History log of /openbmc/qemu/target/arm/tcg/translate.c (Results 1 – 25 of 65)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: v9.2.0, v9.1.2
# 6d62f309 05-Nov-2024 Peter Maydell <peter.maydell@linaro.org>

target/arm: Add new MMU indexes for AArch32 Secure PL1&0

Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure

target/arm: Add new MMU indexes for AArch32 Secure PL1&0

Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure PL1&0 translation regime:
* code at EL3, which might be Mon, or SVC, or any of the
other privileged modes (PL1)
* code at EL0 (Secure PL0)

This is different from when EL3 is AArch64, in which case EL3 is its
own translation regime, and EL1 and EL0 (whether AArch32 or AArch64)
have their own regime.

We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't
do anything special about Secure PL0, which meant it used the same
ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug
where arm_sctlr() incorrectly picked the NonSecure SCTLR as the
controlling register when in Secure PL0, which meant we were
spuriously generating alignment faults because we were looking at the
wrong SCTLR control bits.

The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that
we wouldn't honour the PAN bit for Secure PL1, because there's no
equivalent _PAN mmu index for it.

Fix this by adding two new MMU indexes:
* ARMMMUIdx_E30_0 is for Secure PL0
* ARMMMUIdx_E30_3_PAN is for Secure PL1 when PAN is enabled
The existing ARMMMUIdx_E3 is used to mean "Secure PL1 without PAN"
(and would be named ARMMMUIdx_E30_3 in an AArch32-centric scheme).

These extra two indexes bring us up to the maximum of 16 that the
core code can currently support.

This commit:
* adds the new MMU index handling to the various places
where we deal in MMU index values
* adds assertions that we aren't AArch32 EL3 in a couple of
places that currently use the E10 indexes, to document why
they don't also need to handle the E30 indexes
* documents in a comment why regime_has_2_ranges() doesn't need
updating

Notes for backporting: this commit depends on the preceding revert of
4c2c04746932; that revert and this commit should probably be
backported to everywhere that we originally backported 4c2c04746932.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2588
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241101142845.1712482-3-peter.maydell@linaro.org
(cherry picked from commit efbe180ad2ed75d4cc64dfc6fb46a015eef713d1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...


# f147ed37 05-Nov-2024 Peter Maydell <peter.maydell@linaro.org>

Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"

This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.

This commit tried to fix a problem with our usage of MMU indexes when

Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"

This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.

This commit tried to fix a problem with our usage of MMU indexes when
EL3 is AArch32, using what it described as a "more complicated
approach" where we share the same MMU index values for Secure PL1&0
and NonSecure PL1&0. In theory this should work, but the change
didn't account for (at least) two things:

(1) The design change means we need to flush the TLBs at any point
where the CPU state flips from one to the other. We already flush
the TLB when SCR.NS is changed, but we don't flush the TLB when we
take an exception from NS PL1&0 into Mon or when we return from Mon
to NS PL1&0, and the commit didn't add any code to do that.

(2) The ATS12NS* address translate instructions allow Mon code (which
is Secure) to do a stage 1+2 page table walk for NS. I thought this
was OK because do_ats_write() does a page table walk which doesn't
use the TLBs, so because it can pass both the MMU index and also an
ARMSecuritySpace argument we can tell the table walk that we want NS
stage1+2, not S. But that means that all the code within the ptw
that needs to find e.g. the regime EL cannot do so only with an
mmu_idx -- all these functions like regime_sctlr(), regime_el(), etc
would need to pass both an mmu_idx and the security_space, so they
can tell whether this is a translation regime controlled by EL1 or
EL3 (and so whether to look at SCTLR.S or SCTLR.NS, etc).

In particular, because regime_el() wasn't updated to look at the
ARMSecuritySpace it would return 1 even when the CPU was in Monitor
mode (and the controlling EL is 3). This meant that page table walks
in Monitor mode would look at the wrong SCTLR, TCR, etc and would
generally fault when they should not.

Rather than trying to make the complicated changes needed to rescue
the design of 4c2c04746932, we revert it in order to instead take the
route that that commit describes as "the most straightforward" fix,
where we add new MMU indexes EL30_0, EL30_3, EL30_3_PAN to correspond
to "Secure PL1&0 at PL0", "Secure PL1&0 at PL1", and "Secure PL1&0 at
PL1 with PAN".

This revert will re-expose the "spurious alignment faults in
Secure PL0" issue #2326; we'll fix it again in the next commit.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-id: 20241101142845.1712482-2-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 056c5c90c171c4895b407af0cf3d198e1d44b40f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...


# f15f7273 05-Nov-2024 Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-target-arm-20241105' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Fix MMU indexes for AArch32 Secure PL1&0 in a less complex and buggy way
*

Merge tag 'pull-target-arm-20241105' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* Fix MMU indexes for AArch32 Secure PL1&0 in a less complex and buggy way
* Fix SVE SDOT/UDOT/USDOT (4-way, indexed)
* softfloat: set 2-operand NaN propagation rule at runtime
* disas: Fix build against Capstone v6 (again)
* hw/rtc/ds1338: Trace send and receive operations
* hw/timer/imx_gpt: Convert DPRINTF to trace events
* hw/watchdog/wdt_imx2: Remove redundant assignment
* hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access
* hw/net/npcm_gmac: Change error log to trace event
* target/arm: Enable FEAT_CMOW for -cpu max

