aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)Author
2020-01-30target/arm/arm-semi: Don't let the guest close stdin/stdout/stderrPeter Maydell
The guest can use the semihosting API to open a handle corresponding to QEMU's own stdin, stdout, or stderr. When the guest closes this handle, we should not close the underlying host stdin/stdout/stderr the way we would do if the handle corresponded to a host fd we'd opened on behalf of the guest in SYS_OPEN. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200124172954.28481-1-peter.maydell@linaro.org
2020-01-29target/mips: Add implementation of GINVT instructionYongbok Kim
Implement emulation of GINVT instruction. As QEMU doesn't support caches and virtualization, this implementation covers only one instruction (GINVT - Global Invalidate TLB) among all TLB-related MIPS instructions. Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Signed-off-by: Yongbok Kim <yongbok.kim@mips.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Message-Id: <1579883929-1517-5-git-send-email-aleksandar.markovic@rt-rk.com>
2020-01-29target/mips: Amend CP0 WatchHi register implementationYongbok Kim
WatchHi is extended by the field MemoryMapID with the GINVT instruction. The field is accessible by MTHC0/MFHC0 in 32-bit architectures and DMTC0/ DMFC0 in 64-bit architectures. Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Signed-off-by: Yongbok Kim <yongbok.kim@mips.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Message-Id: <1579883929-1517-4-git-send-email-aleksandar.markovic@rt-rk.com>
2020-01-29target/mips: semihosting: Remove 'uhi_done' label in helper_do_semihosting()Daniel Henrique Barboza
The label 'uhi_done' is a simple 'return' call and can be removed for a bit more clarity in the code. CC: Aurelien Jarno <aurelien@aurel32.net> CC: Aleksandar Markovic <amarkovic@wavecomp.com> CC: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com> Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20200106182425.20312-7-danielhb413@gmail.com>
2020-01-27target/hppa: Allow, but diagnose, LDCW aligned only mod 4Richard Henderson
The PA-RISC 1.1 specification says that LDCW must be aligned mod 16 or the operation is undefined. However, real hardware only generates an unaligned access trap for unaligned mod 4. Match real hardware, but diagnose with GUEST_ERROR a violation of the specification. At the same time fix a bug in the initialization of mop, where the size was specified twice, and another to free the zero temporary. Tested-by: Helge Deller <deller@gmx.de> Reported-by: Helge Deller <deller@gmx.de> Suggested-by: John David Anglin <dave.anglin@bell.net> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-27s390x: sigp: Fix sense running reportingJanosch Frank
The logic was inverted and reported running if the cpu was stopped. Let's fix that. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Fixes: d1b468bc8869 ("s390x/tcg: implement SIGP SENSE RUNNING STATUS") Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20200124134818.9981-1-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27target/s390x: Remove DisasFields argument from extract_insnRichard Henderson
The separate pointer is now redundant. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200123232248.1800-6-richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27target/s390x: Move DisasFields into DisasContextRichard Henderson
I believe that the separate allocation of DisasFields from DisasContext was meant to limit the places from which we could access fields. But that plan did not go unchanged, and since DisasContext contains a pointer to fields, the substructure is accessible everywhere. By allocating the substructure with DisasContext, we improve the locality of the accesses by avoiding one level of pointer chasing. In addition, we avoid a dangling pointer to stack allocated memory, diagnosed by static checkers. Launchpad: https://bugs.launchpad.net/bugs/1661815 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200123232248.1800-5-richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27target/s390x: Pass DisasContext to get_field and have_fieldRichard Henderson
All callers pass s->fields, so we might as well pass s directly. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200123232248.1800-4-richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27target/s390x: Remove DisasFields argument from callbacksRichard Henderson
