summaryrefslogtreecommitdiffstats
path: root/target
Commit message (Collapse)AuthorAgeFilesLines
...
* | | ppc/translate: Rewrite gen_lxvdsx to use gvec primitivesGiuseppe Musacchio2020-12-141-23/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the implementation match the lxvwsx one. The code is now shorter smaller and potentially faster as the translation will use the host SIMD capabilities if available. No functional change. Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com> Message-Id: <a463dea379da4cb3a22de49c678932f74fb15dd7.1604912739.git.thatlemon@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | | ppc/translate: Raise exceptions after setting the ccGiuseppe Musacchio2020-12-141-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PowerISA reference states that the comparison operators update the FPCC, CR and FPSCR and, if VE=1, jump to the exception handler. Moving the exception-triggering code after the CC update sequence solves the problem. Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201112230130.65262-5-thatlemon@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | | ppc/translate: Delay NaN checking after comparisonGiuseppe Musacchio2020-12-141-38/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we always perform a comparison between the two operands avoid checking for NaN unless the result states they're unordered. Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201112230130.65262-4-thatlemon@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | | ppc/translate: Turn the helper macros into functionsGiuseppe Musacchio2020-12-141-105/+123
| | | | | | | | | | | | | | | | | | | | | | | | Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201112230130.65262-3-thatlemon@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | | ppc/translate: Fix unordered f64/f128 comparisonsGiuseppe Musacchio2020-12-141-10/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to the PowerISA v3.1 reference, Table 68 "Actions for xscmpudp - Part 1: Compare Unordered", whenever one of the two operands is a NaN the SO bit is set while the other three bits are cleared. Apply the same change to xscmpuqp. The respective ordered counterparts are unaffected. Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com> Message-Id: <20201112230130.65262-2-thatlemon@gmail.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | | target/ppc: replaced the TODO with LOG_UNIMP and add break for silence warningsChen Qun2020-12-141-2/+3
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using -Wimplicit-fallthrough in our CFLAGS, the compiler showed warning: target/ppc/mmu_helper.c: In function ‘dump_mmu’: target/ppc/mmu_helper.c:1351:12: warning: this statement may fall through [-Wimplicit-fallthrough=] 1351 | if (ppc64_v3_radix(env_archcpu(env))) { | ^ target/ppc/mmu_helper.c:1358:5: note: here 1358 | default: | ^~~~~~~ Use "qemu_log_mask(LOG_UNIMP**)" instead of the TODO comment. And add the break statement to fix it. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20201116024810.2415819-8-kuhn.chenqun@huawei.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | m68k: fix some comment spelling errorszhaolichang2020-12-121-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | I found that there are many spelling errors in the comments of qemu/target/m68k. I used spellcheck to check the spelling errors and found some errors in the folder. Signed-off-by: zhaolichang <zhaolichang@huawei.com> Reviewed-by: David Edmondson <david.edmondson@oracle.com> Reviewed-by: Philippe Mathieu-Daude<f4bug@amsat.org> Reviewed-by: Laurent Vivier<laurent@vivier.eu> Message-Id: <20201009064449.2336-9-zhaolichang@huawei.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* | target/m68k: Add vmstate definition for M68kCPULaurent Vivier2020-12-123-6/+198
| | | | | | | | | | Signed-off-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20201022203000.1922749-3-laurent@vivier.eu>
* | target/m68k: remove useless qregs arrayLaurent Vivier2020-12-121-4/+0Star
|/ | | | | | | | | | They are unused since the target has been converted to TCG. Fixes: e1f3808e03f7 ("Convert m68k target to TCG.") Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201022203000.1922749-2-laurent@vivier.eu>
* Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20201211' into stagingPeter Maydell2020-12-111-0/+5
