aboutsummaryrefslogtreecommitdiff
path: root/hw/intc
AgeCommit message (Collapse)Author
2023-03-15hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE updateDavid Woodhouse
A Linux guest will perform IRQ migration after the IRQ has happened, updating the RTE to point to the new destination CPU and then unmasking the interrupt. However, when the guest updates the RTE, ioapic_mem_write() calls ioapic_service(), which redelivers the pending level interrupt via kvm_set_irq(), *before* calling ioapic_update_kvm_routes() which sets the new target CPU. Thus, the IRQ which is supposed to go to the new target CPU is instead misdelivered to the previous target. An example where the guest kernel is attempting to migrate from CPU#2 to CPU#0 shows: xenstore_read tx 0 path control/platform-feature-xs_reset_watches ioapic_set_irq vector: 11 level: 1 ioapic_set_remote_irr set remote irr for pin 11 ioapic_service: trigger KVM IRQ 11 [ 0.523627] The affinity mask was 0-3 and the handler is on 2 ioapic_mem_write ioapic mem write addr 0x0 regsel: 0x27 size 0x4 val 0x26 ioapic_update_kvm_routes: update KVM route for IRQ 11: fee02000 8021 ioapic_mem_write ioapic mem write addr 0x10 regsel: 0x26 size 0x4 val 0x18021 xenstore_reset_watches ioapic_set_irq vector: 11 level: 1 ioapic_mem_read ioapic mem read addr 0x10 regsel: 0x26 size 0x4 retval 0x1c021 [ 0.524569] ioapic_ack_level IRQ 11 moveit = 1 ioapic_eoi_broadcast EOI broadcast for vector 33 ioapic_clear_remote_irr clear remote irr for pin 11 vector 33 ioapic_mem_write ioapic mem write addr 0x0 regsel: 0x26 size 0x4 val 0x26 ioapic_mem_read ioapic mem read addr 0x10 regsel: 0x26 size 0x4 retval 0x18021 [ 0.525235] ioapic_finish_move IRQ 11 calls irq_move_masked_irq() [ 0.526147] irq_do_set_affinity for IRQ 11, 0 [ 0.526732] ioapic_set_affinity for IRQ 11, 0 [ 0.527330] ioapic_setup_msg_from_msi for IRQ11 target 0 ioapic_mem_write ioapic mem write addr 0x0 regsel: 0x26 size 0x4 val 0x27 ioapic_mem_write ioapic mem write addr 0x10 regsel: 0x27 size 0x4 val 0x0 ioapic_mem_write ioapic mem write addr 0x0 regsel: 0x27 size 0x4 val 0x26 ioapic_mem_write ioapic mem write addr 0x10 regsel: 0x26 size 0x4 val 0x18021 [ 0.527623] ioapic_set_affinity returns 0 [ 0.527623] ioapic_finish_move IRQ 11 calls unmask_ioapic_irq() ioapic_mem_write ioapic mem write addr 0x0 regsel: 0x26 size 0x4 val 0x26 ioapic_mem_write ioapic mem write addr 0x10 regsel: 0x26 size 0x4 val 0x8021 ioapic_set_remote_irr set remote irr for pin 11 ioapic_service: trigger KVM IRQ 11 ioapic_update_kvm_routes: update KVM route for IRQ 11: fee00000 8021 [ 0.529571] The affinity mask was 0 and the handler is on 2 [ xenstore_watch path memory/target token FFFFFFFF92847D40 There are no other code paths in ioapic_mem_write() which need the KVM IRQ routing table to be updated, so just shift the call from the end of the function to happen right before the call to ioapic_service() and thus deliver the re-enabled IRQ to the right place. Alternative fixes might have been just to remove the part in ioapic_service() which delivers the IRQ via kvm_set_irq() because surely delivering as MSI ought to work just fine anyway in all cases? That code lacks a comment justifying its existence. Or maybe in the specific case shown in the above log, it would have sufficed for ioapic_update_kvm_routes() to update the route *even* when the IRQ is masked. It's not like it's actually going to get triggered unless QEMU deliberately does so, anyway? But that only works because the target CPU happens to be in the high word of the RTE; if something in the *low* word (vector, perhaps) was changed at the same time as the unmask, we'd still trigger with stale data. Fixes: 15eafc2e602f "kvm: x86: add support for KVM_CAP_SPLIT_IRQCHIP" Signed-off-by: David Woodhouse <dwmw2@infradead.org> Reviewed-by: Peter Xu <peterx@redhat.com> Message-Id: <20230308111952.2728440-2-dwmw2@infradead.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-03-08hw/intc/i8259: Implement legacy LTIM Edge/Level Bank SelectDavid Woodhouse