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmcp/yoZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3ucMD/9pWk2ETLjdviPxlacs5IoM
# HvGn8Ll2BSMbeb4YdJc7oZ4YJchGpgHhocEwZuaU9HheWjSg+ZEbyhZgN4DdkT8J
# pYr+Rl0MgDNN219kYnO/yqnqlgHbtUpE7y57Li3ApoGNbWAVxsH0xoT45Lpi7DOd
# uvJfIy/xdaT3zu/4uBjj7c2VrD8wntEayLM8hpqlgeQZKRG3Wtlk/xrQFKOHPDPO
# MDbsGoc2FyogRQoo6WH+J6gkkR9PhqXe6Hbf6WIr1/uffZUZU4M8leSw2DgxrYHo
# Zf36AzttwO4GHyML/5SR7uvzfXl7OkGyjedLGCUa7INc3br2+GvLMltdLGGPM9cc
# ckMHOWd9ZQuSxcpbtPkSYRG0McRE1GLT+KV3BNOLnN9AJl3qv5Qa55iPrtpB08vX
# 3jN6H964w99+NoSB2tTHszpep+M7SRuw5QLsuk3tC/qnBMpzKRwZjGVUegNUtfi/
# Lg5ExF8B62K+xb5j5FmODbbXZmb5AD0rV2MGRIVHjiHdnf7J2FmWUJCe2sYFRnRm
# nzszhdOKw4PBhC2fb6Vb/DwCqdQy9vcITWpWBtcjkV5mAPhcBo/VNKNeKoc/tPNS
# H8FIFIJbtv5aIixqtKcUBUmrBCYy4EoiRMLkqfC09VW60wtWswAP4KBQxi1ogehV
# jJw8AgSLCl2MsVmyzgleZQ==
# =Woag
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 05 Nov 2024 11:19:06 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20241105' of https://git.linaro.org/people/pmaydell/qemu-arm: (31 commits)
target/arm: Enable FEAT_CMOW for -cpu max
hw/net/npcm_gmac: Change error log to trace event
hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access
hw/watchdog/wdt_imx2: Remove redundant assignment
hw/timer/imx_gpt: Convert DPRINTF to trace events
hw/rtc/ds1338: Trace send and receive operations
disas: Fix build against Capstone v6 (again)
target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed)
target/arm: Add new MMU indexes for AArch32 Secure PL1&0
Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"
softfloat: Remove fallback rule from pickNaN()
target/rx: Explicitly set 2-NaN propagation rule
target/openrisc: Explicitly set 2-NaN propagation rule
target/microblaze: Explicitly set 2-NaN propagation rule
target/microblaze: Move setting of float rounding mode to reset
target/alpha: Explicitly set 2-NaN propagation rule
target/i386: Set 2-NaN propagation rule explicitly
target/xtensa: Explicitly set 2-NaN propagation rule
target/xtensa: Factor out calls to set_use_first_nan()
target/sparc: Explicitly set 2-NaN propagation rule
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# efbe180a 05-Nov-2024 Peter Maydell <peter.maydell@linaro.org>

target/arm: Add new MMU indexes for AArch32 Secure PL1&0

Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure

target/arm: Add new MMU indexes for AArch32 Secure PL1&0

Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure PL1&0 translation regime:
* code at EL3, which might be Mon, or SVC, or any of the
other privileged modes (PL1)
* code at EL0 (Secure PL0)

This is different from when EL3 is AArch64, in which case EL3 is its
own translation regime, and EL1 and EL0 (whether AArch32 or AArch64)
have their own regime.

We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't
do anything special about Secure PL0, which meant it used the same
ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug
where arm_sctlr() incorrectly picked the NonSecure SCTLR as the
controlling register when in Secure PL0, which meant we were
spuriously generating alignment faults because we were looking at the
wrong SCTLR control bits.

The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that
we wouldn't honour the PAN bit for Secure PL1, because there's no
equivalent _PAN mmu index for it.

Fix this by adding two new MMU indexes:
* ARMMMUIdx_E30_0 is for Secure PL0
* ARMMMUIdx_E30_3_PAN is for Secure PL1 when PAN is enabled
The existing ARMMMUIdx_E3 is used to mean "Secure PL1 without PAN"
(and would be named ARMMMUIdx_E30_3 in an AArch32-centric scheme).

These extra two indexes bring us up to the maximum of 16 that the
core code can currently support.

This commit:
* adds the new MMU index handling to the various places
where we deal in MMU index values
* adds assertions that we aren't AArch32 EL3 in a couple of
places that currently use the E10 indexes, to document why
they don't also need to handle the E30 indexes
* documents in a comment why regime_has_2_ranges() doesn't need
updating

Notes for backporting: this commit depends on the preceding revert of
4c2c04746932; that revert and this commit should probably be
backported to everywhere that we originally backported 4c2c04746932.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2588
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241101142845.1712482-3-peter.maydell@linaro.org

show more ...


# 056c5c90 05-Nov-2024 Peter Maydell <peter.maydell@linaro.org>

Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"

This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.

This commit tried to fix a problem with our usage of MMU indexes when

Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"

This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.

This commit tried to fix a problem with our usage of MMU indexes when
EL3 is AArch32, using what it described as a "more complicated
approach" where we share the same MMU index values for Secure PL1&0
and NonSecure PL1&0. In theory this should work, but the change
didn't account for (at least) two things:

(1) The design change means we need to flush the TLBs at any point
where the CPU state flips from one to the other. We already flush
the TLB when SCR.NS is changed, but we don't flush the TLB when we
take an exception from NS PL1&0 into Mon or when we return from Mon
to NS PL1&0, and the commit didn't add any code to do that.

(2) The ATS12NS* address translate instructions allow Mon code (which
is Secure) to do a stage 1+2 page table walk for NS. I thought this
was OK because do_ats_write() does a page table walk which doesn't
use the TLBs, so because it can pass both the MMU index and also an
ARMSecuritySpace argument we can tell the table walk that we want NS
stage1+2, not S. But that means that all the code within the ptw
that needs to find e.g. the regime EL cannot do so only with an
mmu_idx -- all these functions like regime_sctlr(), regime_el(), etc
would need to pass both an mmu_idx and the security_space, so they
can tell whether this is a translation regime controlled by EL1 or
EL3 (and so whether to look at SCTLR.S or SCTLR.NS, etc).

In particular, because regime_el() wasn't updated to look at the
ARMSecuritySpace it would return 1 even when the CPU was in Monitor
mode (and the controlling EL is 3). This meant that page table walks
in Monitor mode would look at the wrong SCTLR, TCR, etc and would
generally fault when they should not.

Rather than trying to make the complicated changes needed to rescue
the design of 4c2c04746932, we revert it in order to instead take the
route that that commit describes as "the most straightforward" fix,
where we add new MMU indexes EL30_0, EL30_3, EL30_3_PAN to correspond
to "Secure PL1&0 at PL0", "Secure PL1&0 at PL1", and "Secure PL1&0 at
PL1 with PAN".

This revert will re-expose the "spurious alignment faults in
Secure PL0" issue #2326; we'll fix it again in the next commit.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-id: 20241101142845.1712482-2-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

show more ...


