aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)Author
2023-05-18target/arm: Convert Logical (immediate) to decodetreeRichard Henderson
Convert the ADD, ORR, EOR, ANDS (immediate) instructions. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230512144106.3608981-10-peter.maydell@linaro.org [PMM: rebased] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/arm: Replace bitmask64 with MAKE_64BIT_MASKRichard Henderson
Use the bitops.h macro rather than rolling our own here. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230512144106.3608981-9-peter.maydell@linaro.org
2023-05-18target/arm: Convert Add/subtract (immediate with tags) to decodetreeRichard Henderson
Convert the ADDG and SUBG (immediate) instructions. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230512144106.3608981-8-peter.maydell@linaro.org [PMM: Rebased; use TRANS_FEAT()] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/arm: Convert Add/subtract (immediate) to decodetreeRichard Henderson
Convert the ADD and SUB (immediate) instructions. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230512144106.3608981-7-peter.maydell@linaro.org [PMM: Rebased; adjusted to use translate.h's TRANS macro] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/arm: Split gen_add_CC and gen_sub_CCRichard Henderson
Split out specific 32-bit and 64-bit functions. These carry the same signature as tcg_gen_add_i64, and so will be easier to pass as callbacks. Retain gen_add_CC and gen_sub_CC during conversion. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230512144106.3608981-6-peter.maydell@linaro.org [PMM: rebased] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/arm: Convert PC-rel addressing to decodetreeRichard Henderson
Convert the ADR and ADRP instructions. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230512144106.3608981-5-peter.maydell@linaro.org [PMM: Rebased] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/arm: Pull calls to disas_sve() and disas_sme() out of legacy decoderPeter Maydell
The SVE and SME decode is already done by decodetree. Pull the calls to these decoders out of the legacy decoder. This doesn't change behaviour because all the patterns in sve.decode and sme.decode already require the bits that the legacy decoder is decoding to have the correct values. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230512144106.3608981-4-peter.maydell@linaro.org
2023-05-18target/arm: Create decodetree skeleton for A64Peter Maydell
The A64 translator uses a hand-written decoder for everything except SVE or SME. It's fairly well structured, but it's becoming obvious that it's still more painful to add instructions to than the A32 translator, because putting a new instruction into the right place in a hand-written decoder is much harder than adding new instruction patterns to a decodetree file. As the first step in conversion to decodetree, create the skeleton of the decodetree decoder; where it does not handle instructions we will fall back to the legacy decoder (which will be for everything at the moment, since there are no patterns in a64.decode). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230512144106.3608981-3-peter.maydell@linaro.org
2023-05-18target/arm: Split out disas_a64_legacyRichard Henderson
Split out all of the decode stuff from aarch64_tr_translate_insn. Call it disas_a64_legacy to indicate it will be replaced. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20230512144106.3608981-2-peter.maydell@linaro.org [PMM: Rebased] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/arm: add RAZ/WI handling for DBGDTR[TX|RX]Alex Bennée
The commit b3aa2f2128 (target/arm: provide stubs for more external debug registers) was added to handle HyperV's unconditional usage of Debug Communications Channel. It turns out that Linux will similarly break if you enable CONFIG_HVC_DCC "ARM JTAG DCC console". Extend the registers we RAZ/WI set to avoid this. Cc: Anders Roxell <anders.roxell@linaro.org> Cc: Evgeny Iakovlev <eiakovlev@linux.microsoft.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230516104420.407912-1-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18arm/kvm: add support for MTECornelia Huck