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First set of 6.0 patches for s390x: - acceptance test for device detection - bugfixes # gpg: Signature made Fri 11 Dec 2020 12:21:45 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20201211: s390x/cpu: Use timer_free() in the finalize function to avoid memleaks tests/acceptance: test s390x zpci fid propagation tests/acceptance: verify s390x device detection tests/acceptance: test virtio-ccw revision handling tests/acceptance: add a test for devices on s390x hw/watchdog/wdt_diag288: Remove unnecessary includes Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * s390x/cpu: Use timer_free() in the finalize function to avoid memleaksGan Qixin2020-12-111-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running device-introspect-test, a memory leak occurred in the s390_cpu_initfn function, this patch use timer_free() in the finalize function to fix it. ASAN shows memory leak stack: Direct leak of 3552 byte(s) in 74 object(s) allocated from: #0 0xfffeb3d4e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0) #1 0xfffeb36e6800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800) #2 0xaaad51a8f9c4 in timer_new_full qemu/include/qemu/timer.h:523 #3 0xaaad51a8f9c4 in timer_new qemu/include/qemu/timer.h:544 #4 0xaaad51a8f9c4 in timer_new_ns qemu/include/qemu/timer.h:562 #5 0xaaad51a8f9c4 in s390_cpu_initfn qemu/target/s390x/cpu.c:304 #6 0xaaad51e00f58 in object_init_with_type qemu/qom/object.c:371 #7 0xaaad51e0406c in object_initialize_with_type qemu/qom/object.c:515 #8 0xaaad51e042e0 in object_new_with_type qemu/qom/object.c:729 #9 0xaaad51e3ff40 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153 #10 0xaaad51910518 in qdev_device_help qemu/softmmu/qdev-monitor.c:283 #11 0xaaad51911918 in qmp_device_add qemu/softmmu/qdev-monitor.c:801 #12 0xaaad51911e48 in hmp_device_add qemu/softmmu/qdev-monitor.c:916 Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Gan Qixin <ganqixin@huawei.com> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20201204081209.360524-4-ganqixin@huawei.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
* | Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell2020-12-1114-68/+632
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging * Fix for NULL segments (Bin Meng) * Support for 32768 CPUs on x86 without IOMMU (David) * PDEP/PEXT fix and testcase (myself) * Remove bios_name and ram_size globals (myself) * qemu_init rationalization (myself) * Update kernel-doc (myself + upstream patches) * Propagate MemTxResult across DMA and PCI functions (Philippe) * Remove master/slave when applicable (Philippe) * WHPX support for in-kernel irqchip (Sunil) # gpg: Signature made Thu 10 Dec 2020 17:21:50 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (113 commits) scripts: kernel-doc: remove unnecessary change wrt Linux Revert "docs: temporarily disable the kernel-doc extension" scripts: kernel-doc: use :c:union when needed scripts: kernel-doc: split typedef complex regex scripts: kernel-doc: fix typedef parsing Revert "kernel-doc: Handle function typedefs that return pointers" Revert "kernel-doc: Handle function typedefs without asterisks" scripts: kernel-doc: try to use c:function if possible scripts: kernel-doc: fix line number handling scripts: kernel-doc: allow passing desired Sphinx C domain dialect scripts: kernel-doc: don't mangle with parameter list scripts: kernel-doc: fix typedef identification scripts: kernel-doc: reimplement -nofunction argument scripts: kernel-doc: fix troubles with line counts scripts: kernel-doc: use a less pedantic markup for funcs on Sphinx 3.x scripts: kernel-doc: make it more compatible with Sphinx 3.x Revert "kernel-doc: Use c:struct for Sphinx 3.0 and later" Revert "scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments" scripts: kernel-doc: add support for typedef enum kernel-doc: add support for ____cacheline_aligned attribute ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | s390x: do not use ram_size globalPaolo Bonzini2020-12-103-5/+12
| | | | | | | | | | | | | | | | | | | | | Use the machine properties instead. Cc: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | m68k: do not use ram_size globalPaolo Bonzini2020-12-101-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | Use the machine properties instead. Cc: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | arm: do not use ram_size globalPaolo Bonzini2020-12-101-1/+2
| | | | | | | | | | | | | | | | | | | | | Use the machine properties instead. Cc: qemu-ppc@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | WHPX: support for the kernel-irqchip on/offSunil Muthuswamy2020-12-105-35/+543
