aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)AuthorFilesLines
2020-10-29Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.2-20201028' ↵Peter Maydell10-22/+24
into staging ppc patch queue 2020-10-28 Here's the next pull request for ppc and spapr related patches, which should be the last things for soft freeze. Includes: * Numerous error handling cleanups from Greg Kurz * Cleanups to cpu realization and hotplug handling from Greg Kurz * A handful of other small fixes and cleanups This does include a change to pc_dimm_plug() that isn't in my normal areas of concern. That's there as a a prerequisite for ppc specific changes, and has an ack from Igor. # gpg: Signature made Tue 27 Oct 2020 14:13:21 GMT # gpg: using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full] # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full] # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full] # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown] # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-5.2-20201028: ppc/: fix some comment spelling errors spapr: Improve spapr_reallocate_hpt() error reporting target/ppc: Fix kvmppc_load_htab_chunk() error reporting spapr: Use error_append_hint() in spapr_reallocate_hpt() spapr: Simplify error handling in spapr_memory_plug() spapr: Pass &error_abort when getting some PC DIMM properties spapr: Use appropriate getter for PC_DIMM_SLOT_PROP spapr: Use appropriate getter for PC_DIMM_ADDR_PROP pc-dimm: Drop @errp argument of pc_dimm_plug() spapr: Simplify spapr_cpu_core_realize() and spapr_cpu_core_unrealize() spapr: Make spapr_cpu_core_unrealize() idempotent spapr: Drop spapr_delete_vcpu() unused argument spapr: Unrealize vCPUs with qdev_unrealize() spapr: Fix leak of CPU machine specific data spapr: Move spapr_create_nvdimm_dr_connectors() to core machine code hw/net: move allocation to the heap due to very large stack frame ppc/spapr: re-assert IRQs during event-scan if there are pending spapr: Clarify why DR connectors aren't user creatable Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-29Merge remote-tracking branch ↵Peter Maydell2-2/+7
'remotes/pmaydell/tags/pull-target-arm-20201027-1' into staging target-arm queue: * raspi: add model of cprman clock manager * sbsa-ref: add an SBSA generic watchdog device * arm/trace: Fix hex printing * raspi: Add models of Pi 3 model A+, Pi Zero and Pi A+ * hw/arm/smmuv3: Set the restoration priority of the vSMMUv3 explicitly * Nuvoton NPCM7xx: Add USB, RNG, GPIO and watchdog support * hw/arm: fix min_cpus for xlnx-versal-virt platform * hw/arm/highbank: Silence warnings about missing fallthrough statements * linux-user: Support Aarch64 BTI * Armv7M systick: fix corner case bugs by rewriting to use ptimer # gpg: Signature made Tue 27 Oct 2020 11:27:10 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20201027-1: (48 commits) hw/timer/armv7m_systick: Rewrite to use ptimers hw/core/ptimer: Support ptimer being disabled by timer callback hw/arm/sbsa-ref: add SBSA watchdog device hw/watchdog: Implement SBSA watchdog device hw/arm/bcm2835_peripherals: connect the UART clock hw/char/pl011: add a clock input hw/misc/bcm2835_cprman: add sane reset values to the registers hw/misc/bcm2835_cprman: add the DSI0HSCK multiplexer hw/misc/bcm2835_cprman: implement clock mux behaviour hw/misc/bcm2835_cprman: add a clock mux skeleton implementation hw/misc/bcm2835_cprman: implement PLL channels behaviour hw/misc/bcm2835_cprman: add a PLL channel skeleton implementation hw/misc/bcm2835_cprman: implement PLLs behaviour hw/misc/bcm2835_cprman: add a PLL skeleton implementation hw/arm/raspi: add a skeleton implementation of the CPRMAN hw/arm/raspi: fix CPRMAN base address hw/core/clock: trace clock values in Hz instead of ns hw/core/clock: provide the VMSTATE_ARRAY_CLOCK macro arm/trace: Fix hex printing hw/arm/raspi: Add the Raspberry Pi 3 model A+ ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-28Merge remote-tracking branch 'remotes/philmd-gitlab/tags/renesas-20201027' ↵Peter Maydell6-10/+14