Extend the 'mte' property for the virt machine to cover KVM as well. For KVM, we don't allocate tag memory, but instead enable the capability. If MTE has been enabled, we need to disable migration, as we do not yet have a way to migrate the tags as well. Therefore, MTE will stay off with KVM unless requested explicitly. Signed-off-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230428095533.21747-2-cohuck@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/arm: Fix vd == vm overlap in sve_ldff1_zRichard Henderson
If vd == vm, copy vm to scratch, so that we can pre-zero the output and still access the gather indicies. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1612 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230504104232.1877774-1-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-18target/i386: Fix exception classes for MOVNTPS/MOVNTPD.Ricky Zhou
Before this change, MOVNTPS and MOVNTPD were labeled as Exception Class 4 (only requiring alignment for legacy SSE instructions). This changes them to Exception Class 1 (always requiring memory alignment), as documented in the Intel manual. Message-Id: <20230501111428.95998-3-ricky@rzhou.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: Fix exception classes for SSE/AVX instructions.Ricky Zhou
Fix the exception classes for some SSE/AVX instructions to match what is documented in the Intel manual. These changes are expected to have no functional effect on the behavior that qemu implements (primarily >= 16-byte memory alignment checks). For instance, since qemu does not implement the AC flag, there is no difference in behavior between Exception Classes 4 and 5 for instructions where the SSE version only takes <16 byte memory operands. Message-Id: <20230501111428.95998-2-ricky@rzhou.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: Fix and add some comments next to SSE/AVX instructions.Ricky Zhou
Adds some comments describing what instructions correspond to decoding table entries and fixes some existing comments which named the wrong instruction. Message-Id: <20230501111428.95998-1-ricky@rzhou.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: fix avx2 instructions vzeroall and vpermdqXinyu Li
vzeroall: xmm_regs should be used instead of xmm_t0 vpermdq: bit 3 and 7 of imm should be considered Signed-off-by: Xinyu Li <lixinyu20s@ict.ac.cn> Message-Id: <20230510145222.586487-1-lixinyu20s@ict.ac.cn> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: fix operand size for VCOMI/VUCOMI instructionsPaolo Bonzini
Compared to other SSE instructions, VUCOMISx and VCOMISx are different: the single and double precision versions are distinguished through a prefix, however they use no-prefix and 0x66 for SS and SD respectively. Scalar values usually are associated with 0xF2 and 0xF3. Because of these, they incorrectly perform a 128-bit memory load instead of a 32- or 64-bit load. Fix this by writing a custom decoding function. I tested that the reproducer is fixed and the test-avx output does not change. Reported-by: Gabriele Svelto <gsvelto@mozilla.com> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1637 Fixes: f8d19eec0d53 ("target/i386: reimplement 0x0f 0x28-0x2f, add AVX", 2022-10-18) Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: add support for FB_CLEAR featureEmanuele Giuseppe Esposito
As reported by the Intel's doc: "FB_CLEAR: The processor will overwrite fill buffer values as part of MD_CLEAR operations with the VERW instruction. On these processors, L1D_FLUSH does not overwrite fill buffer values." If this cpu feature is present in host, allow QEMU to choose whether to show it to the guest too. One disadvantage of not exposing it is that the guest will report a non existing vulnerability in /sys/devices/system/cpu/vulnerabilities/mmio_stale_data because the mitigation is present only when the cpu has (FLUSH_L1D and MD_CLEAR) or FB_CLEAR features enabled. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20230201135759.555607-3-eesposit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18target/i386: add support for FLUSH_L1D featureEmanuele Giuseppe Esposito
