Anton Johansson [Wed, 20 May 2026 12:53:40 +0000 (14:53 +0200)]
target/riscv: Fix size of vector CSRs
According to version 20250508 of the unprivileged specification:
- vtype: bits 0..7 used, bit XLEN-1 illegal, rest reserved
=> fix to 64-bits.
- vxsat: bit 0 used, vxrm which would occupy bits 1..2 is stored
separately, and bits 3..31 are set to 0
=> fix to 8-bits.
- vxrm: 2 lowest bits are used for rounding mode, rest set to 0
=> fix to 8-bits.
- vstart: maximum value of VLMAX-1, where VLMAX is at most 2^16
=> fix to 32-bits as vstart is mapped to a TCG global.
- vl: maximum value of VLEN which is at most 2^16
=> fix to 32-bits as vl is mapped to a TCG global.
Fields are shuffled for reduced padding.
Note, the cpu/vector VMSTATE version is bumped, breaking migration from
older versions.
Signed-off-by: Anton Johansson <anjo@rev.ng> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260520125406.28693-3-anjo@rev.ng> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anton Johansson [Wed, 20 May 2026 12:53:39 +0000 (14:53 +0200)]
target/riscv: Fix size of gpr and gprh
gprh is only needed for TARGET_RISCV64 when modeling 128-bit registers,
fixing their size to 64 bits makes sense.
gpr is also fixed to 64 bits since all direct uses of env->gpr
correctly zero extend/truncate to/from target_ulong, meaning
!TARGET_RISCV64 will behave as expected.
We do however need to be a bit careful when mapping 64-bit fields to
32-bit TCGv globals on big endian hosts.
Note, the cpu/rv128 VMSTATE version is bumped, breaking migration from
older versions.
Signed-off-by: Anton Johansson <anjo@rev.ng> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20260520125406.28693-2-anjo@rev.ng> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/cpu_helper.c: allow LOAD_ADDR_MIS promotion to AMO fault
promote_load_fault() is missing the promotion of misaligned AMO load
addresses, i.e. RISCV_EXCP_LOAD_ADDR_MIS should be promoted to
RISCV_EXCP_STORE_AMO_ADDR_MIS when RISCV_UW2_ALWAYS_STORE_AMO (i.e.
always_storeamo is true).
All other load AMO faults are already being covered.
Cc: qemu-stable@nongnu.org Fixes: 98f21c30f5 ("target/riscv: AMO operations always raise store/AMO fault")
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3503 Signed-off-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Message-ID: <20260522181353.429782-1-daniel.barboza@oss.qualcomm.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/insn_trans/trans_rvzicbo.c.inc: save opcode before helpers
All helpers from this file can trigger ILLEGAL_INSN exceptions via
check_zicbo_envcfg() directly, bypassing the usual exception code from
translate.c. If we don't save the opcode before each helper,
riscv_raise_exception() is triggered and env->bins won't be unwind during
cpu_loop_exit_restore() (code path cpu_restore_state ->
cpu_restore_state_from_tb() -> restore_state_to_opc()).
And finally, in riscv_cpu_do_interrupt(), we will set (m)tval = 0 when we can,
instead, set it to the cbo opcode that generated the exception.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3380 Signed-off-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20260520214704.1943652-1-daniel.barboza@oss.qualcomm.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Zephyr Li [Fri, 22 May 2026 03:31:44 +0000 (11:31 +0800)]
target/riscv: Reject Svinval instructions in U-mode
The RISC-V privileged specification requires SFENCE.W.INVAL and
SFENCE.INVAL.IR to raise an illegal instruction exception when executed
in U-mode. Check the current privilege mode during translation and reject these
instructions in U-mode, so they are reported as illegal instructions.
Add a helper to reject these instructions in U-mode during translation.
Suggested-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com> Signed-off-by: Zephyr Li <fritchleybohrer@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com> Reviewed-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>
Message-ID: <20260522033145.17850-1-fritchleybohrer@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Zephyr Li [Mon, 25 May 2026 02:42:20 +0000 (10:42 +0800)]
target/riscv: Do not hide Sstc CSRs from gdbstub
The Sstc predicate currently checks both ext_sstc and rdtime_fn. This
causes the gdbstub CSR XML generation to skip Sstc CSRs when rdtime_fn
has not been initialized yet, even if the CPU supports Sstc.
