aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)Author
2023-12-12target/i386: Fix 32-bit wrapping of pc/eip computationRichard Henderson
In 32-bit mode, pc = eip + cs_base is also 32-bit, and must wrap. Failure to do so results in incorrect memory exceptions to the guest. Before 732d548732ed, this was implicitly done via truncation to target_ulong but only in qemu-system-i386, not qemu-system-x86_64. To fix this, we must add conditional zero-extensions. Since we have to test for 32 vs 64-bit anyway, note that cs_base is always zero in 64-bit mode. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2022 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20231212172510.103305-1-richard.henderson@linaro.org>
2023-12-06i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bitMichael Roth
Commit 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") added error checking for KVM_SET_SREGS/KVM_SET_SREGS2. In doing so, it exposed a long-running bug in current KVM support for SEV-ES where the kernel assumes that MSR_EFER_LMA will be set explicitly by the guest kernel, in which case EFER write traps would result in KVM eventually seeing MSR_EFER_LMA get set and recording it in such a way that it would be subsequently visible when accessing it via KVM_GET_SREGS/etc. However, guest kernels currently rely on MSR_EFER_LMA getting set automatically when MSR_EFER_LME is set and paging is enabled via CR0_PG_MASK. As a result, the EFER write traps don't actually expose the MSR_EFER_LMA bit, even though it is set internally, and when QEMU subsequently tries to pass this EFER value back to KVM via KVM_SET_SREGS* it will fail various sanity checks and return -EINVAL, which is now considered fatal due to the aforementioned QEMU commit. This can be addressed by inferring the MSR_EFER_LMA bit being set when paging is enabled and MSR_EFER_LME is set, and synthesizing it to ensure the expected bits are all present in subsequent handling on the host side. Ultimately, this handling will be implemented in the host kernel, but to avoid breaking QEMU's SEV-ES support when using older host kernels, the same handling can be done in QEMU just after fetching the register values via KVM_GET_SREGS*. Implement that here. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Marcelo Tosatti <mtosatti@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Akihiko Odaki <akihiko.odaki@daynix.com> Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: Lara Lazier <laramglazier@gmail.com> Cc: Vitaly Kuznetsov <vkuznets@redhat.com> Cc: Maxim Levitsky <mlevitsk@redhat.com> Cc: <kvm@vger.kernel.org> Fixes: 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") Signed-off-by: Michael Roth <michael.roth@amd.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-ID: <20231206155821.1194551-1-michael.roth@amd.com>
2023-12-04Merge tag 'misc-fixes-20231204' of https://github.com/philmd/qemu into stagingStefan Hajnoczi
Misc fixes for 8.2 - memory: Avoid unaligned accesses (Patrick) - target/riscv: Fix variable shadowing (Daniel) - tests/avocado: Update URL, skip flaky test (Alex, Phil) # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmVt7w4ACgkQ4+MsLN6t # wN7AzA/+N1ec1I2IC0LYT8ThBCyV/92o+1FH5KaIxiVN5Ty3cACnGAac8IJ1K2tC # 5WG8Dxg4rq+bM16lUq9ME7k82Y3PoxLoRQa8fuClFKdHMXU2sgY4OwTx2606cO4B # 0H4gR+i3XgrgIDo8qRezWX0JSd1Srrz9QPlcq6kJfDtRq7DU0329aOobkyzuUJPb # DJD9YPu9y0KokBCBuVlt5ypNSM9xJGRtznFt1sFfNyPgNOnie3s+fYpPn26UigcY # 8OY/PMS5hapDw/s/gFKWQb/nCTSRnJKZ5dODOjHXK8HvTbYHedw8C4apXyjSXwBI # fBerNEKJHwD/1QkFhbNCIwsidH72BWeHljrelbZlsUfXU1VcCqNiXV8d2R9ak3xt # lrW7UcytC1+PqhmIVEXAOA4cwJcq6Hs9IcZ9G9aMvcmlhY3Fv0UKMoRYgsGTULeP # ySQF3FDSc6dldsfBdwqHGHlwL12EYmpN2sIhEc5aQ9y5Mmuj2FBOYHUbPpyoVLpw # e45n9Epc43GUVCMj3lZNjWKd+87nGjwKOM3rpBlcaSG3JRkLUe8o5APxeYzePZfO # 2IOWcGnrUixsvWbNY+6JF98n5hQK7Va3h/e1YbS1K2OZ013LT1SNiZ1LOrl9KiXf # agY6HMukKbCpJAqpXnMbgWdxCb7GdtjVaWKIVEgejeZTVdH4f8Y= # =r21r # -----END PGP SIGNATURE----- # gpg: Signature made Mon 04 Dec 2023 10:23:58 EST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'misc-fixes-20231204' of https://github.com/philmd/qemu: tests/avocado: mark ReplayKernelNormal.test_mips64el_malta as flaky tests/avocado: Update yamon-bin-02.22.zip URL target/riscv/kvm: fix shadowing in kvm_riscv_(get|put)_regs_csr system/memory: use ldn_he_p/stn_he_p Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-12-04Merge tag 'pull-target-arm-20231204-1' of ↵Stefan Hajnoczi
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * Turn off SME if SVE is turned off (this combination doesn't currently work and QEMU will assert if you try it) # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmVt3wQZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vrmD/9zu48IxCdHFSshMRmXz6kI # tMvTrsMSOGXfuQqCbvLn3CUP/La50Yt/T1C2TKzVII1W8zpw8wEEvraCBjexzUzK # Jcjw0dPSIllQOHBkoUGsgqA0+UkhfIwH0po10rxm1L+ZP3DfISVdyDV9oxCNfEO0 # pGXI1eAN9GIQtJtUj3kZE+RUoamJfoSjlm5XVeX3T+utEU7yf1461L1/qaylYOrW # wao72ffbuf41jRJwnVmMFoIPrwueYtEeuKl/EgYU4YPxkSQEo34u6d9fz2Irt6/Y # utO2SffhhmlxQaFhgPX3hvAsfapMt/p2Jy6oUpThOjN75adCq+g1CYj7lzEfIX16 # kb2CY8zQ8NboJtgnkiQAA062myURnk/kmulv0OF6Hh0jHSuLzuMMLcCfBJgq4H6s # mnBCJfetwRgwqcSl1JTfrMm4wYOLmSrmOcM5JjYwY2YYjnFXI+XB1MdKm0h8cROG # nFu5TZtNnxgzqBgoh1140AYN851Y1dshczZIHb1/YuNpBIl+ZUO4v5sRT3KBSzb+ # G21570neBv8QcfDSgrLesrjNBDREfkaWEu9BM85461uTjbCLG8RUpn+Jd4VtpkNe # YVzomhuM9CI5CmYdrTMJ74gnZUtAT9Q3FTcfGL8G4KiSIe85BTw+gEy4PhLXD6FT # 68fP1M+s8/hsuXCJYbvmAA== # =K/u0 # -----END PGP SIGNATURE----- # gpg: Signature made Mon 04 Dec 2023 09:15:32 EST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20231204-1' of https://git.linaro.org/people/pmaydell/qemu-arm: target/arm: Disable SME if SVE is disabled Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-12-04target/riscv/kvm: fix shadowing in kvm_riscv_(get|put)_regs_csrDaniel Henrique Barboza
KVM_RISCV_GET_CSR() and KVM_RISCV_SET_CSR() use an 'int ret' variable that is used to do an early 'return' if ret > 0. Both are being called in functions that are also declaring a 'ret' integer, initialized with '0', and this integer is used as return of the function. The result is that the compiler is less than pleased and is pointing shadowing errors: ../target/riscv/kvm/kvm-cpu.c: In function 'kvm_riscv_get_regs_csr': ../target/riscv/kvm/kvm-cpu.c:90:13: error: declaration of 'ret' shadows a previous local [-Werror=shadow=compatible-local] 90 | int ret = kvm_get_one_reg(cs, RISCV_CSR_REG(env, csr), &reg); \ | ^~~ ../target/riscv/kvm/kvm-cpu.c:539:5: note: in expansion of macro 'KVM_RISCV_GET_CSR' 539 | KVM_RISCV_GET_CSR(cs, env, sstatus, env->mstatus); | ^~~~~~~~~~~~~~~~~ ../target/riscv/kvm/kvm-cpu.c:536:9: note: shadowed declaration is here 536 | int ret = 0; | ^~~ ../target/riscv/kvm/kvm-cpu.c: In function 'kvm_riscv_put_regs_csr': ../target/riscv/kvm/kvm-cpu.c:98:13: error: declaration of 'ret' shadows a previous local [-Werror=shadow=compatible-local] 98 | int ret = kvm_set_one_reg(cs, RISCV_CSR_REG(env, csr), &reg); \ | ^~~ ../target/riscv/kvm/kvm-cpu.c:556:5: note: in