aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)AuthorFilesLines
2022-12-15Merge tag 'pull-request-2022-12-15' of https://gitlab.com/thuth/qemu into ↵Peter Maydell4-11/+21
staging * s390x PCI fixes and improvements (for the ISM device) * Fix emulated MVCP and MVCS s390x instructions * Clean-ups for the e1000e qtest * Enable qtests on Windows * Update FreeBSD CI to version 12.4 * Check --disable-tcg for ppc64 in the CI * Improve scripts/make-releases a little bit * Many other misc small clean-ups and fixes here and there # gpg: Signature made Thu 15 Dec 2022 15:05:44 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2022-12-15' of https://gitlab.com/thuth/qemu: (23 commits) tests/qtest/vhost-user-blk-test: don't abort all qtests on missing envar .gitlab/issue_templates: Move suggestions into comments gitlab-ci: Check building ppc64 without TCG FreeBSD: Upgrade to 12.4 release tests/qtest: Enable qtest build on Windows .gitlab-ci.d/windows.yml: Exclude qTests from 64-bit CI job for now .gitlab-ci.d/windows.yml: Keep 64-bit and 32-bit build scripts consistent .gitlab-ci.d/windows.yml: Unify the prerequisite packages tests/qtest/libqos/e1000e: Correctly group register accesses tests/qtest/e1000e-test: De-duplicate constants tests/qtest/libqos/e1000e: Remove "other" interrupts hw: Include the VMWare devices only in the x86 targets MAINTAINERS: Add documentation files to the corresponding sections util/oslib-win32: Remove obsolete reference to g_poll code util/qemu-config: Fix "query-command-line-options" to provide the right values scripts/make-release: Only clone single branches to speed up the script scripts/make-release: Add a simple help text for the script monitor/misc: Remove superfluous include statements target/s390x: The MVCP and MVCS instructions are not privileged target/s390x/tcg/mem_helper: Test the right bits in psw_key_valid() ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-12-15Merge tag 'pull-target-arm-20221215-1' of ↵Peter Maydell6-53/+196
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue:  * hw/arm/virt: Add properties to allow more granular configuration of use of highmem space  * target/arm: Add Cortex-A55 CPU  * hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisement  * Implement FEAT_EVT  * Some 3-phase-reset conversions for Arm GIC, SMMU  * hw/arm/boot: set initrd with #address-cells type in fdt  * hw/misc: Move some arm-related files from specific_ss into softmmu_ss  * Restrict arm_cpu_exec_interrupt() to TCG accelerator # gpg: Signature made Thu 15 Dec 2022 17:38:36 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20221215-1' of https://git.linaro.org/people/pmaydell/qemu-arm: (28 commits) target/arm: Restrict arm_cpu_exec_interrupt() to TCG accelerator hw/misc: Move some arm-related files from specific_ss into softmmu_ss hw/arm/boot: set initrd with #address-cells type in fdt hw/intc: Convert TYPE_KVM_ARM_ITS to 3-phase reset hw/intc: Convert TYPE_ARM_GICV3_ITS to 3-phase reset hw/intc: Convert TYPE_ARM_GICV3_ITS_COMMON to 3-phase reset hw/intc: Convert TYPE_KVM_ARM_GICV3 to 3-phase reset hw/intc: Convert TYPE_ARM_GICV3_COMMON to 3-phase reset hw/intc: Convert TYPE_ARM_GIC_KVM to 3-phase reset hw/intc: Convert TYPE_ARM_GIC_COMMON to 3-phase reset hw/arm: Convert TYPE_ARM_SMMUV3 to 3-phase reset hw/arm: Convert TYPE_ARM_SMMU to 3-phase reset target/arm: Report FEAT_EVT for TCG '-cpu max' target/arm: Implement HCR_EL2.TID4 traps target/arm: Implement HCR_EL2.TICAB,TOCU traps target/arm: Implement HCR_EL2.TTLBOS traps target/arm: Implement HCR_EL2.TTLBIS traps target/arm: Allow relevant HCR bits to be written for FEAT_EVT hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisement target/arm: Add Cortex-A55 CPU ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-12-15target/arm: Restrict arm_cpu_exec_interrupt() to TCG acceleratorPhilippe Mathieu-Daudé1-2/+3
When building with --disable-tcg on Darwin we get: target/arm/cpu.c:725:16: error: incomplete definition of type 'struct TCGCPUOps' cc->tcg_ops->do_interrupt(cs); ~~~~~~~~~~~^ Commit 083afd18a9 ("target/arm: Restrict cpu_exec_interrupt() handler to sysemu") limited this block to system emulation, but neglected to also limit it to TCG. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Message-id: 20221209110823.59495-1-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-12-15hw/misc: Move some arm-related files from specific_ss into softmmu_ssThomas Huth1-4/+4