As a result, GDB reports $stimecmp as void with a CPU that exposes the
sstc extension.
Only use ext_sstc for the early existence check, and keep the rdtime_fn
check for non-debugger accesses.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3496 Signed-off-by: Zephyr Li <fritchleybohrer@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Message-ID: <20260525024220.39027-1-fritchleybohrer@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
We forgot to add 'cbo' insns to disas/riscv.c. The result is that the
disassembler recognizes all of them as 'lq', an insn that happens to
share the same opcode space.
While we're at it reorder cbo_* entries in insn32.decode using opcode
order instead of insn name.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3480 Signed-off-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com> Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260519204714.1376551-1-daniel.barboza@oss.qualcomm.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/csr.c: do not allow mstatus MPV/GVA writes
The priv spec states the following about mstatus.MPV:
"The MPV bit (Machine Previous Virtualization Mode) is written by the
implementation whenever a trap is taken into M-mode."
And, about mstatus.GVA:
"Field GVA (Guest Virtual Address) is written by the implementation
whenever a trap is taken into M-mode."
Both are written during riscv_cpu_do_interrupt(). They're not supposed
to be written by userspace. As far as write_mstatus goes these fields
are read only. The same applies for mstatush.MPV/mstatush.GVA.
Fixes: 03dd405dd5 ("target/riscv: Support MSTATUS.MPV/GVA only when RVH is enabled") Signed-off-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com> Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20260514194537.2416243-2-daniel.barboza@oss.qualcomm.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Replace manual bit manipulation for better readability:
- TOR: Use ROUND_DOWN() to clear lower bits
- NAPOT: Use deposit64() to set lower bits
Signed-off-by: Jay Chang <jay.chang@sifive.com> Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Message-ID: <20260520063606.36600-3-jay.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jay Chang [Wed, 20 May 2026 06:36:05 +0000 (14:36 +0800)]
target/riscv: Align pmp size to pmp-granularity
When configuring pmpcfg (TOR, NA4, or NAPOT) and pmpaddr, if the
value is smaller than the PMP granularity, it needs to be aligned
to the PMP granularity.
Signed-off-by: Jay Chang <jay.chang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com> Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Message-ID: <20260520063606.36600-2-jay.chang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv/tcg: disable svpbmt if satp_mode < sv39
Priv spec chapter "Svpbmt Extension for Page-Based Memory Types, Version
1.0" mentions that "The Svpbmt extension depends on the Sv39
extension.".
We're not doing any satp checks when enabling svpbmt. This causes
problems with the riscv32 'max' CPU that happens to be enabling svpbmt
even though it doesn't support the required satp mode. In fact all rv32
CPUs are allowing menvcfg.PBMTE writes, which doesn't make sense for
them in any circunstance since svpbmt is not possible for rv32 at this
moment [1].
This also impacts rv64 CPUs that are running in satp 'bare' mode and are
reporting svpbmt in the riscv,isa.
All these problems can be solved by disabling svpbmt if satp_mode is not
at least sv39. The problem reported in [1] goes away because we'll
never enable MENVCFG_PBMTE write mask in write_menvcfgh(). We're also
become consistent with how svpbmt is enabled for rv64.
