aboutsummaryrefslogtreecommitdiff
path: root/target/arm/tcg
AgeCommit message (Collapse)Author
2024-07-02target/arm: Fix VCMLA Dd, Dn, Dm[idx]Richard Henderson
The inner loop, bounded by eltspersegment, must not be larger than the outer loop, bounded by elements. Cc: qemu-stable@nongnu.org Fixes: 18fc2405781 ("target/arm: Implement SVE fp complex multiply add (indexed)") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2376 Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240625183536.1672454-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 76bccf3cb9d9383da0128bbc6d1300cddbe3ae8f) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-04-02target/arm: take HSTR traps of cp15 accesses to EL2, not EL1Peter Maydell
The HSTR_EL2 register allows the hypervisor to trap AArch32 EL1 and EL0 accesses to cp15 registers. We incorrectly implemented this so they trap to EL1 when we detect the need for a HSTR trap at code generation time. (The check in access_check_cp_reg() which we do at runtime to catch traps from EL0 is correctly routing them to EL2.) Use the correct target EL when generating the code to take the trap. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2226 Fixes: 049edada5e93df ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240325133116.2075362-1-peter.maydell@linaro.org (cherry picked from commit fbe5ac5671a9cfcc7f4aee9a5fac7720eea08876) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-03-09target/arm: Fix 32-bit SMOPARichard Henderson
While the 8-bit input elements are sequential in the input vector, the 32-bit output elements are not sequential in the output matrix. Do not attempt to compute 2 32-bit outputs at the same time. Cc: qemu-stable@nongnu.org Fixes: 23a5e3859f5 ("target/arm: Implement SME integer outer product") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2083 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20240305163931.242795-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit d572bcb222010b38b382871a23b2f38e2c3f4d2d) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-02-16target/arm: Fix SVE/SME gross MTE suppression checksRichard Henderson
The TBI and TCMA bits are located within mtedesc, not desc. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 855f94eca80c85a99f459e36684ea2f98f6a3243) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-02-16target/arm: Handle mte in do_ldrq, do_ldroRichard Henderson
These functions "use the standard load helpers", but fail to clean_data_tbi or populate mtedesc. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 623507ccfcfebb0f10229ae5de3f85a27fb615a7) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-02-16target/arm: Split out make_svemte_descRichard Henderson
Share code that creates mtedesc and embeds within simd_desc. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 96fcc9982b4aad7aced7fbff046048bbccc6cb0c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-02-16target/arm: Adjust and validate mtedesc sizem1Richard Henderson
When we added SVE_MTEDESC_SHIFT, we effectively limited the maximum size of MTEDESC. Adjust SIZEM1 to consume the remaining bits (32 - 10 - 5 - 12 == 5). Assert that the data to be stored fits within the field (expecting 8 * 4 - 1 == 31, exact fit). Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit b12a7671b6099a26ce5d5ab09701f151e21c112c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-02-16target/arm: Fix nregs computation in do_{ld,st}_zpaRichard Henderson
The field is encoded as [0-3], which is convenient for indexing our array of function pointers, but the true value is [1-4]. Adjust before calling do_mem_zpa. Add an assert, and move the comment re passing ZT to the helper back next to the relevant code. Cc: qemu-stable@nongnu.org Fixes: 206adacfb8d ("target/arm: Add mte helpers for sve scalar + int loads") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Gustavo Romero <gustavo.romero@linaro.org> Message-id: 20240207025210.8837-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> (cherry picked from commit 64c6e7444dff64b42d11b836b9aec9acfbe8ecc2) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-01-27target/arm: Fix A64 scalar SQSHRN and SQRSHRNPeter Maydell
