needed. The resulting
config-devices.mak files are the same as before.
Builds without default devices will become much smaller
than before, and qtests fail (as expected, though suboptimal)
for mips64-softmmu because most tests do not use -nodefaults,
so remove it from build-without-defaults
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 4 Mar 2024 22:48:17 +0000 (23:48 +0100)]
oslib-posix: fix memory leak in touch_all_pages
touch_all_pages() can return early, before creating threads. In this case,
however, it leaks the MemsetContext that it has allocated at the
beginning of the function.
Fixes: 04accf43df8 ("oslib-posix: initialize backend memory objects in parallel", 2024-02-06) Reviewed-by: Mark Kanda <mark.kanda@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 4 Mar 2024 22:39:02 +0000 (23:39 +0100)]
hw/intc/apic: fix memory leak
deliver_bitmask is allocated on the heap in apic_deliver(), but there
are many paths in the function that return before the corresponding
g_free() is reached. Fix this by switching to g_autofree and, while at
it, also switch to g_new. Do the same in apic_deliver_irq() as well
for consistency.
Fixes: b5ee0468e9d ("apic: add support for x2APIC mode", 2024-02-14) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Bui Quang Minh <minhquangbui99@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Sven Schnelle [Sat, 2 Mar 2024 21:44:53 +0000 (22:44 +0100)]
hw/scsi/lsi53c895a: stop script on phase mismatch
Netbsd isn't happy with qemu lsi53c895a emulation:
cd0(esiop0:0:2:0): command with tag id 0 reset
esiop0: autoconfiguration error: phase mismatch without command
esiop0: autoconfiguration error: unhandled scsi interrupt, sist=0x80 sstat1=0x0 DSA=0x23a64b1 DSP=0x50
This is because lsi_bad_phase() triggers a phase mismatch, which
stops SCRIPT processing. However, after returning to
lsi_command_complete(), SCRIPT is restarted with lsi_resume_script().
Fix this by adding a return value to lsi_bad_phase(), and only resume
script processing when lsi_bad_phase() didn't trigger a host interrupt.
Signed-off-by: Sven Schnelle <svens@stackframe.org> Tested-by: Helge Deller <deller@gmx.de>
Message-ID: <20240302214453.2071388-1-svens@stackframe.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Akihiko Odaki [Sun, 3 Mar 2024 16:25:20 +0000 (01:25 +0900)]
meson: Remove --warn-common ldflag
--warn-common ldflag causes warnings for multiple definitions of
___asan_globals_registered when enabling AddressSanitizer with clang.
The warning is somewhat obsolete so just remove it.
The common block is used to allow duplicate definitions of uninitialized
global variables. In the past, GCC and clang used to place such
variables in a common block by default, which prevented programmers for
noticing accidental duplicate definitions. Commit 49237acdb725 ("Enable
ld flag --warn-common") added --warn-common ldflag so that ld warns in
such a case.
Today, both of GCC and clang don't use common blocks by default[1][2] so
any remaining use of common blocks should be intentional. Remove
--warn-common ldflag to suppress warnings for intentional use of
common blocks.
system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add()
Original goal of addition of drain_call_rcu to qmp_device_add was to cover
the failure case of qdev_device_add. It seems call of drain_call_rcu was
misplaced in 7bed89958bfbf40df what led to waiting for pending RCU callbacks
under happy path too. What led to overall performance degradation of
qmp_device_add.
In this patch call of drain_call_rcu moved under handling of failure of
qdev_device_add.
Signed-off-by: Dmitrii Gavrilov <ds-gavr@yandex-team.ru>
Message-ID: <20231103105602.90475-1-ds-gavr@yandex-team.ru> Fixes: 7bed89958bf ("device_core: use drain_call_rcu in in qmp_device_add", 2020-10-12) Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Sven Schnelle [Thu, 29 Feb 2024 20:44:07 +0000 (21:44 +0100)]
hw/scsi/lsi53c895a: add timer to scripts processing
HP-UX 10.20 seems to make the lsi53c895a spinning on a memory location
under certain circumstances. As the SCSI controller and CPU are not
running at the same time this loop will never finish. After some
time, the check loop interrupts with a unexpected device disconnect.
This works, but is slow because the kernel resets the scsi controller.
Instead of signaling UDC, start a timer and exit the loop. Until the
timer fires, the CPU can process instructions which might changes the
memory location.
The limit of instructions is also reduced because scripts running on
the SCSI processor are usually very short. This keeps the time until
the loop is exit short.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-ID: <20240229204407.1699260-1-svens@stackframe.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Thomas Huth [Fri, 8 Mar 2024 14:10:49 +0000 (15:10 +0100)]
target/arm: Move v7m-related code from cpu32.c into a separate file
Move the code to a separate file so that we do not have to compile
it anymore if CONFIG_ARM_V7M is not set.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-id: 20240308141051.536599-2-thuth@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
vmbus: Print a warning when enabled without the recommended set of features
Some Windows versions crash at boot or fail to enable the VMBus device if
they don't see the expected set of Hyper-V features (enlightenments).
Since this provides poor user experience let's warn user if the VMBus
device is enabled without the recommended set of Hyper-V features.
The recommended set is the minimum set of Hyper-V features required to make
the VMBus device work properly in Windows Server versions 2016, 2019 and
2022.
Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
hv-balloon: define dm_hot_add_with_region to avoid Coverity warning
Since the presence of a hot add memory region is optional in hot add
request message it wasn't part of this message declaration
(struct dm_hot_add).
Instead, the code allocated such enlarged message by simply adding the
necessary size for this extra field to the size of basic hot add message
struct.
However, Coverity considers accessing this extra member to be
an out-of-bounds access, even thought the memory is actually there.