As reported by Intel's doc: "L1D_FLUSH: Writeback and invalidate the L1 data cache" If this cpu feature is present in host, allow QEMU to choose whether to show it to the guest too. One disadvantage of not exposing it is that the guest will report a non existing vulnerability in /sys/devices/system/cpu/vulnerabilities/mmio_stale_data because the mitigation is present only when the cpu has (FLUSH_L1D and MD_CLEAR) or FB_CLEAR features enabled. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20230201135759.555607-2-eesposit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-16target/s390x: Fix EXECUTE of relative branchesIlya Leoshkevich
Fix a problem similar to the one fixed by commit 703d03a4aaf3 ("target/s390x: Fix EXECUTE of relative long instructions"), but now for relative branches. Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230426235813.198183-2-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-05-16s390x/tcg: Fix LDER instruction formatIlya Leoshkevich
It's RRE, not RXE. Found by running valgrind's none/tests/s390x/bfp-2. Fixes: 86b59624c4aa ("s390x/tcg: Implement LOAD LENGTHENED short HFP to long HFP") Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Message-Id: <20230511134726.469651-1-iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-05-16hw/core: Use a callback for target specific query-cpus-fast informationThomas Huth
For being able to create a universal QEMU binary one day, core files like machine-qmp-cmds.c must not contain any "#ifdef TARGET_..." parts. Thus let's provide the target specific function via a function pointer in CPUClass instead, as a first step towards making this file target independent. Message-Id: <20230424160434.331175-2-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-05-13Merge tag 'or1k-pull-request-20230513' of https://github.com/stffrdhrn/qemu ↵Richard Henderson
into staging OpenRISC FPU Updates for 8.1 A few fixes and updates to bring OpenRISC inline with the latest architecture spec updates: - Allow FPCSR to be accessed in user mode - Select tininess detection before rounding - Fix FPE Exception PC value # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE2cRzVK74bBA6Je/xw7McLV5mJ+QFAmRfPIEACgkQw7McLV5m # J+RFuhAAt4xxci52fxvPpgUu/mjKU6mbYNjBEPEh+OAcb+m/BrvKhazZDACkyLMe # ehavWtI856jfy6DsIA5wj5+zhgV8W5DR6a1mHIhmSAoVq7e+NnC5y0GJC9B0Xd/2 # FNOq/LZPtv/w7u+D1pFJaTb07hAaFVIC05Arn4dXa1k3yBuyjqIJnlrXa3Jt0pLW # To/z1zch1rUp6RhFmGxU+8/qvTbzqkm/F3kbe8l2z34371lTd6KhPwvKaImMpTYQ # dvULTMXjZ6Dp8BmUrDcnLMTL3NbYcPrI+qOHX1X+dwzNFyui2I8Ci7IfEKJ460ja # Fe2Ku/aDfHSZYYayWaYSlrrZ1AH0fLLwIkHSs95+xUMsl81mtS6lIysj7fAFRnM5 # 7tU4ov1T/leupvvUCUX5N4Yje/yvbuoAqGyhjDHzJ98vIe6fDhutU4Bm8/30q6Dy # nKnfSgRHrrTrH042xW32DJnzaN2pEWrNtOMaegLMaqZ60app2YDaKJvtHLua1VjD # b+g+X/+xBNb34k5e/f4z+GeGPoqE2wvwMcSkD+NBE8je3idPdMS/u5lQrvqvcbI/ # DJBRoPifNME/oYoTxPVKRnrCQIWQ6YkeLWVmqMfCVpjCF97gexo+UBUawJimTXFr # gmcIYxv87oKF4KbCn7LsLlXGSpWSihKSBTHDxFPaKiRbnYZ5ais= # =zqbX # -----END PGP SIGNATURE----- # gpg: Signature made Sat 13 May 2023 08:30:09 AM BST # gpg: using RSA key D9C47354AEF86C103A25EFF1C3B31C2D5E6627E4 # gpg: Good signature from "Stafford Horne <shorne@gmail.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: D9C4 7354 AEF8 6C10 3A25 EFF1 C3B3 1C2D 5E66 27E4 * tag 'or1k-pull-request-20230513' of https://github.com/stffrdhrn/qemu: target/openrisc: Setup FPU for detecting tininess before rounding target/openrisc: Set PC to cpu state on FPU exception target/openrisc: Allow fpcsr access in user mode Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-12target/arm: Correct AArch64.S2MinTxSZ 32-bit EL1 input size checkPeter Maydell
In check_s2_mmu_setup() we have a check that is attempting to implement the part of AArch64.S2MinTxSZ that is specific to when EL1 is AArch32: if !s1aarch64 then // EL1 is AArch32 min_txsz = Min(min_txsz, 24); Unfortunately we got this wrong in two ways: (1) The minimum txsz corresponds to a maximum inputsize, but we got the sense of the comparison wrong and were faulting for all inputsizes less than 40 bits (2) We try to implement this as an extra check that happens after we've done the same txsz checks we would do for an AArch64 EL1, but in fact the pseudocode is *loosening* the requirements, so that txsz values that would fault for an AArch64 EL1 do not fault for AArch32 EL1, because it does Min(old_min, 24), not Max(old_min, 24). You can see this also in the text of the Arm ARM in table D8-8, which shows that where the implemented PA size is less than 40 bits an AArch32 EL1 is still OK with a configured stage2 T0SZ for a 40 bit IPA, whereas if EL1 is AArch64 then the T0SZ must be big enough to constrain the IPA to the implemented PA size. Because of part (2), we can't do this as a separate check, but have to integrate it into aa64_va_parameters(). Add a new argument to that function to indicate that EL1 is 32-bit. All the existing callsites except the one in get_phys_addr_lpae() can pass 'false', because they are either doing a lookup for a stage 1 regime or else they don't care about the tsz/tsz_oob fields. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1627 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230509092059.3176487-1-peter.maydell@linaro.org
2023-05-12target/arm: Select CONFIG_ARM_V7M when TCG is enabledFabiano Rosas
We cannot allow this config to be disabled at the moment as not all of the relevant code is protected by it. Commit 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build") moved the CONFIGs of several boards to Kconfig, so it is now possible that nothing selects ARM_V7M (e.g. when doing a --without-default-devices build). Return the CONFIG_ARM_V7M entry to a state where it is always selected whenever TCG is available. Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build") Signed-off-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230508181611.2621-3-farosas@suse.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-12target/arm: Select SEMIHOSTING when using TCGFabiano Rosas
Semihosting has been made a 'default y' entry in Kconfig, which does not work because when building --without-default-devices, the semihosting code would not be available. Make semihosting unconditional when TCG is present. Fixes: 29d9efca16 ("arm/Kconfig: Do not build TCG-only boards on a KVM-only build") Signed-off-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230508181611.2621-2-farosas@suse.de Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-12target/arm: Fix handling of SW and NSW bits for stage 2 walksPeter Maydell
We currently don't correctly handle the VSTCR_EL2.SW and VTCR_EL2.NSW configuration bits. These allow configuration of whether the stage 2 page table walks for Secure IPA and NonSecure IPA should do their descriptor reads from Secure or NonSecure physical addresses. (This is separate from how the translation table base address and other parameters are set: an NS IPA always uses VTTBR_EL2 and VTCR_EL2 for its base address and walk parameters, regardless of the NSW bit, and similarly for Secure.) Provide a new function ptw_idx_for_stage_2() which returns the MMU index to use for descriptor reads, and use it to set up the .in_ptw_idx wherever we call get_phys_addr_lpae(). For a stage 2 walk, wherever we call get_phys_addr_lpae(): * .in_ptw_idx should be ptw_idx_for_stage_2() of the .in_mmu_idx * .in_secure should be true if .in_mmu_idx is Stage2_S This allows us to correct S1_ptw_translate() so that it consistently always sets its (out_secure, out_phys) to the result it gets from the S2 walk (either by calling get_phys_addr_lpae() or by TLB lookup). This makes better conceptual sense because the S2 walk should return us an (address space, address) tuple, not an address that we then randomly assign to S or NS. Our previous handling of SW and NSW was broken, so guest code trying to use these bits to put the s2 page tables in the "other" address space wouldn't work correctly. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1600 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20230504135425.2748672-3-peter.maydell@linaro.org
2023-05-12target/arm: Don't allow stage 2 page table walks to downgrade to NSPeter Maydell
Bit 63 in a Table descriptor is only the NSTable bit for stage 1 translations; in stage 2 it is RES0. We were incorrectly looking at it all the time. This causes problems if: * the stage 2 table descriptor was incorrectly setting the RES0 bit * we are doing a stage 2 translation in Secure address space for a NonSecure stage 1 regime -- in this case we would incorrectly do an immediate downgrade to NonSecure A bug elsewhere in the code currently prevents us from getting to the second situation, but when we fix that it will be possible. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230504135425.2748672-2-peter.maydell@linaro.org
