aboutsummaryrefslogtreecommitdiff
path: root/target-arm
AgeCommit message (Collapse)Author
2016-10-04target-arm: Correctly handle 'sub pc, pc, 1' for ARMv6Peter Maydell
In the ARM v6 architecture, 'sub pc, pc, 1' is not an interworking branch, so the computed new value is written to r15 as a normal value. The architecture says that in this case, bits [1:0] of the value written must be ignored if we are in ARM mode (or bit [0] ignored if in Thumb mode); this is a change from the ARMv4/v5 specification that behaviour is UNPREDICTABLE. Use the correct mask on the PC value when doing a non-interworking store to PC. A popular library used on RaspberryPi uses this instruction as part of a trick to determine whether it is running on ARMv6 or ARMv7, and we were mishandling the sequence. Fixes bug: https://bugs.launchpad.net/bugs/1625295 Reported-by: <stu.axon@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1474380941-4730-1-git-send-email-peter.maydell@linaro.org
2016-10-04target-arm: A64: Fix decoding of iss_sf in disas_ld_litEdgar E. Iglesias
Fix the decoding of iss_sf in disas_ld_lit. The SF (Sixty-Four) field in the ISS (Instruction Specific Syndrome) is a bit that specifies the width of the register that the instruction loads to. If cleared it specifies 32 bits. If set it specifies 64 bits. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1475230780-8669-1-git-send-email-edgar.iglesias@gmail.com [PMM: tweaked phrasing per on-list discussion] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-04target-arm: move gicv3_class_name from machine to kvm_arm.hEric Auger
Machine.c contains code related to migration. Let's move gicv3_class_name to kvm_arm.h instead. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1474616617-366-4-git-send-email-eric.auger@redhat.com Suggested-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-10-04hw/intc/arm_gicv3_its: Implement ITS base classPavel Fedin
This is the basic skeleton for both KVM and software-emulated ITS. Since we already prepare status structure, we also introduce complete VMState description. But, because we currently have no migratable implementations, we also set unmigratable flag. Signed-off-by: Pavel Fedin <p.fedin@samsung.com> Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1474616617-366-3-git-send-email-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-09-22arm: add Cortex A7 CPU parametersAndrey Yurovsky
Add the "cortex-a7" CPU with features and registers matching the Cortex-A7 MPCore Technical Reference Manual and the Cortex-A7 Floating-Point Unit Technical Reference Manual. The A7 is very similar to the A15. Signed-off-by: Andrey Yurovsky <yurovsky@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1473185229-4597-1-git-send-email-yurovsky@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-09-16target-aarch64: Generate fences for aarch64Pranith Kumar
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com> Message-Id: <20160714202026.9727-14-bobby.prani@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-09-16target-arm: Generate fences in ARMv7 frontendPranith Kumar
Signed-off-by: Pranith Kumar <bobby.prani@gmail.com> Message-Id: <20160714202026.9727-12-bobby.prani@gmail.com> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-09-16tcg: Merge GETPC and GETRARichard Henderson
The return address argument to the softmmu template helpers was confused. In the legacy case, we wanted to indicate that there is no return address, and so passed in NULL. However, we then immediately subtracted GETPC_ADJ from NULL, resulting in a non-zero value, indicating the presence of an (invalid) return address. Push the GETPC_ADJ subtraction down to the only point it's required: immediately before use within cpu_restore_state_from_tb, after all NULL pointer checks have been completed. This makes GETPC and GETRA identical. Remove GETRA as the lesser used macro, replacing all uses with GETPC. Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-09-13arm: spelling fix: mismatchMichael Tokarev
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-09-06target-arm: Fix lpae bit in FSR on an alignment faultSergey Sorokin
If an alignment fault occurred and target EL is using AArch32, then DFSR/IFSR bit LPAE[9] must be set correctly. Signed-off-by: Sergey Sorokin <afarallax@yandex.ru> Message-id: 1471283293-169850-1-git-send-email-afarallax@yandex.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-08-12target-arm: Fix warn about implicit conversionPranith Kumar
