Stefan Hajnoczi [Fri, 4 Jul 2025 12:58:58 +0000 (08:58 -0400)]
Merge tag 'pull-riscv-to-apply-20250704' of https://github.com/alistair23/qemu into staging
Second RISC-V PR for 10.1
* sstc extension fixes
* Fix zama16b order in isa_edata_arr
* Profile handling fixes
* Extend PMP region up to 64
* Remove capital 'Z' CPU properties
* Add missing named features
* Support atomic instruction fetch (Ziccif)
* Add max_satp_mode from host cpu
* Extend and configure PMP region count
* Fix PPN field of Translation-reponse register
* Use qemu_chr_fe_write_all() in DBCN_CONSOLE_WRITE_BYTE
* Fix fcvt.s.bf16 NaN box checking
* Avoid infinite delay of async xmit function
* Device tree reg cleanups
* Add Kunminghu CPU and platform
* Fix missing exit TB flow for ldff_trans
* Fix migration failure when aia is configured as aplic-imsic
* Fix MEPC/SEPC bit masking for IALIGN
* Add a property to set vill bit on reserved usage of vsetvli instruction
* Add Svrsw60t59b extension support
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmhntt4ACgkQr3yVEwxT
# gBMaCQ/9E+LeRY59nz3K3XXUw6XLBfaDECXbKzIn0GM1yXeWTX4dB2h2hoGWdu3R
# CRPxWHECN7CeJhd2J23eLfOi+fTUeppJBeR7TcGyoXVC+y0knZv/clQ3OvMFYcgV
# xjzzu1yipQlXwY+kmDZ6qL5up/Q+faw7tRaePZaJheRGYpVRnjoKUZq5fe4Ug4RU
# Xg6Di86eYyk+Jo0g2exvtzy1rX2eBp7Hz200wWiH5Z1B+3NzgMUHrHuJfNAz8zAt
# n8uvruvaLGGtWcQJauRXlAELR6k9tmkfq1Mbqf3FK6muaQCtFD7PXXnjL/rU/z20
# hhxj0psOhBJLd0W5wQ3vLnDf6Wve9zmUdTR9kI0Kt3xUUdfeBuzKcU06F/G8wEsZ
# 2sIYQqt0mxoJboY2lpje7TO4H9gvAf76WBOV10FV2gWsqWu2rZQ6herdq3YZYkHX
# purUTgyjHn4jl2Y3Kzj0Gq1SHo0yaA/sD6xNR8X+JqljSruDxtOFU7wkKBbewoIg
# OSfwemjRUVsPQZ958042ntwJt81v1604Oky8JSFr5eCFx/aoLJ1vDYh7BKZAogNH
# uB/YigGq9+/MVzqJpZI+kZkd+1nzaizeL0FUPRTq0jFA2u+vc3J3svQ/jNXDH2c+
# 5nGuhbkvT0ptmVMBqFV2vjPh6+ScR8t03wHdQ4PmDoXC3o9zbbU=
# =CfRy
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 04 Jul 2025 07:11:26 EDT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20250704' of https://github.com/alistair23/qemu: (40 commits)
target: riscv: Add Svrsw60t59b extension support
target/riscv: Add a property to set vill bit on reserved usage of vsetvli instruction
tests/tcg/riscv64: Add test for MEPC bit masking
target/riscv: Fix MEPC/SEPC bit masking for IALIGN
migration: Fix migration failure when aia is configured as aplic-imsic
target/riscv: rvv: Fix missing exit TB flow for ldff_trans
hw/riscv: Initial support for BOSC's Xiangshan Kunminghu FPGA prototype
target/riscv: Add BOSC's Xiangshan Kunminghu CPU
hw/riscv/virt: Use setprop_sized_cells for pcie
hw/riscv/virt: Use setprop_sized_cells for iommu
hw/riscv/virt: Use setprop_sized_cells for rtc
hw/riscv/virt: Use setprop_sized_cells for uart
hw/riscv/virt: Use setprop_sized_cells for reset
hw/riscv/virt: Use setprop_sized_cells for virtio
hw/riscv/virt: Use setprop_sized_cells for plic
hw/riscv/virt: Use setprop_sized_cells for aclint
hw/riscv/virt: Use setprop_sized_cells for aplic
hw/riscv/virt: Use setprop_sized_cells for memory
hw/riscv/virt: Use setprop_sized_cells for clint
hw/riscv/virt: Fix clint base address type
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Fri, 4 Jul 2025 12:58:49 +0000 (08:58 -0400)]
Merge tag 'accel-20250704' of https://github.com/philmd/qemu into staging
Accelerators patches
- Generic API consolidation, cleanups (dead code removal, documentation added)
- Remove monitor TCG 'info opcount' and @x-query-opcount
- Have HVF / NVMM / WHPX use generic CPUState::vcpu_dirty field
- Expose nvmm_enabled() and whpx_enabled() to common code
- Have hmp_info_registers() dump vector registers
* tag 'accel-20250704' of https://github.com/philmd/qemu: (31 commits)
MAINTAINERS: Add me as reviewer of overall accelerators section
monitor/hmp-cmds-target: add CPU_DUMP_VPU in hmp_info_registers()
accel: Pass AccelState argument to gdbstub_supported_sstep_flags()
accel: Remove unused MachineState argument of AccelClass::setup_post()
accel: Directly pass AccelState argument to AccelClass::has_memory()
accel/kvm: Directly pass KVMState argument to do_kvm_create_vm()