2023-05-12target/arm: Move helper-{a64,mve,sme,sve}.h to tcg/Richard Henderson
While we cannot move the main "helper.h" out of target/arm/, due to usage by generic code, we can move the sub-includes. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Message-id: 20230504110412.1892411-3-richard.henderson@linaro.org Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-12target/arm: Move translate-a32.h, arm_ldst.h, sve_ldst_internal.h to tcg/Richard Henderson
These files got missed when populating tcg/. Because they are included with "", no change to the users required. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20230504110412.1892411-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-05-11target/openrisc: Setup FPU for detecting tininess before roundingStafford Horne
OpenRISC defines tininess to be detected before rounding. Setup qemu to obey this. Signed-off-by: Stafford Horne <shorne@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/openrisc: Set PC to cpu state on FPU exceptionStafford Horne
Store the PC to ensure the correct value can be read in the exception handler. Signed-off-by: Stafford Horne <shorne@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/openrisc: Allow fpcsr access in user modeStafford Horne
As per OpenRISC spec 1.4 FPCSR can be read and written in user mode. Update mtspr and mfspr helpers to support this by moving the is_user check into the helper. Link: https://raw.githubusercontent.com/openrisc/doc/master/openrisc-arch-1.4-rev0.pdf Signed-off-by: Stafford Horne <shorne@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/loongarch: Do not include tcg-ldst.hRichard Henderson
This header is supposed to be private to tcg and in fact does not need to be included here at all. Reviewed-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/sh4: Use MO_ALIGN where requiredRichard Henderson
Mark all memory operations that are not already marked with UNALIGN. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/nios2: Remove TARGET_ALIGNED_ONLYRichard Henderson
In gen_ldx/gen_stx, the only two locations for memory operations, mark the operation as either aligned (softmmu) or unaligned (user-only, as if emulated by the kernel). Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/mips: Use MO_ALIGN instead of 0Richard Henderson
The opposite of MO_UNALN is MO_ALIGN. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/mips: Add missing default_tcg_memop_maskRichard Henderson
Memory operations that are not already aligned, or otherwise marked up, require addition of ctx->default_tcg_memop_mask. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/mips: Add MO_ALIGN to gen_llwp, gen_scwpRichard Henderson
These are atomic operations, so mark as requiring alignment. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-11target/m68k: Fix gen_load_fp for OS_LONGRichard Henderson
Case was accidentally dropped in b7a94da9550b. Tested-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-10target/loongarch: Terminate vmstate subsections listRichard Henderson
This list requires a NULL terminator. Fixes: 16f5396cec23 ("target/loongarch: Add LSX data type VReg") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230510062405.127260-1-richard.henderson@linaro.org>
2023-05-08target/i386: Add EPYC-Genoa model to support Zen 4 processor seriesBabu Moger
Adds the support for AMD EPYC Genoa generation processors. The model display for the new processor will be EPYC-Genoa. Adds the following new feature bits on top of the feature bits from the previous generation EPYC models. avx512f : AVX-512 Foundation instruction avx512dq : AVX-512 Doubleword & Quadword Instruction avx512ifma : AVX-512 Integer Fused Multiply Add instruction avx512cd : AVX-512 Conflict Detection instruction avx512bw : AVX-512 Byte and Word Instructions avx512vl : AVX-512 Vector Length Extension Instructions avx512vbmi : AVX-512 Vector Byte Manipulation Instruction avx512_vbmi2 : AVX-512 Additional Vector Byte Manipulation Instruction gfni : AVX-512 Galois Field New Instructions avx512_vnni : AVX-512 Vector Neural Network Instructions avx512_bitalg : AVX-512 Bit Algorithms, add bit