Revision tags: v9.2.0, v9.1.2 |
|
#
6d62f309 |
| 05-Nov-2024 |
Peter Maydell <peter.maydell@linaro.org> |
target/arm: Add new MMU indexes for AArch32 Secure PL1&0
Our current usage of MMU indexes when EL3 is AArch32 is confused. Architecturally, when EL3 is AArch32, all Secure code runs under the Secure
target/arm: Add new MMU indexes for AArch32 Secure PL1&0
Our current usage of MMU indexes when EL3 is AArch32 is confused. Architecturally, when EL3 is AArch32, all Secure code runs under the Secure PL1&0 translation regime: * code at EL3, which might be Mon, or SVC, or any of the other privileged modes (PL1) * code at EL0 (Secure PL0)
This is different from when EL3 is AArch64, in which case EL3 is its own translation regime, and EL1 and EL0 (whether AArch32 or AArch64) have their own regime.
We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't do anything special about Secure PL0, which meant it used the same ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug where arm_sctlr() incorrectly picked the NonSecure SCTLR as the controlling register when in Secure PL0, which meant we were spuriously generating alignment faults because we were looking at the wrong SCTLR control bits.
The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that we wouldn't honour the PAN bit for Secure PL1, because there's no equivalent _PAN mmu index for it.
Fix this by adding two new MMU indexes: * ARMMMUIdx_E30_0 is for Secure PL0 * ARMMMUIdx_E30_3_PAN is for Secure PL1 when PAN is enabled The existing ARMMMUIdx_E3 is used to mean "Secure PL1 without PAN" (and would be named ARMMMUIdx_E30_3 in an AArch32-centric scheme).
These extra two indexes bring us up to the maximum of 16 that the core code can currently support.
This commit: * adds the new MMU index handling to the various places where we deal in MMU index values * adds assertions that we aren't AArch32 EL3 in a couple of places that currently use the E10 indexes, to document why they don't also need to handle the E30 indexes * documents in a comment why regime_has_2_ranges() doesn't need updating
Notes for backporting: this commit depends on the preceding revert of 4c2c04746932; that revert and this commit should probably be backported to everywhere that we originally backported 4c2c04746932.
Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2588 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20241101142845.1712482-3-peter.maydell@linaro.org (cherry picked from commit efbe180ad2ed75d4cc64dfc6fb46a015eef713d1) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
show more ...
|
#
f147ed37 |
| 05-Nov-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"
This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.
This commit tried to fix a problem with our usage of MMU indexes when
Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"
This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.
This commit tried to fix a problem with our usage of MMU indexes when EL3 is AArch32, using what it described as a "more complicated approach" where we share the same MMU index values for Secure PL1&0 and NonSecure PL1&0. In theory this should work, but the change didn't account for (at least) two things:
(1) The design change means we need to flush the TLBs at any point where the CPU state flips from one to the other. We already flush the TLB when SCR.NS is changed, but we don't flush the TLB when we take an exception from NS PL1&0 into Mon or when we return from Mon to NS PL1&0, and the commit didn't add any code to do that.
(2) The ATS12NS* address translate instructions allow Mon code (which is Secure) to do a stage 1+2 page table walk for NS. I thought this was OK because do_ats_write() does a page table walk which doesn't use the TLBs, so because it can pass both the MMU index and also an ARMSecuritySpace argument we can tell the table walk that we want NS stage1+2, not S. But that means that all the code within the ptw that needs to find e.g. the regime EL cannot do so only with an mmu_idx -- all these functions like regime_sctlr(), regime_el(), etc would need to pass both an mmu_idx and the security_space, so they can tell whether this is a translation regime controlled by EL1 or EL3 (and so whether to look at SCTLR.S or SCTLR.NS, etc).
In particular, because regime_el() wasn't updated to look at the ARMSecuritySpace it would return 1 even when the CPU was in Monitor mode (and the controlling EL is 3). This meant that page table walks in Monitor mode would look at the wrong SCTLR, TCR, etc and would generally fault when they should not.
Rather than trying to make the complicated changes needed to rescue the design of 4c2c04746932, we revert it in order to instead take the route that that commit describes as "the most straightforward" fix, where we add new MMU indexes EL30_0, EL30_3, EL30_3_PAN to correspond to "Secure PL1&0 at PL0", "Secure PL1&0 at PL1", and "Secure PL1&0 at PL1 with PAN".
This revert will re-expose the "spurious alignment faults in Secure PL0" issue #2326; we'll fix it again in the next commit.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Message-id: 20241101142845.1712482-2-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org> (cherry picked from commit 056c5c90c171c4895b407af0cf3d198e1d44b40f) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
show more ...
|
#
f15f7273 |
| 05-Nov-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Merge tag 'pull-target-arm-20241105' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * Fix MMU indexes for AArch32 Secure PL1&0 in a less complex and buggy way *
Merge tag 'pull-target-arm-20241105' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * Fix MMU indexes for AArch32 Secure PL1&0 in a less complex and buggy way * Fix SVE SDOT/UDOT/USDOT (4-way, indexed) * softfloat: set 2-operand NaN propagation rule at runtime * disas: Fix build against Capstone v6 (again) * hw/rtc/ds1338: Trace send and receive operations * hw/timer/imx_gpt: Convert DPRINTF to trace events * hw/watchdog/wdt_imx2: Remove redundant assignment * hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access * hw/net/npcm_gmac: Change error log to trace event * target/arm: Enable FEAT_CMOW for -cpu max