Revision tags: v9.1.1, v9.1.0
# 3cc050c5 13-Aug-2024 Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-target-arm-20240813' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values
* target

Merge tag 'pull-target-arm-20240813' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values
* target/arm: Clear high SVE elements in handle_vec_simd_wshli
* target/arm: Fix usage of MMU indexes when EL3 is AArch32

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAma7eSIZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gbJEACHhZAvP4f1vic8DNGPw8Yr
# v+pRQON+vF+PDBSyNkYCRL5Gy1P257Aujw1ed2dpoDhMemC/co67W2zdzToCvDd5
# XZxlHb/iUCTeZbA/Zp66ZADlvVOdvvQL8EHbd4mSBEZp9rvPSmxatx4I5jstLiAV
# 5HimP+AjjGMfklMu+RelW7A7WDRJ0h7F4PwXCA8tLeHPH5XHSkweGYt3OVfSlUAs
# +RKiltByC/quujLHxrQcVtLZON1KKiB0P8VPRcaR1QIFARiR1IfLvzhKVpqyOlnV
# 3a+ZILtCJE1YEM+h7Aunz/l9MQ0DZe5DzbIdKOQ7NUkerlhq81kriPp67yLv25lk
# zgqkHGGDEnIGpSXdmbXTNLcGlH+5O+fWl2RMzYrSFJqvwyRu9egLLi6E0xaNCRvY
# gdb6CGPhhu21C1o5Nax0CiaZe3vzzRvC5QsIJ0yww6y7VaGFVt/XRaKBdLHB97nZ
# t/9ifa3fmhVEW6pQEy8VdAeFoxIT2lJ2xJgBdMwpZCJlCxB8xKU/rZfrXKS/UUqV
# 9Klbcfrx1WFT7zrAWS0Ig7nPttJ+XgjYfgHI3q2e80F6xRmAmaAjnbtVRS+L3It9
# eZ4SmuzurWipRLpdmxdOX1IXdZD9rJMzk9IUIZoklctlR/D+75Iuy0N7gY8G2dbp
# fmh38lEQZ0IC90VmNtWltw==
# =So/3
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 14 Aug 2024 01:17:54 AM AEST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]

* tag 'pull-target-arm-20240813' of https://git.linaro.org/people/pmaydell/qemu-arm:
target/arm: Fix usage of MMU indexes when EL3 is AArch32
target/arm: Update translation regime comment for new features
target/arm: Clear high SVE elements in handle_vec_simd_wshli
hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...


# 4c2c0474 09-Aug-2024 Peter Maydell <peter.maydell@linaro.org>

target/arm: Fix usage of MMU indexes when EL3 is AArch32

Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure

target/arm: Fix usage of MMU indexes when EL3 is AArch32

Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure PL1&0 translation regime:
* code at EL3, which might be Mon, or SVC, or any of the
other privileged modes (PL1)
* code at EL0 (Secure PL0)

This is different from when EL3 is AArch64, in which case EL3 is its
own translation regime, and EL1 and EL0 (whether AArch32 or AArch64)
have their own regime.

We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't
do anything special about Secure PL0, which meant it used the same
ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug
where arm_sctlr() incorrectly picked the NonSecure SCTLR as the
controlling register when in Secure PL0, which meant we were
spuriously generating alignment faults because we were looking at the
wrong SCTLR control bits.

The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that
we wouldn't honour the PAN bit for Secure PL1, because there's no
equivalent _PAN mmu index for it.

We could fix this in one of two ways:
* The most straightforward is to add new MMU indexes EL30_0,
EL30_3, EL30_3_PAN to correspond to "Secure PL1&0 at PL0",
"Secure PL1&0 at PL1", and "Secure PL1&0 at PL1 with PAN".
This matches how we use indexes for the AArch64 regimes, and
preserves propirties like being able to determine the privilege
level from an MMU index without any other information. However
it would add two MMU indexes (we can share one with ARMMMUIdx_EL3),
and we are already using 14 of the 16 the core TLB code permits.

* The more complicated approach is the one we take here. We use
the same MMU indexes (E10_0, E10_1, E10_1_PAN) for Secure PL1&0
than we do for NonSecure PL1&0. This saves on MMU indexes, but
means we need to check in some places whether we're in the
Secure PL1&0 regime or not before we interpret an MMU index.

The changes in this commit were created by auditing all the places
where we use specific ARMMMUIdx_ values, and checking whether they
needed to be changed to handle the new index value usage.

Note for potential stable backports: taking also the previous
(comment-change-only) commit might make the backport easier.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240809160430.1144805-3-peter.maydell@linaro.org

show more ...


# f8e5c833 28-May-2024 Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-target-arm-20240528' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* xlnx_dpdma: fix descriptor endianness bug
* hvf: arm: Fix encodings for ID_

Merge tag 'pull-target-arm-20240528' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* xlnx_dpdma: fix descriptor endianness bug
* hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers
* hw/arm/npcm7xx: remove setting of mp-affinity
* hw/char: Correct STM32L4x5 usart register CR2 field ADD_0 size
* hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n>
* hw/input/tsc2005: Fix -Wchar-subscripts warning in tsc2005_txrx()
* hw: arm: Remove use of tabs in some source files
* docs/system: Remove ADC from raspi documentation
* target/arm: Start of the conversion of A64 SIMD to decodetree

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmZV5HsZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3j+CD/9V5kC3DJtovMiolr1z8YYI
# eRj0I/pKacgIzz9kVwzo+UVVgzXAi80VFO7xbe+aucCKs0c2s3wrUnUWkAaGHUYR
# DKhRIp017HKW8esgDVQsItn2030PLQLlhxpLvhSfN7NR2jHiJdE914Kb3h6XIEVE
# CqMRaYt9Vrh5o0e51VSzzccFK+kyYV1MDvNyx1/8F4KJpsMFeK0iy9WYrXx2UxlT
# dlrJZdrShIkOWiQB+bi6zQzjMveNmDicjBCgnC7TO2ayOl0AD24sNg/Z49w+4Hjb
# azUDYR45uuyQD5HJLyBsk5BcYhfyZttn2U5uTvNQ6SEfMuKUFEfdoSebTHngEb6t
# ObOdJW6+GmyaIaaJS99ea8u8jbe1r5zhQGJEBeEWOyGYTKUJ6Q0J+g6dZUdgniOp
# bvORX4qnIlMLMGGYT34410Wf0lsE88BHspcVX0WLGFLMZcEYsHhdgG6/f0p8D3nD
# m3R5+/BxUHK7A6OVe/1YU6jTqnfPBY6CGKSqEvXbJGlPp7LAjIxuUHBRxRnXU+Ad
# ohBwOIEEDNhGnEiiHFFK+wrc8BncXY4eSiJBCLlRaf1AcxCT6ibWXuUlpnWeAwNk
# E3Kmvq9BCdQZpIj7EsyvngTc5PsQrqK0FNIVuSVi38QQnqS/0oykvsPzgSlD6blP
# zcFIgG7aUiPOkdTxcPTYnA==
# =TjtM
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 May 2024 07:04:43 AM PDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]

* tag 'pull-target-arm-20240528' of https://git.linaro.org/people/pmaydell/qemu-arm: (42 commits)
target/arm: Convert disas_simd_3same_logic to decodetree
target/arm: Convert FMLAL, FMLSL to decodetree
target/arm: Use gvec for neon pmax, pmin
target/arm: Convert SMAXP, SMINP, UMAXP, UMINP to decodetree
target/arm: Use gvec for neon padd
target/arm: Convert ADDP to decodetree
target/arm: Use gvec for neon faddp, fmaxp, fminp
target/arm: Convert FMAXP, FMINP, FMAXNMP, FMINNMP to decodetree
target/arm: Convert FADDP to decodetree
target/arm: Convert FRECPS, FRSQRTS to decodetree
target/arm: Convert FABD to decodetree
target/arm: Convert FCMEQ, FCMGE, FCMGT, FACGE, FACGT to decodetree
target/arm: Convert FMLA, FMLS to decodetree
target/arm: Convert FNMUL to decodetree
target/arm: Expand vfp neg and abs inline
target/arm: Introduce vfp_load_reg16
target/arm: Convert FMAX, FMIN, FMAXNM, FMINNM to decodetree
target/arm: Convert FADD, FSUB, FDIV, FMUL to decodetree
target/arm: Convert FMULX to decodetree
target/arm: Convert Advanced SIMD copy to decodetree
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...