algorithms Instructions avx512_vpopcntdq: AVX-512 AVX-512 Vector Population Count Doubleword and Quadword Instructions avx512_bf16 : AVX-512 BFLOAT16 instructions la57 : 57-bit virtual address support (5-level Page Tables) vnmi : Virtual NMI (VNMI) allows the hypervisor to inject the NMI into the guest without using Event Injection mechanism meaning not required to track the guest NMI and intercepting the IRET. auto-ibrs : The AMD Zen4 core supports a new feature called Automatic IBRS. It is a "set-and-forget" feature that means that, unlike e.g., s/w-toggled SPEC_CTRL.IBRS, h/w manages its IBRS mitigation resources automatically across CPL transitions. Signed-off-by: Babu Moger <babu.moger@amd.com> Message-Id: <20230504205313.225073-8-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add VNMI and automatic IBRS feature bitsBabu Moger
Add the following featute bits. vnmi: Virtual NMI (VNMI) allows the hypervisor to inject the NMI into the guest without using Event Injection mechanism meaning not required to track the guest NMI and intercepting the IRET. The presence of this feature is indicated via the CPUID function 0x8000000A_EDX[25]. automatic-ibrs : The AMD Zen4 core supports a new feature called Automatic IBRS. It is a "set-and-forget" feature that means that, unlike e.g., s/w-toggled SPEC_CTRL.IBRS, h/w manages its IBRS mitigation resources automatically across CPL transitions. The presence of this feature is indicated via the CPUID function 0x80000021_EAX[8]. The documention for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. AMD64 Architecture Programmer’s Manual Volumes 1–5 Publication No. Revision 40332 4.05 Date October 2022 Signed-off-by: Santosh Shukla <santosh.shukla@amd.com> Signed-off-by: Kim Phillips <kim.phillips@amd.com> Signed-off-by: Babu Moger <babu.moger@amd.com> Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Link: https://www.amd.com/system/files/TechDocs/40332_4.05.pdf Message-Id: <20230504205313.225073-7-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add missing feature bits in EPYC-Milan modelBabu Moger
Add the following feature bits for EPYC-Milan model and bump the version. vaes : Vector VAES(ENC|DEC), VAES(ENC|DEC)LAST instruction support vpclmulqdq : Vector VPCLMULQDQ instruction support stibp-always-on : Single Thread Indirect Branch Prediction Mode has enhanced performance and may be left Always on amd-psfd : Predictive Store Forward Disable no-nested-data-bp : Processor ignores nested data breakpoints lfence-always-serializing : LFENCE instruction is always serializing null-sel-clr-base : Null Selector Clears Base. When this bit is set, a null segment load clears the segment base These new features will be added in EPYC-Milan-v2. The "-cpu help" output after the change will be. x86 EPYC-Milan (alias configured by machine type) x86 EPYC-Milan-v1 AMD EPYC-Milan Processor x86 EPYC-Milan-v2 AMD EPYC-Milan Processor The documentation for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. SECURITY ANALYSIS OF AMD PREDICTIVE STORE FORWARDING c. AMD64 Architecture Programmer’s Manual Volumes 1–5 Publication No. Revision 40332 4.05 Date October 2022 Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Link: https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf Link: https://www.amd.com/system/files/TechDocs/40332_4.05.pdf Message-Id: <20230504205313.225073-6-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add feature bits for CPUID_Fn80000021_EAXBabu Moger
Add the following feature bits. no-nested-data-bp : Processor ignores nested data breakpoints. lfence-always-serializing : LFENCE instruction is always serializing. null-sel-cls-base : Null Selector Clears Base. When this bit is set, a null segment load clears the segment base. The documentation for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. AMD64 Architecture Programmer’s Manual Volumes 1–5 Publication No. Revision 40332 4.05 Date October 2022 Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Link: https://www.amd.com/system/files/TechDocs/40332_4.05.pdf Message-Id: <20230504205313.225073-5-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add a couple of feature bits in 8000_0008_EBXBabu Moger