into staging Renesas patches (SH4 and RX) - Fix few warnings (Thomas Huth) - Fix typos (Lichang Zhao, Chetan Pant) CI jobs results: . https://cirrus-ci.com/build/6368903343374336 . https://gitlab.com/philmd/qemu/-/pipelines/207919103 . https://travis-ci.org/github/philmd/qemu/builds/739133105 # gpg: Signature made Mon 26 Oct 2020 23:27:39 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/renesas-20201027: target/rx: Fix Lesser GPL version number target/rx: Fix some comment spelling errors target/sh4: fix some comment spelling errors target/sh4: Update coding style to make checkpatch.pl happy hw/timer/sh_timer: Remove superfluous "break" statements hw/timer/sh_timer: Silence warnings about missing fallthrough statements hw/timer/sh_timer: Coding style clean-up elf: Add EM_RX definition Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-28Merge remote-tracking branch ↵Peter Maydell1-0/+1
'remotes/vivier2/tags/linux-user-for-5.2-pull-request' into staging Update syscall numbers to 5.9-rc7 Fixes for prctl(), accept4() and xtensa # gpg: Signature made Mon 26 Oct 2020 22:02:56 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/linux-user-for-5.2-pull-request: target/xtensa: enable all coprocessors for linux-user linux-user: correct errno returned from accept4() syscall linux-user: remove _sysctl linux-user: update syscall.tbl to Linux 5.9-rc7 linux-user: update mips/syscall-args-o32.c.inc to Linux 5.9-rc7 linux-user: update syscall_nr.h to Linux 5.9-rc7 linux-user: Support f_flags in statfs64 when available. Fix stack smashing when handling PR_GET_PDEATHSIG Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-28ppc/: fix some comment spelling errorszhaolichang9-14/+14
I found that there are many spelling errors in the comments of qemu/target/ppc. I used spellcheck to check the spelling errors and found some errors in the folder. Signed-off-by: zhaolichang <zhaolichang@huawei.com> Reviewed-by: David Edmondson <david.edmondson@oracle.com> Message-Id: <20201009064449.2336-3-zhaolichang@huawei.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-10-28target/ppc: Fix kvmppc_load_htab_chunk() error reportingGreg Kurz2-8/+8
If kvmppc_load_htab_chunk() fails, its return value is propagated up to vmstate_load(). It should thus be a negative errno, not -1 (which maps to EPERM and would lure the user into thinking that the problem is necessarily related to a lack of privilege). Return the error reported by KVM or ENOSPC in case of short write. While here, propagate the error message through an @errp argument and have the caller to print it with error_report_err() instead of relying on fprintf(). Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <160371604713.305923.5264900354159029580.stgit@bahia.lan> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-10-28spapr: Unrealize vCPUs with qdev_unrealize()Greg Kurz1-0/+2
Since we introduced CPU hot-unplug in sPAPR, we don't unrealize the vCPU objects explicitly. Instead, we let QOM handle that for us under object_property_del_all() when the CPU core object is finalized. The only thing we do is calling cpu_remove_sync() to tear the vCPU thread down. This happens to work but it is ugly because: - we call qdev_realize() but the corresponding qdev_unrealize() is buried deep in the QOM code - we call cpu_remove_sync() to undo qemu_init_vcpu() called by ppc_cpu_realize() in target/ppc/translate_init.c.inc - the CPU init and teardown paths aren't really symmetrical The latter didn't bite us so far but a future patch that greatly simplifies the CPU core realize path needs it to avoid a crash in QOM. For all these reasons, have ppc_cpu_unrealize() to undo the changes of ppc_cpu_realize() by calling cpu_remove_sync() at the right place, and have the sPAPR CPU core code to call qdev_unrealize(). This requires to add a missing stub because translate_init.c.inc is also compiled for user mode. Signed-off-by: Greg Kurz <groug@kaod.org> Message-Id: <160279671236.1808373.14732005038172874990.stgit@bahia.lan> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-10-27linux-user: Set PAGE_TARGET_1 for TARGET_PROT_BTIRichard Henderson2-2/+7
Transform the prot bit to a qemu internal page bit, and save it in the page tables. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201021173749.111103-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-27target/rx: Fix Lesser GPL version numberChetan Pant1-1/+1
There is no "version 2" of the "Lesser" General Public License. It is either "GPL version 2.0" or "Lesser GPL version 2.1". This patch replaces all occurrences of "Lesser GPL version 2" with "Lesser GPL version 2.1" in comment section. Signed-off-by: Chetan Pant <chetan4windows@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201023123840.19988-1-chetan4windows@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-10-27target/rx: Fix some comment spelling errorsLichang Zhao2-2/+2