Back in the mists of time, before EISA came along and required per-pin level control in the ELCR register, the i8259 had a single chip-wide level-mode control in bit 3 of ICW1. Even in the PIIX3 datasheet from 1996 this is documented as 'This bit is disabled', but apparently MorphOS is using it in the version of the i8259 which is in the Pegasos2 board as part of the VT8231 chipset. It's easy enough to implement, and I think it's harmless enough to do so unconditionally. Signed-off-by: David Woodhouse <dwmw2@infradead.org> [balaton: updated commit message as asked by author] Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <3f09b2dd109d19851d786047ad5c2ff459c90cd7.1678188711.git.balaton@eik.bme.hu> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-03-08hw/mips: Declare all length properties as unsignedPhilippe Mathieu-Daudé
Some length properties are signed, other unsigned: hw/mips/cps.c:183: DEFINE_PROP_UINT32("num-vp", MIPSCPSState, num_vp, 1), hw/mips/cps.c:184: DEFINE_PROP_UINT32("num-irq", MIPSCPSState, num_irq, 256), hw/misc/mips_cmgcr.c:215: DEFINE_PROP_INT32("num-vp", MIPSGCRState, num_vps, 1), hw/misc/mips_cpc.c:167: DEFINE_PROP_UINT32("num-vp", MIPSCPCState, num_vp, 0x1), hw/misc/mips_itu.c:552: DEFINE_PROP_INT32("num-fifo", MIPSITUState, num_fifo, hw/misc/mips_itu.c:554: DEFINE_PROP_INT32("num-semaphores", MIPSITUState, Since negative values are not used (the minimum is '0'), unify by declaring all properties as unsigned. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230203113650.78146-9-philmd@linaro.org>
2023-03-05hw: intc: Use cpu_by_arch_id to fetch CPU stateMayuresh Chitale
Qemu_get_cpu uses the logical CPU id assigned during init to fetch the CPU state. However APLIC, IMSIC and ACLINT contain registers and states which are specific to physical hart Ids. The hart Ids in any given system might be sparse and hence calls to qemu_get_cpu need to be replaced by cpu_by_arch_id which performs lookup based on the sparse physical hart IDs. Signed-off-by: Mayuresh Chitale <mchitale@ventanamicro.com> Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-ID: <20230303065055.915652-3-mchitale@ventanamicro.com> Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2023-02-27hw/intc/i8259: Document i8259_init()Philippe Mathieu-Daudé
i8259_init() helper creates a i8259 device on an ISA bus, connects its IRQ output to the parent's input IRQ, and returns an array of 16 ISA input IRQs. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230210163744.32182-2-philmd@linaro.org>
2023-02-27hw: Move ioapic*.h to intc/Bernhard Beschow
The ioapic sources reside in hw/intc already. Move the headers there as well. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230213173033.98762-11-shentey@gmail.com> [PMD: Keep ioapic_internal.h in hw/intc/, not under include/] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-02-27hw/intc/armv7m_nvic: Use QOM cast CPU() macroPhilippe Mathieu-Daudé
Avoid accessing 'parent_obj' directly. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20230220115114.25237-9-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-27target/arm: Wrap arm_rebuild_hflags calls with tcg_enabledFabiano Rosas
This is in preparation to moving the hflags code into its own file under the tcg/ directory. Signed-off-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-16target/arm: Store CPUARMState::nvic as NVICState*Philippe Mathieu-Daudé
There is no point in using a void pointer to access the NVIC. Use the real type to avoid casting it while debugging. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230206223502.25122-11-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-02-03target/arm: Mark up sysregs for HFGRTR bits 36..63Peter Maydell
Mark up the sysreg definitions for the registers trapped by HFGRTR/HFGWTR bits 36..63. Of these, some correspond to RAS registers which we implement as always-UNDEF: these don't need any extra handling for FGT because the UNDEF-to-EL1 always takes priority over any theoretical FGT-trap-to-EL2. Bit 50 (NACCDATA_EL1) is for the ACCDATA_EL1 register which is part of the FEAT_LS64_ACCDATA feature which we don't yet implement. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Fuad Tabba <tabba@google.com> Message-id: 20230130182459.3309057-14-peter.maydell@linaro.org Message-id: 20230127175507.2895013-14-peter.maydell@linaro.org
2023-02-03hvf: arm: Add support for GICv3Alexander Graf