Clang warns about an implicit conversion as follows: /mnt/devops/code/qemu/target-arm/neon_helper.c:1075:1: warning: implicit conversion from 'int' to 'int8_t' (aka 'signed char') changes value from 128 to -128 [-Wconstant-conversion] NEON_VOP_ENV(qrshl_s8, neon_s8, 4) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /mnt/devops/code/qemu/target-arm/neon_helper.c:116:83: note: expanded from macro 'NEON_VOP_ENV' uint32_t HELPER(glue(neon_,name))(CPUARMState *env, uint32_t arg1, uint32_t arg2) \ ^ /mnt/devops/code/qemu/target-arm/neon_helper.c:106:5: note: expanded from macro '\ NEON_VOP_BODY' NEON_DO##n; \ ^~~~~~~~~~ <scratch space>:21:1: note: expanded from here NEON_DO4 ^~~~~~~~ /mnt/devops/code/qemu/target-arm/neon_helper.c:93:5: note: expanded from macro 'NEON_DO4' NEON_FN(vdest.v1, vsrc1.v1, vsrc2.v1); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /mnt/devops/code/qemu/target-arm/neon_helper.c:1054:23: note: expanded from macro 'NEON_FN' dest = (1 << (sizeof(src1) * 8 - 1)); \ ~ ~~^~~~~~~~~~~~~~~~~~~~~~~~~ Fix it by casting to appropriate type. Signed-off-by: Pranith Kumar <bobby.prani@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-21Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc, pci, virtio: new features, cleanups, fixes - interrupt remapping for intel iommus - a bunch of virtio cleanups - fixes all over the place Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 21 Jul 2016 18:49:30 BST # gpg: using RSA key 0x281F0DB8D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (57 commits) intel_iommu: avoid unnamed fields virtio: Update migration docs virtio-gpu: Wrap in vmstate virtio-gpu: Use migrate_add_blocker for virgl migration blocking virtio-input: Wrap in vmstate 9pfs: Wrap in vmstate virtio-serial: Wrap in vmstate virtio-net: Wrap in vmstate virtio-balloon: Wrap in vmstate virtio-rng: Wrap in vmstate virtio-blk: Wrap in vmstate virtio-scsi: Wrap in vmstate virtio: Migration helper function and macro virtio-serial: Remove old migration version support virtio-net: Remove old migration version support virtio-scsi: Replace HandleOutput typedef Revert "mirror: Workaround for unexpected iohandler events during completion" virtio-scsi: Call virtio_add_queue_aio virtio-blk: Call virtio_add_queue_aio virtio: Introduce virtio_add_queue_aio ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-21kvm-irqchip: i386: add hook for add/remove virqPeter Xu
Adding two hooks to be notified when adding/removing msi routes. There are two kinds of MSI routes: - in kvm_irqchip_add_irq_route(): before assigning IRQFD. Used by vhost, vfio, etc. - in kvm_irqchip_send_msi(): when sending direct MSI message, if direct MSI not allowed, we will first create one MSI route entry in the kernel, then trigger it. This patch only hooks the first one (irqfd case). We do not need to take care for the 2nd one, since it's only used by QEMU userspace (kvm-apic) and the messages will always do in-time translation when triggered. While we need to note them down for the 1st one, so that we can notify the kernel when cache invalidation happens. Also, we do not hook IOAPIC msi routes (we have explicit notifier for IOAPIC to keep its cache updated). We only need to care about irqfd users. Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-07-19target-arm: Fix unreachable code in gicv3_class_name()Peter Maydell
Coverity complains that the exit() in gicv3_class_name() can be unreachable, because if TARGET_AARCH64 is defined then all code paths return before reaching it. Move the exit() up to the error_report() that it belongs with. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1468260552-8400-1-git-send-email-peter.maydell@linaro.org
2016-07-14target-arm: Add missed AArch32 TLBI sytem registersSergey Sorokin
Some PL2 related TLBI system registers are missed in AArch32 implementation. The patch fixes it. Signed-off-by: Sergey Sorokin <afarallax@yandex.ru> Message-id: 1468328885-3217862-1-git-send-email-afarallax@yandex.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-12target-*: Clean up cpu.h header guardsMarkus Armbruster