Fix this by adding an extended variant of this message that explicitly has
an additional union dm_mem_page_range at its end.
CID: #1523903 Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
alloca() is frowned upon, replace it with g_malloc0() + g_autofree.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Peter Maydell [Fri, 8 Mar 2024 11:47:01 +0000 (11:47 +0000)]
Merge tag 'pull-riscv-to-apply-20240308-1' of https://github.com/alistair23/qemu into staging
RISC-V PR for 9.0
* Update $ra with current $pc in trans_cm_jalt
* Enable SPCR for SCPI virt machine
* Allow large kernels to boot by moving the initrd further away in RAM
* Sync hwprobe keys with kernel
* Named features riscv,isa, 'svade' rework
* FIX xATP_MODE validation
* Add missing include guard in pmu.h
* Add SRAT and SLIT ACPI tables
* libqos fixes and add a riscv machine
* Add Ztso extension
* Use 'zfa' instead of 'Zfa'
* Update KVM exts to Linux 6.8
* move ratified/frozen exts to non-experimental
* Ensure mcountinhibit, mcounteren, scounteren, hcounteren are 32-bit
* mark_vs_dirty() before loads and stores
* Remove 'is_store' bool from load/store fns
* Fix shift count overflow
* Fix setipnum_le write emulation for APLIC MSI-mode
* Fix in_clrip[x] read emulation
* Fix privilege mode of G-stage translation for debugging
* Fix ACPI MCFG table for virt machine
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmXq8joACgkQr3yVEwxT
# gBMCRxAAvG1RsCxWhMjLYDEYuUhQkP2nd86PHJMrNxAeb5WUIrgrYyT6OLXpfuKN
# 8Hz5sR1bJnZSxKfGSFIHoPVxvW788fg7c5fIgg9txEssEQYhd7rCCPALxdiu/zlb
# 0fbfx9Ir0nb9qS6vQuT4dEddmljKYKPry8dH0anWI7SVIfdor2TTlP4xOAR88Yq7
# gdGIKvr7PrUhI5JdoWBe8R6w7vguT35EO6aiC+7PA+8AT1SXrxFrg86bYtDUffD+
# LktGcI7GhlIeosolodU8iNK7CdZTywRuyIQ+/KF4mmC7qaC8yJNVVTwX9/vXbH36
# dWIFkOv3VRnLBKt3/PW1DRZoUbSLpWjwH7WZsvQWPW5Ql717pGWId4eXSemxCFLN
# u7gGZ29/1jxMuYue+FImHTbBf6fSV25VOfo5ZfR/AfzxLBbugsP56CPwfK3K2OBq
# fQ+k3hl8iCx62rZrcAa69TuMBQJB5Q94NIFP1m5u/bPIZZhT311RVY1xx/dRCXnI
# 9/7DiPUyMeV4np2j4crvs4/QVTqYvpt4U9ElYrMWUxsTUyBEGEaSzpRsR5FCRmSH
# 2IrJsVWw5QsTlHukCMvxWIiWnYS5KIe764LsY31FNOlbl8eNJkyapc+BE8HWjgPa
# xYROCWOL7T/E1BPJ7wbEBlzPhuJOndZX91Zbfq0n+SAYq4YnNu4=
# =sCqM
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 08 Mar 2024 11:10:50 GMT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20240308-1' of https://github.com/alistair23/qemu: (34 commits)
target/riscv: fix ACPI MCFG table
target/riscv: Fix privilege mode of G-stage translation for debugging
hw/intc/riscv_aplic: Fix in_clrip[x] read emulation
hw/intc/riscv_aplic: Fix setipnum_le write emulation for APLIC MSI-mode
target/riscv: Fix shift count overflow
trans_rvv.c.inc: remove 'is_store' bool from load/store fns
trans_rvv.c.inc: mark_vs_dirty() before loads and stores
target/riscv: mcountinhibit, mcounteren, scounteren, hcounteren is 32-bit
target/riscv: move ratified/frozen exts to non-experimental
target/riscv/kvm: update KVM exts to Linux 6.8
linux-headers: Update to Linux v6.8-rc6
tests: riscv64: Use 'zfa' instead of 'Zfa'
linux-user/riscv: Add Ztso extension to hwprobe
RISC-V: Add support for Ztso
tests/libqos: add riscv/virt machine nodes
hw/riscv/virt.c: make aclint compatible with 'qtest' accel
hw/riscv/virt.c: add virtio-iommu-pci hotplug support
hw/riscv/virt.c: create '/soc/pci@...' fdt node earlier
hw/riscv/virt-acpi-build.c: Add SRAT and SLIT ACPI tables
target/riscv: Add missing include guard in pmu.h
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The reads to in_clrip[x] registers return rectified input values of the
interrupt sources.
A rectified input value of an interrupt source is defined by the section
"4.5.2 Source configurations (sourcecfg[1]–sourcecfg[1023])" of the RISC-V
AIA specification as:
"rectified input value = (incoming wire value) XOR (source is inverted)"
Update the riscv_aplic_read_input_word() implementation to match the above.
Anup Patel [Wed, 6 Mar 2024 09:57:21 +0000 (15:27 +0530)]
hw/intc/riscv_aplic: Fix setipnum_le write emulation for APLIC MSI-mode
The writes to setipnum_le register in APLIC MSI-mode have special
consideration for level-triggered interrupts as-per section "4.9.2
Special consideration for level-sensitive interrupt sources" of the
RISC-V AIA specification.