There are many spelling errors in the comments of target/rx. Use spellcheck to check the spelling errors, then fix them. Signed-off-by: zhaolichang <zhaolichang@huawei.com> Reviewed-by: David Edmondson <david.edmondson@oracle.com> Reviewed-by: Philippe Mathieu-Daude<f4bug@amsat.org> Message-Id: <20201009064449.2336-5-zhaolichang@huawei.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-10-27target/sh4: fix some comment spelling errorsLichang Zhao3-3/+3
There are many spelling errors in the comments of target/sh4. Use spellcheck to check the spelling errors, then fix them. Signed-off-by: zhaolichang <zhaolichang@huawei.com> Reviewed-by: David Edmondson <david.edmondson@oracle.com> Reviewed-by: Philippe Mathieu-Daude<f4bug@amsat.org> Message-Id: <20201009064449.2336-10-zhaolichang@huawei.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-10-27target/sh4: Update coding style to make checkpatch.pl happyPhilippe Mathieu-Daudé2-6/+10
Avoid checkpatch.pl warnings in the next commit. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-10-26Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20201026' into stagingPeter Maydell4-2/+14
some s390x fixes # gpg: Signature made Mon 26 Oct 2020 10:46:50 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20201026: s390x: pv: Fix diag318 PV fencing s390x: pv: Remove sclp boundary checks s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-26target/xtensa: enable all coprocessors for linux-userMax Filippov1-0/+1
Linux userspace always sees coprocessors as enabled. CPENABLE register and coprocessor exceptions are used internally by the kernel to manage lazy coprocessor context switch. None of it is needed for linux-user. Always enable all coprocessors for user emulation. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200829104758.22337-1-jcmvbkbc@gmail.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-10-22target/riscv: raise exception to HS-mode at get_physical_addressYifei Jiang2-12/+34
VS-stage translation at get_physical_address needs to translate pte address by G-stage translation. But the G-stage translation error can not be distinguished from VS-stage translation error in riscv_cpu_tlb_fill. On migration, destination needs to rebuild pte, and this G-stage translation error must be handled by HS-mode. So introduce TRANSLATE_STAGE2_FAIL so that riscv_cpu_tlb_fill could distinguish and raise it to HS-mode. Signed-off-by: Yifei Jiang <jiangyifei@huawei.com> Signed-off-by: Yipeng Yin <yinyipeng1@huawei.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201014101728.848-1-jiangyifei@huawei.com [ Change by AF: - Clarify the fault_pte_addr shift ] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-10-22target/riscv: Fix implementation of HLVX.WU instructionGeorg Kotheimer1-3/+3
The HLVX.WU instruction is supposed to read a machine word, but prior to this change it read a byte instead. Fixes: 8c5362acb57 ("target/riscv: Allow generating hlv/hlvx/hsv instructions") Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201013172223.443645-1-georg.kotheimer@kernkonzept.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-10-22target/riscv: Fix update of hstatus.GVA in riscv_cpu_do_interruptGeorg Kotheimer1-1/+3
The hstatus.GVA bit was not set if the faulting guest virtual address was zero. Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201013173054.451135-1-georg.kotheimer@kernkonzept.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-10-22target/riscv: Fix update of hstatus.SPVPGeorg Kotheimer1-1/+1
When trapping from virt into HS mode, hstatus.SPVP was set to the value of sstatus.SPP, as according to the specification both flags should be set to the same value. However, the assignment of SPVP takes place before SPP itself is updated, which results in SPVP having an outdated value. Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201013151054.396481-1-georg.kotheimer@kernkonzept.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-10-22riscv: Convert interrupt logs to use qemu_log_mask()Alistair Francis2-2/+7
Currently we log interrupts and exceptions using the trace backend in riscv_cpu_do_interrupt(). We also log exceptions using the interrupt log mask (-d int) in riscv_raise_exception(). This patch converts riscv_cpu_do_interrupt() to log both interrupts and exceptions with the interrupt log mask, so that both are printed when a user runs QEMU with -d int. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 29a8c766c7c4748d0f2711c3a0abb81208138c5e.1601652179.git.alistair.francis@wdc.com