accel/kvm: Prefer local AccelState over global MachineState::accel
accel/tcg: Prefer local AccelState over global current_accel()
accel: Propagate AccelState to AccelClass::init_machine()
accel: Keep reference to AccelOpsClass in AccelClass
accel: Expose and register generic_handle_interrupt()
accel/dummy: Extract 'dummy-cpus.h' header from 'system/cpus.h'
accel/whpx: Expose whpx_enabled() to common code
accel/nvmm: Expose nvmm_enabled() to common code
accel/system: Document cpu_synchronize_state_post_init/reset()
accel/system: Document cpu_synchronize_state()
accel/kvm: Remove kvm_cpu_synchronize_state() stub
accel/whpx: Replace @dirty field by generic CPUState::vcpu_dirty field
accel/nvmm: Replace @dirty field by generic CPUState::vcpu_dirty field
accel/hvf: Replace @dirty field by generic CPUState::vcpu_dirty field
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Fri, 4 Jul 2025 12:58:39 +0000 (08:58 -0400)]
Merge tag 'pull-vfio-20250704' of https://github.com/legoater/qemu into staging
vfio queue:
* Added small cleanups for b4 and scope
* Restricted TDX build to 64-bit target
* Fixed issues introduced in first part of VFIO live update support
* Added full VFIO live update support
Stefan Hajnoczi [Fri, 4 Jul 2025 12:58:27 +0000 (08:58 -0400)]
Merge tag 'pull-aspeed-20250704' of https://github.com/legoater/qemu into staging
aspeed queue:
* Improved AST2700 SoC modeling (SDMC, SCU)
* Fixed hardware strapping of 'bletchley-bmc' machine
* Added new Meta 'catalina-bmc' machine and functional test using OpenBMC
* Improved AST2600 SCU protection key modeling
* Introduced AST2600 SCU unit tests
* Deprecated 'ast2700a0-evb' machine
* Added new NVIDIA 'gb200-bmc' machine and functional test using OpenBMC
* tag 'pull-aspeed-20250704' of https://github.com/legoater/qemu:
tests/functional: Add gb200 tests
hw/arm/aspeed: Add GB200 BMC target
docs: add support for gb200-bmc
hw/arm/aspeed: Add second SPI chip to Aspeed model
aspeed: Deprecate the ast2700a0-evb machine
tests/qtest: Add test for ASPEED SCU
hw/misc/aspeed_scu: Handle AST2600 protection key registers correctly
hw/arm/aspeed: add Catalina machine type
hw/arm/aspeed: bletchley: update hw strap values
hw/misc/aspeed_scu: Support the Frequency Counter Control register for AST2700
hw/misc/aspeed_sdmc: Skipping dram_init in u-boot for AST2700
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
target/riscv: Add a property to set vill bit on reserved usage of vsetvli instruction
Usage of vsetvli instruction is reserved if VLMAX is changed when vsetvli rs1
and rd arguments are x0.
In this case, if the new property is true, only the vill bit will be set.
See https://github.com/riscv/riscv-isa-manual/blob/main/src/v-st-ext.adoc#avl-encoding
According to the spec, the above use cases are reserved, and
"Implementations may set vill in either case."
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2422 Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250618213542.22873-1-vliaskovitis@suse.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add a regression test to verify that MEPC properly masks the lower
bits when an address with mode bits is written to it, as required by
the RISC-V Privileged Architecture specification.
The test sets STVEC to an address with bit 0 set (vectored mode),
triggers an illegal instruction exception, copies STVEC to MEPC in the
trap handler, and verifies that MEPC masks bits [1:0] correctly for
IALIGN=32.
Without the fix, MEPC retains the mode bits (returns non-zero/FAIL).
With the fix, MEPC clears bits [1:0] (returns 0/PASS).
Signed-off-by: Charalampos Mitrodimas <charmitro@posteo.net> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250703182157.281320-3-charmitro@posteo.net> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv: Fix MEPC/SEPC bit masking for IALIGN
According to the RISC-V Privileged Architecture specification, the low
bit of MEPC/SEPC must always be zero. When IALIGN=32, the two low bits
must be zero.