We currently only support GICv2 emulation. To also support GICv3, we will need to pass a few system registers into their respective handler functions. This patch adds support for HVF to call into the TCG callbacks for GICv3 system register handlers. This is safe because the GICv3 TCG code is generic as long as we limit ourselves to EL0 and EL1 - which are the only modes supported by HVF. To make sure nobody trips over that, we also annotate callbacks that don't work in HVF mode, such as EL state change hooks. With GICv3 support in place, we can run with more than 8 vCPUs. Signed-off-by: Alexander Graf <agraf@csgraf.de> Message-id: 20230128224459.70676-1-agraf@csgraf.de Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-20Merge tag 'pull-include-2023-01-20' of https://repo.or.cz/qemu/armbru into ↵Peter Maydell
staging Header cleanup patches for 2023-01-20 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmPKN6YSHGFybWJydUBy # ZWRoYXQuY29tAAoJEDhwtADrkYZTPeoQAIKl/BF6PFRNq0/k3vPqMe6nltjgkpa/ # p7E5qRlo31RCeUB+f0iW26mySnNTgYkE28yy57HxUML/9Lp1bbxyDgRNiJ406a4L # kFVF04kOIFez1+mfvWN92DZqcl/EAAqNL6XqSFyO38kYwcsFsi+BZ7DLZbL9Ea8v # wVywB96mN6KyrLWCJ2D0OqIVuPHSHol+5zt9e6+ShBgN0FfElLbv0F4KH3VJ1olA # psKl6w6V9+c2zV1kT/H+S763m6mQdwtVo/UuOJoElI+Qib/UBxDOrhdYf4Zg7hKf # ByUuhJUASm8y9yD/42mFs90B6eUNzLSBC8v1PgRqSqDHtllveP4RysklBlyIMlOs # DKtqEuRuIJ/qDXliIFHY6tBnUkeITSd7BCxkQYfaGyaSOcviDSlE3AyaaBC0sY4F # P/lTTiRg5ksvhDYtJnW3mSfmT2PY7aBtyE3D1Z84v9hek6D0reMQTE97yL/j4m7P # wJP8aM3Z8GILCVxFIh02wmqWZhZUCGsIDS/vxVm+u060n66qtDIQFBoazsFJrCME # eWI+qDNDr6xhLegeYajGDM9pdpQc3x0siiuHso4wMSI9NZxwP+tkCVhTpqmrRcs4 # GSH/4IlUXqEZdUQDL38DfA22C1TV8BzyMhGLTUERWWYki1sr99yv0pdFyk5r3nLB # SURwr58rB2zo # =dOfq # -----END PGP SIGNATURE----- # gpg: Signature made Fri 20 Jan 2023 06:41:42 GMT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * tag 'pull-include-2023-01-20' of https://repo.or.cz/qemu/armbru: include/hw/ppc include/hw/pci-host: Drop extra typedefs include/hw/ppc: Don't include hw/pci-host/pnv_phb.h from pnv.h include/hw/ppc: Supply a few missing includes include/hw/ppc: Split pnv_chip.h off pnv.h include/hw/block: Include hw/block/block.h where needed hw/sparc64/niagara: Use blk_name() instead of open-coding it include/block: Untangle inclusion loops coroutine: Use Coroutine typedef name instead of structure tag coroutine: Split qemu/coroutine-core.h off qemu/coroutine.h coroutine: Clean up superfluous inclusion of qemu/lockable.h coroutine: Move coroutine_fn to qemu/osdep.h, trim includes coroutine: Clean up superfluous inclusion of qemu/coroutine.h Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-20include/hw/ppc: Split pnv_chip.h off pnv.hMarkus Armbruster
PnvChipClass, PnvChip, Pnv8Chip, Pnv9Chip, and Pnv10Chip are defined in pnv.h. Many users of the header don't actually need them. One instance is this inclusion loop: hw/ppc/pnv_homer.h includes hw/ppc/pnv.h for typedef PnvChip, and vice versa for struct PnvHomer. Similar structs live in their own headers: PnvHomerClass and PnvHomer in pnv_homer.h, PnvLpcClass and PnvLpcController in pci_lpc.h, PnvPsiClass, PnvPsi, Pnv8Psi, Pnv9Psi, Pnv10Psi in pnv_psi.h, ... Move PnvChipClass, PnvChip, Pnv8Chip, Pnv9Chip, and Pnv10Chip to new pnv_chip.h, and adjust include directives. This breaks the inclusion loop mentioned above. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20221222104628.659681-2-armbru@redhat.com>
2023-01-19Merge tag 'trivial-branch-for-8.0-pull-request' of ↵Peter Maydell
https://gitlab.com/laurent_vivier/qemu into staging trivial branch pull request 20230118 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmPHpRASHGxhdXJlbnRA # dml2aWVyLmV1AAoJEPMMOL0/L748fwEP+wTA6dBYqRnZMCPEkk6yy0nSVr6GF8FA # i9JrUbRuBf8WT2RAFJEwOyACTaYgCwqU9tu6UxG2ekGfGDtR84HH1yozTAbBuPct # qoT/cvrQ0/Nfymw1Ia1vH5D6EQiAn+j6/1C41PEHvqTQBMe8E4U8jDIwbXTaJS7j # QSUDplRfCbSBXQ9ctFrcD6XxX06dj4U9l8L4gl5Uc4B1OmFacyJnfzMIyVRTIhvF # S4sKB/8B36emFITw/gk+MW5HnBgjEIWvZjof71eglMqo79jmacGeOe8NQi1+ApQ1 # lVmllKewdgLHVwdOGVX4dCJQdhSL/7DjreqtKGrUmhZfJdmCWJdl3jVWqhr4lfME # U7ytd68iLdKgfKqepc3+WbhA8pWT+brPVpTU9hq17DsNJqeZa6628OguDEtjz9dP # 4Y4XFZMxFadYl4YaCpGzTN1tqsrO8Ct+Kvq/90nt5FUeTX+i+/WM/9XXNf9MD4VS # OVCwHXCa4yHMMq2LGV0sWaL7vSI26lv0asKtalAelbVZhVyB1kSZfde2rZXuhoD5 # S2d9x2bcFG6WNlDfyaANkCKyHlxUaOroQVE+y0SqgtaC2oPhuXtG6fusiyvjG9+l # 9O6jy87e4uR+Xach6MmybMjiPDi0VMvPayVz3BR/6hBZZB/GkLO1OmNQcZiXcbOd # yROzKPmyZ/q+ # =35x0 # -----END PGP SIGNATURE----- # gpg: Signature made Wed 18 Jan 2023 07:51:44 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * tag 'trivial-branch-for-8.0-pull-request' of