Most of them use guard symbols like CPU_$target_H, but we also have __MIPS_CPU_H__ and __TRICORE_CPU_H__. They all upset scripts/clean-header-guards.pl. The script dislikes CPU_$target_H because they don't match their file name (they should, to make guard collisions less likely). The others are reserved identifiers. Clean them all up: use guard symbol $target_CPU_H for target-$target/cpu.h. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12Use #include "..." for our own headers, <...> for othersMarkus Armbruster
Tracked down with an ugly, brittle and probably buggy Perl script. Also move includes converted to <...> up so they get included before ours where that's obviously okay. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12Fix confusing argument names in some common functionsSergey Sorokin
There are functions tlb_fill(), cpu_unaligned_access() and do_unaligned_access() that are called with access type and mmu index arguments. But these arguments are named 'is_write' and 'is_user' in their declarations. The patches fix the arguments to avoid a confusion. Signed-off-by: Sergey Sorokin <afarallax@yandex.ru> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-id: 1465907177-1399402-1-git-send-email-afarallax@yandex.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-07target-arm/arm-semi.c: In SYS_HEAPINFO use correct type for 'limit'Peter Maydell
In commit f5666418c4 most of the SYS_HEAPINFO implementation was fixed to use target_ulong rather than uint32_t, but the 'limit' variable was not changed. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1467650942-28706-1-git-send-email-peter.maydell@linaro.org
2016-07-04target-arm/arm-semi.c: Fix SYS_HEAPINFO for 64-bit guestsPeter Maydell
SYS_HEAPINFO is one of the few semihosting calls which has to write values back into a parameter block in memory. When we added support for 64-bit semihosting we updated the code which reads from the parameter block to read 64-bit words but forgot to change the code that writes back into the block. Update it to treat the block as a set of words of the appropriate width for the guest. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1466783381-29506-3-git-send-email-peter.maydell@linaro.org
2016-06-29Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* serial port fixes (Paolo) * Q35 modeling improvements (Paolo, Vasily) * chardev cleanup improvements (Marc-André) * iscsi bugfix (Peter L.) * cpu_exec patch from multi-arch patches (Peter C.) * pci-assign tweak (Lin Ma) # gpg: Signature made Wed 29 Jun 2016 15:56:30 BST # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (35 commits) socket: unlink unix socket on remove socket: add listen feature char: clean up remaining chardevs when leaving vhost-user: disable chardev handlers on close vhost-user-test: fix g_cond_wait_until compat implementation vl: smp_parse: fix regression ich9: implement SCI_IRQ_SEL register ich9: implement ACPI_EN register serial: reinstate watch after migration serial: remove watch on reset char: change qemu_chr_fe_add_watch to return unsigned serial: separate serial_xmit and serial_watch_cb serial: simplify tsr_retry reset serial: make tsr_retry unsigned iscsi: fix assertion in is_sector_request_lun_aligned target-*: Don't redefine cpu_exec() pci-assign: Move "Invalid ROM" error message to pci-assign-load-rom.c vnc: generalize "VNC server running on ..." message scsi: esp: fix migration MC146818 RTC: add GPIO access to output IRQ ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-29target-*: Don't redefine cpu_exec()Peter Crosthwaite
This function needs to be converted to QOM hook and virtualised for multi-arch. This rename interferes, as cpu-qom will not have access to the renaming causing name divergence. This rename doesn't really do anything anyway so just delete it. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-Id: <69bd25a8678b8b31b91cd9760c777bed1aafb44e.1437212383.git.crosthwaite.peter@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Crosthwaite <crosthwaitepeter@gmail.com>
2016-06-24softfloat: Implement run-time-configurable meaning of signaling NaN bitAleksandar Markovic