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support the kernel-irqchip option for WHPX with on or off value. 'split' value is not supported for the option. The option only works for the latest version of Windows (ones that are coming out on Insiders). The change maintains backward compatibility on older version of Windows where this option is not supported. Signed-off-by: Sunil Muthuswamy <sunilmut@microsoft.com> Message-Id: <SN4PR2101MB0880B13258DA9251F8459F4DC0170@SN4PR2101MB0880.namprd21.prod.outlook.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | target/i386: seg_helper: Correct segment selector nullification in the ↵Bin Meng2020-12-101-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RET/IRET helper Per the SDM, when returning to outer privilege level, for segment registers (ES, FS, GS, and DS) if the check fails, the segment selector becomes null, but QEMU clears the base/limit/flags as well as nullifying the segment selector, which should be a spec violation. Real hardware seems to be compliant with the spec, at least on one Coffee Lake board I tested. Signed-off-by: Bin Meng <bin.meng@windriver.com> Message-Id: <1605261378-77971-1-git-send-email-bmeng.cn@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | target/i386: Support up to 32768 CPUs without IRQ remappingDavid Woodhouse2020-12-103-20/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The IOAPIC has an 'Extended Destination ID' field in its RTE, which maps to bits 11-4 of the MSI address. Since those address bits fall within a given 4KiB page they were historically non-trivial to use on real hardware. The Intel IOMMU uses the lowest bit to indicate a remappable format MSI, and then the remaining 7 bits are part of the index. Where the remappable format bit isn't set, we can actually use the other seven to allow external (IOAPIC and MSI) interrupts to reach up to 32768 CPUs instead of just the 255 permitted on bare metal. Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Message-Id: <78097f9218300e63e751e077a0a5ca029b56ba46.camel@infradead.org> [Fix UBSAN warning. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| * | target/i386: fix operand order for PDEP and PEXTPaolo Bonzini2020-12-101-4/+4
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | For PDEP and PEXT, the mask is provided in the memory (mod+r/m) operand, and therefore is loaded in s->T0 by gen_ldst_modrm. The source is provided in the second source operand (VEX.vvvv) and therefore is loaded in s->T1. Fix the order in which they are passed to the helpers. Reported-by: Lenard Szolnoki <blog@lenardszolnoki.com> Analyzed-by: Lenard Szolnoki <blog@lenardszolnoki.com> Fixes: https://bugs.launchpad.net/qemu/+bug/1605123 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | i386/cpu: Make the Intel PT LIP feature configurableLuwei Kang2020-12-102-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation will disable the guest Intel PT feature if the Intel PT LIP feature is supported on the host, but the LIP feature is comming soon(e.g. SnowRidge and later). This patch will make the guest LIP feature configurable and Intel PT feature can be enabled in guest when the guest LIP status same with the host. Signed-off-by: Luwei Kang <luwei.kang@intel.com> Message-Id: <20201202101042.11967-1-luwei.kang@intel.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* | sev: add sev-inject-launch-secretTobin Feldman-Fitzthum2020-12-104-0/+78
|/ | | | | | | | | | | | | | | | AMD SEV allows a guest owner to inject a secret blob into the memory of a virtual machine. The secret is encrypted with the SEV Transport Encryption Key and integrity is guaranteed with the Transport Integrity Key. Although QEMU facilitates the injection of the launch secret, it cannot access the secret. Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Message-Id: <20201027170303.47550-1-tobin@linux.ibm.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* target/arm: Implement M-profile "minimal RAS implementation"Peter Maydell2020-12-102-0/+18