2020-10-22s390x: pv: Fix diag318 PV fencingJanosch Frank4-2/+14
Diag318 fencing needs to be determined on the current VM PV state and not on the state that the VM has when we create the CPU model. Fixes: fabdada935 ("s390: guest support for diagnose 0x318") Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Collin Walling <walling@linux.ibm.com> Acked-by: David Hildenbrand <david@redhat.com> Message-Id: <20201022103135.126033-3-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-10-20target/arm: Implement FPSCR.LTPSIZE for M-profile LOB extensionPeter Maydell3-0/+16
If the M-profile low-overhead-branch extension is implemented, FPSCR bits [18:16] are a new field LTPSIZE. If MVE is not implemented (currently always true for us) then this field always reads as 4 and ignores writes. These bits used to be the vector-length field for the old short-vector extension, so we need to take care that they are not misinterpreted as setting vec_len. We do this with a rearrangement of the vfp_set_fpscr() code that deals with vec_len, vec_stride and also the QC bit; this obviates the need for the M-profile only masking step that we used to have at the start of the function. We provide a new field in CPUState for LTPSIZE, even though this will always be 4, in preparation for MVE, so we don't have to come back later and split it out of the vfp.xregs[FPSCR] value. (This state struct field will be saved and restored as part of the FPSCR value via the vmstate_fpscr in machine.c.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201019151301.2046-11-peter.maydell@linaro.org
2020-10-20target/arm: Allow M-profile CPUs with FP16 to set FPSCR.FP16Peter Maydell1-19/+28
M-profile CPUs with half-precision floating point support should be able to write to FPSCR.FZ16, but an M-profile specific masking of the value at the top of vfp_set_fpscr() currently prevents that. This is not yet an active bug because we have no M-profile FP16 CPUs, but needs to be fixed before we can add any. The bits that the masking is effectively preventing from being set are the A-profile only short-vector Len and Stride fields, plus the Neon QC bit. Rearrange the order of the function so that those fields are handled earlier and only under a suitable guard; this allows us to drop the M-profile specific masking, making FZ16 writeable. This change also makes the QC bit correctly RAZ/WI for older no-Neon A-profile cores. This refactoring also paves the way for the low-overhead-branch LTPSIZE field, which uses some of the bits that are used for A-profile Stride and Len. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201019151301.2046-10-peter.maydell@linaro.org
2020-10-20target/arm: Fix has_vfp/has_neon ID reg squashing for M-profilePeter Maydell1-12/+19
In arm_cpu_realizefn(), if the CPU has VFP or Neon disabled then we squash the ID register fields so that we don't advertise it to the guest. This code was written for A-profile and needs some tweaks to work correctly on M-profile: * A-profile only fields should not be zeroed on M-profile: - MVFR0.FPSHVEC,FPTRAP - MVFR1.SIMDLS,SIMDINT,SIMDSP,SIMDHP - MVFR2.SIMDMISC * M-profile only fields should be zeroed on M-profile: - MVFR1.FP16 In particular, because MVFR1.SIMDHP on A-profile is the same field as MVFR1.FP16 on M-profile this code was incorrectly disabling FP16 support on an M-profile CPU (where has_neon is always false). This isn't a visible bug yet because we don't have any M-profile CPUs with FP16 support, but the change is necessary before we introduce any. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20201019151301.2046-9-peter.maydell@linaro.org
2020-10-20target/arm: Implement v8.1M low-overhead-loop instructionsPeter Maydell2-2/+99
v8.1M's "low-overhead-loop" extension has three instructions for looping: * DLS (start of a do-loop) * WLS (start of a while-loop) * LE (end of a loop) The loop-start instructions are both simple operations to start a loop whose iteration count (if any) is in LR. The loop-end instruction handles "decrement iteration count and jump back to loop start"; it also caches the information about the branch back to the start of the loop to improve performance of the branch on subsequent iterations. As with the branch-future instructions, the architecture permits an implementation to discard the LO_BRANCH_INFO cache at any time, and QEMU takes the IMPDEF option to never set it in the first place (equivalent to discarding it immediately), because for us a "real" implementation would be unnecessary complexity. (This implementation only provides the simple looping constructs; the vector extension MVE (Helium) adds some extra variants to handle looping across vectors. We'll add those later when we implement MVE.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201019151301.2046-8-peter.maydell@linaro.org