This commit fixes the behavior of MEPC/SEPC CSR reads and writes, and
the implicit reads by MRET/SRET instructions to properly mask the
lowest bit(s) based on whether the C extension is enabled:
- When C extension is enabled (IALIGN=16): mask bit 0
- When C extension is disabled (IALIGN=32): mask bits [1:0]
Previously, when vectored mode bits from STVEC (which sets bit 0 for
vectored mode) were written to MEPC, the bits would not be cleared
correctly, causing incorrect behavior on MRET.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2855 Signed-off-by: Charalampos Mitrodimas <charmitro@posteo.net> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250703182157.281320-2-charmitro@posteo.net> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
migration: Fix migration failure when aia is configured as aplic-imsic
Address an error in migration when aia is configured as 'aplic-imsic' in
riscv kvm vm by adding riscv_aplic_state_needed() and
riscv_imsic_state_needed() to determine whether the corresponding sates are
needed.
Previously, the fields in the vmsds of 'riscv_aplic' and 'riscv_imsic' can
only be initialized under certain special conditions in commit 95a97b3fd2.
However, the corresponding ses of these vmsds are inserted into the
savevm_state.handlers unconditionally. This led to migration failure
characterized by uninitialized fields when save vm state:
qemu-system-riscv64: ../migration/vmstate.c:433: vmstate_save_state_v:
Assertion 'first_elem || !n_elems || !size' failed.
Fixes: 95a97b3fd2 ("target/riscv: update APLIC and IMSIC to support KVM AIA") Signed-off-by: Xuemei Liu <liu.xuemei1@zte.com.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250616150034827wuHs_ffe3Qm8cqFXT7HeW@zte.com.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Max Chou [Fri, 27 Jun 2025 13:30:13 +0000 (21:30 +0800)]
target/riscv: rvv: Fix missing exit TB flow for ldff_trans
According to the V spec, the vector fault-only-first load instructions
may change the VL CSR.
So the ldff_trans TCG translation function should generate the
lookup_and_goto_ptr flow as the vsetvl/vsetvli translation function to
make sure the vl_eq_vlmax TB flag is correct.
Signed-off-by: Max Chou <max.chou@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250627133013.443997-1-max.chou@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Huang Borong [Tue, 17 Jun 2025 07:42:22 +0000 (15:42 +0800)]
hw/riscv: Initial support for BOSC's Xiangshan Kunminghu FPGA prototype
This implementation provides emulation for the Xiangshan Kunminghu
FPGA prototype platform, including support for UART, CLINT, IMSIC,
and APLIC devices. More details can be found at
https://github.com/OpenXiangShan/XiangShan
Signed-off-by: qinshaoqing <qinshaoqing@bosc.ac.cn> Signed-off-by: Yang Wang <wangyang@bosc.ac.cn> Signed-off-by: Yu Hu <819258943@qq.com> Signed-off-by: Ran Wang <wangran@bosc.ac.cn> Signed-off-by: Borong Huang <3543977024@qq.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250617074222.17618-1-wangran@bosc.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add a CPU entry for the Xiangshan Kunminghu CPU, an open-source,
high-performance RISC-V processor. More details can be found at:
https://github.com/OpenXiangShan/XiangShan
Note: The ISA extensions supported by the Xiangshan Kunminghu CPU are
categorized based on four RISC-V specifications: Volume I: Unprivileged
Architecture, Volume II: Privileged Architecture, AIA, and RVA23. The
extensions within each category are organized according to the chapter
order in the specifications.
Signed-off-by: Yu Hu <huyu@bosc.ac.cn> Signed-off-by: Ran Wang <wangran@bosc.ac.cn> Signed-off-by: Borong Huang <3543977024@qq.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250425122212.364-1-wangran@bosc.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:48 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for pcie
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-13-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:47 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for iommu
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-12-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:46 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for rtc
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-11-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:45 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for uart
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-10-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:44 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for reset
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-9-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:43 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for virtio
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-8-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:42 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for plic
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-7-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:41 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for aclint
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-6-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:40 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for aplic
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-5-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:39 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for memory
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-4-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:38 +0000 (12:24 +0930)]
hw/riscv/virt: Use setprop_sized_cells for clint
The current device tree property uses two cells for the address (and for
the size), but assumes the they are less than 32 bits by hard coding the
high cell to zero.
Use qemu_fdt_setprop_sized_cells to do the job of splitting the upper
and lower 32 bits across cells.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-3-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Joel Stanley [Wed, 4 Jun 2025 02:54:37 +0000 (12:24 +0930)]
hw/riscv/virt: Fix clint base address type
The address is a hardware address, so use hwaddr for consistency with
the rest of the machine.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-ID: <20250604025450.85327-2-joel@jms.id.au> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Florian Lugou [Thu, 5 Jun 2025 10:12:54 +0000 (12:12 +0200)]
hw/char: sifive_uart: Avoid infinite delay of async xmit function
The current handler for TXFIFO writes schedules an async callback to
pop characters from the queue. When software writes to TXFIFO faster
than the async callback delay (100ns), the timer may be pushed back
while the previous character has not be dequeued yet. This happens in
particular when using -icount with small shift values. This is
especially worrysome when software repetitively issues amoor.w
instructions (as suggested by SiFive specification) and the FIFO is
full, leading to the callback being infinitly pushed back.