# -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmcp/yoZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3ucMD/9pWk2ETLjdviPxlacs5IoM # HvGn8Ll2BSMbeb4YdJc7oZ4YJchGpgHhocEwZuaU9HheWjSg+ZEbyhZgN4DdkT8J # pYr+Rl0MgDNN219kYnO/yqnqlgHbtUpE7y57Li3ApoGNbWAVxsH0xoT45Lpi7DOd # uvJfIy/xdaT3zu/4uBjj7c2VrD8wntEayLM8hpqlgeQZKRG3Wtlk/xrQFKOHPDPO # MDbsGoc2FyogRQoo6WH+J6gkkR9PhqXe6Hbf6WIr1/uffZUZU4M8leSw2DgxrYHo # Zf36AzttwO4GHyML/5SR7uvzfXl7OkGyjedLGCUa7INc3br2+GvLMltdLGGPM9cc # ckMHOWd9ZQuSxcpbtPkSYRG0McRE1GLT+KV3BNOLnN9AJl3qv5Qa55iPrtpB08vX # 3jN6H964w99+NoSB2tTHszpep+M7SRuw5QLsuk3tC/qnBMpzKRwZjGVUegNUtfi/ # Lg5ExF8B62K+xb5j5FmODbbXZmb5AD0rV2MGRIVHjiHdnf7J2FmWUJCe2sYFRnRm # nzszhdOKw4PBhC2fb6Vb/DwCqdQy9vcITWpWBtcjkV5mAPhcBo/VNKNeKoc/tPNS # H8FIFIJbtv5aIixqtKcUBUmrBCYy4EoiRMLkqfC09VW60wtWswAP4KBQxi1ogehV # jJw8AgSLCl2MsVmyzgleZQ== # =Woag # -----END PGP SIGNATURE----- # gpg: Signature made Tue 05 Nov 2024 11:19:06 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20241105' of https://git.linaro.org/people/pmaydell/qemu-arm: (31 commits) target/arm: Enable FEAT_CMOW for -cpu max hw/net/npcm_gmac: Change error log to trace event hw/sensor/tmp105: Convert printf() to trace event, add tracing for read/write access hw/watchdog/wdt_imx2: Remove redundant assignment hw/timer/imx_gpt: Convert DPRINTF to trace events hw/rtc/ds1338: Trace send and receive operations disas: Fix build against Capstone v6 (again) target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed) target/arm: Add new MMU indexes for AArch32 Secure PL1&0 Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32" softfloat: Remove fallback rule from pickNaN() target/rx: Explicitly set 2-NaN propagation rule target/openrisc: Explicitly set 2-NaN propagation rule target/microblaze: Explicitly set 2-NaN propagation rule target/microblaze: Move setting of float rounding mode to reset target/alpha: Explicitly set 2-NaN propagation rule target/i386: Set 2-NaN propagation rule explicitly target/xtensa: Explicitly set 2-NaN propagation rule target/xtensa: Factor out calls to set_use_first_nan() target/sparc: Explicitly set 2-NaN propagation rule ...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
efbe180a |
| 05-Nov-2024 |
Peter Maydell <peter.maydell@linaro.org> |
target/arm: Add new MMU indexes for AArch32 Secure PL1&0
Our current usage of MMU indexes when EL3 is AArch32 is confused. Architecturally, when EL3 is AArch32, all Secure code runs under the Secure
target/arm: Add new MMU indexes for AArch32 Secure PL1&0
Our current usage of MMU indexes when EL3 is AArch32 is confused. Architecturally, when EL3 is AArch32, all Secure code runs under the Secure PL1&0 translation regime: * code at EL3, which might be Mon, or SVC, or any of the other privileged modes (PL1) * code at EL0 (Secure PL0)
This is different from when EL3 is AArch64, in which case EL3 is its own translation regime, and EL1 and EL0 (whether AArch32 or AArch64) have their own regime.
We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't do anything special about Secure PL0, which meant it used the same ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug where arm_sctlr() incorrectly picked the NonSecure SCTLR as the controlling register when in Secure PL0, which meant we were spuriously generating alignment faults because we were looking at the wrong SCTLR control bits.
The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that we wouldn't honour the PAN bit for Secure PL1, because there's no equivalent _PAN mmu index for it.
Fix this by adding two new MMU indexes: * ARMMMUIdx_E30_0 is for Secure PL0 * ARMMMUIdx_E30_3_PAN is for Secure PL1 when PAN is enabled The existing ARMMMUIdx_E3 is used to mean "Secure PL1 without PAN" (and would be named ARMMMUIdx_E30_3 in an AArch32-centric scheme).
These extra two indexes bring us up to the maximum of 16 that the core code can currently support.
This commit: * adds the new MMU index handling to the various places where we deal in MMU index values * adds assertions that we aren't AArch32 EL3 in a couple of places that currently use the E10 indexes, to document why they don't also need to handle the E30 indexes * documents in a comment why regime_has_2_ranges() doesn't need updating
Notes for backporting: this commit depends on the preceding revert of 4c2c04746932; that revert and this commit should probably be backported to everywhere that we originally backported 4c2c04746932.
Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2588 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20241101142845.1712482-3-peter.maydell@linaro.org
show more ...
|
#
056c5c90 |
| 05-Nov-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"
This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.
This commit tried to fix a problem with our usage of MMU indexes when
Revert "target/arm: Fix usage of MMU indexes when EL3 is AArch32"
This reverts commit 4c2c0474693229c1f533239bb983495c5427784d.
This commit tried to fix a problem with our usage of MMU indexes when EL3 is AArch32, using what it described as a "more complicated approach" where we share the same MMU index values for Secure PL1&0 and NonSecure PL1&0. In theory this should work, but the change didn't account for (at least) two things:
(1) The design change means we need to flush the TLBs at any point where the CPU state flips from one to the other. We already flush the TLB when SCR.NS is changed, but we don't flush the TLB when we take an exception from NS PL1&0 into Mon or when we return from Mon to NS PL1&0, and the commit didn't add any code to do that.
(2) The ATS12NS* address translate instructions allow Mon code (which is Secure) to do a stage 1+2 page table walk for NS. I thought this was OK because do_ats_write() does a page table walk which doesn't use the TLBs, so because it can pass both the MMU index and also an ARMSecuritySpace argument we can tell the table walk that we want NS stage1+2, not S. But that means that all the code within the ptw that needs to find e.g. the regime EL cannot do so only with an mmu_idx -- all these functions like regime_sctlr(), regime_el(), etc would need to pass both an mmu_idx and the security_space, so they can tell whether this is a translation regime controlled by EL1 or EL3 (and so whether to look at SCTLR.S or SCTLR.NS, etc).
In particular, because regime_el() wasn't updated to look at the ARMSecuritySpace it would return 1 even when the CPU was in Monitor mode (and the controlling EL is 3). This meant that page table walks in Monitor mode would look at the wrong SCTLR, TCR, etc and would generally fault when they should not.
Rather than trying to make the complicated changes needed to rescue the design of 4c2c04746932, we revert it in order to instead take the route that that commit describes as "the most straightforward" fix, where we add new MMU indexes EL30_0, EL30_3, EL30_3_PAN to correspond to "Secure PL1&0 at PL0", "Secure PL1&0 at PL1", and "Secure PL1&0 at PL1 with PAN".