The DisasFields data is available from DisasContext. We do not need to pass a separate argument. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200123232248.1800-3-richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27target/s390x: Move struct DisasFields definition earlierRichard Henderson
We will want to include the struct in DisasContext. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200123232248.1800-2-richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27target/s390x/kvm: Enable adapter interruption suppression againThomas Huth
The AIS feature has been disabled late in the v2.10 development cycle since there were some issues with migration (see commit 3f2d07b3b01ea61126b - "s390x/ais: for 2.10 stable: disable ais facility"). We originally wanted to enable it again for newer machine types, but apparently we forgot to do this so far. Let's do it now for the machines that support proper CPU models. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1756946 Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20200122101437.5069-1-thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Tested-by: Matthew Rosato <mjrosato@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27target/s390x: Remove duplicated ifdef macroPhilippe Mathieu-Daudé
Commit ae71ed8610 replaced the use of global max_cpus variable with a machine property, but introduced a unnecessary ifdef, as this block is already in the 'not CONFIG_USER_ONLY' branch part: 86 #if defined(CONFIG_USER_ONLY) 87 ... 106 #else /* !CONFIG_USER_ONLY */ 107 ... 292 static void do_ext_interrupt(CPUS390XState *env) 293 { ... 313 #ifndef CONFIG_USER_ONLY 314 MachineState *ms = MACHINE(qdev_get_machine()); 315 unsigned int max_cpus = ms->smp.max_cpus; 316 #endif To ease code review, remove the duplicated preprocessor macro, and move the declarations at the beginning of the statement. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200121110349.25842-6-philmd@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-01-27Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Register qdev properties as class properties (Marc-André) * Cleanups (Philippe) * virtio-scsi fix (Pan Nengyuan) * Tweak Skylake-v3 model id (Kashyap) * x86 UCODE_REV support and nested live migration fix (myself) * Advisory mode for pvpanic (Zhenwei) # gpg: Signature made Fri 24 Jan 2020 20:16:23 GMT # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (58 commits) build-sys: clean up flags included in the linker command line target/i386: Add the 'model-id' for Skylake -v3 CPU models qdev: use object_property_help() qapi/qmp: add ObjectPropertyInfo.default-value qom: introduce object_property_help() qom: simplify qmp_device_list_properties() vl: print default value in object help qdev: register properties as class properties qdev: move instance properties to class properties qdev: rename DeviceClass.props qdev: set properties with device_class_set_props() object: return self in object_ref() object: release all props object: add object_class_property_add_link() object: express const link with link property object: add direct link flag object: rename link "child" to "target" object: check strong flag with & object: do not free class properties object: add object_property_set_default ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-24target/i386: Add the 'model-id' for Skylake -v3 CPU modelsKashyap Chamarthy
This fixes a confusion in the help output. (Although, if you squint long enough at the '-cpu help' output, you _do_ notice that "Skylake-Client-noTSX-IBRS" is an alias of "Skylake-Client-v3"; similarly for Skylake-Server-v3.) Without this patch: $ qemu-system-x86 -cpu help ... x86 Skylake-Client-v1 Intel Core Processor (Skylake) x86 Skylake-Client-v2 Intel Core Processor (Skylake, IBRS) x86 Skylake-Client-v3 Intel Core Processor (Skylake, IBRS) ... x86 Skylake-Server-v1 Intel Xeon Processor (Skylake) x86 Skylake-Server-v2 Intel Xeon Processor (Skylake, IBRS) x86 Skylake-Server-v3 Intel Xeon Processor (Skylake, IBRS) ... With this patch: $ ./qemu-system-x86 -cpu help ... x86 Skylake-Client-v1 Intel Core Processor (Skylake) x86 Skylake-Client-v2 Intel Core Processor (Skylake, IBRS) x86 Skylake-Client-v3 Intel Core Processor (Skylake, IBRS, no TSX) ... x86 Skylake-Server-v1 Intel Xeon Processor (Skylake) x86 Skylake-Server-v2 Intel Xeon Processor (Skylake, IBRS) x86 Skylake-Server-v3 Intel Xeon Processor (Skylake, IBRS, no TSX) ... Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> Message-Id: <20200123090116.14409-1-kchamart@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24qdev: set properties with device_class_set_props()Marc-André Lureau