| | | | | | | | | | | | | | | | | | | | | For v8.1M the architecture mandates that CPUs must provide at least the "minimal RAS implementation" from the Reliability, Availability and Serviceability extension. This consists of: * an ESB instruction which is a NOP -- since it is in the HINT space we need only add a comment * an RFSR register which will RAZ/WI * a RAZ/WI AIRCR.IESB bit -- the code which handles writes to AIRCR does not allow setting of RES0 bits, so we already treat this as RAZ/WI; add a comment noting that this is deliberate * minimal implementation of the RAS register block at 0xe0005000 -- this will be in a subsequent commit * setting the ID_PFR0.RAS field to 0b0010 -- we will do this when we add the Cortex-M55 CPU model Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-26-peter.maydell@linaro.org
* target/arm: Implement CCR_S.TRD behaviour for SG insnsPeter Maydell2020-12-101-0/+86
| | | | | | | | | | v8.1M introduces a new TRD flag in the CCR register, which enables checking for stack frame integrity signatures on SG instructions. Add the code in the SG insn implementation for the new behaviour. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-24-peter.maydell@linaro.org
* hw/intc/armv7m_nvic: Support v8.1M CCR.TRD bitPeter Maydell2020-12-101-0/+2
| | | | | | | | | | | v8.1M introduces a new TRD flag in the CCR register, which enables checking for stack frame integrity signatures on SG instructions. This bit is not banked, and is always RAZ/WI to Non-secure code. Adjust the code for handling CCR reads and writes to handle this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-23-peter.maydell@linaro.org
* target/arm: Implement new v8.1M VLLDM and VLSTM encodingsPeter Maydell2020-12-102-1/+26
| | | | | | | | | | | | | | | | | v8.1M adds new encodings of VLLDM and VLSTM (where bit 7 is set). The only difference is that: * the old T1 encodings UNDEF if the implementation implements 32 Dregs (this is currently architecturally impossible for M-profile) * the new T2 encodings have the implementation-defined option to read from memory (discarding the data) or write UNKNOWN values to memory for the stack slots that would be D16-D31 We choose not to make those accesses, so for us the two instructions behave identically assuming they don't UNDEF. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-21-peter.maydell@linaro.org
* target/arm: Implement new v8.1M NOCP check for exception returnPeter Maydell2020-12-101-1/+21
| | | | | | | | | | | | | | | | | | In v8.1M a new exception return check is added which may cause a NOCP UsageFault (see rule R_XLTP): before we clear s0..s15 and the FPSCR we must check whether access to CP10 from the Security state of the returning exception is disabled; if it is then we must take a fault. (Note that for our implementation CPPWR is always RAZ/WI and so can never cause CP10 accesses to fail.) The other v8.1M change to this register-clearing code is that if MVE is implemented VPR must also be cleared, so add a TODO comment to that effect. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-20-peter.maydell@linaro.org
* target/arm: In v8.1M, don't set HFSR.FORCED on vector table fetch failuresPeter Maydell2020-12-101-1/+5
| | | | | | | | | | In v8.1M, vector table fetch failures don't set HFSR.FORCED (see rule R_LLRP). (In previous versions of the architecture this was either required or IMPDEF.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-18-peter.maydell@linaro.org
* target/arm: For v8.1M, always clear R0-R3, R12, APSR, EPSR on exception entryPeter Maydell2020-12-101-4/+12
| | | | | | | | | | | | | | | In v8.0M, on exception entry the registers R0-R3, R12, APSR and EPSR are zeroed for an exception taken to Non-secure state; for an exception taken to Secure state they become UNKNOWN, and we chose to leave them at their previous values. In v8.1M the behaviour is specified more tightly and these registers are always zeroed regardless of the security state that the exception targets (see rule R_KPZV). Implement this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-17-peter.maydell@linaro.org
* hw/intc/armv7m_nvic: Update FPDSCR masking for v8.1MPeter Maydell2020-12-102-0/+8
| | | | | | | | | | | The FPDSCR register has a similar layout to the FPSCR. In v8.1M it gains new fields FZ16 (if half-precision floating point is supported) and LTPSIZE (always reads as 4). Update the reset value and the code that handles writes to this register accordingly. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-16-peter.maydell@linaro.org
* target/arm: Implement FPCXT_S fp system registerPeter Maydell2020-12-101-0/+58
| | | | | | | | | | | Implement the new-in-v8.1M FPCXT_S floating point system register. This is for saving and restoring the secure floating point context, and it reads and writes bits [27:0] from the FPSCR and the CONTROL.SFPA bit in bit [31]. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-14-peter.maydell@linaro.org