Particularly, the below text from the RISC-V specification defines
the behaviour of writes to setipnum_le for level-triggered interrupts:
"A second option is for the interrupt service routine to write the
APLIC’s source identity number for the interrupt to the domain’s
setipnum register just before exiting. This will cause the interrupt’s
pending bit to be set to one again if the source is still asserting
an interrupt, but not if the source is not asserting an interrupt."
Fix setipnum_le write emulation for APLIC MSI-mode by implementing
the above behaviour in riscv_aplic_set_pending() function.
trans_rvv.c.inc: remove 'is_store' bool from load/store fns
After the 'mark_vs_dirty' changes from the previous patch the 'is_store'
bool is unused in some load/store functions that were changed. Remove it.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240306171932.549549-3-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
trans_rvv.c.inc: mark_vs_dirty() before loads and stores
While discussing a problem with how we're (not) setting vstart_eq_zero
Richard had the following to say w.r.t the conditional mark_vs_dirty()
calls on load/store functions [1]:
"I think it's required to have stores set dirty unconditionally, before
the operation.
Consider a store that traps on the 2nd element, leaving vstart = 2, and
exiting to the main loop via exception. The exception enters the kernel
page fault handler. The kernel may need to fault in the page for the
process, and in the meantime task switch.
If vs dirty is not already set, the kernel won't know to save vector
state on task switch."
Do a mark_vs_dirty() before both loads and stores.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240306171932.549549-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Vadim Shakirov [Fri, 2 Feb 2024 11:39:19 +0000 (14:39 +0300)]
target/riscv: mcountinhibit, mcounteren, scounteren, hcounteren is 32-bit
mcountinhibit, mcounteren, scounteren and hcounteren must always be 32-bit
by privileged spec
Signed-off-by: Vadim Shakirov <vadim.shakirov@syntacore.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-ID: <20240202113919.18236-1-vadim.shakirov@syntacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240301144053.265964-1-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The last KVM extensions added were back in 6.6. Sync them to Linux 6.8.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240304134732.386590-3-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The idea with this update is to get the latest KVM caps for RISC-V.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240304134732.386590-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Running test-fcvtmod triggers the following deprecation warning:
warning: CPU property 'Zfa' is deprecated. Please use 'zfa' instead
Let's fix that.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20240229180656.1208881-1-christoph.muellner@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This patch exposes Ztso via hwprobe in QEMU's user space emulator.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20240207122256.902627-3-christoph.muellner@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Palmer Dabbelt [Wed, 7 Feb 2024 12:22:54 +0000 (13:22 +0100)]
RISC-V: Add support for Ztso
The Ztso extension is already ratified, this adds it as a CPU property
and adds various fences throughout the port in order to allow TSO
targets to function on weaker hosts. We need no fences for AMOs as
they're already SC, the places we need barriers are described.
These fences are placed in the RISC-V backend rather than TCG as is
planned for x86-on-arm64 because RISC-V allows heterogeneous (and
likely soon dynamic) hart memory models.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Message-ID: <20240207122256.902627-2-christoph.muellner@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add a RISC-V 'virt' machine to the graph. This implementation is a
modified copy of the existing arm machine in arm-virt-machine.c
It contains a virtio-mmio and a generic-pcihost controller. The
generic-pcihost controller hardcodes assumptions from the ARM 'virt'
machine, like ecam and pio_base addresses, so we'll add an extra step to
set its parameters after creating it.
Our command line is incremented with 'aclint' parameters to allow the
machine to run MSI tests.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20240217192607.32565-7-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
hw/riscv/virt.c: make aclint compatible with 'qtest' accel
The 'virt' machine makes assumptions on the Advanced Core-Local
Interruptor, or aclint, based on 'tcg_enabled()' conditionals. This
will impact MSI related tests support when adding a RISC-V 'virt' libqos
machine. The accelerator used in that case, 'qtest', isn't being
accounted for and we'll error out if we try to enable aclint.
Create a new virt_aclint_allowed() helper to gate the aclint code
considering both TCG and 'qtest' accelerators. The error message is
left untouched, mentioning TCG only, because we don't expect the
regular user to be aware of 'qtest'.
We want to add 'qtest' support for aclint only, leaving the TCG specific
bits out of it. This is done by changing the current format we use
today:
if (tcg_enabled()) {
if (s->have_aclint) { - aclint logic - }
else { - non-aclint, TCG logic - }
}
into:
if (virt_aclint_allowed() && s->have_aclint) {
- aclint logic -
} else if (tcg_enabled()) {
- non-aclint, TCG logic -
}
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240217192607.32565-6-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
hw/riscv/virt.c: add virtio-iommu-pci hotplug support
We want to add a RISC-V 'virt' libqos machine to increase our test
coverage. Some of the tests will try to plug a virtio-iommu-pci
device into the board and do some tests with it.
Enable virtio-iommu-pci in the 'virt' machine.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240217192607.32565-5-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Hotplugged FDT nodes will attempt to write this node that, at this
moment, is being created only in create_fdt_pcie() during
finalize_fdt().
Create it earlier.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240217192607.32565-4-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Haibo Xu [Mon, 29 Jan 2024 09:42:00 +0000 (17:42 +0800)]
hw/riscv/virt-acpi-build.c: Add SRAT and SLIT ACPI tables
Enable ACPI NUMA support by adding the following 2 ACPI tables:
SRAT: provides the association for memory/Harts and Proximity Domains
SLIT: provides the relative distance between Proximity Domains
The SRAT RINTC Affinity Structure definition[1] was based on the recently
approved ACPI CodeFirst ECR[2].
Signed-off-by: Haibo Xu <haibo1.xu@intel.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-ID: <20240129094200.3581037-1-haibo1.xu@intel.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Irina Ryapolova [Tue, 9 Jan 2024 14:59:22 +0000 (17:59 +0300)]
target/riscv: UPDATE xATP write CSR
Added xATP_MODE validation for vsatp/hgatp CSRs.