The following patch will need to handle properties registration during class_init time. Let's use a device_class_set_props() setter. spatch --macro-file scripts/cocci-macro-file.h --sp-file ./scripts/coccinelle/qdev-set-props.cocci --keep-comments --in-place --dir . @@ typedef DeviceClass; DeviceClass *d; expression val; @@ - d->props = val + device_class_set_props(d, val) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20200110153039.1379601-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24qdev: remove extraneous errorMarc-André Lureau
All callers use error_abort, and even the function itself calls with error_abort. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20200110153039.1379601-4-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24accel: Replace current_machine->accelerator by current_accel() wrapperPhilippe Mathieu-Daudé
We actually want to access the accelerator, not the machine, so use the current_accel() wrapper instead. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200121110349.25842-10-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24target/arm/kvm: Use CPUState::kvm_state in kvm_arm_pmu_supported()Philippe Mathieu-Daudé
KVMState is already accessible via CPUState::kvm_state, use it. Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200121110349.25842-5-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24target/i386: kvm: initialize microcode revision from KVMPaolo Bonzini
KVM can return the host microcode revision as a feature MSR. Use it as the default value for -cpu host. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1579544504-3616-4-git-send-email-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24target/i386: add a ucode-rev propertyPaolo Bonzini
Add the property and plumb it in TCG and HVF (the latter of which tried to support returning a constant value but used the wrong MSR). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1579544504-3616-3-git-send-email-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24target/i386: kvm: initialize feature MSRs very earlyPaolo Bonzini
Some read-only MSRs affect the behavior of ioctls such as KVM_SET_NESTED_STATE. We can initialize them once and for all right after the CPU is realized, since they will never be modified by the guest. Reported-by: Qingua Cheng <qcheng@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1579544504-3616-2-git-send-email-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24cpu: Use cpu_class_set_parent_reset()Greg Kurz
Convert all targets to use cpu_class_set_parent_reset() with the following coccinelle script: @@ type CPUParentClass; CPUParentClass *pcc; CPUClass *cc; identifier parent_fn; identifier child_fn; @@ +cpu_class_set_parent_reset(cc, child_fn, &pcc->parent_fn); -pcc->parent_fn = cc->reset; ... -cc->reset = child_fn; Signed-off-by: Greg Kurz <groug@kaod.org> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Message-Id: <157650847817.354886.7047137349018460524.stgit@bahia.lan> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-01-24Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf1' ↵Peter Maydell
into staging RISC-V Patches for the 5.0 Soft Freeze, Part 1 This patch set contains a handful of collected fixes that I'd like to target for the 5.0 soft freeze (I know that's a long way away, I just don't know what else to call these): * A fix for a memory leak initializing the sifive_u board. * Fixes to privilege mode emulation related to interrupts and fstatus. Notably absent is the H extension implementation. That's pretty much reviewed, but not quite ready to go yet and I didn't want to hold back these important fixes. This boots 32-bit and 64-bit Linux (buildroot this time, just for fun) and passes "make check". # gpg: Signature made Tue 21 Jan 2020 22:55:28 GMT # gpg: using RSA key 2B3C3747446843B24A943A7A2E1319F35FBB1889 # gpg: issuer "palmer@dabbelt.com" # gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown] # gpg: aka "Palmer Dabbelt <palmer@sifive.com>" [unknown] # gpg: aka "Palmer Dabbelt <palmerdabbelt@google.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41 # Subkey fingerprint: 2B3C 3747 4468 43B2 4A94 3A7A 2E13 19F3 5FBB 1889 * remotes/palmer/tags/riscv-for-master-5.0-sf1: target/riscv: update mstatus.SD when FS is set dirty target/riscv: fsd/fsw doesn't dirty FP state target/riscv: Fix tb->flags FS status riscv: Set xPIE to 1 after xRET riscv/sifive_u: fix a memory leak in soc_realize() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-23target/arm/arch_dump: Add SVE notesAndrew Jones