The header target/arm/kvm-consts.h checks CONFIG_KVM which is marked as poisoned in common code, so the files that include this header have to be added to specific_ss and recompiled for each, qemu-system-arm and qemu-system-aarch64. However, since the kvm headers are only optionally used in kvm-constants.h for some sanity checks, we can additionally check the NEED_CPU_H macro first to avoid the poisoned CONFIG_KVM macro, so kvm-constants.h can also be used from "common" files (without the sanity checks - which should be OK since they are still done from other target-specific files instead). This way, and by adjusting some other include statements in the related files here and there, we can move some files from specific_ss into softmmu_ss, so that they only need to be compiled once during the build process. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221202154023.293614-1-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-12-15target/s390x: The MVCP and MVCS instructions are not privilegedThomas Huth4-10/+20
The "MOVE TO PRIMARY/SECONDARY" instructions can also be called from problem state. We just should properly check whether the secondary-space access key is valid here, too, and inject a privileged program exception if it is invalid. Message-Id: <20221205125852.81848-1-thuth@redhat.com> Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-12-15target/s390x/tcg/mem_helper: Test the right bits in psw_key_valid()Thomas Huth1-1/+1
The PSW key mask is a 16 bit field, and the psw_key variable is in the range from 0 to 15, so it does not make sense to use "0x80 >> psw_key" for testing the bits here. We should use 0x8000 instead. Message-Id: <20221205142043.95185-1-thuth@redhat.com> Reviewed-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-12-15target/arm: Report FEAT_EVT for TCG '-cpu max'Peter Maydell2-0/+2
Update the ID registers for TCG's '-cpu max' to report the FEAT_EVT Enhanced Virtualization Traps support. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-12-15target/arm: Implement HCR_EL2.TID4 trapsPeter Maydell1-8/+9
For FEAT_EVT, the HCR_EL2.TID4 trap allows trapping of the cache ID registers CCSIDR_EL1, CCSIDR2_EL1, CLIDR_EL1 and CSSELR_EL1 (and their AArch32 equivalents). This is a subset of the registers trapped by HCR_EL2.TID2, which includes all of these and also the CTR_EL0 register. Our implementation already uses a separate access function for CTR_EL0 (ctr_el0_access()), so all of the registers currently using access_aa64_tid2() should also be checking TID4. Make that function check both TID2 and TID4, and rename it appropriately. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-12-15target/arm: Implement HCR_EL2.TICAB,TOCU trapsPeter Maydell1-13/+23
For FEAT_EVT, the HCR_EL2.TICAB bit allows trapping of the ICIALLUIS and IC IALLUIS cache maintenance instructions. The HCR_EL2.TOCU bit traps all the other cache maintenance instructions that operate to the point of unification: AArch64 IC IVAU, IC IALLU, DC CVAU AArch32 ICIMVAU, ICIALLU, DCCMVAU The two trap bits between them cover all of the cache maintenance instructions which must also check the HCR_TPU flag. Turn the old aa64_cacheop_pou_access() function into a helper function which takes the set of HCR_EL2 flags to check as an argument, and call it from new access_ticab() and access_tocu() functions as appropriate for each cache op. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-12-15target/arm: Implement HCR_EL2.TTLBOS trapsPeter Maydell1-10/+23
For FEAT_EVT, the HCR_EL2.TTLBOS bit allows trapping on EL1 use of TLB maintenance instructions that operate on the outer shareable domain: TLBI VMALLE1OS, TLBI VAE1OS, TLBI ASIDE1OS,TLBI VAAE1OS, TLBI VALE1OS, TLBI VAALE1OS, TLBI RVAE1OS, TLBI RVAAE1OS, TLBI RVALE1OS, and TLBI RVAALE1OS. (There are no AArch32 outer-shareable TLB maintenance ops.) Implement the trapping. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-12-15target/arm: Implement HCR_EL2.TTLBIS trapsPeter Maydell1-16/+27
For FEAT_EVT, the HCR_EL2.TTLBIS bit allows trapping on EL1 use of TLB maintenance instructions that operate on the inner shareable domain: AArch64: TLBI VMALLE1IS, TLBI VAE1IS, TLBI ASIDE1IS, TLBI VAAE1IS, TLBI VALE1IS, TLBI VAALE1IS, TLBI RVAE1IS, TLBI RVAAE1IS, TLBI RVALE1IS, and TLBI RVAALE1IS. AArch32: TLBIALLIS, TLBIMVAIS, TLBIASIDIS, TLBIMVAAIS, TLBIMVALIS, and TLBIMVAALIS. Add the trapping support. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-12-15target/arm: Allow relevant HCR bits to be written for FEAT_EVTPeter Maydell2-0/+36
