aboutsummaryrefslogtreecommitdiff
path: root/target/arm
AgeCommit message (Collapse)Author
2021-04-30target/arm: Add wrapper macros for accessing tbflagsRichard Henderson
We're about to split tbflags into two parts. These macros will ensure that the correct part is used with the correct set of bits. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210419202257.161730-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Rename TBFLAG_ANY, PSTATE_SSRichard Henderson
We're about to rearrange the macro expansion surrounding tbflags, and this field name will be expanded using the bit definition of the same name, resulting in a token pasting error. So PSTATE_SS -> PSTATE__SS in the uses, and document it. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210419202257.161730-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Rename TBFLAG_A32, SCTLR_BRichard Henderson
We're about to rearrange the macro expansion surrounding tbflags, and this field name will be expanded using the bit definition of the same name, resulting in a token pasting error. So SCTLR_B -> SCTLR__B in the 3 uses, and document it. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210419202257.161730-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Fix decode of align in VLDST_singleRichard Henderson
The encoding of size = 2 and size = 3 had the incorrect decode for align, overlapping the stride field. This error was hidden by what should have been unnecessary masking in translate. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210419202257.161730-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Remove log2_esize parameter to gen_mte_checkNRichard Henderson
The log2_esize parameter is not used except trivially. Drop the parameter and the deferral to gen_mte_check1. This fixes a bug in that the parameters as documented in the header file were the reverse from those in the implementation. Which meant that translate-sve.c was passing the parameters in the wrong order. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-10-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Simplify sve mte checkingRichard Henderson
Now that mte_check1 and mte_checkN have been merged, we can merge sve_cont_ldst_mte_check1 and sve_cont_ldst_mte_checkN. Which means that we can eliminate the function pointer into sve_ldN_r and sve_stN_r, calling sve_cont_ldst_mte_check directly. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-9-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Rename mte_probe1 to mte_probeRichard Henderson
For consistency with the mte_check1 + mte_checkN merge to mte_check, rename the probe function as well. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Merge mte_check1, mte_checkNRichard Henderson
The mte_check1 and mte_checkN functions are now identical. Drop mte_check1 and rename mte_checkN to mte_check. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Replace MTEDESC ESIZE+TSIZE with SIZEM1Richard Henderson
After recent changes, mte_checkN does not use ESIZE, and mte_check1 never used TSIZE. We can combine the two into a single field: SIZEM1. Choose to pass size - 1 because size == 0 is never used, our immediate need in mte_probe_int is for the address of the last byte (ptr + size - 1), and since almost all operations are powers of 2, this makes the immediate constant one bit smaller. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Fix unaligned checks for mte_check1, mte_probe1Richard Henderson
We were incorrectly assuming that only the first byte of an MTE access is checked against the tags. But per the ARM, unaligned accesses are pre-decomposed into single-byte accesses. So by the time we reach the actual MTE check in the ARM pseudocode, all accesses are aligned. We cannot tell a priori whether or not a given scalar access is aligned, therefore we must at least check. Use mte_probe_int, which is already set up for checking multiple granules. Buglink: https://bugs.launchpad.net/bugs/1921948 Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Split out mte_probe_intRichard Henderson
Split out a helper function from mte_checkN to perform all of the checking and address manpulation. So far, just use this in mte_checkN itself. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Fix mte_checkNRichard Henderson