The xATP register is an SXLEN-bit read/write WARL register, so
the legal value must be returned (See riscv-privileged-20211203, SATP/VSATP/HGATP CSRs).
Signed-off-by: Irina Ryapolova <irina.ryapolova@syntacore.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240109145923.37893-2-irina.ryapolova@syntacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Irina Ryapolova [Tue, 9 Jan 2024 14:59:21 +0000 (17:59 +0300)]
target/riscv: FIX xATP_MODE validation
The SATP register is an SXLEN-bit read/write WARL register. It means that CSR fields are only defined
for a subset of bit encodings, but allow any value to be written while guaranteeing to return a legal
value whenever read (See riscv-privileged-20211203, SATP CSR).
For example on rv64 we are trying to write to SATP CSR val = 0x1000000000000000 (SATP_MODE = 1 - Reserved for standard use)
and after that we are trying to read SATP_CSR. We read from the SATP CSR value = 0x1000000000000000, which is not a correct
operation (return illegal value).
Signed-off-by: Irina Ryapolova <irina.ryapolova@syntacore.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240109145923.37893-1-irina.ryapolova@syntacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Andrew Jones [Thu, 15 Feb 2024 22:39:55 +0000 (19:39 -0300)]
target/riscv: Promote svade to a normal extension
Named features are extensions which don't make sense for users to
control and are therefore not exposed on the command line. However,
svade is an extension which makes sense for users to control, so treat
it like a "normal" extension. The default is false, even for the max
cpu type, since QEMU has always implemented hardware A/D PTE bit
updating, so users must opt into svade (or get it from a CPU type
which enables it by default).
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Signed-off-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240215223955.969568-7-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Andrew Jones [Thu, 15 Feb 2024 22:39:54 +0000 (19:39 -0300)]
target/riscv: Gate hardware A/D PTE bit updating
Gate hardware A/D PTE bit updating on {m,h}envcfg.ADUE and only
enable menvcfg.ADUE on reset if svade has not been selected. Now
that we also consider svade, we have four possible configurations:
1) !svade && !svadu
use hardware updating and there's no way to disable it
(the default, which maintains past behavior. Maintaining
the default, even with !svadu is a change that fixes [1])
2) !svade && svadu
use hardware updating, but also provide {m,h}envcfg.ADUE,
allowing software to switch to exception mode
(being able to switch is a change which fixes [1])
3) svade && !svadu
use exception mode and there's no way to switch to hardware
updating
(this behavior change fixes [2])
4) svade && svadu
use exception mode, but also provide {m,h}envcfg.ADUE,
allowing software to switch to hardware updating
(this behavior change fixes [2])
Fixes: 0af3f115e68e ("target/riscv: Add *envcfg.HADE related check in address translation") [1] Fixes: 48531f5adb2a ("target/riscv: implement svade") [2] Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Signed-off-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240215223955.969568-6-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Andrew Jones [Thu, 15 Feb 2024 22:39:53 +0000 (19:39 -0300)]
target/riscv: Reset henvcfg to zero
The hypervisor should decide what it wants to enable. Zero all
configuration enable bits on reset.
Also, commit ed67d63798f2 ("target/riscv: Update CSR bits name for
svadu extension") missed one reference to 'hade'. Change it now.
Fixes: 0af3f115e68e ("target/riscv: Add *envcfg.HADE related check in address translation") Fixes: ed67d63798f2 ("target/riscv: Update CSR bits name for svadu extension") Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Signed-off-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240215223955.969568-5-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The RVA22U64 and RVA22S64 profiles mandates certain extensions that,
until now, we were implying that they were available.
We can't do this anymore since named features also has a riscv,isa
entry. Let's add them to riscv_cpu_named_features[].
Instead of adding one bool for each named feature that we'll always
implement, i.e. can't be turned off, add a 'ext_always_enabled' bool in
cpu->cfg. This bool will be set to 'true' in TCG accel init, and all
named features will point to it. This also means that KVM won't see
these features as always enable, which is our intention.
If any accelerator adds support to disable one of these features, we'll
have to promote them to regular extensions and allow users to disable it
via command line.
After this patch, here's the riscv,isa from a buildroot using the
'rva22s64' CPU:
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-ID: <20240215223955.969568-4-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Further discussions after the introduction of rva22 support in QEMU
revealed that what we've been calling 'named features' are actually
regular extensions, with their respective riscv,isa DTs. This is
clarified in [1]. [2] is a bug tracker asking for the profile spec to be
less cryptic about it.
As far as QEMU goes we understand extensions as something that the user
can enable/disable in the command line. This isn't the case for named
features, so we'll have to reach a middle ground.
We'll keep our existing nomenclature 'named features' to refer to any
extension that the user can't control in the command line. We'll also do
the following:
- 'svade' and 'zic64b' flags are renamed to 'ext_svade' and
'ext_zic64b'. 'ext_svade' and 'ext_zic64b' now have riscv,isa strings and
priv_spec versions;
- skip name feature check in cpu_bump_multi_ext_priv_ver(). Now that
named features have a riscv,isa and an entry in isa_edata_arr[] we
don't need to gate the call to cpu_cfg_ext_get_min_version() anymore.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240215223955.969568-3-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/tcg: set 'mmu' with 'satp' in cpu_set_profile()
Recent changes in options handling removed the 'mmu' default the bare
CPUs had, meaning that we must enable 'mmu' by hand when using the
rva22s64 profile CPU.
Given that this profile is setting a satp mode, it already implies that
we need a 'mmu'. Enable the 'mmu' in this case.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240215223955.969568-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Upstream Linux recently added many additional keys to the hwprobe API.