FEAT_EVT adds five new bits to the HCR_EL2 register: TTLBIS, TTLBOS, TICAB, TOCU and TID4. These allow the guest to enable trapping of various EL1 instructions to EL2. In this commit, add the necessary code to allow the guest to set these bits if the feature is present; because the bit is always zero when the feature isn't present we won't need to use explicit feature checks in the "trap on condition" tests in the following commits. Note that although full implementation of the feature (mandatory from Armv8.5 onward) requires all five trap bits, the ID registers permit a value indicating that only TICAB, TOCU and TID4 are implemented, which might be the case for CPUs between Armv8.2 and Armv8.5. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-12-15target/arm: Add Cortex-A55 CPUTimofey Kutergin1-0/+69
The Cortex-A55 is one of the newer armv8.2+ CPUs; in particular it supports the Privileged Access Never (PAN) feature. Add a model of this CPU, so you can use a CPU type on the virt board that models a specific real hardware CPU, rather than having to use the QEMU-specific "max" CPU type. Signed-off-by: Timofey Kutergin <tkutergin@gmail.com> Message-id: 20221121150819.2782817-1-tkutergin@gmail.com [PMM: tweaked commit message] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-12-15Merge tag 'pull-misc-2022-12-14' of https://repo.or.cz/qemu/armbru into stagingPeter Maydell7-48/+16
Miscellaneous patches for 2022-12-14 # gpg: Signature made Wed 14 Dec 2022 15:23:02 GMT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * tag 'pull-misc-2022-12-14' of https://repo.or.cz/qemu/armbru: ppc4xx_sdram: Simplify sdram_ddr_size() to return block/vmdk: Simplify vmdk_co_create() to return directly cleanup: Tweak and re-run return_directly.cocci io: Tidy up fat-fingered parameter name qapi: Use returned bool to check for failure (again) sockets: Use ERRP_GUARD() where obviously appropriate qemu-config: Use ERRP_GUARD() where obviously appropriate qemu-config: Make config_parse_qdict() return bool monitor: Use ERRP_GUARD() in monitor_init() monitor: Simplify monitor_fd_param()'s error handling error: Move ERRP_GUARD() to the beginning of the function error: Drop a few superfluous ERRP_GUARD() error: Drop some obviously superfluous error_propagate() Drop more useless casts from void * to pointer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-12-14qapi machine: Elide redundant has_FOO in generated CMarkus Armbruster4-8/+2
The has_FOO for pointer-valued FOO are redundant, except for arrays. They are also a nuisance to work with. Recent commit "qapi: Start to elide redundant has_FOO in generated C" provided the means to elide them step by step. This is the step for qapi/machine*.json. Said commit explains the transformation in more detail. The invariant violations mentioned there do not occur here. Cc: Eduardo Habkost <eduardo@habkost.net> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Yanan Wang <wangyanan55@huawei.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20221104160712.3005652-16-armbru@redhat.com>
2022-12-14cleanup: Tweak and re-run return_directly.cocciMarkus Armbruster5-43/+14
Tweak the semantic patch to drop redundant parenthesis around the return expression. Coccinelle drops a comment in hw/rdma/vmw/pvrdma_cmd.c; restored manually. Coccinelle messes up vmdk_co_create(), not sure why. Change dropped, will be done manually in the next commit. Line breaks in target/avr/cpu.h and hw/rdma/vmw/pvrdma_cmd.c tidied up manually. Whitespace in tools/virtiofsd/fuse_lowlevel.c tidied up manually. checkpatch.pl complains "return of an errno should typically be -ve" two times for hw/9pfs/9p-synth.c. Preexisting, the patch merely makes it visible to checkpatch.pl. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20221122134917.1217307-2-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2022-12-14qapi: Use returned bool to check for failure (again)Markus Armbruster1-4/+1
Commit 012d4c96e2 changed the visitor functions taking Error ** to return bool instead of void, and the commits following it used the new return value to simplify error checking. Since then a few more uses in need of the same treatment crept in. Do that. All pretty mechanical except for * balloon_stats_get_all() This is basically the same transformation commit 012d4c96e2 applied to the virtual walk example in include/qapi/visitor.h. * set_max_queue_size() Additionally replace "goto end of function" by return. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20221121085054.683122-10-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-12-14Drop more useless casts from void * to pointerMarkus Armbruster1-1/+1
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20221123133811.1398562-1-armbru@redhat.com>
2022-12-04Merge tag 'pull-request-2022-12-04' of https://gitlab.com/thuth/qemu into ↵Stefan Hajnoczi2-1/+8