https://gitlab.com/laurent_vivier/qemu: hw/ssi/sifive_spi.c: spelling: reigster hw/cxl/cxl-host: Fix an error message typo hw/cxl/cxl-cdat.c: spelling: missmatch hw/pvrdma: Protect against buggy or malicious guest driver ccid-card-emulated: fix cast warning/error hw/i386/pc: Remove unused 'owner' argument from pc_pci_as_mapping_init tests/qtest/test-hmp: Improve the check for verbose mode hw/usb: Mark the XLNX_VERSAL-related files as target-independent hw/intc: Mark more interrupt-controller files as target independent hw/cpu: Mark arm11 and realview mpcore as target-independent code hw/arm: Move various units to softmmu_ss[] hw/tpm: Move tpm_ppi.c out of target-specific source set hw/intc: Move some files out of the target-specific source set hw/display: Move omap_lcdc.c out of target-specific source set Call qemu_socketpair() instead of socketpair() when possible Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-18bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plxPhilippe Mathieu-Daudé
The 'hwaddr' type is defined in "exec/hwaddr.h" as: hwaddr is the type of a physical address (its size can be different from 'target_ulong'). All definitions use the 'HWADDR_' prefix, except TARGET_FMT_plx: $ fgrep define include/exec/hwaddr.h #define HWADDR_H #define HWADDR_BITS 64 #define HWADDR_MAX UINT64_MAX #define TARGET_FMT_plx "%016" PRIx64 ^^^^^^ #define HWADDR_PRId PRId64 #define HWADDR_PRIi PRIi64 #define HWADDR_PRIo PRIo64 #define HWADDR_PRIu PRIu64 #define HWADDR_PRIx PRIx64 #define HWADDR_PRIX PRIX64 Since hwaddr's size can be *different* from target_ulong, it is very confusing to read one of its format using the 'TARGET_FMT_' prefix, normally used for the target_long / target_ulong types: $ fgrep TARGET_FMT_ include/exec/cpu-defs.h #define TARGET_FMT_lx "%08x" #define TARGET_FMT_ld "%d" #define TARGET_FMT_lu "%u" #define TARGET_FMT_lx "%016" PRIx64 #define TARGET_FMT_ld "%" PRId64 #define TARGET_FMT_lu "%" PRIu64 Apparently this format was missed during commit a8170e5e97 ("Rename target_phys_addr_t to hwaddr"), so complete it by doing a bulk-rename with: $ sed -i -e s/TARGET_FMT_plx/HWADDR_FMT_plx/g $(git grep -l TARGET_FMT_plx) Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230110212947.34557-1-philmd@linaro.org> [thuth: Fix some warnings from checkpatch.pl along the way] Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-01-16hw/intc: Mark more interrupt-controller files as target independentThomas Huth
Seems like there is also nothing target-specific in here, so these files can be moved to softmmu_ss to avoid that they get compiled twice (once for qemu-system-arm and once for qemu-system-aarch64). Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230112134928.1026006-7-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2023-01-16hw/intc: Move some files out of the target-specific source setPhilippe Mathieu-Daudé
The Goldfish interrupt controller is not target specific. While the Exynos interrupt combiner is only used by the ARM targets, we can build this device once for all. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221209170042.71169-3-philmd@linaro.org> [thuth: Change patch title, and also move 'exynos4210_gic.c'] Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230112134928.1026006-3-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2023-01-16Merge tag 'mips-20230113' of https://github.com/philmd/qemu into stagingPeter Maydell
MIPS patches queue A bunch of cleanups from various people. - Improved GT64120 on big-endian hosts - GT64120 north bridge and MC146818 RTC devices are now target independent - Bonito64 north bridge converted to 3-phase reset API - PCI refactors around PIIX devices - Support for nanoMIPS in bootloader generator API - New YAMON Malta Avocado test - Removal of 'trap and emulate' KVM support - System-specific QMP commands restricted to system emulation # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmPBekAACgkQ4+MsLN6t # wN4wjxAAtYxyt6WUBpiYfV/LnbQFpAsacues1Vhy9MPYEg5a/iuXWKvWtgRYvGww # qR0GVQH8rH7tgnCZK+ioq9jX+hvfBskP6CnKhxmb5zDGm7vP7jhhu8UFWY/EtBgq # 0zpNeLMXtnRJ6PBqo/nWFCVtcpDRZ6IkSbpGWkVkciRFc5n/2VCnlIj8k2I1oMvL # 11cp2xFQnaPReFXIpMjJHuHv1NObykdlvVg6wQo/A/4qIb8EvJQEPmePjG9Sf0i0 # v2dhnnxG9mze7+uq0dIC16x8Azko3N7dmtNlBU/aGb9OELwx35aux2M4dNDVogwn # DqL/Wsk54TFewECOfS48t/a/TqV8j/ISW1d/JvovBrN2KovmIAbtqHuMUqKVk5l0 # 23ZOIIPIYwmScZwIlkCIGUuIzFig1zhEmQcoEQaFe/B0oLB2eN/x0Bk9Yklo+i2A # WNiyiAj7k5492qEdndOySEEDVt6886F/+CdQ6QYF5Z1L/ELck7XHBH3mGDznWpPn # 6IURyVquPJx7ul62jSGI+Gc+qakNoahIhPo5O7hklOM9GwWNOWXHveyb7xjs7j+O # eWyVcet+o7hoHkCzmfbyTPySI4qCpF9fA42jqPhATwQPwmGXpbr+4BxUq3KtE43y # w9tEigwd4voN3dWLItVh6QE4in70osz3XHp93byvo8bHlS0huVY= # =oXX+ # -----END PGP SIGNATURE----- # gpg: Signature made Fri 13 Jan 2023 15:35:28 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'mips-20230113' of https://github.com/philmd/qemu: (46 commits) scripts/git.orderfile: Display MAINTAINERS changes first target/mips: Restrict 'qapi-commands-machine.h' to system emulation hw/mips/boston: Rename MachineState 'mc' pointer to 'ms' hw/pci-host/bonito: Declare TYPE_BONITO_PCI_HOST_BRIDGE in header hw/pci-host/bonito: Use 'bonito_pci' for PCI function #0 code hw/pci-host/bonito: Use 'bonito_host' for PCI host bridge code hw/pci-host/bonito: Convert to 3-phase reset softmmu/rtc: Emit warning when using driftfix=slew on systems without mc146818 hw/rtc/mc146818rtc: Make the mc146818 RTC device target independent hw/core/qdev-properties-system: Allow the 'slew' policy only on x86 hw/intc: Extract the IRQ counting functions into a separate file hw/intc/i8259: Make using the isa_pic singleton more type-safe hw/usb/hcd-uhci: Introduce TYPE_ defines for device models hw/mips/Kconfig: Track Malta's PIIX dependencies via Kconfig hw/isa/piix4: Decouple INTx-to-LNKx routing which is board-specific hw/isa/piix3: Decouple INTx-to-LNKx routing which is board-specific hw/pci/pci: Factor out pci_bus_map_irqs() from pci_bus_irqs() hw/pci/pci_host: Trace config accesses on unexisting functions mips: Always include nanomips disassembler mips: Remove support for trap and emulate KVM ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-13hw/intc: Extract the IRQ counting functions into a separate fileThomas Huth
These IRQ counting functions will soon be required in binaries that do not include the APIC code, too, so let's extract them into a separate file that can be linked independently of the APIC code. While we're at it, change the apic_* prefix into kvm_* since the functions are used from the i8259 PIC (i.e. not the APIC), too. Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20230110095351.611724-2-thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-01-13hw/intc/i8259: Make using the isa_pic singleton more type-safeBernhard Beschow
This even spares some casts in hot code paths along the way. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230109172347.1830-10-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-01-12hw/intc/xilinx_intc: Use 'XpsIntc' typedef instead of 'struct xlx_pic'Philippe Mathieu-Daudé
This remove a use of 'struct' in the DECLARE_INSTANCE_CHECKER() macro call, to avoid after a QOM refactor: hw/intc/xilinx_intc.c:45:1: error: declaration of anonymous struct must be a definition DECLARE_INSTANCE_CHECKER(struct xlx_pic, XILINX_INTC, ^ Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> Message-id: 20230109140306.23161-14-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-12hw/intc/omap_intc: Use CamelCase for TYPE_OMAP_INTC type namePhilippe Mathieu-Daudé
Following docs/devel/style.rst guidelines, rename omap_intr_handler_s -> OMAPIntcState. This also remove a use of 'struct' in the DECLARE_INSTANCE_CHECKER() macro call. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230109140306.23161-7-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-12hw/arm/omap: Drop useless casts from void * to pointerPhilippe Mathieu-Daudé
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230109140306.23161-4-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-07Merge tag 'pull-loongarch-20230106' of https://gitlab.com/gaosong/qemu into ↵Peter Maydell
staging pull-loongarch-20230106 # gpg: Signature made Fri 06 Jan 2023 06:21:22 GMT # gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF # gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF * tag 'pull-loongarch-20230106' of https://gitlab.com/gaosong/qemu: hw/intc/loongarch_pch: Change default irq number of pch irq controller hw/intc/loongarch_pch_pic: add irq number property hw/intc/loongarch_pch_msi: add irq number property Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-01-06hw/intc/loongarch_pch: Change default irq number of pch irq controllerTianrui Zhao