This revert will re-expose the "spurious alignment faults in Secure PL0" issue #2326; we'll fix it again in the next commit.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Message-id: 20241101142845.1712482-2-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
Revision tags: v9.1.1, v9.1.0 |
|
#
3cc050c5 |
| 13-Aug-2024 |
Richard Henderson <richard.henderson@linaro.org> |
Merge tag 'pull-target-arm-20240813' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values * target
Merge tag 'pull-target-arm-20240813' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values * target/arm: Clear high SVE elements in handle_vec_simd_wshli * target/arm: Fix usage of MMU indexes when EL3 is AArch32
# -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAma7eSIZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gbJEACHhZAvP4f1vic8DNGPw8Yr # v+pRQON+vF+PDBSyNkYCRL5Gy1P257Aujw1ed2dpoDhMemC/co67W2zdzToCvDd5 # XZxlHb/iUCTeZbA/Zp66ZADlvVOdvvQL8EHbd4mSBEZp9rvPSmxatx4I5jstLiAV # 5HimP+AjjGMfklMu+RelW7A7WDRJ0h7F4PwXCA8tLeHPH5XHSkweGYt3OVfSlUAs # +RKiltByC/quujLHxrQcVtLZON1KKiB0P8VPRcaR1QIFARiR1IfLvzhKVpqyOlnV # 3a+ZILtCJE1YEM+h7Aunz/l9MQ0DZe5DzbIdKOQ7NUkerlhq81kriPp67yLv25lk # zgqkHGGDEnIGpSXdmbXTNLcGlH+5O+fWl2RMzYrSFJqvwyRu9egLLi6E0xaNCRvY # gdb6CGPhhu21C1o5Nax0CiaZe3vzzRvC5QsIJ0yww6y7VaGFVt/XRaKBdLHB97nZ # t/9ifa3fmhVEW6pQEy8VdAeFoxIT2lJ2xJgBdMwpZCJlCxB8xKU/rZfrXKS/UUqV # 9Klbcfrx1WFT7zrAWS0Ig7nPttJ+XgjYfgHI3q2e80F6xRmAmaAjnbtVRS+L3It9 # eZ4SmuzurWipRLpdmxdOX1IXdZD9rJMzk9IUIZoklctlR/D+75Iuy0N7gY8G2dbp # fmh38lEQZ0IC90VmNtWltw== # =So/3 # -----END PGP SIGNATURE----- # gpg: Signature made Wed 14 Aug 2024 01:17:54 AM AEST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
* tag 'pull-target-arm-20240813' of https://git.linaro.org/people/pmaydell/qemu-arm: target/arm: Fix usage of MMU indexes when EL3 is AArch32 target/arm: Update translation regime comment for new features target/arm: Clear high SVE elements in handle_vec_simd_wshli hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
4c2c0474 |
| 09-Aug-2024 |
Peter Maydell <peter.maydell@linaro.org> |
target/arm: Fix usage of MMU indexes when EL3 is AArch32
Our current usage of MMU indexes when EL3 is AArch32 is confused. Architecturally, when EL3 is AArch32, all Secure code runs under the Secure
target/arm: Fix usage of MMU indexes when EL3 is AArch32
Our current usage of MMU indexes when EL3 is AArch32 is confused. Architecturally, when EL3 is AArch32, all Secure code runs under the Secure PL1&0 translation regime: * code at EL3, which might be Mon, or SVC, or any of the other privileged modes (PL1) * code at EL0 (Secure PL0)
This is different from when EL3 is AArch64, in which case EL3 is its own translation regime, and EL1 and EL0 (whether AArch32 or AArch64) have their own regime.
We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't do anything special about Secure PL0, which meant it used the same ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug where arm_sctlr() incorrectly picked the NonSecure SCTLR as the controlling register when in Secure PL0, which meant we were spuriously generating alignment faults because we were looking at the wrong SCTLR control bits.
The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that we wouldn't honour the PAN bit for Secure PL1, because there's no equivalent _PAN mmu index for it.
We could fix this in one of two ways: * The most straightforward is to add new MMU indexes EL30_0, EL30_3, EL30_3_PAN to correspond to "Secure PL1&0 at PL0", "Secure PL1&0 at PL1", and "Secure PL1&0 at PL1 with PAN". This matches how we use indexes for the AArch64 regimes, and preserves propirties like being able to determine the privilege level from an MMU index without any other information. However it would add two MMU indexes (we can share one with ARMMMUIdx_EL3), and we are already using 14 of the 16 the core TLB code permits.
* The more complicated approach is the one we take here. We use the same MMU indexes (E10_0, E10_1, E10_1_PAN) for Secure PL1&0 than we do for NonSecure PL1&0. This saves on MMU indexes, but means we need to check in some places whether we're in the Secure PL1&0 regime or not before we interpret an MMU index.
The changes in this commit were created by auditing all the places where we use specific ARMMMUIdx_ values, and checking whether they needed to be changed to handle the new index value usage.
Note for potential stable backports: taking also the previous (comment-change-only) commit might make the backport easier.
Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240809160430.1144805-3-peter.maydell@linaro.org
show more ...
|
#
f8e5c833 |
| 28-May-2024 |
Richard Henderson <richard.henderson@linaro.org> |
Merge tag 'pull-target-arm-20240528' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * xlnx_dpdma: fix descriptor endianness bug * hvf: arm: Fix encodings for ID_
Merge tag 'pull-target-arm-20240528' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * xlnx_dpdma: fix descriptor endianness bug * hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers * hw/arm/npcm7xx: remove setting of mp-affinity * hw/char: Correct STM32L4x5 usart register CR2 field ADD_0 size * hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n> * hw/input/tsc2005: Fix -Wchar-subscripts warning in tsc2005_txrx() * hw: arm: Remove use of tabs in some source files * docs/system: Remove ADC from raspi documentation * target/arm: Start of the conversion of A64 SIMD to decodetree
# -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmZV5HsZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3j+CD/9V5kC3DJtovMiolr1z8YYI # eRj0I/pKacgIzz9kVwzo+UVVgzXAi80VFO7xbe+aucCKs0c2s3wrUnUWkAaGHUYR # DKhRIp017HKW8esgDVQsItn2030PLQLlhxpLvhSfN7NR2jHiJdE914Kb3h6XIEVE # CqMRaYt9Vrh5o0e51VSzzccFK+kyYV1MDvNyx1/8F4KJpsMFeK0iy9WYrXx2UxlT # dlrJZdrShIkOWiQB+bi6zQzjMveNmDicjBCgnC7TO2ayOl0AD24sNg/Z49w+4Hjb # azUDYR45uuyQD5HJLyBsk5BcYhfyZttn2U5uTvNQ6SEfMuKUFEfdoSebTHngEb6t # ObOdJW6+GmyaIaaJS99ea8u8jbe1r5zhQGJEBeEWOyGYTKUJ6Q0J+g6dZUdgniOp # bvORX4qnIlMLMGGYT34410Wf0lsE88BHspcVX0WLGFLMZcEYsHhdgG6/f0p8D3nD # m3R5+/BxUHK7A6OVe/1YU6jTqnfPBY6CGKSqEvXbJGlPp7LAjIxuUHBRxRnXU+Ad # ohBwOIEEDNhGnEiiHFFK+wrc8BncXY4eSiJBCLlRaf1AcxCT6ibWXuUlpnWeAwNk # E3Kmvq9BCdQZpIj7EsyvngTc5PsQrqK0FNIVuSVi38QQnqS/0oykvsPzgSlD6blP # zcFIgG7aUiPOkdTxcPTYnA== # =TjtM # -----END PGP SIGNATURE----- # gpg: Signature made Tue 28 May 2024 07:04:43 AM PDT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
* tag 'pull-target-arm-20240528' of https://git.linaro.org/people/pmaydell/qemu-arm: (42 commits) target/arm: Convert disas_simd_3same_logic to decodetree target/arm: Convert FMLAL, FMLSL to decodetree target/arm: Use gvec for neon pmax, pmin target/arm: Convert SMAXP, SMINP, UMAXP, UMINP to decodetree target/arm: Use gvec for neon padd target/arm: Convert ADDP to decodetree target/arm: Use gvec for neon faddp, fmaxp, fminp target/arm: Convert FMAXP, FMINP, FMAXNMP, FMINNMP to decodetree target/arm: Convert FADDP to decodetree target/arm: Convert FRECPS, FRSQRTS to decodetree target/arm: Convert FABD to decodetree target/arm: Convert FCMEQ, FCMGE, FCMGT, FACGE, FACGT to decodetree target/arm: Convert FMLA, FMLS to decodetree target/arm: Convert FNMUL to decodetree target/arm: Expand vfp neg and abs inline target/arm: Introduce vfp_load_reg16 target/arm: Convert FMAX, FMIN, FMAXNM, FMINNM to decodetree target/arm: Convert FADD, FSUB, FDIV, FMUL to decodetree target/arm: Convert FMULX to decodetree target/arm: Convert Advanced SIMD copy to decodetree ...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
09a52d85 |
| 24-May-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/arm: Split out gengvec.c
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@lina
target/arm: Split out gengvec.c
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240524232121.284515-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
db36e145 |
| 24-May-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/arm: Use PLD, PLDW, PLI not NOP for t32
This fixes a bug in that neither PLI nor PLDW are present in ARMv6T2, but are introduced with ARMv7 and ARMv7MP respectively. For clarity, do not use N
target/arm: Use PLD, PLDW, PLI not NOP for t32
This fixes a bug in that neither PLI nor PLDW are present in ARMv6T2, but are introduced with ARMv7 and ARMv7MP respectively. For clarity, do not use NOP for PLD.