staging * Fix potential undefined behavior in cleanup of migration-test * Fix a s390x instruction that causes Java to crash * Fix a typo in a comment in next-fb.c # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmOMRosRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbVh+Q/+PEMevD61MUr1xl5S1uJpur1Pddr+wSTy # w2PS6eluP8U6SzNZ2x4pGHBjW/ENfoAY/3UgXP5VBHFVaXDLLOfAhoFf7d/uhFLG # gMUDxPtpGMw8uZJY08R5irDLin/zjsVacKUQuXwC0qkOVaLJrkYeOYkLrRPcjS/Y # LiNGmFTVA+odrXX5zH7GPhl12hKrs8Uo44M0K31V8HEwgPT+S+DhY6b7FfjM9w6Q # H/hmrYoApdLPja38Zha4wj4XF6X8o5lSWtFtUCaLoaPPux7FAtzFxWiuzGPpNX+Z # 7+rLxivVsZrPx2iWm2TRIm4E2qHcA+QhcSkmuGA4Fywgjl1BGlAiiE+QTS/QEtyF # G199pcZsgkVE5kqc4wz0LYomwmU6kkaItwMJHhnBMQG16OJFg9tRuJdZaoqHRtUs # OXIMaR/ecGq8F3B6BAmBP9nUet6F7668DIAOmE0AdFgVHQOcIN8+uCCjSn23uu42 # yYn7rPruF39wyyFY9t/CbEflg6ZUTKjs+yuR8ukzU4JYbu8wXOxJ9kwV7l5uPJ/E # rBFm88UY8QT+XfCx2obN4d3UMetcRcluZkY0EBKoJqTDurhvRQwVu02LWzY22pny # a0FI+yvJBm6rP2TO9YJQonXSBizbQaa+JjWqb/GO6p3ZMn40uoQxpiozVD/ovOKO # j9z3B+XxVY8= # =vuhL # -----END PGP SIGNATURE----- # gpg: Signature made Sun 04 Dec 2022 02:04:43 EST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2022-12-04' of https://gitlab.com/thuth/qemu: hw/display/next-fb: Fix comment typo target/s390x/tcg: Fix and improve the SACF instruction tests/qtest/migration-test: Fix unlink error and memory leaks Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-12-04Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi2-16/+21
* Fix MMX instructions for system emulators * Fix uninitialized TranslateFault after canonical address checks # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmOIa40UHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroON/wf6AuomXEtqw6OxPCKwYwnXwAA64mO0 # rN9tFw1YcrlynFkzwaGkGThQOuQen2FXBVx1NL64781oZFYU9Zq04rxH3CpZCVVq # J/POjnrHzaNeWoipiyj4kBi662FF8a6vS+l3pvwfI38jxi4oqRrPowGuqnqus5LS # Y88Q5y9u+e5MKSO+MpiH0C8/CxlKaKTIUURAr2YKYvwV5vGGVsCQ0BYAxUsfBq5S # IijzilFBgj5N1vbNnGp/Ltr1vS4xdSmfugxf+myGO45kyr9MkwYUpSqE0nKuVlHX # OdbhtOfVgifKPf5vahshILu0dZSeFKAOUuGg3gS1THydTtStjonRQA9TBA== # =ops5 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 01 Dec 2022 03:53:33 EST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: target/i386: Always completely initialize TranslateFault target/i386: allow MMX instructions with CR4.OSFXSR=0 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-12-03target/s390x/tcg: Fix and improve the SACF instructionThomas Huth2-1/+8
The SET ADDRESS SPACE CONTROL FAST instruction is not privileged, it can be used from problem space, too. Just the switching to the home address space is privileged and should still generate a privilege exception. This bug is e.g. causing programs like Java that use the "getcpu" vdso kernel function to crash (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990417#26 ). While we're at it, also check if DAT is not enabled. In that case the instruction is supposed to generate a special operation exception. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/655 Message-Id: <20221201184443.136355-1-thuth@redhat.com> Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-12-01target/i386: Always completely initialize TranslateFaultRichard Henderson1-15/+19
In get_physical_address, the canonical address check failed to set TranslateFault.stage2, which resulted in an uninitialized read from the struct when reporting the fault in x86_cpu_tlb_fill. Adjust all error paths to use structure assignment so that the entire struct is always initialized. Reported-by: Daniel Hoffman <dhoff749@gmail.com> Fixes: 9bbcf372193a ("target/i386: Reorg GET_HPHYS") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-12-01target/i386: allow MMX instructions with CR4.OSFXSR=0Paolo Bonzini1-1/+2
MMX state is saved/restored by FSAVE/FRSTOR so the instructions are not illegal opcodes even if CR4.OSFXSR=0. Make sure that validate_vex takes into account the prefix and only checks HF_OSFXSR_MASK in the presence of an SSE instruction. Fixes: 20581aadec5e ("target/i386: validate VEX prefixes via the instructions' exception classes", 2022-10-18) Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1350 Reported-by: Helge Konetzka (@hejko on gitlab.com) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-29target/arm: Set TCGCPUOps.restore_state_to_opc for v7mEvgeny Ermakov3-3/+8
This setting got missed, breaking v7m. Fixes: 56c6c98df85c ("target/arm: Convert to tcg_ops restore_state_to_opc") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1347 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Evgeny Ermakov <evgeny.v.ermakov@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221129204146.550394-1-richard.henderson@linaro.org>