Change the default irq number of pch pic to 32, so that the irq number of pch msi is 224(256 - 32), and move the 'PCH_PIC_IRQ_NUM' macro to pci-host/ls7a.h and add prefix 'VIRT' on it to keep standard format. Signed-off-by: Tianrui Zhao <zhaotianrui@loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230104020518.2564263-4-zhaotianrui@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2023-01-06hw/intc/loongarch_pch_pic: add irq number propertyTianrui Zhao
With loongarch 7A1000 manual, irq number supported can be set in PCH_PIC_INT_ID_HI register. This patch adds irq number property for loongarch_pch_pic, so that virt machine can set different irq number when pch_pic intc is added. Signed-off-by: Tianrui Zhao <zhaotianrui@loongson.cn> Reviewed-by: Song Gao <gaosong@loongson.cn> Message-Id: <20230104020518.2564263-3-zhaotianrui@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2023-01-06hw/intc/loongarch_pch_msi: add irq number propertyTianrui Zhao
This patch adds irq number property for loongarch msi interrupt controller, and remove hard coding irq number macro. Signed-off-by: Tianrui Zhao <zhaotianrui@loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230104020518.2564263-2-zhaotianrui@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2023-01-06hw/intc: sifive_plic: Fix the pending register range checkBin Meng
The pending register upper limit is currently set to plic->num_sources >> 3, which is wrong, e.g.: considering plic->num_sources is 7, the upper limit becomes 0 which fails the range check if reading the pending register at pending_base. Fixes: 1e24429e40df ("SiFive RISC-V PLIC Block") Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20221211030829.802437-16-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: sifive_plic: Change "priority-base" to start from interrupt source 0Bin Meng
At present the SiFive PLIC model "priority-base" expects interrupt priority register base starting from source 1 instead source 0, that's why on most platforms "priority-base" is set to 0x04 except 'opentitan' machine. 'opentitan' should have set "priority-base" to 0x04 too. Note the irq number calculation in sifive_plic_{read,write} is correct as the codes make up for the irq number by adding 1. Let's simply update "priority-base" to start from interrupt source 0 and add a comment to make it crystal clear. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Message-Id: <20221211030829.802437-14-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: sifive_plic: Update "num-sources" property default valueBin Meng
At present the default value of "num-sources" property is zero, which does not make a lot of sense, as in sifive_plic_realize() we see s->bitfield_words is calculated by: s->bitfield_words = (s->num_sources + 31) >> 5; if the we don't configure "num-sources" property its default value zero makes s->bitfield_words zero too, which isn't true because interrupt source 0 still occupies one word. Let's change the default value to 1 meaning that only interrupt source 0 is supported by default and a sanity check in realize(). While we are here, add a comment to describe the exact meaning of this property that the number should include interrupt source 0. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20221211030829.802437-9-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: sifive_plic: Use error_setg() to propagate the error up via errp in ↵Bin Meng
sifive_plic_realize() The realize() callback has an errp for us to propagate the error up. While we are here, correct the wrong multi-line comment format. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221211030829.802437-8-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: sifive_plic: Improve robustness of the PLIC config parserBin Meng
At present the PLIC config parser can only handle legal config string like "MS,MS". However if a config string like ",MS,MS,,MS,MS,," is given the parser won't get the correct configuration. This commit improves the config parser to make it more robust. Signed-off-by: Bin Meng <bmeng@tinylab.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20221211030829.802437-7-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: sifive_plic: Drop PLICMode_HBin Meng