In case the user enables svpbmt in the command line using an invalid setup,
not just disable svpbmt but also throw a warning:
$ ./build/qemu-system-riscv64 -M virt,dumpdtb=fdt.dtb \
-cpu max,sv39=off,sv48=off,sv57=off,sv64=off,svpbmt=on
qemu-system-riscv64: warning: svpbmt requires at least satp sv39, current satp mode: none
Stefan Hajnoczi [Sat, 13 Jun 2026 18:02:07 +0000 (14:02 -0400)]
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2026-06-12
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmosOqUACgkQgqpKJDse
# lHi4ng/9FmaFMx383U6vPWBbw/Q8IsqOD35yr71vJ6iaI3UL2ALoPHD7DUzSXf39
# 815jx1fuiFUIjC9GgTIYDpi7ArahNLiyHWcosKfXPNO/W/6vqKfDEwlVkBgLgbRm
# dSF+ds2v+1sxSoarrnrVZL+FLcX3hEJ2I1MDp+6oLDqt9SScIADZ4RFVZq3eNVZT
# z8FLXyLQDlhO4YNBUTZ7UwqD2PcPSfaxAFxGCuBD5WdHepi1spJvg2RrznqDnbf0
# keG2Zn1lfJNdqRD5K98k04eFKTIPUCWp/2uQpb4J6A0khJB+LT6CYm0oZpSkKbgT
# hHVmi6GGZSDNipDFpOvj97DBqdaPUeWNlOQFE0WfA9jVllC4MPBI7rOUHYzoqVFj
# iRXNVZkOpTKfznZzvkZv60sxoKZ+CiCqx9qCXqk0plhX3ycMni/ml8jTVLtXZc4F
# tWo3YxSaBjMAOe5Kx7J5r7+Sk9FiA/YuRUL5LjpTAIDFv7yQftR4hHwdURl0oCHJ
# UTEiOvVJae1fZTmtUUzqXl4+JVuyBpn3padc5ivq+yszhFbdmUryQA+s0q/qnDi+
# vaHtE4AKu7ENFiNmksGOsj5t9SWwf7s7J+Z2rBJVCcvpPgRuEMWajqrc1xlGNPz5
# fZ9P6rlOSWqtsv8laYfCTeWVQywgFdgBmUUnlGLt7OLw9Kxu644=
# =nFAH
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 12 Jun 2026 12:58:13 EDT
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [unknown]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [unknown]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
qemu-options: fix typo in spelling of 'scheduler'
igvm: spit out region size on error
hw/xtensa: replace calloc with g_new0 in mx_pic
block/io: Use QEMU_LOCK_GUARD to simplify mutex handling
net/colo-compare: Use QEMU_LOCK_GUARD to simplify mutex handling
system/rtc: Fix a possible year-2038 integer overflow problem
hw/display/vga: Fix debug message
net/slirp: allow hostfwd socket paths with dashes
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Sat, 13 Jun 2026 18:00:45 +0000 (14:00 -0400)]
Merge tag 'linux-user-pull-request' of https://github.com/hdeller/qemu-hppa into staging
linux-user patches
Add preadv2/preadv2 syscalls, fix FP registers across signals on xtensa, and
add emulation for /proc/cpuinfo for ppc CPUs
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaiwqxgAKCRD3ErUQojoP
# XxmZAP9iBF5wk2mDxxOZxhJ5vTwCKMAeOi2uZSfNzyGewYMw4gEAtQjRmpnAWOxs
# 2XwGM8hzu+/kdgDu7nRfWViWkQuBfw0=
# =7lvQ
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 12 Jun 2026 11:50:30 EDT
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: aka "Helge Deller <deller@debian.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'linux-user-pull-request' of https://github.com/hdeller/qemu-hppa:
linux-user/xtensa: save/restore FP registers across signal delivery
target/xtensa: add cpu_set_fcr/fsr helpers to sync fp_status
linux-user: Implement /proc/cpuinfo for ppc cpus
linux-user: add preadv2/preadv2
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Matt Turner [Fri, 12 Jun 2026 14:14:06 +0000 (10:14 -0400)]
linux-user/xtensa: save/restore FP registers across signal delivery
Add support for saving and restoring f0-f15 across signal delivery.
The target_xtensa_xtregs_fp struct carries 32-bit f-regs for cores
with XTENSA_OPTION_FP_COPROCESSOR; target_xtensa_xtregs_dfp carries
64-bit f-regs for cores with XTENSA_OPTION_DFP_COPROCESSOR.
Lock the xtregs region via lock_user before reading on sigreturn,
since sc_xtregs is a user-space pointer that may lie outside the
locked sigframe.
Signed-off-by: Matt Turner <mattst88@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de>
Matt Turner [Wed, 10 Jun 2026 15:25:36 +0000 (11:25 -0400)]
target/xtensa: add cpu_set_fcr/fsr helpers to sync fp_status
Factor FCR→fp_status and FSR→fp_status synchronisation out of the
wur_fpu{2k,}_fcr/wur_fpu_fsr helpers into cpu_set_fcr(), cpu_set_fsr(),
and cpu_get_fsr(). Signal delivery code needs to restore the FP rounding
mode and exception flags without duplicating the flag-mapping tables.
cpu_set_fcr() applies the union mask 0xfffff07f (superset of the
wur_fpu_fcr mask 0x0000007f and the wur_fpu2k_fcr mask 0xfffff07f) so
that FCR bits valid only on fpu2k configs are preserved while MBZ bits
7-11 are always cleared.