This patch adds support for all of them with the exception of Ztso,
which is currently not supported in QEMU.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20240207115926.887816-3-christoph.muellner@vrull.eu>
[ Changes by AF:
- Fixup whitespace
] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
linux-user/riscv: Add Zicboz extensions to hwprobe
Upstream Linux recently added RISC-V Zicboz support to the hwprobe API.
This patch introduces this for QEMU's user space emulator.
Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20240207115926.887816-2-christoph.muellner@vrull.eu> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alexandre Ghiti [Tue, 6 Feb 2024 15:40:42 +0000 (16:40 +0100)]
hw: riscv: Allow large kernels to boot by moving the initrd further away in RAM
Currently, the initrd is placed at 128MB, which overlaps with the kernel
when it is large (for example syzbot kernels are). From the kernel side,
there is no reason we could not push the initrd further away in memory
to accommodate large kernels, so move the initrd at 512MB when possible.
The ideal solution would have been to place the initrd based on the
kernel size but we actually can't since the bss size is not known when
the image is loaded by load_image_targphys_as() and the initrd would
then overlap with this section.
Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20240206154042.514698-1-alexghiti@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Sia Jee Heng [Mon, 29 Jan 2024 02:14:39 +0000 (18:14 -0800)]
hw/arm/virt-acpi-build.c: Migrate SPCR creation to common location
RISC-V should also generate the SPCR in a manner similar to ARM.
Therefore, instead of replicating the code, relocate this function
to the common AML build.
Signed-off-by: Sia Jee Heng <jeeheng.sia@starfivetech.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240129021440.17640-2-jeeheng.sia@starfivetech.com>
[ Changes by AF:
- Add missing Language SPCR entry
] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jason Chien [Wed, 7 Feb 2024 08:18:08 +0000 (16:18 +0800)]
target/riscv: Update $ra with current $pc in trans_cm_jalt()
The original implementation sets $pc to the address read from the jump
vector table first and links $ra with the address of the next instruction
after the updated $pc. After jumping to the updated $pc and executing the
next ret instruction, the program jumps to $ra, which is in the same
function currently executing, which results in an infinite loop.
This commit stores the jump address in a temporary, updates $ra with the
current $pc, and copies the temporary to $pc.
Signed-off-by: Jason Chien <jason.chien@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20240207081820.28559-1-jason.chien@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Peter Maydell [Fri, 23 Feb 2024 16:13:00 +0000 (16:13 +0000)]
hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later
The sun4v RTC device model added under commit a0e893039cf2ce0 in 2016
was unfortunately added with a license of GPL-v3-or-later, which is
not compatible with other QEMU code which has a GPL-v2-only license.
Relicense the code in the .c and the .h file to GPL-v2-or-later,
to make it compatible with the rest of QEMU.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini (for Red Hat) <pbonzini@redhat.com> Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20240223161300.938542-1-peter.maydell@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
While the 8-bit input elements are sequential in the input vector,
the 32-bit output elements are not sequential in the output matrix.
Do not attempt to compute 2 32-bit outputs at the same time.
Cc: qemu-stable@nongnu.org Fixes: 23a5e3859f5 ("target/arm: Implement SME integer outer product")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2083 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240305163931.242795-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Inès Varhol [Tue, 5 Mar 2024 21:03:12 +0000 (22:03 +0100)]
tests/qtest: Add STM32L4x5 GPIO QTest testcase
The testcase contains :
- `test_idr_reset_value()` :
Checks the reset values of MODER, OTYPER, PUPDR, ODR and IDR.
- `test_gpio_output_mode()` :
Checks that writing a bit in register ODR results in the corresponding
pin rising or lowering, if this pin is configured in output mode.
- `test_gpio_input_mode()` :
Checks that a input pin set high or low externally results
in the pin rising and lowering.
- `test_pull_up_pull_down()` :
Checks that a floating pin in pull-up/down mode is actually high/down.
- `test_push_pull()` :
Checks that a pin set externally is disconnected when configured in
push-pull output mode, and can't be set externally while in this mode.
- `test_open_drain()` :
Checks that a pin set externally high is disconnected when configured
in open-drain output mode, and can't be set high while in this mode.
- `test_bsrr_brr()` :
Checks that writing to BSRR and BRR has the desired result in ODR.
- `test_clock_enable()` :
Checks that GPIO clock is at the right frequency after enabling it.
Acked-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Arnaud Minier <arnaud.minier@telecom-paris.fr> Signed-off-by: Inès Varhol <ines.varhol@telecom-paris.fr>
Message-id: 20240305210444.310665-4-ines.varhol@telecom-paris.fr Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Inès Varhol [Tue, 5 Mar 2024 21:03:10 +0000 (22:03 +0100)]
hw/gpio: Implement STM32L4x5 GPIO
Features supported :
- the 8 STM32L4x5 GPIOs are initialized with their reset values
(except IDR, see below)
- input mode : setting a pin in input mode "externally" (using input
irqs) results in an out irq (transmitted to SYSCFG)
- output mode : setting a bit in ODR sets the corresponding out irq
(if this line is configured in output mode)
- pull-up, pull-down
- push-pull, open-drain
Difference with the real GPIOs :
- Alternate Function and Analog mode aren't implemented :
pins in AF/Analog behave like pins in input mode
- floating pins stay at their last value
- register IDR reset values differ from the real one :
values are coherent with the other registers reset values
and the fact that AF/Analog modes aren't implemented
- setting I/O output speed isn't supported
- locking port bits isn't supported
- ADC function isn't supported
- GPIOH has 16 pins instead of 2 pins
- writing to registers LCKR, AFRL, AFRH and ASCR is ineffective
Signed-off-by: Arnaud Minier <arnaud.minier@telecom-paris.fr> Signed-off-by: Inès Varhol <ines.varhol@telecom-paris.fr> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20240305210444.310665-2-ines.varhol@telecom-paris.fr Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 7 Mar 2024 12:19:04 +0000 (12:19 +0000)]
target/arm: Enable FEAT_ECV for 'max' CPU
Enable all FEAT_ECV features on the 'max' CPU.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-9-peter.maydell@linaro.org
When ID_AA64MMFR0_EL1.ECV is 0b0010, a new register CNTPOFF_EL2 is
implemented. This is similar to the existing CNTVOFF_EL2, except
that it controls a hypervisor-adjustable offset made to the physical
counter and timer.