Note that there is no PLDW (literal). Architecturally in the T1 encoding of "PLD (literal)" bit 5 is "(0)", which means that it should be zero and if it is not then the behaviour is CONSTRAINED UNPREDICTABLE (might UNDEF, NOP, or ignore the value of the bit).
In our implementation we have patterns for both:
+ PLD 1111 1000 -001 1111 1111 ------------ # (literal) + PLD 1111 1000 -011 1111 1111 ------------ # (literal)
and so we effectively ignore the value of bit 5. (This is a permitted option for this CONSTRAINED UNPREDICTABLE.) This isn't a behaviour change in this commit, since we previously had NOP lines for both those patterns.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240524232121.284515-3-richard.henderson@linaro.org [PMM: adjusted commit message to note that PLD (lit) T1 bit 5 being 1 is an UNPREDICTABLE case.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
2b016883 |
| 15-May-2024 |
Richard Henderson <richard.henderson@linaro.org> |
Merge tag 'pull-tcg-20240515' of https://gitlab.com/rth7680/qemu into staging
tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs accel/tcg: Improve disassembly for target and plugin
# -----B
Merge tag 'pull-tcg-20240515' of https://gitlab.com/rth7680/qemu into staging
tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs accel/tcg: Improve disassembly for target and plugin
# -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmZEXT0dHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/FbQf+P3ppcAA+5smxaQyi # dsfCJaGOMqRTWYuSmNsJ7AlxQobxLKVsJrAHraNU1AnDfwKrX3XXJcU4Gwt0eQyN # lGiF/24KLElvb+w6fkjuLdK+DbGWTrNabXJAnBw1h21x+go0mvVCVSuQQw7a/RDS # btPnGkmoi0H340JC1MVSDRgFkB3RV0kOMXGGm70S+mw0WhjVgdInhLv0jjnj2QFM # tYzJ5g+00v0HPo8Lun5kRSaI7EGG7J/XfGa71WHIHrB0o7FAzslap4fGTcfOB+7a # f2jTGErezJQj1pvJLvFTNX4YQ02ORnDKsz4EC0G9QU8rk+S1bD2vTVoi5IY5ayfJ # oqxyRw== # =Q16M # -----END PGP SIGNATURE----- # gpg: Signature made Wed 15 May 2024 08:59:09 AM CEST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20240515' of https://gitlab.com/rth7680/qemu: (34 commits) tcg/loongarch64: Fill out tcg_out_{ld,st} for vector regs accel/tcg: Remove cpu_ldsb_code / cpu_ldsw_code target/s390x: Use translator_lduw in get_next_pc target/xtensa: Use translator_ldub in xtensa_insn_len target/rx: Use translator_ld* target/riscv: Use translator_ld* for everything target/cris: Use cris_fetch in translate_v10.c.inc target/cris: Use translator_ld* in cris_fetch target/avr: Use translator_lduw target/i386: Use translator_ldub for everything target/microblaze: Use translator_ldl target/hexagon: Use translator_ldl in pkt_crosses_page target/s390x: Disassemble EXECUTEd instructions target/s390x: Fix translator_fake_ld length accel/tcg: Introduce translator_fake_ld disas: Use translator_st to get disassembly data disas: Split disas.c accel/tcg: Return bool from TranslatorOps.disas_log accel/tcg: Provide default implementation of disas_log plugins: Merge alloc_tcg_plugin_context into plugin_gen_tb_start ...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
962a145c |
| 03-Apr-2024 |
Richard Henderson <richard.henderson@linaro.org> |
accel/tcg: Provide default implementation of disas_log
Almost all of the disas_log implementations are identical. Unify them within translator_loop.
Drop extra Priv/Virt logging from target/riscv.
accel/tcg: Provide default implementation of disas_log
Almost all of the disas_log implementations are identical. Unify them within translator_loop.