Signed-off-by: Matt Turner <mattst88@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Thu, 11 Jun 2026 21:26:33 +0000 (23:26 +0200)]
linux-user: Implement /proc/cpuinfo for ppc cpus
Mimic the entries for /proc/cpuinfo to what can be seen on two debian
porterboxes (ppc64 and ppc64le), which are running via KVM/QEMU.
The "timebase" value in /proc/cpuinfo is used by glibc on power, but only if
the __kernel_get_tbfreq vdso call isn't implemented. So switch
cpu_ppc_load_tbl() for linux-user to get_clock(), as suggested by Richard, and
report timebase = 1GHz in /proc/cpuinfo, which will make the vdso
implementation simple too.
v4: change timebase to 1GHz and use get_clock()
v3: drop another colon, indenting fixes
v2: drop colon, add clock output, refine pvr calculation
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de>
Ani Sinha [Sun, 7 Jun 2026 14:41:44 +0000 (20:11 +0530)]
igvm: spit out region size on error
This change makes the error message provide more details on the values that
caused the error. Cosmetic, no functional change. Only useful for debugging
purpose.
CC: qemu-trivial@nongnu.org Signed-off-by: Ani Sinha <anisinha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@mailo.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Replace libc calloc() with GLib g_new0() for consistency with the
rest of the QEMU codebase. g_new0() aborts on allocation failure
rather than returning NULL, which matches QEMU's allocation policy.
Signed-off-by: Ajinkya Udgirkar <audgirka@redhat.com> Reviewed-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
And QEMU_CLOCK_REALTIME might be based on gettimeofday() in certain
cases (see get_clock_realtime() in include/qemu/timer.h). So this
counter will exceed 32 bits in the year 2038, thus we should not
store this value in a normal integer variable. Change it to a time_t
to fix the problem.
And while we're at it, also adjust the nearby rtc_host_datetime_offset
variable to be on the safe side in the related code.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Michael Tokarev [Tue, 17 Mar 2026 08:27:18 +0000 (11:27 +0300)]
net/slirp: allow hostfwd socket paths with dashes
The format of hostfwd parameter is:
hostfwd=hostpart-guestaddr:guestport
so a minus sign can not be part of the hostpart.
If hostpart specifies a unix socket path, this becomes problematic.
To solve this, look for the LAST minus/dash char in the string,
not first.
Unfortunately, [-guestaddr] is optional (defaults to 10.0.0.15),
so we still can't parse the thing in an uniform way.
Extend get_str_sep() to accept negative separator to indicate searching
from the end of buffer, to find the last occurence. Update slirp_hostfwd
to search for the last separator when parsing unix domain socket path.
Inspired-by: Christopher Palmer-Richez <crichez@pm.me>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/347 Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Keoseong Park [Tue, 9 Jun 2026 04:12:28 +0000 (13:12 +0900)]
tests/qtest: Add UFS HID qtest
Cover the HID attribute permission table, the disable / analysis /
defrag state transitions, partial defrag bounded by dHIDSize, and
the terminal auto-reset behaviors.
Signed-off-by: Keoseong Park <keosung.park@samsung.com> Reviewed-by: Jeuk Kim <jeuk20.kim@samsung.com> Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
Successful user-data SCSI WRITE commands increment an internal
fragment counter; HID analysis publishes the counter through
dHIDAvailableSize. Defrag operates on min(dHIDSize,
dHIDAvailableSize), so a small dHIDSize yields a partial defrag.
bDefragOperation auto-clears on terminal state. The state machine
advances from ufs_process_idle(); transitions occur only while the
device is idle.
Signed-off-by: Keoseong Park <keosung.park@samsung.com> Reviewed-by: Jeuk Kim <jeuk20.kim@samsung.com> Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
Stefan Hajnoczi [Thu, 11 Jun 2026 17:22:49 +0000 (13:22 -0400)]
Merge tag 'linux-user-pull-request' of https://github.com/hdeller/qemu-hppa into staging
linux-user patches for alpha, sparc and sh4
Various linux-user related patches from Matt Turner with coredump support for
alpha and sparc, as well as some fixes for the signal handler in sparc.