This patch modifies SoftFloat library so that it can be configured in run-time in relation to the meaning of signaling NaN bit, while, at the same time, strictly preserving its behavior on all existing platforms. Background: In floating-point calculations, there is a need for denoting undefined or unrepresentable values. This is achieved by defining certain floating-point numerical values to be NaNs (which stands for "not a number"). For additional reasons, virtually all modern floating-point unit implementations use two kinds of NaNs: quiet and signaling. The binary representations of these two kinds of NaNs, as a rule, differ only in one bit (that bit is, traditionally, the first bit of mantissa). Up to 2008, standards for floating-point did not specify all details about binary representation of NaNs. More specifically, the meaning of the bit that is used for distinguishing between signaling and quiet NaNs was not strictly prescribed. (IEEE 754-2008 was the first floating-point standard that defined that meaning clearly, see [1], p. 35) As a result, different platforms took different approaches, and that presented considerable challenge for multi-platform emulators like QEMU. Mips platform represents the most complex case among QEMU-supported platforms regarding signaling NaN bit. Up to the Release 6 of Mips architecture, "1" in signaling NaN bit denoted signaling NaN, which is opposite to IEEE 754-2008 standard. From Release 6 on, Mips architecture adopted IEEE standard prescription, and "0" denotes signaling NaN. On top of that, Mips architecture for SIMD (also known as MSA, or vector instructions) also specifies signaling bit in accordance to IEEE standard. MSA unit can be implemented with both pre-Release 6 and Release 6 main processor units. QEMU uses SoftFloat library to implement various floating-point-related instructions on all platforms. The current QEMU implementation allows for defining meaning of signaling NaN bit during build time, and is implemented via preprocessor macro called SNAN_BIT_IS_ONE. On the other hand, the change in this patch enables SoftFloat library to be configured in run-time. This configuration is meant to occur during CPU initialization, at the moment when it is definitely known what desired behavior for particular CPU (or any additional FPUs) is. The change is implemented so that it is consistent with existing implementation of similar cases. This means that structure float_status is used for passing the information about desired signaling NaN bit on each invocation of SoftFloat functions. The additional field in float_status is called snan_bit_is_one, which supersedes macro SNAN_BIT_IS_ONE. IMPORTANT: This change is not meant to create any change in emulator behavior or functionality on any platform. It just provides the means for SoftFloat library to be used in a more flexible way - in other words, it will just prepare SoftFloat library for usage related to Mips platform and its specifics regarding signaling bit meaning, which is done in some of subsequent patches from this series. Further break down of changes: 1) Added field snan_bit_is_one to the structure float_status, and correspondent setter function set_snan_bit_is_one(). 2) Constants <float16|float32|float64|floatx80|float128>_default_nan (used both internally and externally) converted to functions <float16|float32|float64|floatx80|float128>_default_nan(float_status*). This is necessary since they are dependent on signaling bit meaning. At the same time, for the sake of code cleanup and simplicity, constants <floatx80|float128>_default_nan_<low|high> (used only internally within SoftFloat library) are removed, as not needed. 3) Added a float_status* argument to SoftFloat library functions XXX_is_quiet_nan(XXX a_), XXX_is_signaling_nan(XXX a_), XXX_maybe_silence_nan(XXX a_). This argument must be present in order to enable correct invocation of new version of functions XXX_default_nan(). (XXX is <float16|float32|float64|floatx80|float128> here) 4) Updated code for all platforms to reflect changes in SoftFloat library. This change is twofolds: it includes modifications of SoftFloat library functions invocations, and an addition of invocation of function set_snan_bit_is_one() during CPU initialization, with arguments that are appropriate for each particular platform. It was established that all platforms zero their main CPU data structures, so snan_bit_is_one(0) in appropriate places is not added, as it is not needed. [1] "IEEE Standard for Floating-Point Arithmetic", IEEE Computer Society, August 29, 2008. Signed-off-by: Thomas Schwinge <thomas@codesourcery.com> Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> Signed-off-by: Aleksandar Markovic <aleksandar.markovic@imgtec.com> Tested-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Reviewed-by: Leon Alrae <leon.alrae@imgtec.com> Tested-by: Leon Alrae <leon.alrae@imgtec.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [leon.alrae@imgtec.com: * cherry-picked 2 chunks from patch #2 to fix compilation warnings] Signed-off-by: Leon Alrae <leon.alrae@imgtec.com>