This commit fixes the issue by never pushing back the timer, only
updating it if it is not already active.
Signed-off-by: Florian Lugou <florian.lugou@provenrun.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250605101255.797162-1-florian.lugou@provenrun.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anton Blanchard [Thu, 1 May 2025 11:42:53 +0000 (11:42 +0000)]
target/riscv: Fix fcvt.s.bf16 NaN box checking
fcvt.s.bf16 uses the FP16 check_nanbox_h() which returns an FP16
quiet NaN. Add check_nanbox_bf16() which returns a BF16 quiet NaN.
Signed-off-by: Anton Blanchard <antonb@tenstorrent.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250501114253.594887-1-antonb@tenstorrent.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv: use qemu_chr_fe_write_all() in DBCN_CONSOLE_WRITE_BYTE
The SBI spec states, for console write byte:
"This is a blocking SBI call and it will only return after writing the
specified byte to the debug console. It will also return, with
SBI_ERR_FAILED, if there are I/O errors."
Being a blocker call will either succeed writing the byte or error out,
it's feasible to use the blocking qemu_chr_fe_write_all() instead of
qemu_chr_fe_write().
Last but not the least, we will duck possible changes in
qemu_chr_fe_write() where ret = 0 will have a 'zero byte written'
semantic [1] - something that we're not ready to deal in this current
state.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250605094456.1385105-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Nutty Liu [Thu, 5 Jun 2025 12:48:48 +0000 (20:48 +0800)]
hw/riscv/riscv-iommu: Fix PPN field of Translation-reponse register
The original implementation incorrectly performed a bitwise AND
operation between the PPN of iova and PPN Mask, leading to an
incorrect PPN field in Translation-reponse register.
The PPN of iova should be set entirely in the PPN field of
Translation-reponse register.
Also remove the code that was used to clear S field since this
field is already zero.
Signed-off-by: Nutty Liu <liujingqi@lanxincomputing.com> Reviewed-by: Tomasz Jeznach <tjeznach@rivosinc.com>
Message-ID: <20250605124848.1248-1-liujingqi@lanxincomputing.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jay Chang [Fri, 6 Jun 2025 07:25:25 +0000 (15:25 +0800)]
target/riscv: Make PMP region count configurable
Previously, the number of PMP regions was hardcoded to 16 in QEMU.
This patch replaces the fixed value with a new `pmp_regions` field,
allowing platforms to configure the number of PMP regions.
If no specific value is provided, the default number of PMP regions
remains 16 to preserve the existing behavior.
A new CPU parameter num-pmp-regions has been introduced to the QEMU
command line. For example:
Signed-off-by: Jay Chang <jay.chang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250606072525.17313-3-jay.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Thu, 8 May 2025 09:48:38 +0000 (17:48 +0800)]
target/riscv: support atomic instruction fetch (Ziccif)
Support 4-byte atomic instruction fetch when instruction is natural
aligned.
Current implementation is not atomic because it loads instruction twice
for first and last 2 bytes. We load 4 bytes at once to keep the
atomicity. This instruction preload method only applys when instruction
is 4-byte aligned. If instruction is unaligned, it could be across pages
so that preload will trigger additional page fault.
We encounter this issue when doing pressure test of enabling & disabling
Linux kernel ftrace. Ftrace with kernel preemption requires concurrent
modification and execution of instruction, so non-atomic instruction
fetch will cause the race condition. We may fetch the wrong instruction
which is the mixing of 2 instructions.
Also, RISC-V Profile wants to provide this feature by HW. RVA20U64
Ziccif protects the atomicity of instruction fetch when it is
natural aligned.
Signed-off-by: Jim Shu <jim.shu@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250508094838.19394-1-jim.shu@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/cpu.c: do better with 'named features' doc
Most of the named features are added directly in isa_edata_arr[], some
of them are also added in riscv_cpu_named_features(). There is a reason
for that, and the existing docs can do better explaining it.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250529202315.1684198-4-dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250604174329.1147549-4-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
'ssstrict' is a RVA23 profile-defined extension defined as follows:
"No non-conforming extensions are present. Attempts to execute
unimplemented opcodes or access unimplemented CSRs in the standard or
reserved encoding spaces raises an illegal instruction exception that
results in a contained trap to the supervisor-mode trap handler."