Implement the handling for this register, which includes control/trap
bits in SCR_EL3 and CNTHCTL_EL2.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-8-peter.maydell@linaro.org
Peter Maydell [Thu, 7 Mar 2024 12:19:03 +0000 (12:19 +0000)]
target/arm: Define CNTPCTSS_EL0 and CNTVCTSS_EL0
For FEAT_ECV, new registers CNTPCTSS_EL0 and CNTVCTSS_EL0 are
defined, which are "self-synchronized" views of the physical and
virtual counts as seen in the CNTPCT_EL0 and CNTVCT_EL0 registers
(meaning that no barriers are needed around accesses to them to
ensure that reads of them do not occur speculatively and out-of-order
with other instructions).
For QEMU, all our system registers are self-synchronized, so we can
simply copy the existing implementation of CNTPCT_EL0 and CNTVCT_EL0
to the new register encodings.
This means we now implement all the functionality required for
ID_AA64MMFR0_EL1.ECV == 0b0001.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-7-peter.maydell@linaro.org
Peter Maydell [Thu, 7 Mar 2024 12:19:02 +0000 (12:19 +0000)]
target/arm: Implement new FEAT_ECV trap bits
The functionality defined by ID_AA64MMFR0_EL1.ECV == 1 is:
* four new trap bits for various counter and timer registers
* the CNTHCTL_EL2.EVNTIS and CNTKCTL_EL1.EVNTIS bits which control
scaling of the event stream. This is a no-op for us, because we don't
implement the event stream (our WFE is a NOP): all we need to do is
allow CNTHCTL_EL2.ENVTIS to be read and written.
* extensions to PMSCR_EL1.PCT, PMSCR_EL2.PCT, TRFCR_EL1.TS and
TRFCR_EL2.TS: these are all no-ops for us, because we don't implement
FEAT_SPE or FEAT_TRF.
* new registers CNTPCTSS_EL0 and NCTVCTSS_EL0 which are
"self-sychronizing" views of the CNTPCT_EL0 and CNTVCT_EL0, meaning
that no barriers are needed around their accesses. For us these
are just the same as the normal views, because all our sysregs are
inherently self-sychronizing.
In this commit we implement the trap handling and permit the new
CNTHCTL_EL2 bits to be written.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-6-peter.maydell@linaro.org
Peter Maydell [Thu, 7 Mar 2024 12:19:02 +0000 (12:19 +0000)]
target/arm: Don't allow RES0 CNTHCTL_EL2 bits to be written
Don't allow the guest to write CNTHCTL_EL2 bits which don't exist.
This is not strictly architecturally required, but it is how we've
tended to implement registers more recently.
In particular, bits [19:18] are only present with FEAT_RME,
and bits [17:12] will only be present with FEAT_ECV.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-5-peter.maydell@linaro.org
Peter Maydell [Thu, 7 Mar 2024 12:19:01 +0000 (12:19 +0000)]
target/arm: use FIELD macro for CNTHCTL bit definitions
We prefer the FIELD macro over ad-hoc #defines for register bits;
switch CNTHCTL to that style before we add any more bits.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-4-peter.maydell@linaro.org
Peter Maydell [Thu, 7 Mar 2024 12:19:01 +0000 (12:19 +0000)]
target/arm: Timer _EL02 registers UNDEF for E2H == 0
The timer _EL02 registers should UNDEF for invalid accesses from EL2
or EL3 when HCR_EL2.E2H == 0, not take a cp access trap. We were
delivering the exception to EL2 with the wrong syndrome.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-3-peter.maydell@linaro.org
Peter Maydell [Thu, 7 Mar 2024 12:19:01 +0000 (12:19 +0000)]
target/arm: Move some register related defines to internals.h
cpu.h has a lot of #defines relating to CPU register fields.
Most of these aren't actually used outside target/arm code,
so there's no point in cluttering up the cpu.h file with them.