We were incorrectly assuming that only the first byte of an MTE access is checked against the tags. But per the ARM, unaligned accesses are pre-decomposed into single-byte accesses. So by the time we reach the actual MTE check in the ARM pseudocode, all accesses are aligned. Therefore, the first failure is always either the first byte of the access, or the first byte of the granule. In addition, some of the arithmetic is off for last-first -> count. This does not become directly visible until a later patch that passes single bytes into this function, so ptr == ptr_last. Buglink: https://bugs.launchpad.net/bugs/1921948 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210416183106.1516563-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: tweaked a comment] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-30target/arm: Make Thumb store insns UNDEF for Rn==1111Peter Maydell
The Arm ARM specifies that for Thumb encodings of the various plain store insns, if the Rn field is 1111 then we must UNDEF. This is different from the Arm encodings, where this case is either UNPREDICTABLE or has well-defined behaviour. The exclusive stores, store-release and STRD do not have this UNDEF case for any encoding. Enforce the UNDEF for this case in the Thumb plain store insns. Fixes: https://bugs.launchpad.net/qemu/+bug/1922887 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210408162402.5822-1-peter.maydell@linaro.org
2021-04-17target/arm: drop CF_LAST_IO/dc->condjump checkAlex Bennée
This is a left over erroneous check from the days front-ends handled io start/end themselves. Regardless just because IO could be performed on the last instruction doesn't obligate the front end to do so. This fixes an abort faced by the aspeed execute-in-place support which will necessarily trigger this state (even before the one-shot CF_LAST_IO fix). The test still seems to hang once it attempts to boot the Linux kernel but I suspect this is an unrelated issue with icount and the timer handling code. The original intention of the cpu_abort (added in commit 2e70f6efa8b9 when the icount stuff was first added) seems to have been to act as an assert() to catch an unhandled corner case where the generated code would be something like: conditional branch to condlabel if its cc failed implementation of the insn (a conditional branch or trap) code emitted by gen_io_end() condlabel: gen_goto_tb or equivalent thing to go to next insn At runtime the cc-failed case would skip over the code emitted by gen_io_end(), leaving the can_do_io flag incorrectly set. In commit ba3e7926691ed33 we switched to an implementation which always clears can_do_io at the start of the following TB instead of trying to clear it at the end of a TB that did IO. So the corner case that this cpu_abort() was trying to flag is no longer possible, because the gen_io_end() call has been deleted. We can therefore safely remove the no-longer-valid assertion. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20210416170207.12504-1-alex.bennee@linaro.org Cc: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-12target/arm: Check PAGE_WRITE_ORG for MTE writeabilityRichard Henderson
We can remove PAGE_WRITE when (internally) marking a page read-only because it contains translated code. This can be triggered by tests/tcg/aarch64/bti-2, after having serviced SIGILL trampolines on the stack. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-04-06Revert "target/arm: Make number of counters in PMCR follow the CPU"Peter Maydell
This reverts commit f7fb73b8cdd3f77e26f9fcff8cf24ff1b58d200f. This change turned out to be a bit half-baked, and doesn't work with KVM, which fails with the error: "qemu-system-aarch64: Failed to retrieve host CPU features" because KVM does not allow accessing of the PMCR_EL0 value in the scratch "query CPU ID registers" VM unless we have first set the KVM_ARM_VCPU_PMU_V3 feature on the VM. Revert the change for 6.0. Reported-by: Zenghui Yu <yuzenghui@huawei.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Zenghui Yu <yuzenghui@huawei.com> Message-id: 20210331154822.23332-1-peter.maydell@linaro.org
2021-03-30target/arm: Make number of counters in PMCR follow the CPUPeter Maydell
Currently we give all the v7-and-up CPUs a PMU with 4 counters. This means that we don't provide the 6 counters that are required by the Arm BSA (Base System Architecture) specification if the CPU supports the Virtualization extensions. Instead of having a single PMCR_NUM_COUNTERS, make each CPU type specify the PMCR reset value (obtained from the appropriate TRM), and use the 'N' field of that value to define the number of counters provided. This means that we now supply 6 counters for Cortex-A53, A57, A72, A15 and A9 as well as '-cpu max'; Cortex-A7 and A8 stay at 4; and Cortex-R5 goes down to 3. Note that because we now use the PMCR reset value of the specific implementation, we no longer set the LC bit out of reset. This has an UNKNOWN value out of reset for all cores with any AArch32 support, so guest software should be setting it anyway if it wants it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Message-id: 20210311165947.27470-1-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-03-23target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fillRichard Henderson