In short, we need to throw an exception when accessing unimplemented
CSRs or opcodes. We do that, so let's advertise it.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-ID: <20250529202315.1684198-3-dbarboza@ventanamicro.com>
Message-ID: <20250604174329.1147549-3-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
We have support for sdtrig for awhile but we are not advertising it. It
is enabled by default via the 'debug' flag. Use the same flag to also
advertise sdtrig.
Add an exception in disable_priv_spec_isa_exts() to avoid spamming
warnings for 'sdtrig' for vendor CPUs like sifive_u.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250604174329.1147549-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
These properties were deprecated in QEMU 8.2, commit 8043effd9b.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250530134608.1806922-1-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jay Chang [Thu, 22 May 2025 08:12:35 +0000 (16:12 +0800)]
target/riscv: Extend PMP region up to 64
According to the RISC-V Privileged Specification (version >1.12),
RV32 supports 16 CSRs (pmpcfg0–pmpcfg15) to configure 64 PMP regions
(pmpaddr0–pmpaddr63).
Signed-off-by: Jay Chang <jay.chang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250522081236.4050-2-jay.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Björn reported in [1] a case where a rv64 CPU is going through the
profile code path to enable satp mode. In this case,the amount of
extensions on top of the rv64 CPU made it compliant with the RVA22S64
profile during the validation of CPU 0. When the subsequent CPUs were
initialized the static profile object has the 'enable' flag set,
enabling the profile code path for those CPUs.
This happens because we are initializing and realizing each CPU before
going to the next, i.e. init and realize CPU0, then init and realize
CPU1 and so on. If we change any persistent state during the validation
of CPU N it will interfere with the init/realization of CPU N+1.
We're using the 'enabled' profile flag to do two distinct things: inform
cpu_init() that we want profile extensions to be enabled, and telling
QMP that a profile is currently enabled in the CPU. We want to be
flexible enough to recognize profile support for all CPUs that has the
extension prerequisites, but we do not want to force the profile code
path if a profile wasn't set too.
Add a new 'present' flag for profiles that will coexist with the 'enabled'
flag. Enabling a profile means "we want to switch on all its mandatory
extensions". A profile is 'present' if we asserted during validation
that the CPU has the needed prerequisites.
This means that the case reported by Björn now results in
RVA22S64.enabled=false and RVA22S64.present=true. QMP will recognize it
as a RVA22 compliant CPU and we won't force the CPU into the profile
path.
Reported-by: Björn Töpel <bjorn@kernel.org> Fixes: 2af005d610 ("target/riscv/tcg: validate profiles during finalize") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Björn Töpel <bjorn@rivosinc.com> Tested-by: Björn Töpel <bjorn@rivosinc.com>
Message-ID: <20250528184407.1451983-4-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/tcg: decouple profile enablement from user prop
We have code in riscv_cpu_add_profiles() to enable a profile right away
in case a CPU chose the profile during its cpu_init(). But we're using
the user callback option to do so, setting profile->user_set.
Create a new helper that does all the grunt work to enable/disable a
given profile. Use this new helper in the cases where we want a CPU to
be compatible to a certain profile, leaving the user callback to be used
exclusively by users.
Fixes: fba92a92e3 ("target/riscv: add 'rva22u64' CPU") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Björn Töpel <bjorn@rivosinc.com> Tested-by: Björn Töpel <bjorn@rivosinc.com>
Message-ID: <20250528184407.1451983-3-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/tcg: restrict satp_mode changes in cpu_set_profile
We're changing 'mmu' to true regardless of whether the profile is
being enabled or not, and at the same time we're changing satp_mode to
profile->enabled.
This will promote a situation where we'll set mmu=on without a virtual
memory mode, which is a mistake.
Only touch 'mmu' and satp_mode if the profile is being enabled.
Suggested-by: Andrew Jones <ajones@ventanamicro.com> Fixes: 55398025e7 ("target/riscv: add satp_mode profile support") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Björn Töpel <bjorn@rivosinc.com> Tested-by: Björn Töpel <bjorn@rivosinc.com>
Message-ID: <20250528184407.1451983-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Mon, 19 May 2025 14:35:18 +0000 (22:35 +0800)]
target/riscv: Enable/Disable S/VS-mode Timer when STCE bit is changed
Updating STCE will enable/disable SSTC in S-mode or/and VS-mode, so we
also need to update S/VS-mode Timer and S/VSTIP bits in $mip CSR.
Signed-off-by: Jim Shu <jim.shu@sifive.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-5-jim.shu@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Mon, 19 May 2025 14:35:17 +0000 (22:35 +0800)]
target/riscv: Fix VSTIP bit in sstc extension.
VSTIP is only writable when both [mh]envcfg.STCE is enabled, or it will
revert it's defined behavior as if sstc extension is not implemented.