2022-11-22target/arm: Use signed quantity to represent VMSAv8-64 translation levelArd Biesheuvel1-2/+2
The LPA2 extension implements 52-bit virtual addressing for 4k and 16k translation granules, and for the former, this means an additional level of translation is needed. This means we start counting at -1 instead of 0 when doing a walk, and so 'level' is now a signed quantity, and should be typed as such. So turn it from uint32_t into int32_t. This avoids a level of -1 getting misinterpreted as being >= 3, and terminating a page table walk prematurely with a bogus output address. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-22target/arm: Don't do two-stage lookup if stage 2 is disabledPeter Maydell1-3/+4
In get_phys_addr_with_struct(), we call get_phys_addr_twostage() if the CPU supports EL2. However, we don't check here that stage 2 is actually enabled. Instead we only check that inside get_phys_addr_twostage() to skip stage 2 translation. This means that even if stage 2 is disabled we still tell the stage 1 lookup to do its page table walks via stage 2. This works by luck for normal CPU accesses, but it breaks for debug accesses, which are used by the disassembler and also by semihosting file reads and writes, because the debug case takes a different code path inside S1_ptw_translate(). This means that setups that use semihosting for file loads are broken (a regression since 7.1, introduced in recent ptw refactoring), and that sometimes disassembly in debug logs reports "unable to read memory" rather than showing the guest insns. Fix the bug by hoisting the "is stage 2 enabled?" check up to get_phys_addr_with_struct(), so that we handle S2 disabled the same way we do the "no EL2" case, with a simple single stage lookup. Reported-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20221121212404.1450382-1-peter.maydell@linaro.org
2022-11-21target/arm: Limit LPA2 effective output address when TCR.DS == 0Ard Biesheuvel1-0/+8
With LPA2, the effective output address size is at most 48 bits when TCR.DS == 0. This case is currently unhandled in the page table walker, where we happily assume LVA/64k granule when outputsize > 48 and param.ds == 0, resulting in the wrong conversion to be used from a page table descriptor to a physical address. if (outputsize > 48) { if (param.ds) { descaddr |= extract64(descriptor, 8, 2) << 50; } else { descaddr |= extract64(descriptor, 12, 4) << 48; } So cap the outputsize to 48 when TCR.DS is cleared, as per the architecture. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20221116170316.259695-1-ardb@kernel.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-17Merge tag 'pull-ppc-20221117' of https://gitlab.com/danielhb/qemu into stagingStefan Hajnoczi2-0/+4
ppc patch queue for 2022-11-17: Short queue with a build regression fix when using --disable-tcg. # -----BEGIN PGP SIGNATURE----- # # iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCY3ZP3wAKCRA82cqW3gMx # ZB7uAPwN3C8R0YeL+NR44ZlzJVM75TjT1sDYD3oZjEraIfAz9AD7BKRNMPXmmF3A # sIHlbhVWquFU07ZDq5UmMfa2WudFZgc= # =z2+u # -----END PGP SIGNATURE----- # gpg: Signature made Thu 17 Nov 2022 10:14:39 EST # gpg: using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164 # gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 17EB FF99 23D0 1800 AF28 3819 3CD9 CA96 DE03 3164 * tag 'pull-ppc-20221117' of https://gitlab.com/danielhb/qemu: target/ppc: Fix build warnings when building with 'disable-tcg' Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-17target/ppc: Fix build warnings when building with 'disable-tcg'Vaibhav Jain2-0/+4
Kowshik reported that building qemu with GCC 12.2.1 for 'ppc64-softmmu' target is failing due to following build warnings: <snip> ../target/ppc/cpu_init.c:7018:13: error: 'ppc_restore_state_to_opc' defined but not used [-Werror=unused-function] 7018 | static void ppc_restore_state_to_opc(CPUState *cs, <snip> Fix this by wrapping these function definitions in 'ifdef CONFIG_TCG' so that they are only defined if qemu is compiled with '--enable-tcg' Reported-by: Kowshik Jois B S <kowsjois@linux.ibm.com> Fixes: 61bd1d2942 ("target/ppc: Convert to tcg_ops restore_state_to_opc") Fixes: 670f1da374 ("target/ppc: Implement hashst and hashchk") Fixes: 53ae2aeb94 ("target/ppc: Implement hashstp and hashchkp") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1319 Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Kowshik Jois B S <kowsjois@linux.vnet.ibm.com> Message-Id: <20221116131743.658708-1-vaibhav@linux.ibm.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-11-16s390x: Fix spelling errorsThomas Huth7-11/+11