The patches from Xinhui Yang add the missing fsmount series syscalls support
for systemd.
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaimUqgAKCRD3ErUQojoP
# X82/APsHNDNgLBaVZpddfYs3HxFbIVyn+i2BBvVzPNopJYdciQD+NmjnXo+9NC1O
# ld6wztNGYQSx2t09tpctYpPeaBchUQY=
# =43TP
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 10 Jun 2026 12:45:30 EDT
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: aka "Helge Deller <deller@debian.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'linux-user-pull-request' of https://github.com/hdeller/qemu-hppa:
target/sh4: decode_gusa: recognize add#imm with prior mov Rm, Rn
linux-user/sparc: flush register windows before core dump
linux-user/sparc: call block_signals() before set_sigmask() in setcontext
linux-user/sparc: restore L/I registers from RSA in sparc64_set_context
linux-user/sparc: add coredump support
linux-user/alpha: add coredump support
linux-user/strace: add fsmount series of syscalls
linux-user: implement fsmount(2) series of syscalls
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-target-arm-20260610' of https://gitlab.com/pm215/qemu: (71 commits)
target/arm: Enable FEAT_F8F16MM for -cpu max
target/arm: Implement FMMLA (FP8 to FP16) for SVE
target/arm: Implement FMMLA (FP8 to FP16) for AdvSIMD
target/arm: Enable FEAT_F8F32MM for -cpu max
target/arm: Implement FMMLA (FP8 to FP32) for SVE
target/arm: Implement FMMLA (FP8 to FP32) for AdvSIMD
target/arm: Enable FEAT_FP8DOT2, FEAT_SSVE_FP8DOT2 for -cpu max
target/arm: Implement FDOT (FP8 to FP16) for SVE
target/arm: Implement FDOT (FP8 to FP16) for AdvSIMD
target/arm: Enable FEAT_FP8DOT4, FEAT_SSVE_FP8DOT4 for -cpu max
target/arm: Implement FDOT (FP8 to FP32) for SVE
target/arm: Implement FDOT (FP8 to FP32) for AdvSIMD
target/arm: Enable FEAT_FP8FMA, FEAT_SSVE_FP8FMA for -cpu max
target/arm: Implement FMLALL{BB,BT,TB,TT} for SVE
target/arm: Implement FMLALL{BB, BT, TB, TT} for AdvSIMD
target/arm: Implement FMLALB, FMLALT (FP8 to FP16) for SVE
target/arm: Implement FMLALB, FMLALT for AdvSIMD
target/arm: Enable FEAT_SME_LUTv2 for -cpu max
target/arm: Implement LUTI4 (four registers, 8-bit)
target/arm: Implement MOVT (vector to table)
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Matt Turner [Mon, 25 May 2026 15:27:39 +0000 (11:27 -0400)]
target/sh4: decode_gusa: recognize add#imm with prior mov Rm, Rn
The gUSA pattern matcher rejected `add #imm, Rn` whenever any prior
`mov Rm, Rn` appeared (mv_src >= 0), forcing a fallback to
cpu_exec_step_atomic for sequences like:
mov.l @r2, r3 ; load
mov r3, r7 ; save old value (mv_src == ld_dst)
add #1, r7 ; increment copy
mov.l r7, @r2 ; store
When mv_src == ld_dst the move merely copies the loaded value to
preserve it -- exactly the situation already accepted for the
`add Rm, Rn` form. The immediate form can be handled identically with
tcg_gen_atomic_fetch_add_i32 + tcg_gen_add_i32, so translate it inline
instead of taking the slower single-step atomic fallback.
Signed-off-by: Matt Turner <mattst88@gmail.com> Cc: Yoshinori Sato <yoshinori.sato@nifty.com> Cc: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de>
Matt Turner [Thu, 4 Jun 2026 00:30:59 +0000 (20:30 -0400)]
linux-user/sparc: flush register windows before core dump
Without this, only the crash frame's window is spilled to the
stack; all deeper call frames remain in the register file and
are absent from the core's memory segments. Stack unwinding
fails past the first DWARF step because the callers' register
save areas contain stale/garbage data.