Signed-off-by: Jim Shu <jim.shu@sifive.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-4-jim.shu@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Mon, 19 May 2025 14:35:16 +0000 (22:35 +0800)]
hw/intc: riscv_aclint: Fix mtime write for sstc extension
When changing the mtime value, the period of [s|vs]timecmp timers
should also be updated, similar to the period of mtimecmp timer.
The period of the stimecmp timer is the time until the next S-mode
timer IRQ. The value is calculated as "stimecmp - time". [1]
It is equal to "stimecmp - mtime" since the time CSR is a read-only
shadow of the memory-mapped mtime register.
Thus, changing mtime value will update the period of stimecmp timer.
Similarly, the period of vstimecmp timer is calculated as "vstimecmp -
(mtime + htimedelta)" [2], so changing mtime value will update the
period of vstimecmp timer.
[1] RISC-V Priv spec ch 9.1.1. Supervisor Timer (stimecmp) Register
A supervisor timer interrupt becomes pending, as reflected in the STIP
bit in the mip and sip registers whenever time contains a value
greater than or equal to stimecmp.
[2] RISC-V Priv spec ch19.2.1. Virtual Supervisor Timer (vstimecmp) Register
A virtual supervisor timer interrupt becomes pending, as reflected in
the VSTIP bit in the hip register, whenever (time + htimedelta),
truncated to 64 bits, contains a value greater than or equal to
vstimecmp
Signed-off-by: Jim Shu <jim.shu@sifive.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-3-jim.shu@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jim Shu [Mon, 19 May 2025 14:35:15 +0000 (22:35 +0800)]
target/riscv: Add the checking into stimecmp write function.
Preparation commit to let aclint timer to use stimecmp write function.
Aclint timer doesn't call sstc() predicate so we need to check inside
the stimecmp write function.
Signed-off-by: Jim Shu <jim.shu@sifive.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250519143518.11086-2-jim.shu@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
MAINTAINERS: Add me as reviewer of overall accelerators section
I'd like to be informed of overall changes of accelerators.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-40-philmd@linaro.org>
monitor/hmp-cmds-target: add CPU_DUMP_VPU in hmp_info_registers()
Commit b84694defb added the CPU_DUMP_VPU to allow vector registers to be
logged by log_cpu_exec() in TCG. This flag was then used in commit b227f6a8a7 to print RISC-V vector registers using this flag. Note that
this change was done in riscv_cpu_dump_state(), the cpu_dump_state()
callback for RISC-V, the same callback used in hmp_info_registers().
Back then we forgot to change hmp_info_registers(), and 'info registers'
isn't showing RISC-V vector registers as a result. No other target is
impacted since only RISC-V is using CPU_DUMP_VPU.
There's no reason to not show VPU regs in info_registers(), so add
CPU_DUMP_VPU to hmp_info_registers(). This will print vector registers
for all RISC-V machines and, as said above, has no impact in other
archs.
Cc: Dr. David Alan Gilbert <dave@treblig.org> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250623145306.991562-1-dbarboza@ventanamicro.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
accel: Pass AccelState argument to gdbstub_supported_sstep_flags()
In order to have AccelClass methods instrospect their state,
we need to pass AccelState by argument.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-37-philmd@linaro.org>
accel: Remove unused MachineState argument of AccelClass::setup_post()
This method only accesses xen_domid/xen_domid_restrict, which are both
related to the 'accelerator', not the machine. Besides, xen_domid aims
to be in Xen AccelState and xen_domid_restrict a xen_domid_restrict
QOM property.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-36-philmd@linaro.org>
accel: Directly pass AccelState argument to AccelClass::has_memory()
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20250703173248.44995-34-philmd@linaro.org>
accel/kvm: Directly pass KVMState argument to do_kvm_create_vm()
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-35-philmd@linaro.org>
accel/kvm: Prefer local AccelState over global MachineState::accel
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-32-philmd@linaro.org>
accel/tcg: Prefer local AccelState over global current_accel()
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-33-philmd@linaro.org>
accel: Propagate AccelState to AccelClass::init_machine()
In order to avoid init_machine() to call current_accel(),
pass AccelState along.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250703173248.44995-31-philmd@linaro.org>
accel: Keep reference to AccelOpsClass in AccelClass
Allow dereferencing AccelOpsClass outside of accel/accel-system.c.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250703173248.44995-30-philmd@linaro.org>
accel: Expose and register generic_handle_interrupt()
In order to dispatch over AccelOpsClass::handle_interrupt(),
we need it always defined, not calling a hidden handler under
the hood. Make AccelOpsClass::handle_interrupt() mandatory.
Expose generic_handle_interrupt() prototype and register it
for each accelerator.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-Id: <20250703173248.44995-29-philmd@linaro.org>
accel/dummy: Extract 'dummy-cpus.h' header from 'system/cpus.h'
'dummy' helpers are specific to accelerator implementations,
no need to expose them via "system/cpus.h".