Add the following feature bits. amd-psfd : Predictive Store Forwarding Disable: PSF is a hardware-based micro-architectural optimization designed to improve the performance of code execution by predicting address dependencies between loads and stores. While SSBD (Speculative Store Bypass Disable) disables both PSF and speculative store bypass, PSFD only disables PSF. PSFD may be desirable for the software which is concerned with the speculative behavior of PSF but desires a smaller performance impact than setting SSBD. Depends on the following kernel commit: b73a54321ad8 ("KVM: x86: Expose Predictive Store Forwarding Disable") stibp-always-on : Single Thread Indirect Branch Prediction mode has enhanced performance and may be left always on. The documentation for the features are available in the links below. a. Processor Programming Reference (PPR) for AMD Family 19h Model 01h, Revision B1 Processors b. SECURITY ANALYSIS OF AMD PREDICTIVE STORE FORWARDING Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf Link: https://www.amd.com/system/files/TechDocs/55898_B1_pub_0.50.zip Message-Id: <20230504205313.225073-4-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: Add new EPYC CPU versions with updated cache_infoMichael Roth
Introduce new EPYC cpu versions: EPYC-v4 and EPYC-Rome-v3. The only difference vs. older models is an updated cache_info with the 'complex_indexing' bit unset, since this bit is not currently defined for AMD and may cause problems should it be used for something else in the future. Setting this bit will also cause CPUID validation failures when running SEV-SNP guests. Signed-off-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20230504205313.225073-3-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-08target/i386: allow versioned CPUs to specify new cache_infoMichael Roth
New EPYC CPUs versions require small changes to their cache_info's. Because current QEMU x86 CPU definition does not support versioned cach_info, we would have to declare a new CPU type for each such case. To avoid the dup work, add "cache_info" in X86CPUVersionDefinition", to allow new cache_info pointers to be specified for a new CPU version. Co-developed-by: Wei Huang <wei.huang2@amd.com> Signed-off-by: Wei Huang <wei.huang2@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Babu Moger <babu.moger@amd.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20230504205313.225073-2-babu.moger@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-06Merge tag 'pull-loongarch-20230506' of https://gitlab.com/gaosong/qemu into ↵Richard Henderson
staging Add LoongArch LSX instructions. # -----BEGIN PGP SIGNATURE----- # # iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZFXxGwAKCRBAov/yOSY+ # 39EoA/0Uy2DPz6g7J5+9tcIRk9jLrp36aYQJ9J8zRJd226YFvHSfiBWSIteMFOEX # Z0Jx1bL6N97KK/HA74Nx++x0kVuplEGp1s5cO/odL3gYy8RaJm23p9iaDa0D/UaB # ygLvXtuzN4unDFP5EF/wa9zRkDb7qX2iBBvc8OIal7eT4dDX+g== # =gyVU # -----END PGP SIGNATURE----- # gpg: Signature made Sat 06 May 2023 07:18:03 AM BST # gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF # gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF * tag 'pull-loongarch-20230506' of https://gitlab.com/gaosong/qemu: (45 commits) hw/intc: don't use target_ulong for LoongArch ipi target/loongarch: CPUCFG support LSX target/loongarch: Use {set/get}_gpr replace to cpu_fpr target/loongarch: Implement vldi target/loongarch: Implement vld vst target/loongarch: Implement vilvl vilvh vextrins vshuf target/loongarch: Implement vreplve vpack vpick target/loongarch: Implement vinsgr2vr vpickve2gr vreplgr2vr target/loongarch: Implement vbitsel vset target/loongarch: Implement vfcmp target/loongarch: Implement vseq vsle vslt target/loongarch: Implement LSX fpu fcvt instructions target/loongarch: Implement LSX fpu arith instructions target/loongarch: Implement vfrstp target/loongarch: Implement vbitclr vbitset vbitrev target/loongarch: Implement vpcnt target/loongarch: Implement vclo vclz target/loongarch: Implement vssrlrn vssrarn target/loongarch: Implement vssrln vssran target/loongarch: Implement vsrlrn vsrarn ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-05-06target/loongarch: CPUCFG support LSXSong Gao
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn> Message-Id: <20230504122810.4094787-45-gaosong@loongson.cn>