The real kernel calls flush_all_user_windows() at the top of
do_coredump(). Mirror that via a weak target_flush_windows()
hook called from dump_core_and_abort(), with the SPARC override
calling the existing flush_windows() in cpu_loop.c.
Signed-off-by: Matt Turner <mattst88@gmail.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Helge Deller <deller@gmx.de>
Matt Turner [Wed, 3 Jun 2026 16:18:51 +0000 (12:18 -0400)]
linux-user/sparc: call block_signals() before set_sigmask() in setcontext
sparc64_set_context() emulates the kernel's `ta 0x6f` trap by calling
set_sigmask() to install the mask supplied via the user's ucontext_t.
The contract of set_sigmask() (see its comment in linux-user/signal.c)
is that the caller must have first called block_signals(), which sets
TaskState::signal_pending.
Without block_signals(), if a guest signal is pending-and-blocked at
the time setcontext is invoked and the new mask unblocks it,
signal_pending stays 0 and the post-trap process_pending_signals()
call in linux-user/sparc/cpu_loop.c never enters its while loop, so
the now-deliverable signal is left undelivered indefinitely.
This affects programs that use getcontext/setcontext to swap signal
masks, including libunwind's unw_resume() out of a signal handler:
without this fix, the test program below loops forever printing
"calling setcontext" instead of delivering the pending SIGUSR2.
The 32-bit sparc do_sigreturn / do_rt_sigreturn paths already get
block_signals() from the rt_sigreturn syscall wrapper in
linux-user/syscall.c, so only sparc64_set_context (invoked directly
from cpu_loop) needs the addition.
Signed-off-by: Matt Turner <mattst88@gmail.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Helge Deller <deller@gmx.de>
Matt Turner [Wed, 3 Jun 2026 16:18:50 +0000 (12:18 -0400)]
linux-user/sparc: restore L/I registers from RSA in sparc64_set_context
The kernel's do_rt_sigreturn loads L and I registers from the register
save area (RSA) at the restored O6+STACK_BIAS. QEMU lacks the kernel's
window-fill path, so restore L0-L7 and I0-I5 explicitly from the RSA.
I6 and I7 are already restored from mc_fp/mc_i7.
Signed-off-by: Matt Turner <mattst88@gmail.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Helge Deller <deller@gmx.de>
Also define ELF_MACHINE as EM_SPARC32PLUS for TARGET_ABI32 builds,
matching the kernel and ensuring the correct machine type appears in
the core file.
Implement elf_core_copy_regs() in elfload.c to populate the gregset
from CPUSPARCState, including L0-L7 and I0-I7 from env->regwptr.
A memset() at entry zeros the trailing reserved slots.
Without this, bprm->core_dump is NULL for SPARC targets. When a
guest signal goes unhandled, dump_core_and_abort() skips the core
write and falls through to die_with_signal(), which re-raises the
signal to the host. The host kernel then writes an x86-64 core file
for the qemu-sparc process instead of a SPARC guest core.
Populating the full register layout is required for tools like
libunwind-coredump, which reads pr_reg[33] for the trap PC and
pr_reg[16..31] for the windowed registers.
Signed-off-by: Matt Turner <mattst88@gmail.com> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Helge Deller <deller@gmx.de>
Matt Turner [Mon, 25 May 2026 21:53:08 +0000 (17:53 -0400)]
linux-user/alpha: add coredump support
Define HAVE_ELF_CORE_DUMP and target_elf_gregset_t in target_elf.h,
mirroring the kernel's elf_gregset_t (ELF_NGREG = 66): r0-r31
[0..31], f0-f31 [32..63], pc [64], unique [65]. Implement
elf_core_copy_regs() in elfload.c to populate the gregset from
CPUAlphaState.
Without this, bprm->core_dump is NULL for Alpha targets. When a
guest signal goes unhandled, dump_core_and_abort() skips the core
write and falls through to die_with_signal(), which re-raises the
signal to the host. The host kernel then writes an x86-64 core file
for the qemu-alpha process instead of an Alpha guest core.
v2: Store thread unique field, same as in Linux kernel. Added by Helge &
suggested by Richard.
Signed-off-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Xinhui Yang [Fri, 29 May 2026 06:53:21 +0000 (14:53 +0800)]
linux-user/strace: add fsmount series of syscalls
Following the addition of fsmount(2) series of syscalls in the syscall
handler, strace support is added, with a dedicated function to print the
parameters of fsconfig(2), which contains parameters that can be
interpreted as multiple types.