Fix typos (discovered with the 'codespell' utility). Note: Though "migrateable" still seems to be a valid spelling, we change it to "migratable" since this is the way more common spelling here. Message-Id: <20221111182828.282251-1-thuth@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-11-15target/i386: hardcode R_EAX as destination register for LAHF/SAHFPaolo Bonzini1-2/+2
When translating code that is using LAHF and SAHF in combination with the REX prefix, the instructions should not use any other register than AH; however, QEMU selects SPL (SP being register 4, just like AH) if the REX prefix is present. To fix this, use deposit directly without going through gen_op_mov_v_reg and gen_op_mov_reg_v. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/130 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-15target/i386: fix cmpxchg with 32-bit register destinationPaolo Bonzini1-26/+56
Unlike the memory case, where "the destination operand receives a write cycle without regard to the result of the comparison", rm must not be touched altogether if the write fails, including not zero-extending it on 64-bit processors. This is not how the movcond currently works, because it is always followed by a gen_op_mov_reg_v to rm. To fix it, introduce a new function that is similar to gen_op_mov_reg_v but writes to a TCG temporary. Considering that gen_extu(ot, oldv) is not needed in the memory case either, the two cases for register and memory destinations are different enough that one might as well fuse the two "if (mod == 3)" into one. So do that too. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/508 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [rth: Add a test case ] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-08Merge tag 'mips-20221108' of https://github.com/philmd/qemu into stagingStefan Hajnoczi4-8/+18
MIPS patches queue - Remove -Wclobbered in nanoMIPS disassembler (Richard Henderson) - Fix invalid string formats in nanoMIPS disassembler (myself) - Allow Loongson-2F to access XKPHYS in kernel mode (Jiaxun Yang) - Octeon opcode fixes (Jiaxun Yang, Pavel Dovgalyuk) - MAINTAINERS nanoMIPS update # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmNpnTYACgkQ4+MsLN6t # wN4t2A//XLIH7uL+u6kqGm45fVyy58R1NDoj2afNv5rRqIcXSrP9zRH00woLmGzs # pYLbu3yOynY2/OSU3iooAaXjQz8ub3YIpceAQdD26OgnpTrwVzKO9jvQz2UlDrzs # gETnHfqwZDBzxbqkUXxT7Pe3NRQzRmMgrMYNJm+e7UokCVy3c2PZ6vBdC5zvwS6K # LwnuEBvG74fV70D42dYay0wTB37z7m5Cf7uMp7TrEA+2HLgIZl+J9AuCmZxZZxdU # sh0AvNiVaKbHT55lazWAMvmVuUEl5zLTEUa1B0sOv081ZaY3ACBuh6Q8VpNgkgSx # qxKQbye+LtnDDYckeIRa3jI5Fs5AagC6lPPJJpiiFnMqpQaPYhNDFFjR5LNdwfQ6 # cN1lU4toi2B5LuUmiCEJrAsMgocLaNVnhwas391vtIFZh+onN/wZ1sE1Ur1kZkL7 # and2QDr2C8Y7qnpP3q8QRSz1yz+pyvTRcRIwjrnRGIgOfQUOiYeLB1RO01VOFn8u # 0Oa5gKrtClnQxMfZqoRIGucrnbZdrP/oHwsVOKUdDDNpAceVEJ0dvBiUv6WhQQ/4 # G6Ih2GJ/gJU3Ld8UliA9MCzISbvNoQ6EHYk0YqrH8B/MCzvOLbbmaZban3+xFTma # c2YGQ16ZIQsZMm00sB1Du8l9H9ms/N0VJcSx9txD2YbQWOA/bMs= # =gQ7f # -----END PGP SIGNATURE----- # gpg: Signature made Mon 07 Nov 2022 19:05:10 EST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'mips-20221108' of https://github.com/philmd/qemu: MAINTAINERS: Inherit from nanoMIPS disas/nanomips: Tidy read for 48-bit opcodes disas/nanomips: Split out read_u16 disas/nanomips: Merge insn{1,2,3} into words[3] disas/nanomips: Move setjmp into nanomips_dis disas/nanomips: Remove headers already included by "qemu/osdep.h" disas/nanomips: Use G_GNUC_PRINTF to avoid invalid string formats disas/nanomips: Fix invalid PRIx64 format calling img_format() disas/nanomips: Fix invalid PRId64 format calling img_format() target/mips: Don't check COP1X for 64 bit FP mode target/mips: Disable DSP ASE for Octeon68XX target/mips: Enable LBX/LWX/* instructions for Octeon target/mips: Cast offset field of Octeon BBIT to int16_t target/mips: Set CP0St_{KX, SX, UX} for Loongson-2F Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-08target/mips: Don't check COP1X for 64 bit FP modeJiaxun Yang1-1/+1
Some implementations (i.e. Loongson-2F) may decide to implement a 64 bit FPU without implementing COP1X instructions. As the eligibility of 64 bit FP instructions is already determined by CP0St_FR, there is no need to check for COP1X again. Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221102165719.190378-1-jiaxun.yang@flygoat.com> [PMD: Add missing trailing parenthesis (buildfix)] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08target/mips: Disable DSP ASE for Octeon68XXJiaxun Yang1-2/+2