2020-10-20target/arm: Implement v8.1M branch-future insns (as NOPs)Peter Maydell3-1/+38
v8.1M implements a new 'branch future' feature, which is a set of instructions that request the CPU to perform a branch "in the future", when it reaches a particular execution address. In hardware, the expected implementation is that the information about the branch location and destination is cached and then acted upon when execution reaches the specified address. However the architecture permits an implementation to discard this cached information at any point, and so guest code must always include a normal branch insn at the branch point as a fallback. In particular, an implementation is specifically permitted to treat all BF insns as NOPs (which is equivalent to discarding the cached information immediately). For QEMU, implementing this caching of branch information would be complicated and would not improve the speed of execution at all, so we make the IMPDEF choice to implement all BF insns as NOPs. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20201019151301.2046-7-peter.maydell@linaro.org
2020-10-20target/arm: Don't allow BLX imm for M-profilePeter Maydell1-0/+8
The BLX immediate insn in the Thumb encoding always performs a switch from Thumb to Arm state. This would be totally useless in M-profile which has no Arm decoder, and so the instruction does not exist at all there. Make the encoding UNDEF for M-profile. (This part of the encoding space is used for the branch-future and low-overhead-loop insns in v8.1M.) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20201019151301.2046-6-peter.maydell@linaro.org
2020-10-20target/arm: Make the t32 insn[25:23]=111 group non-overlappingPeter Maydell1-13/+11
The t32 decode has a group which represents a set of insns which overlap with B_cond_thumb because they have [25:23]=111 (which is an invalid condition code field for the branch insn). This group is currently defined using the {} overlap-OK syntax, but it is almost entirely non-overlapping patterns. Switch it over to use a non-overlapping group. For this to be valid syntactically, CPS must move into the same overlapping-group as the hint insns (CPS vs hints was the only actual use of the overlap facility for the group). The non-overlapping subgroup for CLREX/DSB/DMB/ISB/SB is no longer necessary and so we can remove it (promoting those insns to be members of the parent group). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20201019151301.2046-5-peter.maydell@linaro.org
2020-10-20target/arm: Implement v8.1M conditional-select insnsPeter Maydell2-0/+63
v8.1M brings four new insns to M-profile: * CSEL : Rd = cond ? Rn : Rm * CSINC : Rd = cond ? Rn : Rm+1 * CSINV : Rd = cond ? Rn : ~Rm * CSNEG : Rd = cond ? Rn : -Rm Implement these. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20201019151301.2046-4-peter.maydell@linaro.org
2020-10-20target/arm: Implement v8.1M NOCP handlingPeter Maydell3-6/+22
From v8.1M, disabled-coprocessor handling changes slightly: * coprocessors 8, 9, 14 and 15 are also governed by the cp10 enable bit, like cp11 * an extra range of instruction patterns is considered to be inside the coprocessor space We previously marked these up with TODO comments; implement the correct behaviour. Unfortunately there is no ID register field which indicates this behaviour. We could in theory test an unrelated ID register which indicates guaranteed-to-be-in-v8.1M behaviour like ID_ISAR0.CmpBranch >= 3 (low-overhead-loops), but it seems better to simply define a new ARM_FEATURE_V8_1M feature flag and use it for this and other new-in-v8.1M behaviour that isn't identifiable from the ID registers. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201019151301.2046-3-peter.maydell@linaro.org
2020-10-20target/arm: Ignore HCR_EL2.ATA when {E2H,TGE} != 11Richard Henderson2-8/+10