When dumping a guest with dump-guest-memory also dump the SVE registers if they are in use. Signed-off-by: Andrew Jones <drjones@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200120101832.18781-1-drjones@redhat.com [PMM: fixed checkpatch nits] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-23target/arm: Fix PAuth sbox functionsVincent Dehors
In the PAC computation, sbox was applied over wrong bits. As this is a 4-bit sbox, bit index should be incremented by 4 instead of 16. Test vector from QARMA paper (https://eprint.iacr.org/2016/444.pdf) was used to verify one computation of the pauth_computepac() function which uses sbox2. Launchpad: https://bugs.launchpad.net/bugs/1859713 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Vincent DEHORS <vincent.dehors@smile.fr> Signed-off-by: Adrien GRASSEIN <adrien.grassein@smile.fr> Message-id: 20200116230809.19078-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-23target/arm: add PMU feature to cortex-r5 and cortex-r5fClement Deschamps
The PMU is not optional on cortex-r5 and cortex-r5f (see the "Features" chapter of the Technical Reference Manual). Signed-off-by: Clement Deschamps <clement.deschamps@greensocs.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200114105918.2366370-1-clement.deschamps@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-21m68k: Fix regression causing Single-Step via GDB/RSP to not single stepLaurent Vivier
A regression that was introduced, with the refactor to TranslatorOps, drops two lines that update the PC when single-stepping is being performed. Fixes: 11ab74b01e0a ("target/m68k: Convert to TranslatorOps") Reported-by: Lucien Murray-Pitts <lucienmp_antispam@yahoo.com> Suggested-by: Lucien Murray-Pitts <lucienmp_antispam@yahoo.com> Suggested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200116165454.2076265-1-laurent@vivier.eu>
2020-01-17Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20200117-1' into staging Add model of the Netduino Plus 2 board Some allwinner-a10 code cleanup New test cases for cubieboard target/arm/arm-semi: fix SYS_OPEN to return nonzero filehandle i.MX: add an emulation for RNGC device target/arm: adjust program counter for wfi exception in AArch32 arm/gicv3: update virtual irq state after IAR register read Set IL bit correctly for syndrome information for data aborts # gpg: Signature made Fri 17 Jan 2020 14:27:40 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200117-1: target/arm: Set ISSIs16Bit in make_issinfo target/arm: Return correct IL bit in merge_syn_data_abort arm/gicv3: update virtual irq state after IAR register read target/arm: adjust program counter for wfi exception in AArch32 i.MX: add an emulation for RNGC target/arm/arm-semi: fix SYS_OPEN to return nonzero filehandle hw/arm/allwinner-a10: Remove local qemu_irq variables hw/arm/allwinner-a10: Simplify by passing IRQs with qdev_pass_gpios() hw/arm/allwinner-a10: Move SoC definitions out of header tests/boot_linux_console: Add a SD card test for the CubieBoard tests/boot_linux_console: Add initrd test for the CubieBoard hw/arm: Add the Netduino Plus 2 hw/arm: Add the STM32F4xx SoC hw/misc: Add the STM32F4xx EXTI device hw/misc: Add the STM32F4xx Sysconfig device Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-17target/arm: Set ISSIs16Bit in make_issinfoRichard Henderson
During the conversion to decodetree, the setting of ISSIs16Bit got lost. This causes the guest os to incorrectly adjust trapping memory operations. Cc: qemu-stable@nongnu.org Fixes: 46beb58efbb8a2a32 ("target/arm: Convert T16, load (literal)") Reported-by: Jeff Kubascik <jeff.kubascik@dornerworks.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200117004618.2742-3-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-17target/arm: Return correct IL bit in merge_syn_data_abortJeff Kubascik