* target/arm: Factor out preserve-fp-state from full_vfp_access_check()Peter Maydell2020-12-101-18/+27
| | | | | | | | | | | | | | Factor out the code which handles M-profile lazy FP state preservation from full_vfp_access_check(); accesses to the FPCXT_NS register are a special case which need to do just this part (corresponding in the pseudocode to the PreserveFPState() function), and not the full set of actions matching the pseudocode ExecuteFPCheck() which normal FP instructions need to do. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201119215617.29887-13-peter.maydell@linaro.org
* target/arm: Use new FPCR_NZCV_MASK constantPeter Maydell2020-12-101-2/+2
| | | | | | | | | | | We defined a constant name for the mask of NZCV bits in the FPCR/FPSCR in the previous commit; use it in a couple of places in existing code, where we're masking out everything except NZCV for the "load to Rt=15 sets CPSR.NZCV" special case. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-12-peter.maydell@linaro.org
* target/arm: Implement M-profile FPSCR_nzcvqcPeter Maydell2020-12-102-0/+40
| | | | | | | | | | | | | | | | v8.1M defines a new FP system register FPSCR_nzcvqc; this behaves like the existing FPSCR, except that it reads and writes only bits [31:27] of the FPSCR (the N, Z, C, V and QC flag bits). (Unlike the FPSCR, the special case for Rt=15 of writing the CPSR.NZCV is not permitted.) Implement the register. Since we don't yet implement MVE, we handle the QC bit as RES0, with todo comments for where we will need to add support later. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-11-peter.maydell@linaro.org
* target/arm: Implement VLDR/VSTR system registerPeter Maydell2020-12-102-0/+105
| | | | | | | | | Implement the new-in-v8.1M VLDR/VSTR variants which directly read or write FP system registers to memory. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-10-peter.maydell@linaro.org
* target/arm: Move general-use constant expanders up in translate.cPeter Maydell2020-12-101-21/+25
| | | | | | | | | | The constant-expander functions like negate, plus_2, etc, are generally useful; move them up in translate.c so we can use them in the VFP/Neon decoders as well as in the A32/T32/T16 decoders. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-9-peter.maydell@linaro.org
* target/arm: Refactor M-profile VMSR/VMRS handlingPeter Maydell2020-12-102-11/+168
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently M-profile borrows the A-profile code for VMSR and VMRS (access to the FP system registers), because all it needs to support is the FPSCR. In v8.1M things become significantly more complicated in two ways: * there are several new FP system registers; some have side effects on read, and one (FPCXT_NS) needs to avoid the usual vfp_access_check() and the "only if FPU implemented" check * all sysregs are now accessible both by VMRS/VMSR (which reads/writes a general purpose register) and also by VLDR/VSTR (which reads/writes them directly to memory) Refactor the structure of how we handle VMSR/VMRS to cope with this: * keep the M-profile code entirely separate from the A-profile code * abstract out the "read or write the general purpose register" part of the code into a loadfn or storefn function pointer, so we can reuse it for VLDR/VSTR. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-8-peter.maydell@linaro.org
* target/arm: Enforce M-profile VMRS/VMSR register restrictionsPeter Maydell2020-12-101-1/+4
| | | | | | | | | | | For M-profile before v8.1M, the only valid register for VMSR/VMRS is the FPSCR. We have a comment that states this, but the actual logic to forbid accesses for any other register value is missing, so we would end up with A-profile style behaviour. Add the missing check. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-7-peter.maydell@linaro.org
* target/arm: Implement CLRM instructionPeter Maydell2020-12-102-1/+43
| | | | | | | | | | | | In v8.1M the new CLRM instruction allows zeroing an arbitrary set of the general-purpose registers and APSR. Implement this. The encoding is a subset of the LDMIA T2 encoding, using what would be Rn=0b1111 (which UNDEFs for LDMIA). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-6-peter.maydell@linaro.org
* target/arm: Implement VSCCLRM insnPeter Maydell2020-12-104-11/+111