In commit 1b7bc9b5c8bf374dd we changed handle_vec_simd_sqshrn() so that instead of starting with a 0 value and depositing in each new element from the narrowing operation, it instead started with the raw result of the narrowing operation of the first element. This is fine in the vector case, because the deposit operations for the second and subsequent elements will always overwrite any higher bits that might have been in the first element's result value in tcg_rd. However in the scalar case we only go through this loop once. The effect is that for a signed narrowing operation, if the result is negative then we will now return a value where the bits above the first element are incorrectly 1 (because the narrowfn returns a sign-extended result, not one that is truncated to the element size). Fix this by using an extract operation to get exactly the correct bits of the output of the narrowfn for element 1, instead of a plain move. Cc: qemu-stable@nongnu.org Fixes: 1b7bc9b5c8bf374dd3 ("target/arm: Avoid tcg_const_ptr in handle_vec_simd_sqshrn") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2089 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240123153416.877308-1-peter.maydell@linaro.org (cherry picked from commit 6fffc8378562c7fea6290c430b4f653f830a4c1a) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-11-20target/arm: Fix SME FMOPA (16-bit), BFMOPARichard Henderson
Perform the loop increment unconditionally, not nested within the predication. Cc: qemu-stable@nongnu.org Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1985 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231117193135.1180657-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-20target/arm: enable FEAT_RNG on Neoverse-N2Marcin Juszkiewicz
I noticed that Neoverse-V1 has FEAT_RNG enabled so let enable it also on Neoverse-N2. Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231114103443.1652308-1-marcin.juszkiewicz@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-15target/arm/tcg: spelling fixes: alse, addresesMichael Tokarev
Fixes: 179e9a3baccc "target/arm: Define new TB flag for ATA0" Fixes: 5d7b37b5f675 "target/arm: Implement the CPY* instructions" Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-11-13target/arm/tcg: enable PMU feature for Cortex-A8 and A9Nikita Ostrenkov
According to the technical reference manual, the Cortex-A9 has a Perfomance Unit Monitor (PMU): https://developer.arm.com/documentation/100511/0401/performance-monitoring-unit/about-the-performance-monitoring-unit The Cortex-A8 does also. We already already define the PMU registers when emulating the Cortex-A8 and Cortex-A9, because we put them in v7_cp_reginfo[] rather than guarding them behind ARM_FEATURE_PMU. So the only thing that setting the feature bit changes is that the registers actually do something. Enable ARM_FEATURE_PMU for Cortex-A8 and Cortex-A9, to avoid this anomaly. (The A8 and A9 PMU predates the standardisation of ID_DFR0.PerfMon, so the field there is 0, but the PMU is still present.) Signed-off-by: Nikita Ostrenkov <n.ostrenkov@gmail.com> Message-id: 20231112165658.2335-1-n.ostrenkov@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: tweaked commit message; also enable PMU for A8] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-13target/arm: Correct MTE tag checking for reverse-copy MOPSPeter Maydell
When we are doing a FEAT_MOPS copy that must be performed backwards, we call mte_mops_probe_rev(), passing it the address of the last byte in the region we are probing. However, allocation_tag_mem_probe() wants the address of the first byte to get the tag memory for. Because we passed it (ptr, size) we could incorrectly trip the allocation_tag_mem_probe() check for "does this access run across to the following page", and if that following page happened not to be valid then we would assert. We know we will always be only dealing with a single page because the code that calls mte_mops_probe_rev() ensures that. We could make mte_mops_probe_rev() pass 'ptr - (size - 1)' to allocation_tag_mem_probe(), but then we would have to adjust the returned 'mem' pointer to get back to the tag RAM for the last byte of the region. It's simpler to just pass in a size of 1 byte, because we know that allocation_tag_mem_probe() in pure-probe single-page mode doesn't care about the size. Fixes: 69c51dc3723b ("target/arm: Implement MTE tag-checking functions for FEAT_MOPS copies") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231110162546.2192512-1-peter.maydell@linaro.org
2023-11-13target/arm: HVC at EL3 should go to EL3, not EL2Peter Maydell