2016-06-20exec: [tcg] Track which vCPU is performing translation and executionLluís Vilanova
Information is tracked inside the TCGContext structure, and later used by tracing events with the 'tcg' and 'vcpu' properties. The 'cpu' field is used to check tracing of translation-time events ("*_trans"). The 'tcg_env' field is used to pass it to execution-time events ("*_exec"). Signed-off-by: Lluís Vilanova <vilanova@ac.upc.edu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-id: 146549350162.18437.3033661139638458143.stgit@fimbulvetr.bsc.es Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-06-17target-arm/monitor.c: Advertise emulated GICv3 in capabilitiesPeter Maydell
Now we have an emulated GICv3 we should advertise it via the capabilities in the monitor protocol. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Tested-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1465915112-29272-21-git-send-email-peter.maydell@linaro.org
2016-06-17target-arm/machine.c: Allow user to request GICv3 emulationPeter Maydell
Now we have an emulated GICv3, remove the restriction in gicv3_class_name() so that the user can request a GICv3 with -machine gic-version=3 even when not using KVM. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Tested-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1465915112-29272-20-git-send-email-peter.maydell@linaro.org
2016-06-17target-arm: Add mp-affinity property for ARM CPU classPavel Fedin
This allows to override default affinity IDs on a per-machine basis, and possibility to retrieve IDs will be used by vGICv3 live migration code. Signed-off-by: Pavel Fedin <p.fedin@samsung.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Tested-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1465915112-29272-6-git-send-email-peter.maydell@linaro.org
2016-06-17target-arm: Provide hook to tell GICv3 about changes of security statePeter Maydell
The GICv3 CPU interface needs to know when the CPU it is attached to makes an exception level or mode transition that changes the security state, because whether it is asserting IRQ or FIQ can change depending on these things. Provide a mechanism for letting the GICv3 device register a hook to be called on such changes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Tested-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1465915112-29272-5-git-send-email-peter.maydell@linaro.org
2016-06-17target-arm: Define new arm_is_el3_or_mon() functionPeter Maydell
The GICv3 system registers need to know if the CPU is AArch64 in EL3 or AArch32 in Monitor mode. This happens to be the first part of the check for arm_is_secure(), so factor it out into a new arm_is_el3_or_mon() function that the GIC can also use. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Tested-by: Shannon Zhao <shannon.zhao@linaro.org> Message-id: 1465915112-29272-4-git-send-email-peter.maydell@linaro.org
2016-06-16os-posix: include sys/mman.hPaolo Bonzini
qemu/osdep.h checks whether MAP_ANONYMOUS is defined, but this check is bogus without a previous inclusion of sys/mman.h. Include it in sysemu/os-posix.h and remove it from everywhere else. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-14target-arm: Don't permit ARMv8-only Neon insns on ARMv7Peter Maydell
The Neon instructions VCVTA, VCVTM, VCVTN, VCVTP, VRINTA, VRINTM, VRINTN, VRINTP, VRINTX, and VRINTZ were only introduced with ARMv8, so they need a guard to make them UNDEF if the CPU only supports ARMv7. (We got this right for all the other new-in-v8 insns, but forgot it for these Neon 2-reg-misc ops.) Reported-by: Christophe Lyon <christophe.lyon@linaro.org> Tested-by: Christophe Lyon <christophe.lyon@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1465492511-9333-1-git-send-email-peter.maydell@linaro.org
2016-06-14target-arm: Fix reset and migration of TTBCR(S)Peter Maydell