The IL bit is set for 32-bit instructions, thus passing false with the is_16bit parameter to syn_data_abort_with_iss() makes a syn mask that always has the IL bit set. Pass is_16bit as true to make the initial syn mask have IL=0, so that the final IL value comes from or'ing template_syn. Cc: qemu-stable@nongnu.org Fixes: aaa1f954d4ca ("target-arm: A64: Create Instruction Syndromes for Data Aborts") Signed-off-by: Jeff Kubascik <jeff.kubascik@dornerworks.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200117004618.2742-2-richard.henderson@linaro.org [rth: Extracted this as a self-contained bug fix from a larger patch] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-17target/arm: adjust program counter for wfi exception in AArch32Jeff Kubascik
The wfi instruction can be configured to be trapped by a higher exception level, such as the EL2 hypervisor. When the instruction is trapped, the program counter should contain the address of the wfi instruction that caused the exception. The program counter is adjusted for this in the wfi op helper function. However, this correction is done to env->pc, which only applies to AArch64 mode. For AArch32, the program counter is stored in env->regs[15]. This adds an if-else statement to modify the correct program counter location based on the the current CPU mode. Signed-off-by: Jeff Kubascik <jeff.kubascik@dornerworks.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-17target/arm/arm-semi: fix SYS_OPEN to return nonzero filehandleMasahiro Yamada
According to the specification "Semihosting for AArch32 and Aarch64", the SYS_OPEN operation should return: - A nonzero handle if the call is successful - -1 if the call is not successful So, it should never return 0. Prior to commit 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting code hand out its own file descriptors"), the guest fd matched to the host fd. It returned a nonzero handle on success since the fd 0 is already used for stdin. Now that the guest fd is the index of guestfd_array, it starts from 0. I noticed this issue particularly because Trusted Firmware-A built with PLAT=qemu is no longer working. Its io_semihosting driver only handles a positive return value as a valid filehandle. Basically, there are two ways to fix this: - Use (guestfd - 1) as the index of guestfs_arrary. We need to insert increment/decrement to convert the guestfd and the array index back and forth. - Keep using guestfd as the index of guestfs_array. The first entry of guestfs_array is left unused. I thought the latter is simpler. We end up with wasting a small piece of memory for the unused first entry of guestfd_array, but this is probably not a big deal. Fixes: 35e9a0a8ce4b ("target/arm/arm-semi: Make semihosting code hand out its own file descriptors") Cc: qemu-stable@nongnu.org Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200109041228.10131-1-masahiroy@kernel.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-17Merge remote-tracking branch 'remotes/rth/tags/pull-or1k-20200116' into stagingPeter Maydell
Fix FPSCR masking # gpg: Signature made Fri 17 Jan 2020 00:51:41 GMT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-or1k-20200116: target/openrisc: Fix FPCSR mask to allow setting DZF Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-01-16target/openrisc: Fix FPCSR mask to allow setting DZFStafford Horne
The mask used when setting FPCSR allows setting bits 10 to 1. However, OpenRISC has flags and config bits in 11 to 1, 11 being Divide by Zero Flag (DZF). This seems like an off-by-one bug. This was found when testing the GLIBC test suite which has test cases to set and clear all bits. Signed-off-by: Stafford Horne <shorne@gmail.com> Message-Id: <20200110212843.27335-1-shorne@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-16target/riscv: update mstatus.SD when FS is set dirtyShihPo Hung
remove the check becuase SD bit should summarize FS and XS fields unconditionally. Signed-off-by: ShihPo Hung <shihpo.hung@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-01-16target/riscv: fsd/fsw doesn't dirty FP stateShihPo Hung
Signed-off-by: ShihPo Hung <shihpo.hung@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-01-16target/riscv: Fix tb->flags FS statusShihPo Hung