Pretend the fault always happens at page table level 3. Failure to set this leaves level = 0, which is impossible for ARMFault_Permission, and produces an invalid syndrome, which reaches g_assert_not_reached in cpu_loop. Fixes: 8db94ab4e5db ("linux-user/aarch64: Pass syndrome to EXC_*_ABORT") Reported-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20210320000606.1788699-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-23target/arm: Make M-profile VTOR loads on reset handle memory aliasingPeter Maydell
For Arm M-profile CPUs, on reset the CPU must load its initial PC and SP from a vector table in guest memory. Because we can't guarantee reset ordering, we have to handle the possibility that the ROM blob loader's reset function has not yet run when the CPU resets, in which case the data in an ELF file specified by the user won't be in guest memory to be read yet. We work around the reset ordering problem by checking whether the ROM blob loader has any data for the address where the vector table is, using rom_ptr(). Unfortunately this does not handle the possibility of memory aliasing. For many M-profile boards, memory can be accessed via multiple possible physical addresses; if the board has the vector table at address X but the user's ELF file loads data via a different address Y which is an alias to the same underlying guest RAM then rom_ptr() will not find it. Use the new rom_ptr_for_as() function, which deals with memory aliasing when locating a relevant ROM blob. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210318174823.18066-6-peter.maydell@linaro.org
2021-03-12hw/arm/virt: KVM: The IPA lower bound is 32Andrew Jones
The virt machine already checks KVM_CAP_ARM_VM_IPA_SIZE to get the upper bound of the IPA size. If that bound is lower than the highest possible GPA for the machine, then QEMU will error out. However, the IPA is set to 40 when the highest GPA is less than or equal to 40, even when KVM may support an IPA limit as low as 32. This means KVM may fail the VM creation unnecessarily. Additionally, 40 is selected with the value 0, which means use the default, and that gets around a check in some versions of KVM, causing a difficult to debug fail. Always use the IPA size that corresponds to the highest possible GPA, unless it's lower than 32, in which case use 32. Also, we must still use 0 when KVM only supports the legacy fixed 40 bit IPA. Suggested-by: Marc Zyngier <maz@kernel.org> Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Marc Zyngier <maz@kernel.org> Message-id: 20210310135218.255205-3-drjones@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Update sve reduction vs simd_descRichard Henderson
With the reduction operations, we intentionally increase maxsz to the next power of 2, so as to fill out the reduction tree correctly. Since e2e7168a214b, oprsz must equal maxsz, with exceptions for small vectors, so this triggers an assertion for vector sizes > 32 that are not themselves a power of 2. Pass the power-of-two value in the simd_data field instead. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-9-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Update WHILE for PREDDESCRichard Henderson
Since b64ee454a4a0, all predicate operations should be using these field macros for predicates. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-8-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Update CNTP for PREDDESCRichard Henderson
Since b64ee454a4a0, all predicate operations should be using these field macros for predicates. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-7-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Update BRKA, BRKB, BRKN for PREDDESCRichard Henderson
Since b64ee454a4a0, all predicate operations should be using these field macros for predicates. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-6-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Update find_last_active for PREDDESCRichard Henderson
Since b64ee454a4a0, all predicate operations should be using these field macros for predicates. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-5-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Fix sve_punpk_p vs odd vector lengthsRichard Henderson