Commit 6459b94c26dd666badb3 broke reset and migration of the AArch32 TTBCR(S) register if the guest used non-LPAE page tables. This is because the AArch32 TTBCR register definition is marked as ARM_CP_ALIAS, meaning that the AArch64 variant has to handle migration and reset. Although AArch64 TCR_EL3 doesn't need to care about the mask and base_mask fields, AArch32 may do so, and so we must use the special TTBCR reset and raw write functions to ensure they are set correctly. This doesn't affect TCR_EL2, because the AArch32 equivalent of that is HTCR, which never uses the non-LPAE page table variant. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reported-by: Pranith Kumar <bobby.prani+qemu@gmail.com> Reviewed-by: Sergey Fedorov <sergey.fedorov@linaro.org> Message-id: 1465488181-31977-1-git-send-email-peter.maydell@linaro.org
2016-06-14hw/arm/virt: Add PMU node for virt machineShannon Zhao
Add a virtual PMU device for virt machine while use PPI 7 for PMU overflow interrupt number. Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 1465267577-1808-3-git-send-email-zhaoshenglong@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-14target-arm: kvm64: set guest PMUv3 feature bit if supportedShannon Zhao
Check if kvm supports guest PMUv3. If so, set the corresponding feature bit for vcpu. Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 1465267577-1808-2-git-send-email-zhaoshenglong@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-07virtio: move bi-endian target support to a single locationGreg Kurz
Paolo's recent cpu.h cleanups broke legacy virtio for ppc64 LE guests (and arm BE guests as well, even if I have not verified that). Especially, commit "33c11879fd42 qemu-common: push cpu.h inclusion out of qemu-common.h" has the side-effect of silently hiding the TARGET_IS_BIENDIAN macro from the virtio memory accessors, and thus fully disabling support of endian changing targets. To be sure this cannot happen again, let's gather all the bi-endian bits where they belong in include/hw/virtio/virtio-access.h. The changes in hw/virtio/vhost.c are safe because vhost_needs_vring_endian() is not called on a hot path and non bi-endian targets will return false anyway. While here, also rename TARGET_IS_BIENDIAN to be more precise: it is only for legacy virtio and bi-endian guests. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2016-06-06target-arm: Fix TTBR selecting logic on AArch32 Stage 2 translationSergey Sorokin
Address size is 40-bit for the AArch32 stage 2 translation, and t0sz can be negative (from -8 to 7), so we need to adjust it to use the existing TTBR selecting logic. Signed-off-by: Sergey Sorokin <afarallax@yandex.ru> Message-id: 1464974151-1231644-1-git-send-email-afarallax@yandex.ru Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06target-arm: Don't try to set ESR IL bit in arm_cpu_do_interrupt_aarch64()Peter Maydell
Remove some incorrect code from arm_cpu_do_interrupt_aarch64() which attempts to set the IL bit in the syndrome register based on the value of env->thumb. This is wrong in several ways: * IL doesn't indicate Thumb-vs-ARM, it indicates instruction length (which may be 16 or 32 for Thumb and is always 32 for ARM) * not every syndrome format uses IL like this -- for some IL is always set, and for some it is always clear * the code is changing esr_el[new_el] even for interrupt entry, which is not supposed to modify ESR_ELx at all Delete the code, and instead rely on the syndrome value in env->exception.syndrome having already been set up with the correct value of IL. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1463487258-27468-3-git-send-email-peter.maydell@linaro.org
2016-06-06target-arm: Set IL bit in syndromes for insn abort, watchpoint, swstepPeter Maydell
For some exception syndrome types, the IL bit should always be set. This includes the instruction abort, watchpoint and software step syndrome types; add the missing ARM_EL_IL bit to the syndrome values returned by syn_insn_abort(), syn_swstep() and syn_watchpoint(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1463487258-27468-2-git-send-email-peter.maydell@linaro.org
2016-06-06target-arm: A64: Create Instruction Syndromes for Data AbortsEdgar E. Iglesias
Add support for generating the ISS (Instruction Specific Syndrome) for Data Abort exceptions taken from AArch64. These syndromes are used by hypervisors for example to trap and emulate memory accesses. We save the decoded data out-of-band with the TBs at translation time. When exceptions hit, the extra data attached to the TB is used to recreate the state needed to encode instruction syndromes. This avoids the need to emit moves with every load/store. Based on a suggestion from Peter Maydell. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 1462464601-10888-2-git-send-email-edgar.iglesias@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-06target-arm: Add the HSTR_EL2 registerAlistair Francis