AArch64 permits code at EL3 to use the HVC instruction; however the exception we take should go to EL3, not down to EL2 (see the pseudocode AArch64.CallHypervisor()). Fix the target EL. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> Message-id: 20231109151917.1925107-1-peter.maydell@linaro.org
2023-11-06target/arm: Fix A64 LDRA immediate decodePeter Maydell
In commit be23a049 in the conversion to decodetree we broke the decoding of the immediate value in the LDRA instruction. This should be a 10 bit signed value that is scaled by 8, but in the conversion we incorrectly ended up scaling it only by 2. Fix the scaling factor. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1970 Fixes: be23a049 ("target/arm: Convert load (pointer auth) insns to decodetree") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231106113445.1163063-1-peter.maydell@linaro.org
2023-11-02target/arm: Fix SVE STR incrementRichard Henderson
The previous change missed updating one of the increments and one of the MemOps. Add a test case for all vector lengths. Cc: qemu-stable@nongnu.org Fixes: e6dd5e782be ("target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld, st}r") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231031143215.29764-1-richard.henderson@linaro.org [PMM: fixed checkpatch nit] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-02target/arm: Make FEAT_MOPS SET* insns handle Xs == XZR correctlyPeter Maydell
Most of the registers used by the FEAT_MOPS instructions cannot use 31 as a register field value; this is CONSTRAINED UNPREDICTABLE to NOP or UNDEF (we UNDEF). However, it is permitted for the "source value" register for the memset insns SET* to be 31, which (as usual for most data-processing insns) means it should be the zero register XZR. We forgot to handle this case, with the effect that trying to set memory to zero with a "SET* Xd, Xn, XZR" sets the memory to the value that happens to be in the low byte of SP. Handle XZR when getting the SET* data value from the register file. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231030174000.3792225-4-peter.maydell@linaro.org
2023-10-27target/arm: Fix syndrome for FGT traps on ERETPeter Maydell
In commit 442c9d682c94fc2 when we converted the ERET, ERETAA, ERETAB instructions to decodetree, the conversion accidentally lost the correct setting of the syndrome register when taking a trap because of the FEAT_FGT HFGITR_EL1.ERET bit. Instead of reporting a correct full syndrome value with the EC and IL bits, we only reported the low two bits of the syndrome, because the call to syn_erettrap() got dropped. Fix the syndrome values for these traps by reinstating the syn_erettrap() calls. Fixes: 442c9d682c94fc2 ("target/arm: Convert ERET, ERETAA, ERETAB to decodetree") Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231024172438.2990945-1-peter.maydell@linaro.org
2023-10-27target/arm: Move feature test functions to their own headerPeter Maydell
The feature test functions isar_feature_*() now take up nearly a thousand lines in target/arm/cpu.h. This header file is included by a lot of source files, most of which don't need these functions. Move the feature test functions to their own header file. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231024163510.2972081-2-peter.maydell@linaro.org
2023-10-27target/arm: Implement Neoverse N2 CPU modelPeter Maydell
Implement a model of the Neoverse N2 CPU. This is an Armv9.0-A processor very similar to the Cortex-A710. The differences are: * no FEAT_EVT * FEAT_DGH (data gathering hint) * FEAT_NV (not yet implemented in QEMU) * Statistical Profiling Extension (not implemented in QEMU) * 48 bit physical address range, not 40 * CTR_EL0.DIC = 1 (no explicit icache cleaning needed) * PMCR_EL0.N = 6 (always 6 PMU counters, not 20) Because it has 48-bit physical address support, we can use this CPU in the sbsa-ref board as well as the virt board. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20230915185453.1871167-3-peter.maydell@linaro.org
2023-10-27target/arm: Correct minor errors in Cortex-A710 definitionPeter Maydell
Correct a couple of minor errors in the Cortex-A710 definition: * ID_AA64DFR0_EL1.DebugVer is 9 (indicating Armv8.4 debug architecture) * ID_AA64ISAR1_EL1.APA is 5 (indicating more PAuth support) * there is an IMPDEF CPUCFR_EL1, like that on the Neoverse-N1 Fixes: e3d45c0a89576 ("target/arm: Implement cortex-a710") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20230915185453.1871167-2-peter.maydell@linaro.org