I don't have access to Octeon68XX hardware but according to my investigation Octeon never had DSP ASE support. As per "Cavium Networks OCTEON Plus CN50XX Hardware Reference Manual" CP0C3_DSPP is reserved bit and read as 0. Also I do have access to a Ubiquiti Edgerouter 4 which has Octeon CN7130 processor and I can confirm CP0C3_DSPP is read as 0 on that processor. Further more, in linux kernel: arch/mips/include/asm/mach-cavium-octeon/cpu-feature-overrides.h cpu_has_dsp is overridden as 0. So I believe we shouldn't emulate DSP in QEMU as well. Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Message-Id: <20221031132531.18122-4-jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08target/mips: Enable LBX/LWX/* instructions for OcteonPavel Dovgalyuk1-4/+8
This patch changes condition and function name for enabling indexed load instructions for Octeon vCPUs. Octeons do not have DSP extension, but implement LBX-and-others. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <166728058455.229236.13834649461181619195.stgit@pasha-ThinkPad-X280> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08target/mips: Cast offset field of Octeon BBIT to int16_tJiaxun Yang1-1/+1
As per "Cavium Networks OCTEON Plus CN50XX Hardware Reference Manual" offset field is signed 16 bit value. However arg_BBIT.offset is unsigned. We need to cast it as signed to do address calculation. Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221031132531.18122-3-jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08target/mips: Set CP0St_{KX, SX, UX} for Loongson-2FJiaxun Yang1-0/+6
As per an unpublished document, in later reversion of chips CP0St_{KX, SX, UX} is not writeable and hardcoded to 1. Without those bits set, kernel is unable to access XKPHYS address segment. So just set them up on CPU reset. Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221031132531.18122-2-jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-07Merge tag 'pull-loongarch-20221107' of https://gitlab.com/gaosong/qemu into ↵Stefan Hajnoczi6-17/+19
staging pull-loongarch-20221107 # -----BEGIN PGP SIGNATURE----- # # iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCY2hz5gAKCRBAov/yOSY+ # 31ESA/9ppQVu70y8AnA/aYCzC6koQxxAsaD/lvwc7M1xzeZnjwOsVnsFLpZITTJj # 2+2O/BlEO3uRvAtV6E7Vtu9D/+Cc+HQ7yOFnwbY0jZmePThp3YYtTg6o+2T7/9ya # RMicgny1SYjsOjG8/Uam9+dRbH5QheNFwid0BWFhMts9MDB3Mg== # =zZ8m # -----END PGP SIGNATURE----- # gpg: Signature made Sun 06 Nov 2022 21:56:38 EST # gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF # gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF * tag 'pull-loongarch-20221107' of https://gitlab.com/gaosong/qemu: target/loongarch: Fix return value of CHECK_FPE target/loongarch: Separate the hardware flags into MMU index and PLV Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-07target/loongarch: Fix return value of CHECK_FPERui Wang1-1/+1
Regarding the patchset v3 has been merged into main line, and not approved, this patch updates to patchset v4. Fixes: 2419978c ("target/loongarch: Fix emulation of float-point disable exception") Link: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg00808.html Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Rui Wang <wangrui@loongson.cn> Message-Id: <20221107024526.702297-3-wangrui@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-11-07target/loongarch: Separate the hardware flags into MMU index and PLVRui Wang5-16/+18
Regarding the patchset v3 has been merged into main line, and not approved, this patch updates to patchset v4. Fixes: b4bda200 ("target/loongarch: Adjust the layout of hardware flags bit fields") Link: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg00808.html Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Rui Wang <wangrui@loongson.cn> Message-Id: <20221107024526.702297-2-wangrui@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-11-05target/tricore: Rename csfr.def -> csfr.h.incPhilippe Mathieu-Daudé2-2/+2
We use the .h.inc extension to include C headers. To be consistent with the rest of the codebase, rename the C headers using the .def extension. IDE/tools using our .editorconfig / .gitattributes will leverage this consistency. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20221025235006.7215-4-philmd@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-11-05target/s390x: Rename insn-data/format.def -> insn-data/format.h.incPhilippe Mathieu-Daudé3-6/+6
We use the .h.inc extension to include C headers. To be consistent with the rest of the codebase, rename the C headers using the .def extension. IDE/tools using our .editorconfig / .gitattributes will leverage this consistency. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20221025235006.7215-3-philmd@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-11-05target/m68k: Rename qregs.def -> qregs.h.incPhilippe Mathieu-Daudé2-2/+2