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-Id: <20250703173248.44995-27-philmd@linaro.org>
Currently whpx_enabled() is restricted to target-specific code.
By defining CONFIG_WHPX_IS_POSSIBLE we allow its use anywhere.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250703173248.44995-26-philmd@linaro.org>
Currently nvmm_enabled() is restricted to target-specific code.
By defining CONFIG_NVMM_IS_POSSIBLE we allow its use anywhere.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-25-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-24-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-23-philmd@linaro.org>
Since commit 57038a92bb0 ("cpus: extract out kvm-specific code
to accel/kvm") the kvm_cpu_synchronize_state() stub is not
necessary.
Fixes: e0715f6abce ("kvm: remove kvm specific functions from global includes") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-22-philmd@linaro.org>
accel/whpx: Replace @dirty field by generic CPUState::vcpu_dirty field
No need for accel-specific @dirty field when we have
a generic one in CPUState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-21-philmd@linaro.org>
accel/nvmm: Replace @dirty field by generic CPUState::vcpu_dirty field
No need for accel-specific @dirty field when we have
a generic one in CPUState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-20-philmd@linaro.org>
accel/hvf: Replace @dirty field by generic CPUState::vcpu_dirty field
No need for accel-specific @dirty field when we have
a generic one in CPUState.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-19-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-Id: <20250703173248.44995-18-philmd@linaro.org>
accel/hvf: Move generic method declarations to hvf-all.c
hvf-all.c aims to contain the generic accel methods (TYPE_ACCEL),
while hvf-accel-ops.c the per-vcpu methods (TYPE_ACCEL_OPS).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-17-philmd@linaro.org>
accel/hvf: Move per-cpu method declarations to hvf-accel-ops.c
hvf-all.c aims to contain the generic accel methods (TYPE_ACCEL),
while hvf-accel-ops.c the per-vcpu methods (TYPE_ACCEL_OPS).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-16-philmd@linaro.org>
Common code only needs to know whether HVF is enabled and
the QOM type. Move the rest to "hvf_int.h", removing the
need for COMPILING_PER_TARGET #ifdef'ry.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-15-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-11-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-10-philmd@linaro.org>
accel/tcg: Remove 'info opcount' and @x-query-opcount
Since commit 1b65b4f54c7 ("accel/tcg: remove CONFIG_PROFILER",
released with QEMU v8.1.0) we get pointless output:
(qemu) info opcount
[TCG profiler not compiled]
Remove that unstable and unuseful command.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Dr. David Alan Gilbert <dave@treblig.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-8-philmd@linaro.org>
kvm_create_vcpu() is only used within the same file unit.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-7-philmd@linaro.org>
Since commit 57038a92bb0 ("cpus: extract out kvm-specific code
to accel/kvm") the kvm_init_cpu_signals() stub is not necessary.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-Id: <20250703173248.44995-6-philmd@linaro.org>
system/cpus: Assert interrupt handling is done with BQL locked
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-5-philmd@linaro.org>
Ed Tanous [Thu, 3 Jul 2025 14:42:49 +0000 (07:42 -0700)]
tests/functional: Add gb200 tests
To support the newly added gb200 machine, add appropriate tests and
extend do_test_arm_aspeed_openbmc() to support the hostname of this
new system: "gb200nvl-obmc".
Jamin Lin [Thu, 3 Jul 2025 05:24:00 +0000 (13:24 +0800)]
aspeed: Deprecate the ast2700a0-evb machine
The ast2700a0-evb machine represents the first revision of the AST2700 and
serves as the initial engineering sample rather than a production version.
A newer revision, A1, is now supported, and the ast2700a1-evb should replace
the older A0 version.
Steve Sistare [Wed, 2 Jul 2025 21:58:56 +0000 (14:58 -0700)]
iommufd: preserve DMA mappings
During cpr-transfer load in new QEMU, the vfio_memory_listener causes
spurious calls to map and unmap DMA regions, as devices are created and
the address space is built. This memory was already already mapped by the
device in old QEMU, so suppress the map and unmap callbacks during incoming
CPR.
Steve Sistare [Wed, 2 Jul 2025 21:58:53 +0000 (14:58 -0700)]
vfio/iommufd: reconstruct device
Reconstruct userland device state after CPR. During vfio_realize, skip all
ioctls that configure the device, as it was already configured in old QEMU.
Skip bind, and use the devid from CPR state.
Skip allocation of, and attachment to, ioas_id. Recover ioas_id from CPR
state, and use it to find a matching container, if any, before creating a
new one.
This reconstruction is not complete. hwpt_id is handled in a subsequent
patch.
Steve Sistare [Wed, 2 Jul 2025 21:58:51 +0000 (14:58 -0700)]
vfio/iommufd: cpr state
VFIO iommufd devices will need access to ioas_id, devid, and hwpt_id in
new QEMU at realize time, so add them to CPR state. Define CprVFIODevice
as the object which holds the state and is serialized to the vmstate file.