Drop extra Priv/Virt logging from target/riscv.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
fee571c7 |
| 09-Apr-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Merge tag 'pull-misc-20240409' of https://gitlab.com/rth7680/qemu into staging
target/m68k: Fix fp accrued exception reporting target/hppa: Fix IIAOQ, IIASQ for pa2.0 target/sh4: Fixes to mac.l and
Merge tag 'pull-misc-20240409' of https://gitlab.com/rth7680/qemu into staging
target/m68k: Fix fp accrued exception reporting target/hppa: Fix IIAOQ, IIASQ for pa2.0 target/sh4: Fixes to mac.l and mac.w saturation target/sh4: Fixes to illegal delay slot reporting linux-user: Fix waitid return of siginfo_t and rusage linux-user: Preserve unswapped siginfo_t for strace tcg/optimize: Do not attempt to constant fold neg_vec accel/tcg: Improve can_do_io management, mmio bug fix
# -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmYVl/kdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/MXgf/bMzLStvB+DvcpKCR # hxewlDvNaDHntpXc0+3KzFPOeP9ELGlRDWSUcsdfR0v6BjUQHoUx9t+wC7R/Qe1B # K9EWQUW9ayU++ELF9dXqtNDLGZaaSAx73PuCd+sDykBdj4/iuX0yc6htWQ+AbP0L # x1j8CCKuCy/qDjQXyaAtCltlUurHgnswBgnZBxa2Bm0OSszDEBe49IXRIuFW5CcH # PkVT250zZXU1lblOhpSnOBApZgxbSotk3Wdz7ARbzWisrCEW5x91ClWrP88odjX4 # wiRAe+LvFeLBjlFo+TWbdsvU6Zu2TNxSbv/Tr0HQSFoDkiXKU+5IM4L9Rx9x9EMo # x1lmkg== # =FYg/ # -----END PGP SIGNATURE----- # gpg: Signature made Tue 09 Apr 2024 20:33:13 BST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* tag 'pull-misc-20240409' of https://gitlab.com/rth7680/qemu: linux-user: Preserve unswapped siginfo_t for strace accel/tcg: Improve can_do_io management target/s390x: Use insn_start from DisasContextBase target/riscv: Use insn_start from DisasContextBase target/microblaze: Use insn_start from DisasContextBase target/i386: Preserve DisasContextBase.insn_start across rewind target/hppa: Use insn_start from DisasContextBase target/arm: Use insn_start from DisasContextBase accel/tcg: Add insn_start to DisasContextBase tcg: Add TCGContext.emit_before_op target/m68k: Map FPU exceptions to FPSR register target/sh4: add missing CHECK_NOT_DELAY_SLOT target/sh4: Fix mac.w with saturation enabled target/sh4: Fix mac.l with saturation enabled target/sh4: Merge mach and macl into a union target/sh4: mac.w: memory accesses are 16-bit words target/hppa: Fix IIAOQ, IIASQ for pa2.0 linux-user: replace calloc() with g_new0() linux-user: Fix waitid return of siginfo_t and rusage tcg/optimize: Do not attempt to constant fold neg_vec
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
4642250e |
| 06-Apr-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/arm: Use insn_start from DisasContextBase
To keep the multiple update check, replace insn_start with insn_start_updated.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by
target/arm: Use insn_start from DisasContextBase
To keep the multiple update check, replace insn_start with insn_start_updated.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
7fcf7575 |
| 02-Apr-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Merge tag 'pull-target-arm-20240402' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * take HSTR traps of cp15 accesses to EL2, not EL1 * docs: sbsa: update specs
Merge tag 'pull-target-arm-20240402' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * take HSTR traps of cp15 accesses to EL2, not EL1 * docs: sbsa: update specs, add dt note * hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled * tests/qtest: Fix STM32L4x5 GPIO test on 32-bit * raspi4b: Reduce RAM to 1Gb on 32-bit hosts
# -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmYL3J8ZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3lL9D/9ayKF76MKs+oK8+uHTOLPb # Mk71K1apgFnkzC7v9xuI76M6SzZpcKslUbieucDhkDLdVuZvlV3eUcwQGbNWu9fx # PCkx7RmD54o+nlGxacZx4wGDfgu9j3maCVik048WxNoHb03NPahfHIb/GFRyHgt/ # TTjeqfAX7GDbHzMiGuaEJi5dLuAP0/imLt7pooJv4JRDX3CMY+tzlclU4ySMBr+S # 0fs5oi6kZMayM8iolpSrPDQy/N3jZJpd5pNPPIcsnL5DEJHKodHbD11+Zetb1tQ7 # Tyw+x+hUb8Yx2WADVBaihYnbvakUVLt7ZzdgDENV534O/1Vmabzt14CBGTwq4faQ # 8Hbc4e/ulhsOUlaxCDKTCuCKDW7sub7UelSz7mX6dAwcjvEi/L99dkP1wSpl0W04 # 3uTQyjDrfCOVNJ/FMYLRp5VkjwUVacbs3u3Tpe2bgRMI+hxnKZjtIMIY09q3l7em # JrPOsiiJlVzngcQko1K0cor3p5W43HIhLUlh0RqJL/CsVhXFfHShAJowK31vGnNp # ITklT5CWKMmogHTJycQieemhwwKaALgCUBC9TrcD1dTJe/GksYXVg6Fit7IJttBI # zsPMM21Namtr1tKsV71xgtpDrkiWZkeFRpo/GrEf50bX1Mx7Dc8D/ons2RS0G2vo # S13Dyt6GBtzS9M8rKX2fsQ== # =rYVb # -----END PGP SIGNATURE----- # gpg: Signature made Tue 02 Apr 2024 11:23:27 BST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20240402' of https://git.linaro.org/people/pmaydell/qemu-arm: raspi4b: Reduce RAM to 1Gb on 32-bit hosts tests/qtest: Fix STM32L4x5 GPIO test on 32-bit hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled docs: sbsa: update specs, add dt note target/arm: take HSTR traps of cp15 accesses to EL2, not EL1
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
fbe5ac56 |
| 02-Apr-2024 |
Peter Maydell <peter.maydell@linaro.org> |
target/arm: take HSTR traps of cp15 accesses to EL2, not EL1
The HSTR_EL2 register allows the hypervisor to trap AArch32 EL1 and EL0 accesses to cp15 registers. We incorrectly implemented this so t
target/arm: take HSTR traps of cp15 accesses to EL2, not EL1
The HSTR_EL2 register allows the hypervisor to trap AArch32 EL1 and EL0 accesses to cp15 registers. We incorrectly implemented this so they trap to EL1 when we detect the need for a HSTR trap at code generation time. (The check in access_check_cp_reg() which we do at runtime to catch traps from EL0 is correctly routing them to EL2.)
Use the correct target EL when generating the code to take the trap.
Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2226 Fixes: 049edada5e93df ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240325133116.2075362-1-peter.maydell@linaro.org
show more ...