It was found that running libquantum on riscv-linux qemu produced an incorrect result. After investigation, FP registers are not saved during context switch due to incorrect mstatus.FS. In current implementation tb->flags merges all non-disabled state to dirty. This means the code in mark_fs_dirty in translate.c that handles initial and clean states is unreachable. This patch fixes it and is successfully tested with: libquantum Thanks to Richard for pointing out the actual bug. v3: remove the redundant condition v2: root cause FS problem Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: ShihPo Hung <shihpo.hung@sifive.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-01-16riscv: Set xPIE to 1 after xRETYiting Wang
When executing an xRET instruction, supposing xPP holds the value y, xIE is set to xPIE; the privilege mode is changed to y; xPIE is set to 1. But QEMU sets xPIE to 0 incorrectly. Signed-off-by: Yiting Wang <yiting.wang@windriver.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
2020-01-15tcg: Search includes from the project root source directoryPhilippe Mathieu-Daudé
We currently search both the root and the tcg/ directories for tcg files: $ git grep '#include "tcg/' | wc -l 28 $ git grep '#include "tcg[^/]' | wc -l 94 To simplify the preprocessor search path, unify by expliciting the tcg/ directory. Patch created mechanically by running: $ for x in \ tcg.h tcg-mo.h tcg-op.h tcg-opc.h \ tcg-op-gvec.h tcg-gvec-desc.h; do \ sed -i "s,#include \"$x\",#include \"tcg/$x\"," \ $(git grep -l "#include \"$x\""); \ done Acked-by: David Gibson <david@gibson.dropbear.id.au> (ppc parts) Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200101112303.20724-2-philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/ppc: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIXRichard Henderson
There are only two uses. Within dcbz_common, the local variable mmu_idx already contains the epid computation, and we can avoid repeating it for the store. Within helper_icbiep, the usage is trivially expanded using PPC_TLB_EPID_LOAD. Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/s390x: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIXRichard Henderson
The generated functions aside from *_real are unused. The *_real functions have a couple of users in mem_helper.c; use *_mmuidx_ra instead, with MMU_REAL_IDX. Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- v2: Use *_mmuidx_ra directly, without intermediate macros.
2020-01-15target/mips: Use cpu_*_mmuidx_ra instead of MMU_MODE*_SUFFIXRichard Henderson
The separate suffixed functions were used to construct some do_##insn function switched on mmu_idx. The interface is exactly identical to the *_mmuidx_ra functions. Replace them directly and remove the constructions. Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: Aleksandar Rikalo <aleksandar.rikalo@rt-rk.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Aleksandar Markovic <amarkovic@wavecomp.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/m68k: Use cpu_*_mmuidx_ra instead of MMU_MODE{0,1}_SUFFIXRichard Henderson
The generated *_user functions are unused. The *_kernel functions have a couple of users in op_helper.c; use *_mmuidx_ra instead, with MMU_KERNEL_IDX. Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> --- v2: Use *_mmuidx_ra directly, without intermediate macros.
2020-01-15target/xtensa: Remove MMU_MODE{0,1,2,3}_SUFFIXRichard Henderson
The functions generated by these macros are unused. Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Max Filippov <jcmvbkbc@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/unicore32: Remove MMU_MODE{0,1}_SUFFIXRichard Henderson
The functions generated by these macros are unused. Cc: Guan Xuetao <gxt@mprc.pku.edu.cn> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/sh4: Remove MMU_MODE{0,1}_SUFFIXRichard Henderson
The functions generated by these macros are unused. Cc: Aurelien Jarno <aurelien@aurel32.net> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/microblaze: Remove MMU_MODE{0,1,2}_SUFFIXRichard Henderson
The functions generated by these macros are unused. Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/i386: Remove MMU_MODE{0,1,2}_SUFFIXRichard Henderson
The functions generated by these macros are unused. Cc: Eduardo Habkost <ehabkost@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-01-15target/cris: Remove MMU_MODE{0,1}_SUFFIXRichard Henderson
The functions generated by these macros are unused. Cc: Edgar E. Iglesias <edgar.iglesias@gmail.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>