Unlike many other bits in HCR_EL2, the description for this bit does not contain the phrase "if ... this field behaves as 0 for all purposes other than", so do not squash the bit in arm_hcr_el2_eff. Instead, replicate the E2H+TGE test in the two places that require it. Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Message-id: 20201008162155.161886-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20target/arm: Fix reported EL for mte_check_failRichard Henderson1-7/+3
The reporting in AArch64.TagCheckFail only depends on PSTATE.EL, and not the AccType of the operation. There are two guest visible problems that affect LDTR and STTR because of this: (1) Selecting TCF0 vs TCF1 to decide on reporting, (2) Report "data abort same el" not "data abort lower el". Reported-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Message-id: 20201008162155.161886-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20target/arm: Remove redundant mmu_idx lookupRichard Henderson1-2/+1
We already have the full ARMMMUIdx as computed from the function parameter. For the purpose of regime_has_2_ranges, we can ignore any difference between AccType_Normal and AccType_Unpriv, which would be the only difference between the passed mmu_idx and arm_mmu_idx_el. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Tested-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Message-id: 20201008162155.161886-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20target/arm: Use tlb_flush_page_bits_by_mmuidx*Richard Henderson1-7/+39
When TBI is enabled in a given regime, 56 bits of the address are significant and we need to clear out any other matching virtual addresses with differing tags. The other uses of tlb_flush_page (without mmuidx) in this file are only used by aarch32 mode. Fixes: 38d931687fa1 Reported-by: Jordan Frank <jordanfrank@fb.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201016210754.818257-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-20target/arm: AArch32 VCVT fixed-point to float is always round-to-nearestPeter Maydell3-13/+47
For AArch32, unlike the VCVT of integer to float, which honours the rounding mode specified by the FPSCR, VCVT of fixed-point to float is always round-to-nearest. (AArch64 fixed-point-to-float conversions always honour the FPCR rounding mode.) Implement this by providing _round_to_nearest versions of the relevant helpers which set the rounding mode temporarily when making the call to the underlying softfloat function. We only need to change the VFP VCVT instructions, because the standard- FPSCR value used by the Neon VCVT is always set to round-to-nearest, so we don't need to do the extra work of saving and restoring the rounding mode. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201013103532.13391-1-peter.maydell@linaro.org
2020-10-20target/arm: Fix SMLAD incorrect setting of Q bitPeter Maydell1-11/+49
The SMLAD instruction is supposed to: * signed multiply Rn[15:0] * Rm[15:0] * signed multiply Rn[31:16] * Rm[31:16] * perform a signed addition of the products and Ra * set Rd to the low 32 bits of the theoretical infinite-precision result * set the Q flag if the sign-extension of Rd would differ from the infinite-precision result (ie on overflow) Our current implementation doesn't quite do this, though: it performs an addition of the products setting Q on overflow, and then it adds Ra, again possibly setting Q. This sometimes incorrectly sets Q when the architecturally mandated only-check-for-overflow-once algorithm does not. For instance: r1 = 0x80008000; r2 = 0x80008000; r3 = 0xffffffff smlad r0, r1, r2, r3 This is (-32768 * -32768) + (-32768 * -32768) - 1 The products are both 0x4000_0000, so when added together as 32-bit signed numbers they overflow (and QEMU sets Q), but because the addition of Ra == -1 brings the total back down to 0x7fff_ffff there is no overflow for the complete operation and setting Q is incorrect. Fix this edge case by resorting to 64-bit arithmetic for the case where we need to add three values together. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201009144712.11187-1-peter.maydell@linaro.org
2020-10-19Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-next-20201017' ↵Peter Maydell9-109/+756