|
#
db596ae1 |
| 05-Mar-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Merge tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * raspi: Implement Broadcom Serial Controller (BSC) for BCM2835 boards * hw/c
Merge tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * raspi: Implement Broadcom Serial Controller (BSC) for BCM2835 boards * hw/char/pl011: Add support for loopback * STM32L4x5: Implement RCC clock control device * target/arm: Do memory type alignment checks * atomic.h: Reword confusing comment for qatomic_cmpxchg * qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports
# -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmXnI4gZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3p5ED/wOtAHA3PK+WbQhVhnji3+k # gdhvVcldf+HLaI2v4tfaW152xjY80/j3PQFNkzptoXENA9U51F47oNYOIfULLZZX # FTKmw/mjTBc2LqJ8gLpS8Wkr/PFtDq9JJzDwZd0MwguXpzIJp31JJpESvXlAqjjv # FhuAcqNNuGwI2SXCBmp2lPoEMn8ExLDoG9rmzjxVZeZCyzUjVnJYM61ykhC4ByvK # j5+/a7pUcpgHSX5cbq7kFloPOx3JXI5lS6xUKhGXXk75qHRwiQIsxMcPq8PD1+ok # yrmp7cySwK8I7AlIPdDjpJmhU0OiBu+PkYiXmHlF2nvaUy6M0nVX2lSTzqj6VpVV # 7yYhvWXHrtIA9AUspqTRsX7tP7iMJkco7qWfKSzYl+3pTbxS4+rEoee4jNR3hqsU # lbWC47sNVtTN507qIL1dcsu+BaeSsYVftfxtFql3odTqRB+ticsjDfKg69dRSFyk # SS0t8Zy3TdomcEoQkAv/ZSpkQnQUGavbRumCG58lJdiTwTuJUmGi1ufKBrD/GeKj # IlDEl9yvKiR8uvdjj6EQqr5kOj09mmN5nvokNsq5a4aNXBYoesszWK2xodzXE2x5 # M9DHJ3S8xnN++p1idS2bikwEklG1XVQ/q52bDXQkUmQSNerVS1PCvg9hzYqA+x53 # ihJtMcsmGVfxY8aQHyHweA== # =isAe # -----END PGP SIGNATURE----- # gpg: Signature made Tue 05 Mar 2024 13:52:08 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20240305' of https://git.linaro.org/people/pmaydell/qemu-arm: qemu-options.hx: Don't claim "-serial" has limit of 4 serial ports atomic.h: Reword confusing comment for qatomic_cmpxchg target/arm: Do memory type alignment check when translation enabled target/arm: Do memory type alignment check when translation disabled accel/tcg: Add TLB_CHECK_ALIGNED accel/tcg: Add tlb_fill_flags to CPUTLBEntryFull exec/memattrs: Remove target_tlb_bit* target/arm: Support 32-byte alignment in pow2_align tests/qtest/stm32l4x5_rcc-test.c: Add tests for the STM32L4x5_RCC hw/arm/stm32l4x5_soc.c: Use the RCC Sysclk hw/misc/stm32l4x5_rcc: Add write protections to CR register hw/misc/stm32l4x5_rcc: Handle Register Updates hw/misc/stm32l4x5_rcc: Initialize PLLs and clock multiplexers hw/misc/stm32l4x5_rcc: Add an internal PLL Clock object hw/misc/stm32l4x5_rcc: Add an internal clock multiplexer object hw/misc/stm32l4x5_rcc: Implement STM32L4x5_RCC skeleton hw/char/pl011: Add support for loopback tests/qtest: Add testcase for BCM2835 BSC hw/arm: Connect BSC to BCM2835 board as I2C0, I2C1 and I2C2 hw/i2c: Implement Broadcom Serial Controller (BSC)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
707ded20 |
| 01-Mar-2024 |
Richard Henderson <richard.henderson@linaro.org> |
target/arm: Support 32-byte alignment in pow2_align
Now that we have removed TARGET_PAGE_BITS_MIN-6 from TLB_FLAGS_MASK, we can test for 32-byte alignment.
Reviewed-by: Philippe Mathieu-Daudé <phil
target/arm: Support 32-byte alignment in pow2_align
Now that we have removed TARGET_PAGE_BITS_MIN-6 from TLB_FLAGS_MASK, we can test for 32-byte alignment.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240301204110.656742-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
3ff11e4d |
| 15-Feb-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Merge tag 'pull-target-arm-20240215' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC * linux-user/aarch64: Choos
Merge tag 'pull-target-arm-20240215' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * hw/arm/xilinx_zynq: Wire FIQ between CPU <> GIC * linux-user/aarch64: Choose SYNC as the preferred MTE mode * Fix some errors in SVE/SME handling of MTE tags * hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses * hw/block/tc58128: Don't emit deprecation warning under qtest * tests/qtest: Fix handling of npcm7xx and GMAC tests * hw/arm/virt: Wire up non-secure EL2 virtual timer IRQ * tests/qtest/npcm7xx_emc-test: Connect all NICs to a backend * Don't assert on vmload/vmsave of M-profile CPUs * hw/arm/smmuv3: add support for stage 1 access fault * hw/arm/stellaris: QOM cleanups * Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs * Improve Cortex_R52 IMPDEF sysreg modelling * Allow access to SPSR_hyp from hyp mode * New board model mps3-an536 (Cortex-R52)
# -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmXOStQZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vlDD/9HCq1B6e4hWQBlHrWG5nCK # zBYRZ3GuuYCFB9FJt4EyXjUZ8ohDhLrpXvjhzSF6IqoPo0c0rQnfipeuj8Lu/hAV # JrtHE4jQnE5Q9dwSz3A6oh0z5iIkFB/C1hW6fBDwvgAJUZ5xh5MBcxOvKq1s3WKv # 3JngHC/KJrjgIKbcCV3Nd+OdyIZ7QZNXPwcBX9Zzt2eDkdEzOjcJYF4lisWdGav5 # JVXUeCXtClmFUZrxiGCLeTxb5X+TptxC+kAcPC7F5GjtVSy2800Z9sit2FTqd9Vd # Y+rdA5IIBbZWPQ3OOHbaR69X4tWmc+BIT3nbQlESfV3odg0toQhe7aqn9UPIEU0K # JRrzfodD7r7HK36lZm7ehmevLQnZgO6+MYL4Wrr0pUCNUxqVYlIyaqfsFSaknRg1 # 85L6agJlPYxtvrQtfhIV5m1V3IfyIiC7ECqMFe+QLdbR0ZxS3sI7sJ3O58xmcbDm # SGVLl+xjAW3ZdgOb+k4B/BlPqasiJpuLe7So2e+cvDWN7OM0iJBxFAVz3yhJKGTP # t9adJ1j0SI9XNrRuQkCX1T07Ciiuvr/mM4eY6YK+6TOq1zXks9st51ydbvEKdNW9 # YMFpWwUbYKKmUTEW06Xg5iNatse5kp4MUASF5BERkaGuyhRqLl/8p6jt6Q+9/D1S # 5y8MFjUcdg8t4KcSJgdopw== # =X+zR # -----END PGP SIGNATURE----- # gpg: Signature made Thu 15 Feb 2024 17:33:08 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20240215' of https://git.linaro.org/people/pmaydell/qemu-arm: (35 commits) docs: Add documentation for the mps3-an536 board hw/arm/mps3r: Add remaining devices hw/arm/mps3r: Add GPIO, watchdog, dual-timer, I2C devices hw/arm/mps3r: Add UARTs hw/arm/mps3r: Add CPUs, GIC, and per-CPU RAM hw/arm/mps3r: Initial skeleton for mps3-an536 board hw/misc/mps2-scc: Make changes needed for AN536 FPGA image hw/misc/mps2-scc: Factor out which-board conditionals hw/misc/mps2-scc: Fix condition for CFG3 register target/arm: Allow access to SPSR_hyp from hyp mode target/arm: Add Cortex-R52 IMPDEF sysregs target/arm: The Cortex-R52 has a read-only CBAR target/arm: Use new CBAR encoding for all v8 CPUs, not all aarch64 CPUs hw/arm/stellaris: Add missing QOM 'SoC' parent hw/arm/stellaris: Add missing QOM 'machine' parent hw/arm/stellaris: Convert I2C controller to Resettable interface hw/arm/stellaris: Convert ADC controller to Resettable interface hw/arm/smmuv3: add support for stage 1 access fault tests/qtest: Fix GMAC test to run on a machine in upstream QEMU target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU ...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
f2b4a989 |
| 06-Feb-2024 |
Peter Maydell <peter.maydell@linaro.org> |
target/arm: Allow access to SPSR_hyp from hyp mode
Architecturally, the AArch32 MSR/MRS to/from banked register instructions are UNPREDICTABLE for attempts to access a banked register that the guest
target/arm: Allow access to SPSR_hyp from hyp mode
Architecturally, the AArch32 MSR/MRS to/from banked register instructions are UNPREDICTABLE for attempts to access a banked register that the guest could access in a more direct way (e.g. using this insn to access r8_fiq when already in FIQ mode). QEMU has chosen to UNDEF on all of these.