Wrote too much with punpk1 with vl % 512 != 0. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Fix sve_zip_p vs odd vector lengthsRichard Henderson
Wrote too much with low-half zip (zip1) with vl % 512 != 0. Adjust all of the x + (y << s) to x | (y << s) as a style fix. We only ever have exact overlap between D, M, and N. Therefore we only need a single temporary, and we do not need to check for partial overlap. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-12target/arm: Fix sve_uzp_p vs odd vector lengthsRichard Henderson
Missed out on compressing the second half of a predicate with length vl % 512 > 256. Adjust all of the x + (y << s) to x | (y << s) as a general style fix. Drop the extract64 because the input uint64_t are known to be already zero-extended from the current size of the predicate. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210309155305.11301-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-11Merge remote-tracking branch ↵Peter Maydell
'remotes/vivier2/tags/trivial-branch-for-6.0-pull-request' into staging Pull request # gpg: Signature made Wed 10 Mar 2021 21:56:09 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/trivial-branch-for-6.0-pull-request: (22 commits) sysemu: Let VMChangeStateHandler take boolean 'running' argument sysemu/runstate: Let runstate_is_running() return bool hw/lm32/Kconfig: Have MILKYMIST select LM32_DEVICES hw/lm32/Kconfig: Rename CONFIG_LM32 -> CONFIG_LM32_DEVICES hw/lm32/Kconfig: Introduce CONFIG_LM32_EVR for lm32-evr/uclinux boards qemu-common.h: Update copyright string to 2021 tests/fp/fp-test: Replace the word 'blacklist' qemu-options: Replace the word 'blacklist' seccomp: Replace the word 'blacklist' scripts/tracetool: Replace the word 'whitelist' ui: Replace the word 'whitelist' virtio-gpu: Adjust code space style exec/memory: Use struct Object typedef fuzz-test: remove unneccessary debugging flags net: Use id_generate() in the network subsystem, too MAINTAINERS: Fix the location of tools manuals vhost_user_gpu: Drop dead check for g_malloc() failure backends/dbus-vmstate: Fix short read error handling target/hexagon/gen_tcg_funcs: Fix a typo hw/elf_ops: Fix a typo ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-11Merge remote-tracking branch ↵Peter Maydell
'remotes/stsquad/tags/pull-testing-docs-xen-updates-100321-2' into staging Testing, guest-loader and other misc tweaks - add warning text to quickstart example - add CFI tests to CI - use --arch-only for docker pre-requisites - fix .editorconfig for emacs - add guest-loader for Xen-like hypervisor testing - move generic-loader docs into manual proper - move semihosting out of hw/ # gpg: Signature made Wed 10 Mar 2021 15:35:31 GMT # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * remotes/stsquad/tags/pull-testing-docs-xen-updates-100321-2: semihosting: Move hw/semihosting/ -> semihosting/ semihosting: Move include/hw/semihosting/ -> include/semihosting/ tests/avocado: add boot_xen tests docs: add some documentation for the guest-loader docs: move generic-loader documentation into the main manual hw/core: implement a guest-loader to support static hypervisor guests device_tree: add qemu_fdt_setprop_string_array helper hw/riscv: migrate fdt field to generic MachineState hw/board: promote fdt from ARM VirtMachineState to MachineState .editorconfig: update the automatic mode setting for Emacs tests/docker: Use --arch-only when building Debian cross image gitlab-ci.yml: Add jobs to test CFI flags gitlab-ci.yml: Allow custom # of parallel linkers tests/docker: add a test-tcg for building then running check-tcg docs/system: add a gentle prompt for the complexity to come Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-10semihosting: Move include/hw/semihosting/ -> include/semihosting/Philippe Mathieu-Daudé
We want to move the semihosting code out of hw/ in the next patch. This patch contains the mechanical steps, created using: $ git mv include/hw/semihosting/ include/ $ sed -i s,hw/semihosting,semihosting, $(git grep -l hw/semihosting) Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210226131356.3964782-2-f4bug@amsat.org> Message-Id: <20210305135451.15427-2-alex.bennee@linaro.org>
2021-03-09sysemu: Let VMChangeStateHandler take boolean 'running' argumentPhilippe Mathieu-Daudé
The 'running' argument from VMChangeStateHandler does not require other value than 0 / 1. Make it a plain boolean. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: David Gibson <david@gibson.dropbear.id.au> Message-Id: <20210111152020.1422021-3-philmd@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-03-08target/arm: Restrict v7A TCG cpus to TCG accelPhilippe Mathieu-Daudé