Define accessors to copy state between VFIODevice and CprVFIODevice.
Steve Sistare [Wed, 2 Jul 2025 21:58:50 +0000 (14:58 -0700)]
migration: vfio cpr state hook
Define a list of vfio devices in CPR state, in a subsection so that
older QEMU can be live updated to this version. However, new QEMU
will not be live updateable to old QEMU. This is acceptable because
CPR is not yet commonly used, and updates to older versions are unusual.
The contents of each device object will be defined by the vfio subsystem
in a subsequent patch.
Steve Sistare [Wed, 2 Jul 2025 21:58:49 +0000 (14:58 -0700)]
vfio/iommufd: register container for cpr
Register a vfio iommufd container and device for CPR, replacing the generic
CPR register call with a more specific iommufd register call. Add a
blocker if the kernel does not support IOMMU_IOAS_CHANGE_PROCESS.
This is mostly boiler plate. The fields to to saved and restored are added
in subsequent patches.
Steve Sistare [Wed, 2 Jul 2025 21:58:46 +0000 (14:58 -0700)]
vfio/iommufd: invariant device name
cpr-transfer will use the device name as a key to find the value
of the device descriptor in new QEMU. However, if the descriptor
number is specified by a command-line fd parameter, then
vfio_device_get_name creates a name that includes the fd number.
This causes a chicken-and-egg problem: new QEMU must know the fd
number to construct a name to find the fd number.
To fix, create an invariant name based on the id command-line parameter,
if id is defined. The user will need to provide such an id to use CPR.
Steve Sistare [Wed, 2 Jul 2025 21:58:45 +0000 (14:58 -0700)]
vfio/iommufd: use IOMMU_IOAS_MAP_FILE
Use IOMMU_IOAS_MAP_FILE when the mapped region is backed by a file.
Such a mapping can be preserved without modification during CPR,
because it depends on the file's address space, which does not change,
rather than on the process's address space, which does change.
Steve Sistare [Wed, 2 Jul 2025 21:58:42 +0000 (14:58 -0700)]
backends/iommufd: iommufd_backend_map_file_dma
Define iommufd_backend_map_file_dma to implement IOMMU_IOAS_MAP_FILE.
This will be called as a substitute for iommufd_backend_map_dma, so
the error conditions for BARs are copied as-is from that function.
Steve Sistare [Wed, 2 Jul 2025 21:58:41 +0000 (14:58 -0700)]
migration: cpr_get_fd_param helper
Add the helper function cpr_get_fd_param, to use when preserving
a file descriptor that is opened externally and passed to QEMU.
cpr_get_fd_param returns a descriptor number either from a QEMU
command-line parameter, from a getfd command, or from CPR state.
When a descriptor is passed to new QEMU via SCM_RIGHTS, its number
changes. Hence, during CPR, the command-line parameter is ignored
in new QEMU, and over-ridden by the value found in CPR state.
Similarly, if the descriptor was originally specified by a getfd
command in old QEMU, the fd number is not known outside of QEMU,
and it changes when sent to new QEMU via SCM_RIGHTS. Hence the
user cannot send getfd to new QEMU, but when the user sends a
hotplug command that references the fd, cpr_get_fd_param finds
its value in CPR state.
Steve Sistare [Wed, 2 Jul 2025 21:58:40 +0000 (14:58 -0700)]
migration: close kvm after cpr
cpr-transfer breaks vfio network connectivity to and from the guest, and
the host system log shows:
irq bypass consumer (token 00000000a03c32e5) registration fails: -16
which is EBUSY. This occurs because KVM descriptors are still open in
the old QEMU process. Close them.
Steve Sistare [Wed, 2 Jul 2025 21:58:39 +0000 (14:58 -0700)]
vfio-pci: preserve INTx
Preserve vfio INTx state across cpr-transfer. Preserve VFIOINTx fields as
follows:
pin : Recover this from the vfio config in kernel space
interrupt : Preserve its eventfd descriptor across exec.
unmask : Ditto
route.irq : This could perhaps be recovered in vfio_pci_post_load by
calling pci_device_route_intx_to_irq(pin), whose implementation reads
config space for a bridge device such as ich9. However, there is no
guarantee that the bridge vmstate is read before vfio vmstate. Rather
than fiddling with MigrationPriority for vmstate handlers, explicitly
save route.irq in vfio vmstate.
pending : save in vfio vmstate.
mmap_timeout, mmap_timer : Re-initialize
bool kvm_accel : Re-initialize
In vfio_realize, defer calling vfio_intx_enable until the vmstate
is available, in vfio_pci_post_load. Modify vfio_intx_enable and
vfio_intx_kvm_enable to skip vfio initialization, but still perform
kvm initialization.
projects / thirdparty / qemu.git / log