H-mode has been removed since priv spec 1.10. Drop it. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20221211030829.802437-6-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: Select MSI_NONBROKEN in RISC-V AIA interrupt controllersBin Meng
hw/pci/Kconfig says MSI_NONBROKEN should be selected by interrupt controllers regardless of how MSI is implemented. msi_nonbroken is initialized to true in both riscv_aplic_realize() and riscv_imsic_realize(). Select MSI_NONBROKEN in RISCV_APLIC and RISCV_IMSIC. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221211030829.802437-2-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/riscv: Select MSI_NONBROKEN in SIFIVE_PLICBin Meng
hw/pci/Kconfig says MSI_NONBROKEN should be selected by interrupt controllers regardless of how MSI is implemented. msi_nonbroken is initialized to true in sifive_plic_realize(). Let SIFIVE_PLIC select MSI_NONBROKEN and drop the selection from RISC-V machines. Signed-off-by: Bin Meng <bmeng@tinylab.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Message-Id: <20221211030829.802437-1-bmeng@tinylab.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: sifive_plic: fix out-of-bound access of source_priority arrayJim Shu
If the number of interrupt is not multiple of 32, PLIC will have out-of-bound access to source_priority array. Compute the number of interrupt in the last word to avoid this out-of-bound access of array. Signed-off-by: Jim Shu <jim.shu@sifive.com> Reviewed-by: Bin Meng <bmeng@tinylab.org> Message-Id: <20221127165753.30533-1-jim.shu@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-01-06hw/intc: sifive_plic: Renumber the S irqs for numa supportFrédéric Pétrot
Commit 40244040a7a changed the way the S irqs are numbered. This breaks when using numa configuration, e.g.: ./qemu-system-riscv64 -nographic -machine virt,dumpdtb=numa-tree.dtb \ -m 2G -smp cpus=16 \ -object memory-backend-ram,id=mem0,size=512M \ -object memory-backend-ram,id=mem1,size=512M \ -object memory-backend-ram,id=mem2,size=512M \ -object memory-backend-ram,id=mem3,size=512M \ -numa node,cpus=0-3,memdev=mem0,nodeid=0 \ -numa node,cpus=4-7,memdev=mem1,nodeid=1 \ -numa node,cpus=8-11,memdev=mem2,nodeid=2 \ -numa node,cpus=12-15,memdev=mem3,nodeid=3 leads to: Unexpected error in object_property_find_err() at ../qom/object.c:1304: qemu-system-riscv64: Property 'riscv.sifive.plic.unnamed-gpio-out[8]' not found This patch makes the nubering of the S irqs identical to what it was before. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Frédéric Pétrot <frederic.petrot@univ-grenoble-alpes.fr> Message-Id: <20221114135122.1668703-1-frederic.petrot@univ-grenoble-alpes.fr> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-12-16hw/intc/xics: Convert TYPE_ICS to 3-phase resetPeter Maydell
Convert the TYPE_ICS class to 3-phase reset; this will allow us to convert the TYPE_PHB3_MSI class which inherits from it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221125115240.3005559-7-peter.maydell@linaro.org
2022-12-16hw/intc/xics: Reset TYPE_ICS objects with device_cold_reset()Peter Maydell
The realize method for the TYPE_ICS class uses qemu_register_reset() to register a reset handler, as a workaround for the fact that currently objects which directly inherit from TYPE_DEVICE don't get automatically reset. However, the reset function directly calls ics_reset(), which is the function that implements the legacy reset method. This means that only the parent class's data gets reset, and a subclass which also needs to handle reset, like TYPE_PHB3_MSI, has to register its own reset function. Make the TYPE_ICS reset function call device_cold_reset() instead: this will handle reset for both the parent class and the subclass, and will work whether the classes are using legacy reset or 3-phase reset. This allows us to remove the reset function that the subclass currently has to set up. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221125115240.3005559-6-peter.maydell@linaro.org
2022-12-15hw/intc: Convert TYPE_KVM_ARM_ITS to 3-phase resetPeter Maydell
Convert the TYPE_KVM_ARM_ITS device to 3-phase reset. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221109161444.3397405-10-peter.maydell@linaro.org
2022-12-15hw/intc: Convert TYPE_ARM_GICV3_ITS to 3-phase resetPeter Maydell