2023-10-22target/arm: Use tcg_gen_ext_i64Richard Henderson
The ext_and_shift_reg helper does this plus a shift. The non-zero check for shift count is duplicate to the one done within tcg_gen_shli_i64. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-10-19target/arm: Implement FEAT_HPMN0Peter Maydell
FEAT_HPMN0 is a small feature which defines that it is valid for MDCR_EL2.HPMN to be set to 0, meaning "no PMU event counters provided to an EL1 guest" (previously this setting was reserved). QEMU's implementation almost gets HPMN == 0 right, but we need to fix one check in pmevcntr_is_64_bit(). That is enough for us to advertise the feature in the 'max' CPU. (We don't need to make the behaviour conditional on feature presence, because the FEAT_HPMN0 behaviour is within the range of permitted UNPREDICTABLE behaviour for a non-FEAT_HPMN0 implementation.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230921185445.3339214-1-peter.maydell@linaro.org
2023-10-19target/arm: Permit T32 LDM with single registerPeter Maydell
For the Thumb T32 encoding of LDM, if only a single register is specified in the register list this instruction is UNPREDICTABLE, with the following choices: * instruction UNDEFs * instruction is a NOP * instruction loads a single register * instruction loads an unspecified set of registers Currently we choose to UNDEF (a behaviour chosen in commit 4b222545dbf30 in 2019; previously we treated it as "load the specified single register"). Unfortunately there is real world code out there (which shipped in at least Android 11, 12 and 13) which incorrectly uses this UNPREDICTABLE insn on the assumption that it does a single register load, which is (presumably) what it happens to do on real hardware, and is also what it does on the equivalent A32 encoding. Revert to the pre-4b222545dbf30 behaviour of not UNDEFing for this T32 encoding. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1799 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230927101853.39288-1-peter.maydell@linaro.org
2023-10-04accel/tcg: Replace CPUState.env_ptr with cpu_env()Richard Henderson
Reviewed-by: Anton Johansson <anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-10-03tcg: Rename cpu_env to tcg_envRichard Henderson
Allow the name 'cpu_env' to be used for something else. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-10-03target/arm: Replace TARGET_PAGE_ENTRY_EXTRAAnton Johansson
TARGET_PAGE_ENTRY_EXTRA is a macro that allows guests to specify additional fields for caching with the full TLB entry. This macro is replaced with a union in CPUTLBEntryFull, thus making CPUTLB target-agnostic at the cost of slightly inflated CPUTLBEntryFull for non-arm guests. Note, this is needed to ensure that fields in CPUTLB don't vary in offset between various targets. (arm is the only guest actually making use of this feature.) Signed-off-by: Anton Johansson <anjo@rev.ng> Message-Id: <20230912153428.17816-2-anjo@rev.ng> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-29target/arm/tcg: Clean up local variable shadowingPhilippe Mathieu-Daudé
Fix: target/arm/tcg/translate-m-nocp.c: In function ‘gen_M_fp_sysreg_read’: target/arm/tcg/translate-m-nocp.c:509:18: warning: declaration of ‘tmp’ shadows a previous local [-Wshadow=compatible-local] 509 | TCGv_i32 tmp = load_cpu_field(v7m.fpdscr[M_REG_NS]); | ^~~ target/arm/tcg/translate-m-nocp.c:433:14: note: shadowed declaration is here 433 | TCGv_i32 tmp; | ^~~ --- target/arm/tcg/mve_helper.c: In function ‘helper_mve_vqshlsb’: target/arm/tcg/mve_helper.c:1259:19: warning: declaration of ‘r’ shadows a previous local [-Wshadow=compatible-local] 1259 | typeof(N) r = FN(N, (int8_t)(M), sizeof(N) * 8, ROUND, &su32); \ | ^ target/arm/tcg/mve_helper.c:1267:5: note: in expansion of macro ‘WRAP_QRSHL_HELPER’ 1267 | WRAP_QRSHL_HELPER(do_sqrshl_bhs, N, M, false, satp) | ^~~~~~~~~~~~~~~~~ target/arm/tcg/mve_helper.c:927:22: note: in expansion of macro ‘DO_SQSHL_OP’ 927 | TYPE r = FN(n[H##ESIZE(e)], m[H##ESIZE(e)], &sat); \ | ^~ target/arm/tcg/mve_helper.c:945:5: note: in expansion of macro ‘DO_2OP_SAT’ 945 | DO_2OP_SAT(OP##b, 1, int8_t, FN) \ | ^~~~~~~~~~ target/arm/tcg/mve_helper.c:1277:1: note: in expansion of macro ‘DO_2OP_SAT_S’ 1277 | DO_2OP_SAT_S(vqshls, DO_SQSHL_OP) | ^~~~~~~~~~~~ --- target/arm/tcg/mve_helper.c: In function ‘do_sqrshl48_d’: target/arm/tcg/mve_helper.c:2463:17: warning: declaration of ‘extval’ shadows a previous local [-Wshadow=compatible-local] 2463 | int64_t extval = sextract64(src << shift, 0, 48); | ^~~~~~ target/arm/tcg/mve_helper.c:2443:18: note: shadowed declaration is here 2443 | int64_t val, extval; | ^~~~~~ --- target/arm/tcg/mve_helper.c: In function ‘do_uqrshl48_d’: target/arm/tcg/mve_helper.c:2495:18: warning: declaration of ‘extval’ shadows a previous local [-Wshadow=compatible-local] 2495 | uint64_t extval = extract64(src << shift, 0, 48); | ^~~~~~ target/arm/tcg/mve_helper.c:2479:19: note: shadowed declaration is here 2479 | uint64_t val, extval; | ^~~~~~ Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230904161235.84651-3-philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-09-21target/arm: Enable FEAT_MOPS for CPU 'max'Peter Maydell
Enable FEAT_MOPS on the AArch64 'max' CPU, and add it to the list of features we implement. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-13-peter.maydell@linaro.org
2023-09-21target/arm: Implement the CPY* instructionsPeter Maydell
The FEAT_MOPS CPY* instructions implement memory copies. These come in both "always forwards" (memcpy-style) and "overlap OK" (memmove-style) flavours. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-12-peter.maydell@linaro.org
2023-09-21target/arm: Implement MTE tag-checking functions for FEAT_MOPS copiesPeter Maydell
The FEAT_MOPS memory copy operations need an extra helper routine for checking for MTE tag checking failures beyond the ones we already added for memory set operations: * mte_mops_probe_rev() does the same job as mte_mops_probe(), but it checks tags starting at the provided address and working backwards, rather than forwards Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-11-peter.maydell@linaro.org
2023-09-21target/arm: Implement the SETG* instructionsPeter Maydell
The FEAT_MOPS SETG* instructions are very similar to the SET* instructions, but as well as setting memory contents they also set the MTE tags. They are architecturally required to operate on tag-granule aligned regions only. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-10-peter.maydell@linaro.org
2023-09-21target/arm: Define new TB flag for ATA0Peter Maydell
Currently the only tag-setting instructions always do so in the context of the current EL, and so we only need one ATA bit in the TB flags. The FEAT_MOPS SETG instructions include ones which set tags for a non-privileged access, so we now also need the equivalent "are tags enabled?" information for EL0. Add the new TB flag, and convert the existing 'bool ata' field in DisasContext to a 'bool ata[2]' that can be indexed by the is_unpriv bit in an instruction, similarly to mte[2]. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-9-peter.maydell@linaro.org
2023-09-21target/arm: Implement the SET* instructionsPeter Maydell
Implement the SET* instructions which collectively implement a "memset" operation. These come in a set of three, eg SETP (prologue), SETM (main), SETE (epilogue), and each of those has different flavours to indicate whether memory accesses should be unpriv or non-temporal. This commit does not include the "memset with tag setting" SETG* instructions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-8-peter.maydell@linaro.org
2023-09-21target/arm: Implement MTE tag-checking functions for FEAT_MOPSPeter Maydell
The FEAT_MOPS instructions need a couple of helper routines that check for MTE tag failures: * mte_mops_probe() checks whether there is going to be a tag error in the next up-to-a-page worth of data * mte_check_fail() is an existing function to record the fact of a tag failure, which we need to make global so we can call it from helper-a64.c Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-7-peter.maydell@linaro.org
2023-09-21target/arm: New function allocation_tag_mem_probe()Peter Maydell
For the FEAT_MOPS operations, the existing allocation_tag_mem() function almost does what we want, but it will take a watchpoint exception even for an ra == 0 probe request, and it requires that the caller guarantee that the memory is accessible. For FEAT_MOPS we want a function that will not take any kind of exception, and will return NULL for the not-accessible case. Rename allocation_tag_mem() to allocation_tag_mem_probe() and add an extra 'probe' argument that lets us distinguish these cases; allocation_tag_mem() is now a wrapper that always passes 'false'. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-6-peter.maydell@linaro.org