Snippet of the strace dump when running `mount -t tmpfs tmpfs /media`:
18 fsopen(tmpfs,1) = 3
18 read(3,0x407fcf1c,8191) = -1 errno=61 (No data available)
18 fsconfig(3,FSCONFIG_SET_STRING,"source","tmpfs",0) = 0
18 read(3,0x407fce3c,8191) = -1 errno=61 (No data available)
18 fsconfig(3,FSCONFIG_CMD_CREATE,NULL,NULL,0) = 0
18 read(3,0x407fce3c,8191) = -1 errno=61 (No data available)
18 fsmount(3,1,0) = 4
18 read(3,0x407fce3c,8191) = -1 errno=61 (No data available)
18 statx(4,"",AT_EMPTY_PATH|AT_STATX_SYNC_AS_STAT,0x1000,0x407fee98) = 0
18 move_mount(4,,-100,/media,4) = 0
18 read(3,0x407fcfcc,8191) = -1 errno=61 (No data available)
18 close(3) = 0
18 close(4) = 0
v2: Fixed build on RHEL9 due to missing syscalls (Helge)
Xinhui Yang [Fri, 29 May 2026 06:53:20 +0000 (14:53 +0800)]
linux-user: implement fsmount(2) series of syscalls
This series of syscalls replaces the old mount(2) syscall with a series
of syscalls that operates around a filesystem context. This series of
syscalls is available since Linux 5.2 and glibc 2.36+.
Their users include systemd since v259 and libmount from util-linux, and
possibly other widely used projects.
Preliminary checks are implemented to ensure the validity of the
interface.
v2: Add syscall wrappers in case the build machine does not
support the fsmount() syscalls. (added by Helge Deller)
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-46-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-45-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FMMLA (FP8 to FP16) for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-44-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-43-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-42-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FMMLA (FP8 to FP32) for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-41-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Enable FEAT_FP8DOT2, FEAT_SSVE_FP8DOT2 for -cpu max
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-40-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-39-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FDOT (FP8 to FP16) for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-38-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Enable FEAT_FP8DOT4, FEAT_SSVE_FP8DOT4 for -cpu max
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-37-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-36-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FDOT (FP8 to FP32) for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-35-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Enable FEAT_FP8FMA, FEAT_SSVE_FP8FMA for -cpu max
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-34-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-33-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FMLALL{BB, BT, TB, TT} for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-32-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FMLALB, FMLALT (FP8 to FP16) for SVE
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-31-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-30-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-29-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-28-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-27-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Update ID_AA64SMFR0_EL1 fields to ARM M.b
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-26-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-25-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-24-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-23-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-22-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FCVT, FCVTN (FP32 to FP8) for SME
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-21-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-20-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-19-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FCVTN (16- to 8-bit fp) for SVE
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-18-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FCVTN, FCVTN2 (32- to 8-bit fp) for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-17-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement FCVTN (16- to 8-bit fp) for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-16-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-15-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement F1CVT, F1CVTL, F2CVT, F2CVTL for SME
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-14-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement F1CVT, F1CVTLT, F2CVT, F2CVTLT for SVE
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-13-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement F1CVTL, F1CVTL2, F2CVTL, F2CVTL2 for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-12-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement BF1CVT, BF1CVTL, BF2CVT, BF2CVTL for SME
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-11-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The existing pattern is BFCVT (single-precision to BFloat16).
In preparation for introducing more insns of the same name,
append the operand sizes.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-10-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement BF1CVT, BF1CVTLT, BF2CVT, BF2CVTLT for SVE
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-9-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement BF1CVTL, BF1CVTL2, BF2CVTL, BF2CVTL2 for AdvSIMD
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Create a function to set all default controls for a float_status.
Other settings for specific FPST will be set afterward.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Rename to TRANS_FEAT_STREAMING_IF and add a new parameter.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260609192110.752384-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use softfloat-parts.h so that we can more naturally
perform the required operations witha single rounding step.
This happens to also simplify the NaN detection step.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260609192110.752384-4-richard.henderson@linaro.org
Message-Id: <20260517002550.321291-11-richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use softfloat-parts.h so that we can more naturally
perform the required operations witha single rounding step.