# 09a52d85 24-May-2024 Richard Henderson <richard.henderson@linaro.org>

target/arm: Split out gengvec.c

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@lina

target/arm: Split out gengvec.c

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240524232121.284515-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# db36e145 24-May-2024 Richard Henderson <richard.henderson@linaro.org>

target/arm: Use PLD, PLDW, PLI not NOP for t32

This fixes a bug in that neither PLI nor PLDW are present in ARMv6T2,
but are introduced with ARMv7 and ARMv7MP respectively.
For clarity, do not use N

target/arm: Use PLD, PLDW, PLI not NOP for t32

This fixes a bug in that neither PLI nor PLDW are present in ARMv6T2,
but are introduced with ARMv7 and ARMv7MP respectively.
For clarity, do not use NOP for PLD.

Note that there is no PLDW (literal). Architecturally in the
T1 encoding of "PLD (literal)" bit 5 is "(0)", which means
that it should be zero and if it is not then the behaviour
is CONSTRAINED UNPREDICTABLE (might UNDEF, NOP, or ignore the
value of the bit).

In our implementation we have patterns for both:

+ PLD 1111 1000 -001 1111 1111 ------------ # (literal)
+ PLD 1111 1000 -011 1111 1111 ------------ # (literal)

and so we effectively ignore the value of bit 5. (This is a
permitted option for this CONSTRAINED UNPREDICTABLE.) This isn't a
behaviour change in this commit, since we previously had NOP lines
for both those patterns.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20240524232121.284515-3-richard.henderson@linaro.org
[PMM: adjusted commit message to note that PLD (lit) T1 bit 5
being 1 is an UNPREDICTABLE case.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 2b016883 15-May-2024 Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-tcg-20240515' of https://gitlab.com/rth7680/qemu into staging

tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs
accel/tcg: Improve disassembly for target and plugin

# -----B

Merge tag 'pull-tcg-20240515' of https://gitlab.com/rth7680/qemu into staging

tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs
accel/tcg: Improve disassembly for target and plugin

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmZEXT0dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/FbQf+P3ppcAA+5smxaQyi
# dsfCJaGOMqRTWYuSmNsJ7AlxQobxLKVsJrAHraNU1AnDfwKrX3XXJcU4Gwt0eQyN
# lGiF/24KLElvb+w6fkjuLdK+DbGWTrNabXJAnBw1h21x+go0mvVCVSuQQw7a/RDS
# btPnGkmoi0H340JC1MVSDRgFkB3RV0kOMXGGm70S+mw0WhjVgdInhLv0jjnj2QFM
# tYzJ5g+00v0HPo8Lun5kRSaI7EGG7J/XfGa71WHIHrB0o7FAzslap4fGTcfOB+7a
# f2jTGErezJQj1pvJLvFTNX4YQ02ORnDKsz4EC0G9QU8rk+S1bD2vTVoi5IY5ayfJ
# oqxyRw==
# =Q16M
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 15 May 2024 08:59:09 AM CEST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-tcg-20240515' of https://gitlab.com/rth7680/qemu: (34 commits)
tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs
accel/tcg: Remove cpu_ldsb_code / cpu_ldsw_code
target/s390x: Use translator_lduw in get_next_pc
target/xtensa: Use translator_ldub in xtensa_insn_len
target/rx: Use translator_ld*
target/riscv: Use translator_ld* for everything
target/cris: Use cris_fetch in translate_v10.c.inc
target/cris: Use translator_ld* in cris_fetch
target/avr: Use translator_lduw
target/i386: Use translator_ldub for everything
target/microblaze: Use translator_ldl
target/hexagon: Use translator_ldl in pkt_crosses_page
target/s390x: Disassemble EXECUTEd instructions
target/s390x: Fix translator_fake_ld length
accel/tcg: Introduce translator_fake_ld
disas: Use translator_st to get disassembly data
disas: Split disas.c
accel/tcg: Return bool from TranslatorOps.disas_log
accel/tcg: Provide default implementation of disas_log
plugins: Merge alloc_tcg_plugin_context into plugin_gen_tb_start
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...


# 962a145c 03-Apr-2024 Richard Henderson <richard.henderson@linaro.org>

accel/tcg: Provide default implementation of disas_log

Almost all of the disas_log implementations are identical.
Unify them within translator_loop.

Drop extra Priv/Virt logging from target/riscv.

accel/tcg: Provide default implementation of disas_log

Almost all of the disas_log implementations are identical.
Unify them within translator_loop.

Drop extra Priv/Virt logging from target/riscv.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...


# fee571c7 09-Apr-2024 Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-misc-20240409' of https://gitlab.com/rth7680/qemu into staging

target/m68k: Fix fp accrued exception reporting
target/hppa: Fix IIAOQ, IIASQ for pa2.0
target/sh4: Fixes to mac.l and

Merge tag 'pull-misc-20240409' of https://gitlab.com/rth7680/qemu into staging

target/m68k: Fix fp accrued exception reporting
target/hppa: Fix IIAOQ, IIASQ for pa2.0
target/sh4: Fixes to mac.l and mac.w saturation
target/sh4: Fixes to illegal delay slot reporting
linux-user: Fix waitid return of siginfo_t and rusage
linux-user: Preserve unswapped siginfo_t for strace
tcg/optimize: Do not attempt to constant fold neg_vec
accel/tcg: Improve can_do_io management, mmio bug fix