However, for the case of accessing SPSR_hyp from hyp mode, it turns out that real hardware permits this, with the same effect as if the guest had directly written to SPSR. Further, there is some guest code out there that assumes it can do this, because it happens to work on hardware: an example Cortex-R52 startup code fragment uses this, and it got copied into various other places, including Zephyr. Zephyr was fixed to not use this: https://github.com/zephyrproject-rtos/zephyr/issues/47330 but other examples are still out there, like the selftest binary for the MPS3-AN536.
For convenience of being able to run guest code, permit this UNPREDICTABLE access instead of UNDEFing it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240206132931.38376-5-peter.maydell@linaro.org
show more ...
|
#
1c8e621f |
| 30-Jan-2024 |
Peter Maydell <peter.maydell@linaro.org> |
Merge tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu into staging
linux-user: Allow gdbstub to ignore page protection cpu-exec: simplify jump cache management include/exec: Cleanups towa
Merge tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu into staging
linux-user: Allow gdbstub to ignore page protection cpu-exec: simplify jump cache management include/exec: Cleanups toward building accel/tcg once
# -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmW4LXcdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+CgAf8CdqkvKsUK9/5bu99 # 9E4kRBkR8KqWYvBfRs4IFmjoEdEa4sCujWrHliOcW7Kh+XlVyAPI9rZG32QkxCEQ # hi9WXieXjfPLTTmrbeiq7cwxztSj8Z55wwvbxkrtFyGDQ0AMccp49tAvfejEb6VD # Ssx96nWQDgryLrn+My+wMQjl9aVKUWp5vB8k12aAcpRXPH2yoGE2JHAZ1C743nA6 # rShiJAT78HwERcMXDeYmmriYg0s4Z4+A6ErTiXDnFgj87YanHZc0I/55G5Sh+pW8 # REicD3jwS0GHOOHL0K781FopE1wTM442GLVxobXoxUXsHEiO+3TK5JdEIqvSstYA # fRB8Pg== # =xZOe # -----END PGP SIGNATURE----- # gpg: Signature made Mon 29 Jan 2024 22:57:59 GMT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* tag 'pull-tcg-20240130' of https://gitlab.com/rth7680/qemu: (31 commits) target/i386: Extract x86_cpu_exec_halt() from accel/tcg/ accel/tcg: Introduce TCGCPUOps::cpu_exec_halt() handler accel/tcg: Inline need_replay_interrupt target/i386: Extract x86_need_replay_interrupt() from accel/tcg/ accel/tcg: Introduce TCGCPUOps::need_replay_interrupt() handler accel/tcg: Use CPUState.cc instead of CPU_GET_CLASS in cpu-exec.c target/loongarch: Constify loongarch_tcg_ops include/qemu: Add TCGCPUOps typedef to typedefs.h accel/tcg: Un-inline icount_exit_request() for clarity accel/tcg: Rename tcg_cpus_exec() -> tcg_cpu_exec() accel/tcg: Rename tcg_cpus_destroy() -> tcg_cpu_destroy() accel/tcg: Rename tcg_ss[] -> tcg_specific_ss[] in meson accel/tcg: Move perf and debuginfo support to tcg/ accel/tcg: Remove #ifdef TARGET_I386 from perf.c tcg: Make tb_cflags() usable from target-agnostic code accel/tcg: Make use of qemu_target_page_mask() in perf.c target: Make qemu_target_page_mask() available for *-user accel/tcg/cpu-exec: Use RCU_READ_LOCK_GUARD tests/tcg: Add the PROT_NONE gdbstub test tests/tcg: Factor out gdbstub test functions ...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
#
32f0c394 |
| 19-Jan-2024 |
Anton Johansson <anjo@rev.ng> |
target: Use vaddr in gen_intermediate_code
Makes gen_intermediate_code() signature target agnostic so the function can be called from accel/tcg/translate-all.c without target specifics.
Signed-off-
target: Use vaddr in gen_intermediate_code
Makes gen_intermediate_code() signature target agnostic so the function can be called from accel/tcg/translate-all.c without target specifics.