| | | | | | | | | | | | | | | Implement the v8.1M VSCCLRM insn, which zeros floating point registers if there is an active floating point context. This requires support in write_neon_element32() for the MO_32 element size, so add it. Because we want to use arm_gen_condlabel(), we need to move the definition of that function up in translate.c so it is before the #include of translate-vfp.c.inc. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-5-peter.maydell@linaro.org
* target/arm: Don't clobber ID_PFR1.Security on M-profile coresPeter Maydell2020-12-101-1/+1
| | | | | | | | | | | | | | | | | | | In arm_cpu_realizefn() we check whether the board code disabled EL3 via the has_el3 CPU object property, which we create if the CPU starts with the ARM_FEATURE_EL3 feature bit. If it is disabled, then we turn off ARM_FEATURE_EL3 and also zero out the relevant fields in the ID_PFR1 and ID_AA64PFR0 registers. This codepath was incorrectly being taken for M-profile CPUs, which do not have an EL3 and don't set ARM_FEATURE_EL3, but which may have the M-profile Security extension and so should have non-zero values in the ID_PFR1.Security field. Restrict the handling of the feature flag to A/R-profile cores. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-4-peter.maydell@linaro.org
* target/arm: Implement v8.1M PXN extensionPeter Maydell2020-12-101-1/+6
| | | | | | | | | | | | | In v8.1M the PXN architecture extension adds a new PXN bit to the MPU_RLAR registers, which forbids execution of code in the region from a privileged mode. This is another feature which is just in the generic "in v8.1M" set and has no ID register field indicating its presence. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201119215617.29887-3-peter.maydell@linaro.org
* ppc/translate: Implement lxvwsx opcodeLemonBoy2020-11-242-0/+31
| | | | | | | | | | | Implement the "Load VSX Vector Word & Splat Indexed" opcode, introduced in Power ISA v3.0. Buglink: https://bugs.launchpad.net/qemu/+bug/1793608 Signed-off-by: Giuseppe Musacchio <thatlemon@gmail.com> Message-Id: <d7d533e18c2bc10d924ee3e09907ff2b41fddb3a.1604912739.git.thatlemon@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* target/arm: Make SYS_HEAPINFO work with RAM that doesn't start at 0Peter Maydell2020-11-231-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The semihosting SYS_HEAPINFO call is supposed to return an array of four guest addresses: * base of heap memory * limit of heap memory * base of stack memory * limit of stack memory Some semihosting programs (including those compiled to use the 'newlib' embedded C library) use this call to work out where they should initialize themselves to. QEMU's implementation when in system emulation mode is very simplistic: we say that the heap starts halfway into RAM and continues to the end of RAM, and the stack starts at the top of RAM and works down to the bottom. Unfortunately the code assumes that the base address of RAM is at address 0, so on boards like 'virt' where this is not true the addresses returned will all be wrong and the guest application will usually crash. Conveniently since all Arm boards call arm_load_kernel() we have the base address of the main RAM block in the arm_boot_info struct which is accessible via the CPU object. Use this to return sensible values from SYS_HEAPINFO. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20201119092346.32356-1-peter.maydell@linaro.org
* target/arm: fix stage 2 page-walks in 32-bit emulationRémi Denis-Courmont2020-11-231-2/+2
| | | | | | | | | | | | Using a target unsigned long would limit the Input Address to a LPAE page-walk to 32 bits on AArch32 and 64 bits on AArch64. This is okay for stage 1 or on AArch64, but it is insufficient for stage 2 on AArch32. In that later case, the Input Address can have up to 40 bits. Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201118150414.18360-1-remi@remlab.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* s390/kvm: fix diag318 propagation and reset functionalityCollin Walling2020-11-185-5/+30
| | | | | | | | | | | | | | | | | | | | The Control Program Name Code (CPNC) portion of the diag318 info must be set within the SIE block of each VCPU in the configuration. The handler will iterate through each VCPU and dirty the diag318_info reg to be synced with KVM on a subsequent sync_regs call. Additionally, the diag318 info resets must be handled via userspace. As such, QEMU will reset this value for each VCPU during a modified clear, load normal, and load clear reset event. Fixes: fabdada9357b ("s390: guest support for diagnose 0x318") Signed-off-by: Collin Walling <walling@linux.ibm.com> Message-Id: <20201113221022.257054-1-walling@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Janosch Frank <frankja@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