KVM requires the target cpu to be at least ARMv8 architecture (support on ARMv7 has been dropped in commit 82bf7ae84ce: "target/arm: Remove KVM support for 32-bit Arm hosts"). A KVM-only build won't be able to run TCG cpus, move the v7A CPU definitions to cpu_tcg.c. Reported-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210306151801.2388182-1-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-05target/arm/cpu: Update coding style to make checkpatch.pl happyPhilippe Mathieu-Daudé
We will move this code in the next commit. Clean it up first to avoid checkpatch.pl errors. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210221222617.2579610-3-f4bug@amsat.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-05target/arm: Restrict v8M IDAU to TCGPhilippe Mathieu-Daudé
IDAU is specific to M-profile. KVM only supports A-profile. Restrict this interface to TCG, as it is pointless (and confusing) on a KVM-only build. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210221222617.2579610-2-f4bug@amsat.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-05target/arm: Use TCF0 and TFSRE0 for unprivileged tag checksPeter Collingbourne
Section D6.7 of the ARM ARM states: For the purpose of determining Tag Check Fault handling, unprivileged load and store instructions are treated as if executed at EL0 when executed at either: - EL1, when the Effective value of PSTATE.UAO is 0. - EL2, when both the Effective value of HCR_EL2.{E2H, TGE} is {1, 1} and the Effective value of PSTATE.UAO is 0. ARM has confirmed a defect in the pseudocode function AArch64.TagCheckFault that makes it inconsistent with the above wording. The remedy is to adjust references to PSTATE.EL in that function to instead refer to AArch64.AccessUsesEL(acctype), so that unprivileged instructions use SCTLR_EL1.TCF0 and TFSRE0_EL1. The exception type for synchronous tag check faults remains unchanged. This patch implements the described change by partially reverting commits 50244cc76abc and cc97b0019bb5. Signed-off-by: Peter Collingbourne <pcc@google.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210219201820.2672077-1-pcc@google.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-05target/arm: Speed up aarch64 TBL/TBXRichard Henderson
Always perform one call instead of two for 16-byte operands. Use byte loads/stores directly into the vector register file instead of extractions and deposits to a 64-bit local variable. In order to easily receive pointers into the vector register file, convert the helper to the gvec out-of-line signature. Move the helper into vec_helper.c, where it can make use of H1 and clear_tail. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20210224230532.276878-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-05target/arm: Set ID_PFR2.SSBS to 1 for "max" 32-bit CPURebecca Cran
Enable FEAT_SSBS for the "max" 32-bit CPU. Signed-off-by: Rebecca Cran <rebecca@nuviainc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210216224543.16142-4-rebecca@nuviainc.com [PMM: fix typo causing compilation failure] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-05target/arm: Enable FEAT_SSBS for "max" AARCH64 CPURebecca Cran
Set ID_AA64PFR1_EL1.SSBS to 2 and ID_PFR2.SSBS to 1. Signed-off-by: Rebecca Cran <rebecca@nuviainc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210216224543.16142-3-rebecca@nuviainc.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-05target/arm: Add support for FEAT_SSBS, Speculative Store Bypass SafeRebecca Cran
Add support for FEAT_SSBS. SSBS (Speculative Store Bypass Safe) is an optional feature in ARMv8.0, and mandatory in ARMv8.5. Signed-off-by: Rebecca Cran <rebecca@nuviainc.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210216224543.16142-2-rebecca@nuviainc.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-18exec: Move TranslationBlock typedef to qemu/typedefs.hRichard Henderson
This also means we don't need an extra declaration of the structure in hw/core/cpu.h. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210208233906.479571-2-richard.henderson@linaro.org> Message-Id: <20210213130325.14781-11-alex.bennee@linaro.org>
2021-02-17Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell
staging * HVF fixes * Extra qos-test debugging output (Christian) * SEV secret address autodetection (James) * SEV-ES support (Thomas) * Relocatable paths bugfix (Stefan) * RR fix (Pavel) * EventNotifier fix (Greg) # gpg: Signature made Tue 16 Feb 2021 16:15:59 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (21 commits) replay: fix icount request when replaying clock access event_notifier: Set ->initialized earlier in event_notifier_init() hvf: Fetch cr4 before evaluating CPUID(1) target/i386/hvf: add rdmsr 35H MSR_CORE_THREAD_COUNT hvf: x86: Remove unused definitions target/i386/hvf: add vmware-cpuid-freq cpu feature hvf: Guard xgetbv call util/cutils: Skip "." when looking for next directory component tests/qtest/qos-test: dump QEMU command if verbose tests/qtest/qos-test: dump environment variables if verbose tests/qtest/qos-test: dump qos graph if verbose libqos/qgraph_internal: add qos_printf() and qos_printf_literal() libqos/qgraph: add qos_node_create_driver_named() sev/i386: Enable an SEV-ES guest based on SEV policy kvm/i386: Use a per-VM check for SMM capability sev/i386: Don't allow a system reset under an SEV-ES guest sev/i386: Allow AP booting under SEV-ES sev/i386: Require in-kernel irqchip support for SEV-ES guests sev/i386: Add initial support for SEV-ES sev: update sev-inject-launch-secret to make gpa optional ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16sev/i386: Don't allow a system reset under an SEV-ES guestTom Lendacky
An SEV-ES guest does not allow register state to be altered once it has been measured. When an SEV-ES guest issues a reboot command, Qemu will reset the vCPU state and resume the guest. This will cause failures under SEV-ES. Prevent that from occuring by introducing an arch-specific callback that returns a boolean indicating whether vCPUs are resettable. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Jiaxun Yang <jiaxun.yang@flygoat.com> Cc: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: David Hildenbrand <david@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Venu Busireddy <venu.busireddy@oracle.com> Message-Id: <1ac39c441b9a3e970e9556e1cc29d0a0814de6fd.1611682609.git.thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-16target/arm: Enable MTE for user-onlyRichard Henderson
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210212184902.1251044-31-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16target/arm: Add allocation tag storage for user modeRichard Henderson
Use the now-saved PAGE_ANON and PAGE_MTE bits, and the per-page saved data. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210212184902.1251044-30-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16linux-user/aarch64: Signal SEGV_MTEAERR for async tag check errorRichard Henderson
The real kernel collects _TIF_MTE_ASYNC_FAULT into the current thread's state on any kernel entry (interrupt, exception etc), and then delivers the signal in advance of resuming the thread. This means that while the signal won't be delivered immediately, it will not be delayed forever -- at minimum it will be delivered after the next clock interrupt. We don't have a clock interrupt in linux-user, so we issue a cpu_kick to signal a return to the main loop at the end of the current TB. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210212184902.1251044-29-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16linux-user/aarch64: Pass syndrome to EXC_*_ABORTRichard Henderson
A proper syndrome is required to fill in the proper si_code. Use page_get_flags to determine permission vs translation for user-only. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210212184902.1251044-27-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16target/arm: Split out syndrome.h from internals.hRichard Henderson
Move everything related to syndromes to a new file, which can be shared with linux-user. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210212184902.1251044-26-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16linux-user/aarch64: Implement PROT_MTERichard Henderson
Remember the PROT_MTE bit as PAGE_MTE/PAGE_TARGET_2. Otherwise this does not yet have effect. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210212184902.1251044-25-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-16target/arm: Use the proper TBI settings for linux-userRichard Henderson
We were fudging TBI1 enabled to speed up the generated code. Now that we've improved the code generation, remove this. Also, tidy the comment to reflect the current code. The pauth test was testing a kernel address (-1) and making incorrect assumptions about TBI1; stick to userland addresses. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210212184902.1251044-23-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>