2023-09-21target/arm: Pass unpriv bool to get_a64_user_mem_index()Peter Maydell
In every place that we call the get_a64_user_mem_index() function we do it like this: memidx = a->unpriv ? get_a64_user_mem_index(s) : get_mem_index(s); Refactor so the caller passes in the bool that says whether they want the 'unpriv' or 'normal' mem_index rather than having to do the ?: themselves. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230912140434.1333369-4-peter.maydell@linaro.org
2023-09-21target/arm: Don't skip MTE checks for LDRT/STRT at EL0Peter Maydell
The LDRT/STRT "unprivileged load/store" instructions behave like normal ones if executed at EL0. We handle this correctly for the load/store semantics, but get the MTE checking wrong. We always look at s->mte_active[is_unpriv] to see whether we should be doing MTE checks, but in hflags.c when we set the TB flags that will be used to fill the mte_active[] array we only set the MTE0_ACTIVE bit if UNPRIV is true (i.e. we are not at EL0). This means that a LDRT at EL0 will see s->mte_active[1] as 0, and will not do MTE checks even when MTE is enabled. To avoid the translate-time code having to do an explicit check on s->unpriv to see if it is OK to index into the mte_active[] array, duplicate MTE_ACTIVE into MTE0_ACTIVE when UNPRIV is false. (This isn't a very serious bug because generally nobody executes LDRT/STRT at EL0, because they have no use there.) Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230912140434.1333369-2-peter.maydell@linaro.org
2023-09-21target/arm: Remove unused allocation_tag_mem() argumentPeter Maydell
The allocation_tag_mem() function takes an argument tag_size, but it never uses it. Remove the argument. In mte_probe_int() in particular this also lets us delete the code computing the value we were passing in. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-09-21target/arm: Implement FEAT_HBCPeter Maydell
FEAT_HBC (Hinted conditional branches) provides a new instruction BC.cond, which behaves exactly like the existing B.cond except that it provides a hint to the branch predictor about the likely behaviour of the branch. Since QEMU does not implement branch prediction, we can treat this identically to B.cond. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-19Merge tag 'pull-tcg-20230915-2' of https://gitlab.com/rth7680/qemu into stagingStefan Hajnoczi
*: Delete checks for old host definitions tcg/loongarch64: Generate LSX instructions fpu: Add conversions between bfloat16 and [u]int8 fpu: Handle m68k extended precision denormals properly accel/tcg: Improve cputlb i/o organization accel/tcg: Simplify tlb_plugin_lookup accel/tcg: Remove false-negative halted assertion tcg: Add gvec compare with immediate and scalar operand tcg/aarch64: Emit BTI insns at jump landing pads [Resolved conflict between CPUINFO_PMULL and CPUINFO_BTI. --Stefan] * tag 'pull-tcg-20230915-2' of https://gitlab.com/rth7680/qemu: (39 commits) tcg: Map code_gen_buffer with PROT_BTI tcg/aarch64: Emit BTI insns at jump landing pads util/cpuinfo-aarch64: Add CPUINFO_BTI tcg: Add tcg_out_tb_start backend hook fpu: Handle m68k extended precision denormals properly fpu: Add conversions between bfloat16 and [u]int8 accel/tcg: Introduce do_st16_mmio_leN accel/tcg: Introduce do_ld16_mmio_beN accel/tcg: Merge io_writex into do_st_mmio_leN accel/tcg: Merge io_readx into do_ld_mmio_beN accel/tcg: Replace direct use of io_readx/io_writex in do_{ld,st}_1 accel/tcg: Merge cpu_transaction_failed into io_failed plugin: Simplify struct qemu_plugin_hwaddr accel/tcg: Use CPUTLBEntryFull.phys_addr in io_failed accel/tcg: Split out io_prepare and io_failed accel/tcg: Simplify tlb_plugin_lookup target/arm: Use tcg_gen_gvec_cmpi for compare vs 0 tcg: Add gvec compare with immediate and scalar operand tcg/loongarch64: Implement 128-bit load & store tcg/loongarch64: Lower rotli_vec to vrotri ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-09-16target/arm: Use tcg_gen_gvec_cmpi for compare vs 0Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Song Gao <gaosong@loongson.cn> Message-Id: <20230831030904.1194667-3-richard.henderson@linaro.org>
2023-09-15target/arm: Use clmul_64Richard Henderson
Use generic routine for 64-bit carry-less multiply. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-15target/arm: Use clmul_32* routinesRichard Henderson