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmYVl/kdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/MXgf/bMzLStvB+DvcpKCR
# hxewlDvNaDHntpXc0+3KzFPOeP9ELGlRDWSUcsdfR0v6BjUQHoUx9t+wC7R/Qe1B
# K9EWQUW9ayU++ELF9dXqtNDLGZaaSAx73PuCd+sDykBdj4/iuX0yc6htWQ+AbP0L
# x1j8CCKuCy/qDjQXyaAtCltlUurHgnswBgnZBxa2Bm0OSszDEBe49IXRIuFW5CcH
# PkVT250zZXU1lblOhpSnOBApZgxbSotk3Wdz7ARbzWisrCEW5x91ClWrP88odjX4
# wiRAe+LvFeLBjlFo+TWbdsvU6Zu2TNxSbv/Tr0HQSFoDkiXKU+5IM4L9Rx9x9EMo
# x1lmkg==
# =FYg/
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Apr 2024 20:33:13 BST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F

* tag 'pull-misc-20240409' of https://gitlab.com/rth7680/qemu:
linux-user: Preserve unswapped siginfo_t for strace
accel/tcg: Improve can_do_io management
target/s390x: Use insn_start from DisasContextBase
target/riscv: Use insn_start from DisasContextBase
target/microblaze: Use insn_start from DisasContextBase
target/i386: Preserve DisasContextBase.insn_start across rewind
target/hppa: Use insn_start from DisasContextBase
target/arm: Use insn_start from DisasContextBase
accel/tcg: Add insn_start to DisasContextBase
tcg: Add TCGContext.emit_before_op
target/m68k: Map FPU exceptions to FPSR register
target/sh4: add missing CHECK_NOT_DELAY_SLOT
target/sh4: Fix mac.w with saturation enabled
target/sh4: Fix mac.l with saturation enabled
target/sh4: Merge mach and macl into a union
target/sh4: mac.w: memory accesses are 16-bit words
target/hppa: Fix IIAOQ, IIASQ for pa2.0
linux-user: replace calloc() with g_new0()
linux-user: Fix waitid return of siginfo_t and rusage
tcg/optimize: Do not attempt to constant fold neg_vec

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 4642250e 06-Apr-2024 Richard Henderson <richard.henderson@linaro.org>

target/arm: Use insn_start from DisasContextBase

To keep the multiple update check, replace insn_start
with insn_start_updated.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by

target/arm: Use insn_start from DisasContextBase

To keep the multiple update check, replace insn_start
with insn_start_updated.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...


# 7fcf7575 02-Apr-2024 Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-target-arm-20240402' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* take HSTR traps of cp15 accesses to EL2, not EL1
* docs: sbsa: update specs

Merge tag 'pull-target-arm-20240402' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* take HSTR traps of cp15 accesses to EL2, not EL1
* docs: sbsa: update specs, add dt note
* hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled
* tests/qtest: Fix STM32L4x5 GPIO test on 32-bit
* raspi4b: Reduce RAM to 1Gb on 32-bit hosts

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmYL3J8ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3lL9D/9ayKF76MKs+oK8+uHTOLPb
# Mk71K1apgFnkzC7v9xuI76M6SzZpcKslUbieucDhkDLdVuZvlV3eUcwQGbNWu9fx
# PCkx7RmD54o+nlGxacZx4wGDfgu9j3maCVik048WxNoHb03NPahfHIb/GFRyHgt/
# TTjeqfAX7GDbHzMiGuaEJi5dLuAP0/imLt7pooJv4JRDX3CMY+tzlclU4ySMBr+S
# 0fs5oi6kZMayM8iolpSrPDQy/N3jZJpd5pNPPIcsnL5DEJHKodHbD11+Zetb1tQ7
# Tyw+x+hUb8Yx2WADVBaihYnbvakUVLt7ZzdgDENV534O/1Vmabzt14CBGTwq4faQ
# 8Hbc4e/ulhsOUlaxCDKTCuCKDW7sub7UelSz7mX6dAwcjvEi/L99dkP1wSpl0W04
# 3uTQyjDrfCOVNJ/FMYLRp5VkjwUVacbs3u3Tpe2bgRMI+hxnKZjtIMIY09q3l7em
# JrPOsiiJlVzngcQko1K0cor3p5W43HIhLUlh0RqJL/CsVhXFfHShAJowK31vGnNp
# ITklT5CWKMmogHTJycQieemhwwKaALgCUBC9TrcD1dTJe/GksYXVg6Fit7IJttBI
# zsPMM21Namtr1tKsV71xgtpDrkiWZkeFRpo/GrEf50bX1Mx7Dc8D/ons2RS0G2vo
# S13Dyt6GBtzS9M8rKX2fsQ==
# =rYVb
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 02 Apr 2024 11:23:27 BST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240402' of https://git.linaro.org/people/pmaydell/qemu-arm:
raspi4b: Reduce RAM to 1Gb on 32-bit hosts
tests/qtest: Fix STM32L4x5 GPIO test on 32-bit
hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled
docs: sbsa: update specs, add dt note
target/arm: take HSTR traps of cp15 accesses to EL2, not EL1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# fbe5ac56 02-Apr-2024 Peter Maydell <peter.maydell@linaro.org>

target/arm: take HSTR traps of cp15 accesses to EL2, not EL1

The HSTR_EL2 register allows the hypervisor to trap AArch32 EL1 and
EL0 accesses to cp15 registers. We incorrectly implemented this so
t

target/arm: take HSTR traps of cp15 accesses to EL2, not EL1

The HSTR_EL2 register allows the hypervisor to trap AArch32 EL1 and
EL0 accesses to cp15 registers. We incorrectly implemented this so
they trap to EL1 when we detect the need for a HSTR trap at code
generation time. (The check in access_check_cp_reg() which we do at
runtime to catch traps from EL0 is correctly routing them to EL2.)

Use the correct target EL when generating the code to take the trap.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2226
Fixes: 049edada5e93df ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240325133116.2075362-1-peter.maydell@linaro.org

show more ...