Convert the TYPE_ARM_GICV3_ITS device to 3-phase reset. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221109161444.3397405-9-peter.maydell@linaro.org
2022-12-15hw/intc: Convert TYPE_ARM_GICV3_ITS_COMMON to 3-phase resetPeter Maydell
Convert the TYPE_ARM_GICV3_ITS_COMMON parent class to 3-phase reset. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20221109161444.3397405-8-peter.maydell@linaro.org
2022-12-15hw/intc: Convert TYPE_KVM_ARM_GICV3 to 3-phase resetPeter Maydell
Convert the TYPE_KVM_ARM_GICV3 device to 3-phase reset. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221109161444.3397405-7-peter.maydell@linaro.org
2022-12-15hw/intc: Convert TYPE_ARM_GICV3_COMMON to 3-phase resetPeter Maydell
Convert the TYPE_ARM_GICV3_COMMON parent class to 3-phase reset. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221109161444.3397405-6-peter.maydell@linaro.org
2022-12-15hw/intc: Convert TYPE_ARM_GIC_KVM to 3-phase resetPeter Maydell
Now we have converted TYPE_ARM_GIC_COMMON, we can convert the TYPE_ARM_GIC_KVM subclass to 3-phase reset. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20221109161444.3397405-5-peter.maydell@linaro.org
2022-12-15hw/intc: Convert TYPE_ARM_GIC_COMMON to 3-phase resetPeter Maydell
Convert the TYPE_ARM_GIC_COMMON device to 3-phase reset. This is a simple no-behaviour-change conversion. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20221109161444.3397405-4-peter.maydell@linaro.org
2022-12-15hw/intc/arm_gicv3: Fix GICD_TYPER ITLinesNumber advertisementLuke Starrett
The ARM GICv3 TRM describes that the ITLinesNumber field of GICD_TYPER register: "indicates the maximum SPI INTID that the GIC implementation supports" As SPI #0 is absolute IRQ #32, the max SPI INTID should have accounted for the internal 16x SGI's and 16x PPI's. However, the original GICv3 model subtracted off the SGI/PPI. Cosmetically this can be seen at OS boot (Linux) showing 32 shy of what should be there, i.e.: [ 0.000000] GICv3: 224 SPIs implemented Though in hw/arm/virt.c, the machine is configured for 256 SPI's. ARM virt machine likely doesn't have a problem with this because the upper 32 IRQ's don't actually have anything meaningful wired. But, this does become a functional issue on a custom use case which wants to make use of these IRQ's. Additionally, boot code (i.e. TF-A) will only init up to the number (blocks of 32) that it believes to actually be there. Signed-off-by: Luke Starrett <lukes@xsightlabs.com> Message-id: AM9P193MB168473D99B761E204E032095D40D9@AM9P193MB1684.EURP193.PROD.OUTLOOK.COM Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-21hw/intc: add implementation of GICD_IIDR to Arm GICAlex Bennée
a66a24585f (hw/intc/arm_gic: Implement read of GICC_IIDR) implemented this for the CPU interface register. The fact we don't implement it shows up when running Xen with -d guest_error which is definitely wrong because the guest is perfectly entitled to read it. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-21hw/intc: clean-up access to GIC multi-byte registersAlex Bennée
gic_dist_readb was returning a word value which just happened to work as a result of the way we OR the data together. Lets fix it so only the explicit byte is returned for each part of GICD_TYPER. I've changed the return type to uint8_t although the overflow is only detected with an explicit -Wconversion. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-14hw/intc/arm_gicv3: fix prio masking on pmr writeJens Wiklander
With commit 39f29e599355 ("hw/intc/arm_gicv3: Use correct number of priority bits for the CPU") the number of priority bits was changed from the maximum value 8 to typically 5. As a consequence a few of the lowest bits in ICC_PMR_EL1 becomes RAZ/WI. However prior to this patch one of these bits was still used since the supplied priority value is masked before it's eventually right shifted with one bit. So the bit is not lost as one might expect when the register is read again. The Linux kernel depends on lowest valid bit to be reset to zero, see commit 33625282adaa ("irqchip/gic-v3: Probe for SCR_EL3 being clear before resetting AP0Rn") for details. So fix this by masking the priority value after it may have been right shifted by one bit. Cc: qemu-stable@nongnu.org Fixes: 39f29e599355 ("hw/intc/arm_gicv3: Use correct number of priority bits for the CPU") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>