Move some easy ones to internals.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301183219.2424889-2-peter.maydell@linaro.org
Peter Maydell [Wed, 6 Mar 2024 16:56:20 +0000 (16:56 +0000)]
Merge tag 'pull-maintainer-updates-060324-1' of https://gitlab.com/stsquad/qemu into staging
maintainer updates (tests, gdbstub, plugins):
- expand QOS_PATH_MAX_ELEMENT_SIZE to avoid LTO issues
- support fork-follow-mode in gdbstub
- new thread-safe scoreboard API for TCG plugins
- suppress showing opcodes in plugin disassembly
* tag 'pull-maintainer-updates-060324-1' of https://gitlab.com/stsquad/qemu: (29 commits)
target/riscv: honour show_opcodes when disassembling
target/loongarch: honour show_opcodes when disassembling
disas/hppa: honour show_opcodes
disas: introduce show_opcodes
plugins: cleanup codepath for previous inline operation
plugins: remove non per_vcpu inline operation from API
contrib/plugins/howvec: migrate to new per_vcpu API
contrib/plugins/hotblocks: migrate to new per_vcpu API
tests/plugin/bb: migrate to new per_vcpu API
tests/plugin/insn: migrate to new per_vcpu API
tests/plugin/mem: migrate to new per_vcpu API
tests/plugin: add test plugin for inline operations
plugins: add inline operation per vcpu
plugins: implement inline operation relative to cpu_index
plugins: define qemu_plugin_u64
plugins: scoreboard API
tests/tcg: Add two follow-fork-mode tests
gdbstub: Implement follow-fork-mode child
gdbstub: Introduce gdb_handle_detach_user()
gdbstub: Introduce gdb_handle_set_thread_user()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Tue, 5 Mar 2024 12:10:05 +0000 (12:10 +0000)]
target/riscv: honour show_opcodes when disassembling
This makes the output suitable when used for plugins.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-30-alex.bennee@linaro.org>
Alex Bennée [Tue, 5 Mar 2024 12:10:04 +0000 (12:10 +0000)]
target/loongarch: honour show_opcodes when disassembling
This makes the output suitable when used for plugins.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-29-alex.bennee@linaro.org>
Alex Bennée [Tue, 5 Mar 2024 12:10:03 +0000 (12:10 +0000)]
disas/hppa: honour show_opcodes
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-28-alex.bennee@linaro.org>
Alex Bennée [Tue, 5 Mar 2024 12:10:02 +0000 (12:10 +0000)]
disas: introduce show_opcodes
For plugins we don't expect the raw opcodes in the disassembly. We
already deal with this by hand crafting our capstone call but for
other diassemblers we need a flag. Introduce show_opcodes which
defaults to off.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-27-alex.bennee@linaro.org>
tests/plugin: add test plugin for inline operations
For now, it simply performs instruction, bb and mem count, and ensure
that inline vs callback versions have the same result. Later, we'll
extend it when new inline operations are added.
Use existing plugins to test everything works is a bit cumbersome, as
different events are treated in different plugins. Thus, this new one.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20240304130036.124418-6-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-19-alex.bennee@linaro.org>
plugins: implement inline operation relative to cpu_index
Instead of working on a fixed memory location, allow to address it based
on cpu_index, an element size and a given offset.
Result address: ptr + offset + cpu_index * element_size.
With this, we can target a member in a struct array from a base pointer.
Current semantic is not modified, thus inline operation still targets
always the same memory location.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20240304130036.124418-4-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-17-alex.bennee@linaro.org>
Additionally to the scoreboard, we define a qemu_plugin_u64, which is a
simple struct holding a pointer to a scoreboard, and a given offset.
This allows to have a scoreboard containing structs, without having to
bring offset to operate on a specific field.
Since most of the plugins are simply collecting a sum of per-cpu values,
qemu_plugin_u64 directly support this operation as well.
All inline operations defined later will use a qemu_plugin_u64 as input.
New functions:
- qemu_plugin_u64_add
- qemu_plugin_u64_get
- qemu_plugin_u64_set
- qemu_plugin_u64_sum
New macros:
- qemu_plugin_scoreboard_u64
- qemu_plugin_scoreboard_u64_in_struct
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20240304130036.124418-3-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-16-alex.bennee@linaro.org>
We introduce a cpu local storage, automatically managed (and extended)
by QEMU itself. Plugin allocate a scoreboard, and don't have to deal
with how many cpus are launched.
This API will be used by new inline functions but callbacks can benefit
from this as well. This way, they can operate without a global lock for
simple operations.
At any point during execution, any scoreboard will be dimensioned with
at least qemu_plugin_num_vcpus entries.
New functions:
- qemu_plugin_scoreboard_find
- qemu_plugin_scoreboard_free
- qemu_plugin_scoreboard_new
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20240304130036.124418-2-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-15-alex.bennee@linaro.org>
Add follow-fork-mode child and and follow-fork-mode parent tests.
Check for the obvious pitfalls, such as lingering breakpoints,
catchpoints, and single-step mode.
Currently it's not possible to use gdbstub for debugging linux-user
code that runs in a forked child, which is normally done using the `set
follow-fork-mode child` GDB command. Purely on the protocol level, the
missing piece is the fork-events feature.
However, a deeper problem is supporting $Hg switching between different
processes - right now it can do only threads. Implementing this for the
general case would be quite complicated, but, fortunately, for the
follow-fork-mode case there are a few factors that greatly simplify
things: fork() happens in the exclusive section, there are only two
processes involved, and before one of them is resumed, the second one
is detached.
This makes it possible to implement a simplified scheme: the parent and
the child share the gdbserver socket, it's used only by one of them at
any given time, which is coordinated through a separate socketpair. The
processes can read from the gdbserver socket only one byte at a time,
which is not great for performance, but, fortunately, the
follow-fork-mode handling involves only a few messages.
Advertise the fork-events support, and remember whether GDB has it
as well. Implement the state machine that is initialized on fork(),
decides the current owner of the gdbserver socket, and is terminated
when one of the two processes is detached. The logic for the parent and
the child is the same, only the initial state is different.
The upcoming follow-fork-mode child support needs to perform certain
actions when GDB detaches from the stopped parent or the stopped child.
Introduce a user-specific hook for this.
The upcoming follow-fork-mode child support needs to perform certain
actions when GDB switches between the stopped parent and the stopped
child. Introduce a user-specific hook for this.