* hvf: Fix segment selector formatJessica Clarke2020-11-181-4/+4
| | | | | | | | | | The Requested Privilege Level field is 2 bits, the Table Indicator field is 1 bit and the Index field is the remaining 15 bits, with TI=0 meaning GDT and TI=1 meaning LDT. Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com> Message-Id: <20201116200414.28286-1-jrtc27@jrtc27.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* hvf: Gate RDTSCP on CPU_BASED2_RDTSCP, not just CPU_BASED_TSC_OFFSETJessica Clarke2020-11-181-0/+4
| | | | | | | Buglink: https://bugs.launchpad.net/qemu/+bug/1894836 Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com> Message-Id: <20201116200319.28138-1-jrtc27@jrtc27.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Merge remote-tracking branch ↵Peter Maydell2020-11-171-3/+0Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/pmaydell/tags/pull-target-arm-20201117' into staging target-arm queue: * hw/arm/virt: ARM_VIRT must select ARM_GIC * exynos: Fix bad printf format specifiers * hw/input/ps2.c: Remove remnants of printf debug * target/openrisc: Remove dead code attempting to check "is timer disabled" * register: Remove unnecessary NULL check * util/cutils: Fix Coverity array overrun in freq_to_str() * configure: Make "does libgio work" test pull in some actual functions * tmp105: reset the T_low and T_High registers * tmp105: Correct handling of temperature limit checks # gpg: Signature made Tue 17 Nov 2020 13:47:48 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20201117: tmp105: Correct handling of temperature limit checks hw/misc/tmp105: reset the T_low and T_High registers configure: Make "does libgio work" test pull in some actual functions util/cutils: Fix Coverity array overrun in freq_to_str() register: Remove unnecessary NULL check target/openrisc: Remove dead code attempting to check "is timer disabled" hw/input/ps2.c: Remove remnants of printf debug exynos: Fix bad printf format specifiers hw/arm/virt: ARM_VIRT must select ARM_GIC Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * target/openrisc: Remove dead code attempting to check "is timer disabled"Peter Maydell2020-11-171-3/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the mtspr helper we attempt to check for "is the timer disabled" with "if (env->ttmr & TIMER_NONE)". This is wrong because TIMER_NONE is zero and the condition is always false (Coverity complains about the dead code.) The correct check would be to test whether the TTMR_M field in the register is equal to TIMER_NONE instead. However, the cpu_openrisc_timer_update() function checks whether the timer is enabled (it looks at cpu->env.is_counting, which is set to 0 via cpu_openrisc_count_stop() when the TTMR_M field is set to TIMER_NONE), so there's no need to check for "timer disabled" in the target/openrisc code. Instead, simply remove the dead code. Fixes: Coverity CID 1005812 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Stafford Horne <shorne@gmail.com> Message-id: 20201103114654.18540-1-peter.maydell@linaro.org
* | Merge remote-tracking branch ↵Peter Maydell2020-11-171-1/+2
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/huth-gitlab/tags/pull-request-2020-11-17' into staging * Fixes for compiling on Haiku, and add Haiku VM for compile-testing * Update NetBSD VM to version 9.1 * Misc fixes (e.g. categorize some devices) # gpg: Signature made Tue 17 Nov 2020 09:20:31 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/huth-gitlab/tags/pull-request-2020-11-17: max111x: put it into the 'misc' category nand: put it into the 'storage' category ads7846: put it into the 'input' category ssd0323: put it into the 'display' category gitlab-ci: Use $CI_REGISTRY instead of hard-coding registry.gitlab.com target/microblaze: Fix possible array out of bounds in mmu_write() tests/vm: update NetBSD to 9.1 tests/vm: Add Haiku test based on their vagrant images configure: Add a proper check for sys/ioccom.h and use it in tpm_ioctl.h configure: Do not build pc-bios/optionrom on Haiku configure: Fix the _BSD_SOURCE define for the Haiku build qemu/bswap: Remove unused qemu_bswap_len() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>