# db596ae1 05-Mar-2024 Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* raspi: Implement Broadcom Serial Controller (BSC) for BCM2835 boards
* hw/c

Merge tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* raspi: Implement Broadcom Serial Controller (BSC) for BCM2835 boards
* hw/char/pl011: Add support for loopback
* STM32L4x5: Implement RCC clock control device
* target/arm: Do memory type alignment checks
* atomic.h: Reword confusing comment for qatomic_cmpxchg
* qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmXnI4gZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3p5ED/wOtAHA3PK+WbQhVhnji3+k
# gdhvVcldf+HLaI2v4tfaW152xjY80/j3PQFNkzptoXENA9U51F47oNYOIfULLZZX
# FTKmw/mjTBc2LqJ8gLpS8Wkr/PFtDq9JJzDwZd0MwguXpzIJp31JJpESvXlAqjjv
# FhuAcqNNuGwI2SXCBmp2lPoEMn8ExLDoG9rmzjxVZeZCyzUjVnJYM61ykhC4ByvK
# j5+/a7pUcpgHSX5cbq7kFloPOx3JXI5lS6xUKhGXXk75qHRwiQIsxMcPq8PD1+ok
# yrmp7cySwK8I7AlIPdDjpJmhU0OiBu+PkYiXmHlF2nvaUy6M0nVX2lSTzqj6VpVV
# 7yYhvWXHrtIA9AUspqTRsX7tP7iMJkco7qWfKSzYl+3pTbxS4+rEoee4jNR3hqsU
# lbWC47sNVtTN507qIL1dcsu+BaeSsYVftfxtFql3odTqRB+ticsjDfKg69dRSFyk
# SS0t8Zy3TdomcEoQkAv/ZSpkQnQUGavbRumCG58lJdiTwTuJUmGi1ufKBrD/GeKj
# IlDEl9yvKiR8uvdjj6EQqr5kOj09mmN5nvokNsq5a4aNXBYoesszWK2xodzXE2x5
# M9DHJ3S8xnN++p1idS2bikwEklG1XVQ/q52bDXQkUmQSNerVS1PCvg9hzYqA+x53
# ihJtMcsmGVfxY8aQHyHweA==
# =isAe
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 05 Mar 2024 13:52:08 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm:
qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports
atomic.h: Reword confusing comment for qatomic_cmpxchg
target/arm: Do memory type alignment check when translation enabled
target/arm: Do memory type alignment check when translation disabled
accel/tcg: Add TLB_CHECK_ALIGNED
accel/tcg: Add tlb_fill_flags to CPUTLBEntryFull
exec/memattrs: Remove target_tlb_bit*
target/arm: Support 32-byte alignment in pow2_align
tests/qtest/stm32l4x5_rcc-test.c: Add tests for the STM32L4x5_RCC
hw/arm/stm32l4x5_soc.c: Use the RCC Sysclk
hw/misc/stm32l4x5_rcc: Add write protections to CR register
hw/misc/stm32l4x5_rcc: Handle Register Updates
hw/misc/stm32l4x5_rcc: Initialize PLLs and clock multiplexers
hw/misc/stm32l4x5_rcc: Add an internal PLL Clock object
hw/misc/stm32l4x5_rcc: Add an internal clock multiplexer object
hw/misc/stm32l4x5_rcc: Implement STM32L4x5_RCC skeleton
hw/char/pl011: Add support for loopback
tests/qtest: Add testcase for BCM2835 BSC
hw/arm: Connect BSC to BCM2835 board as I2C0, I2C1 and I2C2
hw/i2c: Implement Broadcom Serial Controller (BSC)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 707ded20 01-Mar-2024 Richard Henderson <richard.henderson@linaro.org>

target/arm: Support 32-byte alignment in pow2_align

Now that we have removed TARGET_PAGE_BITS_MIN-6 from
TLB_FLAGS_MASK, we can test for 32-byte alignment.

Reviewed-by: Philippe Mathieu-Daudé <phil

target/arm: Support 32-byte alignment in pow2_align

Now that we have removed TARGET_PAGE_BITS_MIN-6 from
TLB_FLAGS_MASK, we can test for 32-byte alignment.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240301204110.656742-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 3ff11e4d 15-Feb-2024 Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-target-arm-20240215' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC
* linux-user/aarch64: Choos

Merge tag 'pull-target-arm-20240215' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC
* linux-user/aarch64: Choose SYNC as the preferred MTE mode
* Fix some errors in SVE/SME handling of MTE tags
* hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses
* hw/block/tc58128: Don't emit deprecation warning under qtest
* tests/qtest: Fix handling of npcm7xx and GMAC tests
* hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ
* tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend
* Don't assert on vmload/vmsave of M-profile CPUs
* hw/arm/smmuv3: add support for stage 1 access fault
* hw/arm/stellaris: QOM cleanups
* Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs
* Improve Cortex_R52 IMPDEF sysreg modelling
* Allow access to SPSR_hyp from hyp mode
* New board model mps3-an536 (Cortex-R52)

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmXOStQZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vlDD/9HCq1B6e4hWQBlHrWG5nCK
# zBYRZ3GuuYCFB9FJt4EyXjUZ8ohDhLrpXvjhzSF6IqoPo0c0rQnfipeuj8Lu/hAV
# JrtHE4jQnE5Q9dwSz3A6oh0z5iIkFB/C1hW6fBDwvgAJUZ5xh5MBcxOvKq1s3WKv
# 3JngHC/KJrjgIKbcCV3Nd+OdyIZ7QZNXPwcBX9Zzt2eDkdEzOjcJYF4lisWdGav5
# JVXUeCXtClmFUZrxiGCLeTxb5X+TptxC+kAcPC7F5GjtVSy2800Z9sit2FTqd9Vd
# Y+rdA5IIBbZWPQ3OOHbaR69X4tWmc+BIT3nbQlESfV3odg0toQhe7aqn9UPIEU0K
# JRrzfodD7r7HK36lZm7ehmevLQnZgO6+MYL4Wrr0pUCNUxqVYlIyaqfsFSaknRg1
# 85L6agJlPYxtvrQtfhIV5m1V3IfyIiC7ECqMFe+QLdbR0ZxS3sI7sJ3O58xmcbDm
# SGVLl+xjAW3ZdgOb+k4B/BlPqasiJpuLe7So2e+cvDWN7OM0iJBxFAVz3yhJKGTP
# t9adJ1j0SI9XNrRuQkCX1T07Ciiuvr/mM4eY6YK+6TOq1zXks9st51ydbvEKdNW9
# YMFpWwUbYKKmUTEW06Xg5iNatse5kp4MUASF5BERkaGuyhRqLl/8p6jt6Q+9/D1S
# 5y8MFjUcdg8t4KcSJgdopw==
# =X+zR
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 15 Feb 2024 17:33:08 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20240215' of https://git.linaro.org/people/pmaydell/qemu-arm: (35 commits)
docs: Add documentation for the mps3-an536 board
hw/arm/mps3r: Add remaining devices
hw/arm/mps3r: Add GPIO, watchdog, dual-timer, I2C devices
hw/arm/mps3r: Add UARTs
hw/arm/mps3r: Add CPUs, GIC, and per-CPU RAM
hw/arm/mps3r: Initial skeleton for mps3-an536 board
hw/misc/mps2-scc: Make changes needed for AN536 FPGA image
hw/misc/mps2-scc: Factor out which-board conditionals
hw/misc/mps2-scc: Fix condition for CFG3 register
target/arm: Allow access to SPSR_hyp from hyp mode
target/arm: Add Cortex-R52 IMPDEF sysregs
target/arm: The Cortex-R52 has a read-only CBAR
target/arm: Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs
hw/arm/stellaris: Add missing QOM 'SoC' parent
hw/arm/stellaris: Add missing QOM 'machine' parent
hw/arm/stellaris: Convert I2C controller to Resettable interface
hw/arm/stellaris: Convert ADC controller to Resettable interface
hw/arm/smmuv3: add support for stage 1 access fault
tests/qtest: Fix GMAC test to run on a machine in upstream QEMU
target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# f2b4a989 06-Feb-2024 Peter Maydell <peter.maydell@linaro.org>