We use the .h.inc extension to include C headers. To be consistent with the rest of the codebase, rename the C headers using the .def extension. IDE/tools using our .editorconfig / .gitattributes will leverage this consistency. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20221025235006.7215-2-philmd@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-11-04Merge tag 'pull-target-arm-20221104' of ↵Stefan Hajnoczi3-40/+78
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * Fix regression booting Trusted Firmware * Honor HCR_E2H and HCR_TGE in ats_write64() * Copy the entire vector in DO_ZIP * Fix Privileged Access Never (PAN) for aarch32 * Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB * Set SCR_EL3.HXEn when direct booting kernel * Set SME and SVE EL3 vector lengths when direct booting kernel # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmNk+KkZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vUsD/9SYZP3ne2OZxBe8he98jJ5 # 6apODiBksBLUM+1bKEoYW8Kw4XpS10I1Tbnxe7n0bNAfIiZlsZ7HJAJaYWy4MX4k # Bq0v1EIFo+Obumocc14ZzWcw9yPpHOGavKHXfPxTtIw0amtOmh3aMBPuOZKiMSaq # TdI/8654DbAOY3Hp/r6WnXwEgAc23kx/PtGhQFdU4iWhzTdeQeFkgCCsVMO02zFQ # ZM4wiAATpfNfgf5+Wxoin6RQ8nI9PF+Xf7HhN3d1CiXju3vOl+geYNkubJzIopv1 # itLcnvduYE6+5oJsnXZ4FDNO6/nnqWRNqtyDf0/NjLROfj84BPJpZqMX+FR6Q0I0 # d+4/oEw4A46qfaS5b4/YelbJOiUgiViWU1Xs3g2dkeTMT8CyGfDrJ2HRDKN7AaHo # llL7s1calkX2oSs+gU0BAw8xRETGwMBSOpF6JmPVh277LjvWfN1vsJzVUG3wrSXL # G7qa2h+fHV5Xu876sc/i0+d4qHuqcE/EU86VQ6X40f+dRzN02rkSCPAxzGFwLXOr # 8fl5MsX6z5pqcubnzxkhi66ZHc6fXsvtUjKBxyrVpMyjMlV9PTJ2Q1RCgVctErXk # lDzsLuplzPSjZBy3Peib/rLnmYUxJHyPe0RFYIumzZv/UHwL4GjZgkI842UVBpAL # FvIGblcCXHhdP4UFvqgZhw== # =Fcb4 # -----END PGP SIGNATURE----- # gpg: Signature made Fri 04 Nov 2022 07:34:01 EDT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20221104' of https://git.linaro.org/people/pmaydell/qemu-arm: target/arm: Two fixes for secure ptw target/arm: Honor HCR_E2H and HCR_TGE in ats_write64() target/arm: Copy the entire vector in DO_ZIP target/arm: Fix Privileged Access Never (PAN) for aarch32 target/arm: Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB hw/arm/boot: Set SCR_EL3.HXEn when booting kernel hw/arm/boot: Set SME and SVE EL3 vector lengths when booting kernel Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-04target/arm: Two fixes for secure ptwRichard Henderson1-7/+8
Reversed the sense of non-secure in get_phys_addr_lpae, and failed to initialize attrs.secure for ARMMMUIdx_Phys_S. Fixes: 48da29e4 ("target/arm: Add ptw_idx to S1Translate") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1293 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04target/arm: Honor HCR_E2H and HCR_TGE in ats_write64()Ake Koomsin1-6/+9
We need to check HCR_E2H and HCR_TGE to select the right MMU index for the correct translation regime. To check for EL2&0 translation regime: - For S1E0*, S1E1* and S12E* ops, check both HCR_E2H and HCR_TGE - For S1E2* ops, check only HCR_E2H Signed-off-by: Ake Koomsin <ake@igel.co.jp> Message-id: 20221101064250.12444-1-ake@igel.co.jp Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04target/arm: Copy the entire vector in DO_ZIPRichard Henderson1-2/+2
With odd_ofs set, we weren't copying enough data. Fixes: 09eb6d7025d1 ("target/arm: Move sve zip high_ofs into simd_data") Reported-by: Idan Horowitz <idan.horowitz@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221031054144.3574-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04target/arm: Fix Privileged Access Never (PAN) for aarch32Timofey Kutergin2-7/+41
When we implemented the PAN support we theoretically wanted to support it for both AArch32 and AArch64, but in practice several bugs made it essentially unusable with an AArch32 guest. Fix all those problems: - Use CPSR.PAN to check for PAN state in aarch32 mode - throw permission fault during address translation when PAN is enabled and kernel tries to access user acessible page - ignore SCTLR_XP bit for armv7 and armv8 (conflicts with SCTLR_SPAN). Signed-off-by: Timofey Kutergin <tkutergin@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20221027112619.2205229-1-tkutergin@gmail.com [PMM: tweak commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04target/arm: Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLBPeter Maydell1-18/+18
The HCR_EL2.TTLB bit is supposed to trap all EL1 execution of TLB maintenance instructions. However we have added new TLB insns for FEAT_TLBIOS and FEAT_TLBIRANGE, and forgot to set their accessfn to access_ttlb. Add the missing accessfns. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>