Use generic routines for 32-bit carry-less multiply. Remove our local version of pmull_d. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-15target/arm: Use clmul_16* routinesRichard Henderson
Use generic routines for 16-bit carry-less multiply. Remove our local version of pmull_w. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-15target/arm: Use clmul_8* routinesRichard Henderson
Use generic routines for 8-bit carry-less multiply. Remove our local version of pmull_h. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-09-11Merge tag 'pull-riscv-to-apply-20230911' of ↵Stefan Hajnoczi
https://github.com/alistair23/qemu into staging First RISC-V PR for 8.2 * Remove 'host' CPU from TCG * riscv_htif Fixup printing on big endian hosts * Add zmmul isa string * Add smepmp isa string * Fix page_check_range use in fault-only-first * Use existing lookup tables for MixColumns * Add RISC-V vector cryptographic instruction set support * Implement WARL behaviour for mcountinhibit/mcounteren * Add Zihintntl extension ISA string to DTS * Fix zfa fleq.d and fltq.d * Fix upper/lower mtime write calculation * Make rtc variable names consistent * Use abi type for linux-user target_ucontext * Add RISC-V KVM AIA Support * Fix riscv,pmu DT node path in the virt machine * Update CSR bits name for svadu extension * Mark zicond non-experimental * Fix satp_mode_finalize() when satp_mode.supported = 0 * Fix non-KVM --enable-debug build * Add new extensions to hwprobe * Use accelerated helper for AES64KS1I * Allocate itrigger timers only once * Respect mseccfg.RLB for pmpaddrX changes * Align the AIA model to v1.0 ratified spec * Don't read the CSR in riscv_csrrw_do64 # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmT+ttMACgkQr3yVEwxT # gBN/rg/+KhOvL9xWSNb8pzlIsMQHLvndno0Sq5b9Rb/o5z1ekyYfyg6712N3JJpA # TIfZzOIW7oYZV8gHyaBtOt8kIbrjwzGB2rpCh4blhm+yNZv7Ym9Ko6AVVzoUDo7k # 2dWkLnC+52/l3SXGeyYMJOlgUUsQMwjD6ykDEr42P6DfVord34fpTH7ftwSasO9K # 35qJQqhUCgB3fMzjKTYICN6Rm1UluijTjRNXUZXC0XZlr+UKw2jT/UsybbWVXyNs # SmkRtF1MEVGvw+b8XOgA/nG1qVCWglTMcPvKjWMY+cY9WLM6/R9nXAV8OL/JPead # v1LvROJNukfjNtDW6AOl5/svOJTRLbIrV5EO7Hlm1E4kftGmE5C+AKZZ/VT4ucUK # XgqaHoXh26tFEymVjzbtyFnUHNv0zLuGelTnmc5Ps1byLSe4lT0dBaJy6Zizg0LE # DpTR7s3LpyV3qB96Xf9bOMaTPsekUjD3dQI/3X634r36+YovRXapJDEDacN9whbU # BSZc20NoM5UxVXFTbELQXolue/X2BRLxpzB+BDG8/cpu/MPgcCNiOZaVrr/pOo33 # 6rwwrBhLSCfYAXnJ52qTUEBz0Z/FnRPza8AU/uuRYRFk6JhUXIonmO6xkzsoNKuN # QNnih/v1J+1XqUyyT2InOoAiTotzHiWgKZKaMfAhomt2j/slz+A= # =aqcx # -----END PGP SIGNATURE----- # gpg: Signature made Mon 11 Sep 2023 02:42:27 EDT # gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013 # gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013 * tag 'pull-riscv-to-apply-20230911' of https://github.com/alistair23/qemu: (45 commits) target/riscv: don't read CSR in riscv_csrrw_do64 target/riscv: Align the AIA model to v1.0 ratified spec target/riscv/pmp.c: respect mseccfg.RLB for pmpaddrX changes target/riscv: Allocate itrigger timers only once target/riscv: Use accelerated helper for AES64KS1I linux-user/riscv: Add new extensions to hwprobe hw/intc/riscv_aplic.c fix non-KVM --enable-debug build hw/riscv/virt.c: fix non-KVM --enable-debug build riscv: zicond: make non-experimental target/riscv: fix satp_mode_finalize() when satp_mode.supported = 0 target/riscv: Update CSR bits name for svadu extension hw/riscv: virt: Fix riscv,pmu DT node path target/riscv: select KVM AIA in riscv virt machine target/riscv: update APLIC and IMSIC to support KVM AIA target/riscv: Create an KVM AIA irqchip target/riscv: check the in-kernel irqchip support target/riscv: support the AIA device emulation with KVM enabled linux-user/riscv: Use abi type for target_ucontext hw/intc: Make rtc variable names consistent hw/intc: Fix upper/lower mtime write calculation ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-09-11crypto: Create sm4_subwordMax Chou
Allows sharing of sm4_subword between different targets. Signed-off-by: Max Chou <max.chou@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Max Chou <max.chou@sifive.com> Message-ID: <20230711165917.2629866-14-max.chou@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-09-08target/arm: Implement FEAT_TIDCP1Richard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230831232441.66020-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>