This happens to also simplify the NaN detection step.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260609192110.752384-2-richard.henderson@linaro.org
Message-Id: <20260517002550.321291-9-richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
fpu: Handle all rounding modes in partsN_round_to_int_normal
Missed float_round_nearest_even_max and float_round_to_odd_inf
in both switch statements.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Message-id: 20260608190155.637067-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 29 May 2026 14:36:24 +0000 (15:36 +0100)]
hw/dma/pl080: Don't use hw_error() for unimplemented features
In the pl080 device, we don't implement "peripheral flow control",
which is where the DMA engine can be programmed to transfer data
until a source or destination peripheral tells it to stop. We
currently call hw_error() if the guest tries to use this missing
feature, which prints a register dump and aborts QEMU.
Change the hw_error() call to the LOG_UNIMP log-and-continue,
which is how we prefer to report guest attempts to use
unimplemented features these days.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3409 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260529143624.158935-3-peter.maydell@linaro.org
Peter Maydell [Fri, 29 May 2026 14:36:23 +0000 (15:36 +0100)]
hw/intc/exynos4210_combiner: Avoid hw_error for guest errors
In the exynos4210_combiner device, several cases of bad register
offsets passed by the guest are handled by calling hw_error(). This
causes QEMU to abort with a guest register dump. These days we
prefer to handle "guest does something wrong" by logging it and
continuing.
Update the hw_error() calls to qemu_log_mask(LOG_GUEST_ERROR).
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3396 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260529143624.158935-2-peter.maydell@linaro.org
Alex Bennée [Fri, 29 May 2026 08:29:43 +0000 (09:29 +0100)]
target/arm: ensure aarch64 DISAS_WFE will exit
This mirrors the logic for DISAS_WFE in 32 bit world. As the WFE/WFI
have similar behaviours shuffle the case statements around a little
and update the commentary to cover both.
Fixes: 252ec405768 (target-arm: implement WFE/YIELD as a yield for AArch64) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260529082948.363931-5-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Fri, 29 May 2026 08:29:42 +0000 (09:29 +0100)]
target/arm: redefine event stream fields
The event stream control bits are the same for both CNTHCTL and
CNTKCTL so rather than duplicating the definitions rename them to be
useful in both cases.
We will need these in a later commit when we start implementing event
streams.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260529082948.363931-4-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Fri, 29 May 2026 08:29:41 +0000 (09:29 +0100)]
target/arm: teach arm_cpu_has_work about halting reasons
With the advent of WFE and WFI we need to pay closer attention to the
reason why the vCPU may be sleeping to figure out if we should wake
it up.
Create env->halt_reason to track this and then re-order the tests so
we:
- ignore everything is the vCPU is powered off
- wake up if the event_register is set and we were in a WFE
- otherwise any IRQ event does wake the vCPU up.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260529082948.363931-3-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gabriel Brookman [Fri, 29 May 2026 19:52:55 +0000 (12:52 -0700)]
tests/tcg: add test for MTE_STORE_ONLY
Added a test that checks that MTE checks are not performed on loads when
MTE_STORE_ONLY is enabled.
Signed-off-by: Gabriel Brookman <brookmangabriel@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260529-feat-mte4-v7-15-ccbd3c14eb3c@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gabriel Brookman [Fri, 29 May 2026 19:52:54 +0000 (12:52 -0700)]
tests/tcg: add test for MTE FAR
This functionality was previously enabled but not advertised or tested.
This commit adds a new test, mte-9, that tests the code for proper
full-address reporting. FEAT_MTE_TAGGED_FAR requires that FAR_ELx
report the full logical address, including tag bits.
Signed-off-by: Gabriel Brookman <brookmangabriel@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260529-feat-mte4-v7-14-ccbd3c14eb3c@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gabriel Brookman [Fri, 29 May 2026 19:52:53 +0000 (12:52 -0700)]
docs: add MTE4 features to docs
The implemented MTE4 features are now present in
docs/system/arm/emulation.rst
Signed-off-by: Gabriel Brookman <brookmangabriel@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260529-feat-mte4-v7-13-ccbd3c14eb3c@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / thirdparty / qemu.git / log