into staging MIPS patches queue . Fix some comment spelling errors . Demacro some TCG helpers . Add loongson-ext lswc2/lsdc2 group of instructions . Log unimplemented cache opcode . Increase number of TLB entries on the 34Kf core . Allow the CPU to use dynamic frequencies . Calculate the CP0 timer period using the CPU frequency . Set CPU frequency for each machine . Fix Malta FPGA I/O region size . Allow running qtests when ROM is missing . Add record/replay acceptance tests . Update MIPS CPU documentation . MAINTAINERS updates CI jobs results: https://gitlab.com/philmd/qemu/-/pipelines/203931842 https://travis-ci.org/github/philmd/qemu/builds/736491461 https://cirrus-ci.com/build/6272264062631936 https://app.shippable.com/github/philmd/qemu/runs/886/summary/console # gpg: Signature made Sat 17 Oct 2020 14:59:53 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/mips-next-20201017: (44 commits) target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64) MAINTAINERS: Remove duplicated Malta test entries MAINTAINERS: Downgrade MIPS Boston to 'Odd Fixes', fix Paul Burton mail MAINTAINERS: Put myself forward for MIPS target MAINTAINERS: Remove myself docs/system: Update MIPS CPU documentation tests/acceptance: Add MIPS record/replay tests hw/mips: Remove exit(1) in case of missing ROM hw/mips: Rename TYPE_MIPS_BOSTON to TYPE_BOSTON hw/mips: Simplify code using ROUND_UP(INITRD_PAGE_SIZE) hw/mips: Simplify loading 64-bit ELF kernels hw/mips/malta: Use clearer qdev style hw/mips/malta: Move gt64120 related code together hw/mips/malta: Fix FPGA I/O region size target/mips/cpu: Display warning when CPU is used without input clock hw/mips/cps: Do not allow use without input clock hw/mips/malta: Set CPU frequency to 320 MHz hw/mips/boston: Set CPU frequency to 1 GHz hw/mips/cps: Expose input clock and connect it to CPU cores hw/mips/jazz: Correct CPU frequencies ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-17Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell1-0/+1
staging * Drop ninjatool and just require ninja (Paolo) * Fix docs build under msys2 (Yonggang) * HAX snafu fix (Claudio) * Disable signal handlers during fuzzing (Alex) * Miscellaneous fixes (Bruce, Greg) # gpg: Signature made Sat 17 Oct 2020 15:45:56 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (22 commits) ci: include configure and meson logs in all jobs if configure fails hax: unbreak accelerator cpu code after cpus.c split fuzz: Disable QEMU's SIG{INT,HUP,TERM} handlers cirrus: Enable doc build on msys2/mingw meson: Move the detection logic for sphinx to meson meson: move SPHINX_ARGS references within "if build_docs" docs: Fix Sphinx configuration for msys2/mingw meson: Only install icons and qemu.desktop if have_system configure: fix handling of --docdir parameter meson: cleanup curses/iconv test meson.build: don't condition iconv detection on library detection build: add --enable/--disable-libudev build: replace ninjatool with ninja build: cleanups to Makefile add ninja to dockerfiles, CI configurations and test VMs dockerfiles: enable Centos 8 PowerTools configure: move QEMU_INCLUDES to meson tests: add missing generated sources to testqapi make: run shell with pipefail tests/Makefile.include: unbreak non-tcg builds ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-17hax: unbreak accelerator cpu code after cpus.c splitClaudio Fontana1-0/+1
during my split of cpus.c, code line "current_cpu = cpu" was removed by mistake, causing hax to break. This commit fixes the situation restoring it. Reported-by: Volker Rümelin <vr_qemu@t-online.de> Fixes: e92558e4bf8059ce4f0b310afe218802b72766bc Signed-off-by: Claudio Fontana <cfontana@suse.de> Message-Id: <20201016080032.13914-1-cfontana@suse.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-10-17target/mips: Increase number of TLB entries on the 34Kf core (16 -> 64)Philippe Mathieu-Daudé1-1/+1
Per "MIPS32 34K Processor Core Family Software User's Manual, Revision 01.13" page 8 in "Joint TLB (JTLB)" section: "The JTLB is a fully associative TLB cache containing 16, 32, or 64-dual-entries mapping up to 128 virtual pages to their corresponding physical addresses." There is no particular reason to restrict the 34Kf core model to 16 TLB entries, so raise its config to 64. This is helpful for other projects, in particular the Yocto Project: Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit MIPS CI loop. It was observed that in this case CI test execution time was almost twice longer than 64bit MIPS variant that runs under MIPS64R2-generic model. It was investigated and concluded that the difference in number of TLBs 16 in 34Kf case vs 64 in MIPS64R2-generic is responsible for most of CI real time execution difference. Because with 16 TLBs linux user-land trashes TLB more and it needs to execute more instructions in TLB refill handler calls, as result it runs much longer. (https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html) Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992 Reported-by: Victor Kamensky <kamensky@cisco.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201016133317.553068-1-f4bug@amsat.org>