Add the Hypervisor System Trap Register for EL2. This register is used early in the Linux boot and without it the kernel aborts with a "Synchronous Abort" error. Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Message-id: ea5aae4b10283de4705b864fe9d4bd2eaddaacae.1463174342.git.alistair.francis@xilinx.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-05-19cpu: move exec-all.h inclusion out of cpu.hPaolo Bonzini
exec-all.h contains TCG-specific definitions. It is not needed outside TCG-specific files such as translate.c, exec.c or *helper.c. One generic function had snuck into include/exec/exec-all.h; move it to include/qom/cpu.h. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19hw: explicitly include qemu/log.hPaolo Bonzini
Move the inclusion out of hw/hw.h, most files do not need it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19arm: move arm_log_exception into .c filePaolo Bonzini
Avoid need for qemu/log.h inclusion, and make the function static too. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19qemu-common: push cpu.h inclusion out of qemu-common.hPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19hw: move CPU state serialization to migration/cpu.hPaolo Bonzini
Remove usage of NEED_CPU_H from hw/hw.h. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19target-arm: make cpu-qom.h not target specificPaolo Bonzini
Make ARMCPU an opaque type within cpu-qom.h, and move all definitions of private methods, as well as all type definitions that require knowledge of the layout to cpu.h. This helps making files independent of NEED_CPU_H if they only need to pass around CPU pointers. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-19cpu: make cpu-qom.h only include-able from cpu.hPaolo Bonzini
Make cpu-qom.h so that it is only included from cpu.h. Then there is no need for it to include cpu.h again. Later we will make cpu-qom.h target independent and we will _want_ to include it from elsewhere, but for now reduce the number of cases to handle. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-12tcg: Allow goto_tb to any target PC in user modeSergey Fedorov
In user mode, there's only a static address translation, TBs are always invalidated properly and direct jumps are reset when mapping change. Thus the destination address is always valid for direct jumps and there's no need to restrict it to the pages the TB resides in. Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: Sergey Fedorov <sergey.fedorov@linaro.org> Cc: Riku Voipio <riku.voipio@iki.fi> Cc: Blue Swirl <blauwirbel@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-05-12tcg: Clean up direct block chaining safety checksSergey Fedorov
We don't take care of direct jumps when address mapping changes. Thus we must be sure to generate direct jumps so that they always keep valid even if address mapping changes. Luckily, we can only allow to execute a TB if it was generated from the pages which match with current mapping. Document tcg_gen_goto_tb() declaration and note the reason for destination PC limitations. Some targets with variable length instructions allow TB to straddle a page boundary. However, we make sure that both of TB pages match the current address mapping when looking up TBs. So it is safe to do direct jumps into the both pages. Correct the checks for some of those targets. Given that, we can safely patch a TB which spans two pages. Remove the unnecessary check in cpu_exec() and allow such TBs to be patched. Signed-off-by: Sergey Fedorov <serge.fdrv@gmail.com> Signed-off-by: Sergey Fedorov <sergey.fedorov@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2016-05-12tb: consistently use uint32_t for tb->flagsEmilio G. Cota
We are inconsistent with the type of tb->flags: usage varies loosely between int and uint64_t. Settle to uint32_t everywhere, which is superior to both: at least one target (aarch64) uses the most significant bit in the u32, and uint64_t is wasteful. Compile-tested for all targets. Suggested-by: Laurent Desnogues <laurent.desnogues@gmail.com> Suggested-by: Richard Henderson <rth@twiddle.net> Tested-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Richard Henderson <rth@twiddle.net> Message-Id: <1460049562-23517-1-git-send-email-cota@braap.org>