The upcoming follow-fork-mode child support requires advertising the
fork-events feature, which is user-specific. Introduce a user-specific
hook for this.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20240219141628.246823-9-iii@linux.ibm.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-10-alex.bennee@linaro.org>
gdbstub: Call gdbserver_fork() both in parent and in child
The upcoming follow-fork-mode child support requires post-fork message
exchange between the parent and the child. Prepare gdbserver_fork() for
this purpose. Rename it to gdbserver_fork_end() to better reflect its
purpose.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20240219141628.246823-8-iii@linux.ibm.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-9-alex.bennee@linaro.org>
Currently ts_tid contains the parent tid after fork(), which is not
correct. So far it has not affected anything, but the upcoming
follow-fork-mode child support relies on the correct value, so fix it.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20240219141628.246823-4-iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-5-alex.bennee@linaro.org>
A CPU's TaskState is stored in the CPUState's void *opaque field,
accessing which is somewhat awkward due to having to use a cast.
Introduce a wrapper and use it everywhere.
Suggested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240219141628.246823-3-iii@linux.ibm.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-4-alex.bennee@linaro.org>
gdbstub: Support disablement in a multi-threaded process
The upcoming follow-fork-mode child support will require disabling
gdbstub in the parent process, which may have multiple threads (which
are represented as CPUs).
Loop over all CPUs in order to remove breakpoints and disable
single-step. Move the respective code into a separate function.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20240219141628.246823-2-iii@linux.ibm.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-3-alex.bennee@linaro.org>
Alex Bennée [Tue, 5 Mar 2024 12:09:37 +0000 (12:09 +0000)]
tests: bump QOS_PATH_MAX_ELEMENT_SIZE again
We "fixed" a bug with LTO builds with 100c459f194 (tests/qtest: bump
up QOS_PATH_MAX_ELEMENT_SIZE) but it seems it has triggered again.
The array is sized according to the maximum anticipated length of a
path on the graph. However, the worst case for a depth-first search is
to push all nodes on the graph. So it's not really LTO, it depends on
the ordering of the constructors.
Lets be more assertive raising QOS_PATH_MAX_ELEMENT_SIZE to make it go
away again.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1186 (again) Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240305121005.3528075-2-alex.bennee@linaro.org>
Peter Maydell [Tue, 5 Mar 2024 13:54:54 +0000 (13:54 +0000)]
Merge tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* raspi: Implement Broadcom Serial Controller (BSC) for BCM2835 boards
* hw/char/pl011: Add support for loopback
* STM32L4x5: Implement RCC clock control device
* target/arm: Do memory type alignment checks
* atomic.h: Reword confusing comment for qatomic_cmpxchg
* qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports
* tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm:
qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports
atomic.h: Reword confusing comment for qatomic_cmpxchg
target/arm: Do memory type alignment check when translation enabled
target/arm: Do memory type alignment check when translation disabled
accel/tcg: Add TLB_CHECK_ALIGNED
accel/tcg: Add tlb_fill_flags to CPUTLBEntryFull
exec/memattrs: Remove target_tlb_bit*
target/arm: Support 32-byte alignment in pow2_align
tests/qtest/stm32l4x5_rcc-test.c: Add tests for the STM32L4x5_RCC
hw/arm/stm32l4x5_soc.c: Use the RCC Sysclk
hw/misc/stm32l4x5_rcc: Add write protections to CR register
hw/misc/stm32l4x5_rcc: Handle Register Updates
hw/misc/stm32l4x5_rcc: Initialize PLLs and clock multiplexers
hw/misc/stm32l4x5_rcc: Add an internal PLL Clock object
hw/misc/stm32l4x5_rcc: Add an internal clock multiplexer object
hw/misc/stm32l4x5_rcc: Implement STM32L4x5_RCC skeleton
hw/char/pl011: Add support for loopback
tests/qtest: Add testcase for BCM2835 BSC
hw/arm: Connect BSC to BCM2835 board as I2C0, I2C1 and I2C2
hw/i2c: Implement Broadcom Serial Controller (BSC)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Steven Shen [Tue, 5 Mar 2024 01:30:16 +0000 (09:30 +0800)]
qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports
Before v2.12, the implementation of serial ports was limited to
a value of MAX_SERIAL_PORTS = 4. We now dynamically allocate
the data structures for serial ports, so this limit is no longer
present, but the documentation for the -serial options still reads:
"This option can be used several times to simulate up to 4 serial ports."
Update to "This option can be used several times to simulate
multiple serial ports." to avoid misleading.
Signed-off-by: Steven Shen <steven.shen@jaguarmicro.com>
Message-id: 20240305013016.2268-1-steven.shen@jaguarmicro.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tweaked commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 23 Feb 2024 18:20:35 +0000 (18:20 +0000)]
atomic.h: Reword confusing comment for qatomic_cmpxchg
The qatomic_cmpxchg() and qatomic_cmpxchg__nocheck() macros have
a comment that reads:
Returns the eventual value, failed or not
This is somewhere between cryptic and wrong, since the value actually
returned is the value that was in memory before the cmpxchg. Reword
to match how we describe these macros in atomics.rst.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-id: 20240223182035.1048541-1-peter.maydell@linaro.org
target/arm: Do memory type alignment check when translation enabled
If translation is enabled, and the PTE memory type is Device,
enable checking alignment via TLB_CHECK_ALIGNMENT. While the
check is done later than it should be per the ARM, it's better
than not performing the check at all.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301204110.656742-7-richard.henderson@linaro.org
[PMM: tweaks to comment text] Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Do memory type alignment check when translation disabled
If translation is disabled, the default memory type is Device, which
requires alignment checking. This is more optimally done early via
the MemOp given to the TCG memory operation.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reported-by: Idan Horowitz <idan.horowitz@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301204110.656742-6-richard.henderson@linaro.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1204 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / thirdparty / qemu.git / log