2020-10-17target/mips/cpu: Display warning when CPU is used without input clockPhilippe Mathieu-Daudé1-0/+10
All our QOM users provides an input clock. In order to avoid avoid future machines added without clock, display a warning. User-mode emulation use the CP0 timer with the RDHWR instruction (see commit cdfcad788394) so keep using the fixed 200 MHz clock without diplaying any warning. Only display it in system-mode emulation. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201012095804.3335117-22-f4bug@amsat.org>
2020-10-17target/mips/cpu: Introduce mips_cpu_create_with_clock() helperPhilippe Mathieu-Daudé2-0/+24
Introduce an helper to create a MIPS CPU and connect it to a reference clock. This helper is not MIPS specific, but so far only MIPS CPUs need it. Suggested-by: Huacai Chen <zltjiangshi@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201012095804.3335117-13-f4bug@amsat.org>
2020-10-17target/mips/cpu: Allow the CPU to use dynamic frequenciesPhilippe Mathieu-Daudé2-2/+13
Use the Clock API and let the CPU object have an input clock. If no clock is connected, keep using the default frequency of 200 MHz used since the introduction of the 'r4k' machine in commit 6af0bf9c7c3. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201012095804.3335117-12-f4bug@amsat.org>
2020-10-17target/mips/cpu: Make cp0_count_rate a propertyPhilippe Mathieu-Daudé2-8/+20
Since not all CPU implementations use a cores use a CP0 timer at half the frequency of the CPU, make this variable a property. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201012095804.3335117-11-f4bug@amsat.org>
2020-10-17target/mips/cpu: Calculate the CP0 timer period using the CPU frequencyPhilippe Mathieu-Daudé1-2/+2
The CP0 timer period is a function of the CPU frequency. Start using the default values, which will be replaced by properties in the next commits. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Message-Id: <20201012095804.3335117-10-f4bug@amsat.org>
2020-10-17target/mips: Move cp0_count_ns to CPUMIPSStatePhilippe Mathieu-Daudé3-17/+28
Currently the CP0 timer period is fixed at 10 ns, corresponding to a fixed CPU frequency of 200 MHz (using half the speed of the CPU). In few commits we will be able to use a different CPU frequency. In preparation, move the cp0_count_ns variable to CPUMIPSState so we can modify it. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Message-Id: <20201012095804.3335117-9-f4bug@amsat.org>
2020-10-17target/mips/cp0_timer: Document TIMER_PERIOD originPhilippe Mathieu-Daudé1-1/+11
TIMER_PERIOD value of '10 ns' can be explained looking at commit 6af0bf9c7c3doc, where the CPU frequency is 200 MHz and CP0 default count rate is half the frequency of the CPU. Document that. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201012095804.3335117-8-f4bug@amsat.org>
2020-10-17target/mips/cp0_timer: Explicit unit in variable namePhilippe Mathieu-Daudé1-9/+10
Name variables holding nanoseconds with the '_ns' suffix. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> Message-Id: <20201012095804.3335117-7-f4bug@amsat.org>
2020-10-17target/mips: Move cpu_mips_get_random() with CP0 helpersPhilippe Mathieu-Daudé3-26/+26
The get_random() helper uses the CP0_Wired register, which is unrelated to the CP0_Count register used as timer. Commit e16fe40c872 ("Move the MIPS CPU timer in a separate file") incorrectly moved this get_random() helper with timer specific code. Move it back to generic CP0 helpers. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Message-Id: <20201012095804.3335117-6-f4bug@amsat.org>
2020-10-17target/mips/op_helper: Log unimplemented cache opcodePhilippe Mathieu-Daudé1-0/+9
In case the guest uses a cache opcode we are not expecting, log it to give us a chance to notice it, in case we should actually do something. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Message-Id: <20200813181527.22551-4-f4bug@amsat.org>
2020-10-17target/mips/op_helper: Document Invalidate/Writeback opcodes as no-opPhilippe Mathieu-Daudé1-0/+5
QEMU does not model caches, so there is not much to do with the Invalidate/Writeback opcodes. Make it explicit adding a comment. Suggested-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Message-Id: <20200813181527.22551-3-f4bug@amsat.org>