Signed-off-by: Anton Johansson <anjo@rev.ng> Message-Id: <20240119144024.14289-9-anjo@rev.ng> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
#
caa75cc5 |
| 20-Oct-2023 |
Stefan Hajnoczi <stefanha@redhat.com> |
Merge tag 'pull-target-arm-20231019' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * hw/arm: Move raspberrypi-fw-defs.h to the include/hw/arm/ folder * hw/arm/e
Merge tag 'pull-target-arm-20231019' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue: * hw/arm: Move raspberrypi-fw-defs.h to the include/hw/arm/ folder * hw/arm/exynos4210: Get arm_boot_info declaration from 'hw/arm/boot' * xlnx devices: remove deprecated device reset * xlnx-bbram: hw/nvram: Use dot in device type name * elf2dmp: fix coverity issues * elf2dmp: convert to g_malloc, g_new and g_free * target/arm: Fix CNTPCT_EL0 trapping from EL0 when HCR_EL2.E2H is 0 * hw/arm: refactor virt PPI logic * arm/kvm: convert to kvm_set_one_reg, kvm_get_one_reg * target/arm: Permit T32 LDM with single register * smmuv3: Advertise SMMUv3.1-XNX * target/arm: Implement FEAT_HPMN0 * Remove some unnecessary include lines * target/arm/arm-powerctl: Correctly init CPUs when powered on to lower EL * hw/timer/npcm7xx_timer: Prevent timer from counting down past zero
# -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmUxMF4ZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3oJND/4p64q0Wxq8x8yXCDUZAHME # lZe2liBPBkqZusGfK0O4CpClwGbM5+8tMeLaRgSOUgJ/WGFiLCGAKEKB0S7EiCa5 # 1bNvVn+a7cdDj7FdYf+Dvp5fNZZIus4w+CUlUaiRyDhIfYquz53J1RD1wN5+SQ/I # g6JQRp2gONeqGM5hT+0v2J/wGMmhuI5XO+PtQ1QNGoUnAA4QNof1thYjqdTJxzfz # V2CUSOKnAT/PDcUWoy8BVPDDE+wYTnjTO1j/ZsQvnNQm7r18OiMUn85teLq1JtB+ # T3vyVZ2f2gc8lAgkKy5n3NH5fmLVgbO0WXgpWLHNkcp+shZMM6J5J/u/P6B/wk95 # DMzQy4slu/UfWMvsaxq+OjejhAtbdiIOeNfF6dAMy2NAyZplEAjlP8dsFrqAdACL # 9m/DA4ODAV6OJ3E0zQ0dI4o6kr+/wbPVseLklqn3Ss0dndjU1K9XR0qpC8OruUJq # 4h6kl5q6V3BHAoELvBtAqb0yHYdqhLqznpO8HsrUEmU5eTjDaOyyI4HW+AY5GG1R # dtvrCLSiPe0EMartMMtezaB2GxQb9O7e+OI3XL2zVxb1F+QQ+vRZE3zVIdXm+Ev4 # oBztF1peZC3c8zurjr7/MxnDSnzynpkSR1zOY8+WJnAqpQ+C1YvdF6/Llwn7IMHw # ZHh6sGzQsaAu7u/DW9yY5w== # =WreO # -----END PGP SIGNATURE----- # gpg: Signature made Thu 19 Oct 2023 06:34:22 PDT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20231019' of https://git.linaro.org/people/pmaydell/qemu-arm: (24 commits) contrib/elf2dmp: Use g_malloc(), g_new() and g_free() hw/timer/npcm7xx_timer: Prevent timer from counting down past zero target/arm/arm-powerctl: Correctly init CPUs when powered on to lower EL target/arm/common-semi-target.h: Remove unnecessary boot.h include target/arm/kvm64.c: Remove unused include target/arm: Implement FEAT_HPMN0 hw/arm/smmuv3: Advertise SMMUv3.1-XNX feature hw/arm/smmuv3: Sort ID register setting into field order hw/arm/smmuv3: Update ID register bit field definitions target/arm: Permit T32 LDM with single register arm/kvm: convert to kvm_get_one_reg arm/kvm: convert to kvm_set_one_reg hw/arm/sbsa-ref: use bsa.h for PPI definitions include/hw/arm: move BSA definitions to bsa.h {include/}hw/arm: refactor virt PPI logic target/arm: Fix CNTPCT_EL0 trapping from EL0 when HCR_EL2.E2H is 0 elf2dmp: check array bounds in pdb_get_file_size elf2dmp: limit print length for sign_rsds xlnx-bbram: hw/nvram: Use dot in device type name xlnx-versal-efuse: hw/nvram: Remove deprecated device reset ...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
show more ...
|
#
a530e470 |
| 27-Sep-2023 |
Peter Maydell <peter.maydell@linaro.org> |
target/arm: Permit T32 LDM with single register
For the Thumb T32 encoding of LDM, if only a single register is specified in the register list this instruction is UNPREDICTABLE, with the following c
target/arm: Permit T32 LDM with single register
For the Thumb T32 encoding of LDM, if only a single register is specified in the register list this instruction is UNPREDICTABLE, with the following choices: * instruction UNDEFs * instruction is a NOP * instruction loads a single register * instruction loads an unspecified set of registers
Currently we choose to UNDEF (a behaviour chosen in commit 4b222545dbf30 in 2019; previously we treated it as "load the specified single register").
Unfortunately there is real world code out there (which shipped in at least Android 11, 12 and 13) which incorrectly uses this UNPREDICTABLE insn on the assumption that it does a single register load, which is (presumably) what it happens to do on real hardware, and is also what it does on the equivalent A32 encoding.
Revert to the pre-4b222545dbf30 behaviour of not UNDEFing for this T32 encoding.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1799 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230927101853.39288-1-peter.maydell@linaro.org
show more ...
|
#
800af0aa |
| 05-Oct-2023 |
Stefan Hajnoczi <stefanha@redhat.com> |
Merge tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu into staging
accel: Introduce AccelClass::cpu_common_[un]realize accel: Target agnostic code movement accel/tcg: Cleanups to use CPUS
Merge tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu into staging
accel: Introduce AccelClass::cpu_common_[un]realize accel: Target agnostic code movement accel/tcg: Cleanups to use CPUState instead of CPUArchState accel/tcg: Move CPUNegativeOffsetState into CPUState tcg: Split out tcg init functions to tcg/startup.h linux-user/hppa: Fix struct target_sigcontext layout build: Remove --enable-gprof
# -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmUdsL4dHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/iYggAvDJEyMCAXSSH97BA # wZT/2D/MFIhOMk6xrQRnrXfrG70N0iVKz44jl9j7k1D+9BOHcso//DDJH3c96k9A # MgDb6W2bsWvC15/Qw6BALf5bb/II0MJuCcQvj3CNX5lNkXAWhwIOBhsZx7V9ST1+ # rihN4nowpRWdV5GeCjDGaJW455Y1gc96hICYHy6Eqw1cUgUFt9vm5aYU3FHlat29 # sYRaVYKUL2hRUPPNcPiPq0AaJ8wN6/s8gT+V1UvTzkhHqskoM4ZU89RchuXVoq1h # SvhKElyULMRzM7thWtpW8qYJPj4mxZsKArESvHjsunGD6KEz3Fh1sy6EKRcdmpG/ # II1vkg== # =k2Io # -----END PGP SIGNATURE----- # gpg: Signature made Wed 04 Oct 2023 14:36:46 EDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* tag 'pull-tcg-20231004' of https://gitlab.com/rth7680/qemu: (47 commits) tcg/loongarch64: Fix buid error tests/avocado: Re-enable MIPS Malta tests (GitLab issue #1884 fixed) build: Remove --enable-gprof linux-user/hppa: Fix struct target_sigcontext layout tcg: Split out tcg init functions to tcg/startup.h tcg: Remove argument to tcg_prologue_init accel/tcg: Make cpu-exec-common.c a target agnostic unit accel/tcg: Make icount.o a target agnostic unit accel/tcg: Make monitor.c a target-agnostic unit accel/tcg: Rename target-specific 'internal.h' -> 'internal-target.h' exec: Rename target specific page-vary.c -> page-vary-target.c exec: Rename cpu.c -> cpu-target.c accel: Rename accel-common.c -> accel-target.c accel: Make accel-blocker.o target agnostic accel/tcg: Restrict dump_exec_info() declaration exec: Move cpu_loop_foo() target agnostic functions to 'cpu-common.h' exec: Make EXCP_FOO definitions target agnostic accel/tcg: move ld/st helpers to ldst_common.c.inc accel/tcg: Unify user and softmmu do_[st|ld]*_mmu() accel/tcg: Remove env_tlb() ...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
show more ...
|