target/arm: Allow access to SPSR_hyp from hyp mode

Architecturally, the AArch32 MSR/MRS to/from banked register
instructions are UNPREDICTABLE for attempts to access a banked
register that the guest

target/arm: Allow access to SPSR_hyp from hyp mode

Architecturally, the AArch32 MSR/MRS to/from banked register
instructions are UNPREDICTABLE for attempts to access a banked
register that the guest could access in a more direct way (e.g.
using this insn to access r8_fiq when already in FIQ mode). QEMU has
chosen to UNDEF on all of these.

However, for the case of accessing SPSR_hyp from hyp mode, it turns
out that real hardware permits this, with the same effect as if the
guest had directly written to SPSR. Further, there is some
guest code out there that assumes it can do this, because it
happens to work on hardware: an example Cortex-R52 startup code
fragment uses this, and it got copied into various other places,
including Zephyr. Zephyr was fixed to not use this:
https://github.com/zephyrproject-rtos/zephyr/issues/47330
but other examples are still out there, like the selftest
binary for the MPS3-AN536.

For convenience of being able to run guest code, permit
this UNPREDICTABLE access instead of UNDEFing it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240206132931.38376-5-peter.maydell@linaro.org

show more ...


# 1c8e621f 30-Jan-2024 Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu into staging

linux-user: Allow gdbstub to ignore page protection
cpu-exec: simplify jump cache management
include/exec: Cleanups towa

Merge tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu into staging

linux-user: Allow gdbstub to ignore page protection
cpu-exec: simplify jump cache management
include/exec: Cleanups toward building accel/tcg once

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmW4LXcdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+CgAf8CdqkvKsUK9/5bu99
# 9E4kRBkR8KqWYvBfRs4IFmjoEdEa4sCujWrHliOcW7Kh+XlVyAPI9rZG32QkxCEQ
# hi9WXieXjfPLTTmrbeiq7cwxztSj8Z55wwvbxkrtFyGDQ0AMccp49tAvfejEb6VD
# Ssx96nWQDgryLrn+My+wMQjl9aVKUWp5vB8k12aAcpRXPH2yoGE2JHAZ1C743nA6
# rShiJAT78HwERcMXDeYmmriYg0s4Z4+A6ErTiXDnFgj87YanHZc0I/55G5Sh+pW8
# REicD3jwS0GHOOHL0K781FopE1wTM442GLVxobXoxUXsHEiO+3TK5JdEIqvSstYA
# fRB8Pg==
# =xZOe
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 29 Jan 2024 22:57:59 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu: (31 commits)
target/i386: Extract x86_cpu_exec_halt() from accel/tcg/
accel/tcg: Introduce TCGCPUOps::cpu_exec_halt() handler
accel/tcg: Inline need_replay_interrupt
target/i386: Extract x86_need_replay_interrupt() from accel/tcg/
accel/tcg: Introduce TCGCPUOps::need_replay_interrupt() handler
accel/tcg: Use CPUState.cc instead of CPU_GET_CLASS in cpu-exec.c
target/loongarch: Constify loongarch_tcg_ops
include/qemu: Add TCGCPUOps typedef to typedefs.h
accel/tcg: Un-inline icount_exit_request() for clarity
accel/tcg: Rename tcg_cpus_exec() -> tcg_cpu_exec()
accel/tcg: Rename tcg_cpus_destroy() -> tcg_cpu_destroy()
accel/tcg: Rename tcg_ss[] -> tcg_specific_ss[] in meson
accel/tcg: Move perf and debuginfo support to tcg/
accel/tcg: Remove #ifdef TARGET_I386 from perf.c
tcg: Make tb_cflags() usable from target-agnostic code
accel/tcg: Make use of qemu_target_page_mask() in perf.c
target: Make qemu_target_page_mask() available for *-user
accel/tcg/cpu-exec: Use RCU_READ_LOCK_GUARD
tests/tcg: Add the PROT_NONE gdbstub test
tests/tcg: Factor out gdbstub test functions
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...


# 32f0c394 19-Jan-2024 Anton Johansson <anjo@rev.ng>

target: Use vaddr in gen_intermediate_code

Makes gen_intermediate_code() signature target agnostic so the function
can be called from accel/tcg/translate-all.c without target specifics.

Signed-off-

target: Use vaddr in gen_intermediate_code

Makes gen_intermediate_code() signature target agnostic so the function
can be called from accel/tcg/translate-all.c without target specifics.

Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20240119144024.14289-9-anjo@rev.ng>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...


# caa75cc5 20-Oct-2023 Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-target-arm-20231019' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/arm: Move raspberrypi-fw-defs.h to the include/hw/arm/ folder
* hw/arm/e

Merge tag 'pull-target-arm-20231019' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
* hw/arm: Move raspberrypi-fw-defs.h to the include/hw/arm/ folder
* hw/arm/exynos4210: Get arm_boot_info declaration from 'hw/arm/boot'
* xlnx devices: remove deprecated device reset
* xlnx-bbram: hw/nvram: Use dot in device type name
* elf2dmp: fix coverity issues
* elf2dmp: convert to g_malloc, g_new and g_free
* target/arm: Fix CNTPCT_EL0 trapping from EL0 when HCR_EL2.E2H is 0
* hw/arm: refactor virt PPI logic
* arm/kvm: convert to kvm_set_one_reg, kvm_get_one_reg
* target/arm: Permit T32 LDM with single register
* smmuv3: Advertise SMMUv3.1-XNX
* target/arm: Implement FEAT_HPMN0
* Remove some unnecessary include lines
* target/arm/arm-powerctl: Correctly init CPUs when powered on to lower EL
* hw/timer/npcm7xx_timer: Prevent timer from counting down past zero

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmUxMF4ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3oJND/4p64q0Wxq8x8yXCDUZAHME
# lZe2liBPBkqZusGfK0O4CpClwGbM5+8tMeLaRgSOUgJ/WGFiLCGAKEKB0S7EiCa5
# 1bNvVn+a7cdDj7FdYf+Dvp5fNZZIus4w+CUlUaiRyDhIfYquz53J1RD1wN5+SQ/I
# g6JQRp2gONeqGM5hT+0v2J/wGMmhuI5XO+PtQ1QNGoUnAA4QNof1thYjqdTJxzfz
# V2CUSOKnAT/PDcUWoy8BVPDDE+wYTnjTO1j/ZsQvnNQm7r18OiMUn85teLq1JtB+
# T3vyVZ2f2gc8lAgkKy5n3NH5fmLVgbO0WXgpWLHNkcp+shZMM6J5J/u/P6B/wk95
# DMzQy4slu/UfWMvsaxq+OjejhAtbdiIOeNfF6dAMy2NAyZplEAjlP8dsFrqAdACL
# 9m/DA4ODAV6OJ3E0zQ0dI4o6kr+/wbPVseLklqn3Ss0dndjU1K9XR0qpC8OruUJq
# 4h6kl5q6V3BHAoELvBtAqb0yHYdqhLqznpO8HsrUEmU5eTjDaOyyI4HW+AY5GG1R
# dtvrCLSiPe0EMartMMtezaB2GxQb9O7e+OI3XL2zVxb1F+QQ+vRZE3zVIdXm+Ev4
# oBztF1peZC3c8zurjr7/MxnDSnzynpkSR1zOY8+WJnAqpQ+C1YvdF6/Llwn7IMHw
# ZHh6sGzQsaAu7u/DW9yY5w==
# =WreO
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 19 Oct 2023 06:34:22 PDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20231019' of https://git.linaro.org/people/pmaydell/qemu-arm: (24 commits)
contrib/elf2dmp: Use g_malloc(), g_new() and g_free()
hw/timer/npcm7xx_timer: Prevent timer from counting down past zero
target/arm/arm-powerctl: Correctly init CPUs when powered on to lower EL
target/arm/common-semi-target.h: Remove unnecessary boot.h include
target/arm/kvm64.c: Remove unused include
target/arm: Implement FEAT_HPMN0
hw/arm/smmuv3: Advertise SMMUv3.1-XNX feature
hw/arm/smmuv3: Sort ID register setting into field order
hw/arm/smmuv3: Update ID register bit field definitions
target/arm: Permit T32 LDM with single register
arm/kvm: convert to kvm_get_one_reg
arm/kvm: convert to kvm_set_one_reg
hw/arm/sbsa-ref: use bsa.h for PPI definitions
include/hw/arm: move BSA definitions to bsa.h
{include/}hw/arm: refactor virt PPI logic
target/arm: Fix CNTPCT_EL0 trapping from EL0 when HCR_EL2.E2H is 0
elf2dmp: check array bounds in pdb_get_file_size
elf2dmp: limit print length for sign_rsds
xlnx-bbram: hw/nvram: Use dot in device type name
xlnx-versal-efuse: hw/nvram: Remove deprecated device reset
...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...


# a530e470 27-Sep-2023 Peter Maydell <peter.maydell@linaro.org>

target/arm: Permit T32 LDM with single register

For the Thumb T32 encoding of LDM, if only a single register is
specified in the register list this instruction is UNPREDICTABLE,
with the following c

target/arm: Permit T32 LDM with single register

For the Thumb T32 encoding of LDM, if only a single register is
specified in the register list this instruction is UNPREDICTABLE,
with the following choices:
* instruction UNDEFs
* instruction is a NOP
* instruction loads a single register
* instruction loads an unspecified set of registers

Currently we choose to UNDEF (a behaviour chosen in commit
4b222545dbf30 in 2019; previously we treated it as "load the
specified single register").

Unfortunately there is real world code out there (which shipped in at
least Android 11, 12 and 13) which incorrectly uses this
UNPREDICTABLE insn on the assumption that it does a single register
load, which is (presumably) what it happens to do on real hardware,
and is also what it does on the equivalent A32 encoding.

Revert to the pre-4b222545dbf30 behaviour of not UNDEFing
for this T32 encoding.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1799
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230927101853.39288-1-peter.maydell@linaro.org

show more ...


# 800af0aa 05-Oct-2023 Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu into staging

accel: Introduce AccelClass::cpu_common_[un]realize
accel: Target agnostic code movement
accel/tcg: Cleanups to use CPUS

Merge tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu into staging

accel: Introduce AccelClass::cpu_common_[un]realize
accel: Target agnostic code movement
accel/tcg: Cleanups to use CPUState instead of CPUArchState
accel/tcg: Move CPUNegativeOffsetState into CPUState
tcg: Split out tcg init functions to tcg/startup.h
linux-user/hppa: Fix struct target_sigcontext layout
build: Remove --enable-gprof

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmUdsL4dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/iYggAvDJEyMCAXSSH97BA
# wZT/2D/MFIhOMk6xrQRnrXfrG70N0iVKz44jl9j7k1D+9BOHcso//DDJH3c96k9A
# MgDb6W2bsWvC15/Qw6BALf5bb/II0MJuCcQvj3CNX5lNkXAWhwIOBhsZx7V9ST1+
# rihN4nowpRWdV5GeCjDGaJW455Y1gc96hICYHy6Eqw1cUgUFt9vm5aYU3FHlat29
# sYRaVYKUL2hRUPPNcPiPq0AaJ8wN6/s8gT+V1UvTzkhHqskoM4ZU89RchuXVoq1h
# SvhKElyULMRzM7thWtpW8qYJPj4mxZsKArESvHjsunGD6KEz3Fh1sy6EKRcdmpG/
# II1vkg==
# =k2Io
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 04 Oct 2023 14:36:46 EDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu: (47 commits)
tcg/loongarch64: Fix buid error
tests/avocado: Re-enable MIPS Malta tests (GitLab issue #1884 fixed)
build: Remove --enable-gprof
linux-user/hppa: Fix struct target_sigcontext layout
tcg: Split out tcg init functions to tcg/startup.h
tcg: Remove argument to tcg_prologue_init
accel/tcg: Make cpu-exec-common.c a target agnostic unit
accel/tcg: Make icount.o a target agnostic unit
accel/tcg: Make monitor.c a target-agnostic unit
accel/tcg: Rename target-specific 'internal.h' -> 'internal-target.h'
exec: Rename target specific page-vary.c -> page-vary-target.c
exec: Rename cpu.c -> cpu-target.c
accel: Rename accel-common.c -> accel-target.c
accel: Make accel-blocker.o target agnostic
accel/tcg: Restrict dump_exec_info() declaration
exec: Move cpu_loop_foo() target agnostic functions to 'cpu-common.h'
exec: Make EXCP_FOO definitions target agnostic
accel/tcg: move ld/st helpers to ldst_common.c.inc
accel/tcg: Unify user and softmmu do_[st|ld]*_mmu()
accel/tcg: Remove env_tlb()
...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...


123