expansion of macro 'KVM_RISCV_SET_CSR' 556 | KVM_RISCV_SET_CSR(cs, env, sstatus, env->mstatus); | ^~~~~~~~~~~~~~~~~ ../target/riscv/kvm/kvm-cpu.c:553:9: note: shadowed declaration is here 553 | int ret = 0; | ^~~ The macros are doing early returns for non-zero returns and the local 'ret' variable for both functions is used just to do 'return 0', so remove them from kvm_riscv_get_regs_csr() and kvm_riscv_put_regs_csr() and do a straight 'return 0' in the end. For good measure let's also rename the 'ret' variables in KVM_RISCV_GET_CSR() and KVM_RISCV_SET_CSR() to '_ret' to make them more resilient to these kind of errors. Fixes: 937f0b4512 ("target/riscv: Implement kvm_arch_get_registers") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20231123101338.1040134-1-dbarboza@ventanamicro.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-12-04sh4: Coding style: Remove tabsYihuan Pan
Replaces TABS with spaces to ensure have a consistent coding style with an indentation of 4 spaces in the SH4 subsystem. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/376 Signed-off-by: Yihuan Pan <xun794@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-ID: <20231124044554.513752-1-xun794@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-12-04target/arm: Disable SME if SVE is disabledPeter Maydell
There is no architectural requirement that SME implies SVE, but our implementation currently assumes it. (FEAT_SME_FA64 does imply SVE.) So if you try to run a CPU with eg "-cpu max,sve=off" you quickly run into an assert when the guest tries to write to SMCR_EL1: #6 0x00007ffff4b38e96 in __GI___assert_fail (assertion=0x5555566e69cb "sm", file=0x5555566e5b24 "../../target/arm/helper.c", line=6865, function=0x5555566e82f0 <__PRETTY_FUNCTION__.31> "sve_vqm1_for_el_sm") at ./assert/assert.c:101 #7 0x0000555555ee33aa in sve_vqm1_for_el_sm (env=0x555557d291f0, el=2, sm=false) at ../../target/arm/helper.c:6865 #8 0x0000555555ee3407 in sve_vqm1_for_el (env=0x555557d291f0, el=2) at ../../target/arm/helper.c:6871 #9 0x0000555555ee3724 in smcr_write (env=0x555557d291f0, ri=0x555557da23b0, value=2147483663) at ../../target/arm/helper.c:6995 #10 0x0000555555fd1dba in helper_set_cp_reg64 (env=0x555557d291f0, rip=0x555557da23b0, value=2147483663) at ../../target/arm/tcg/op_helper.c:839 #11 0x00007fff60056781 in code_gen_buffer () Avoid this unsupported and slightly odd combination by disabling SME when SVE is not present. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2005 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231127173318.674758-1-peter.maydell@linaro.org
2023-11-28Merge tag 'misc-next-20231128' of https://github.com/philmd/qemu into stagingStefan Hajnoczi
Misc fixes for 8.2 * buildsys: Invoke bash via 'env' (Samuel) * doc: Fix example in s390-cpu-topology.rst (Zhao) * HW: Fix AVR ATMega reset stack (Gihun) and VT82C686 IRQ routing (Zoltan) # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmVl7MUACgkQ4+MsLN6t # wN4nsQ//U7/GGrMaNJF369pC0UfC0dfD39RoD9jmmrWUQB17baMvXo+BMBcELX0Q # BtgRjIYwnywnVZlB11JL5Ql9ykSRqd7VeqnZfH//GqQO+ySF7jl6ekNT6YNjUbWu # iF9bU3o0/LAVl/3pe9LQ4q/yOjzERA5o4JKYviHZYcWE811/5lBNgER4iPyCz6a8 # aGI3S5PGmq6a9x5266jkY2WWldDy7D1ujkuvxxc4tgnmbBjL21soJ/oRLOBjGTNl # hCRfDTEiFZm7OxjV7oB03Nr3EGGStGdy0aPhhtFwzZxQ9yV7d2DLsbYGgwzZYkKQ # 9v4DtGqYyvDA7LBmfxOrnzL0WXgN4xO3qekLqHDtChDzFFEYwtHvH0duPUiQv1Yu # qHyOsfB58rKzWHeo0ACEjMWGdD1opCXCeoJlEf/saiQ5EgyBwph/z2mWYN4yak5H # Zu3xF15BcnyavC6sVeuE+rT574dhCzOtH8Vf3WVwqfL5D5cyCjHlmPSAXXMqBkmh # BMOD8O210n6IdzuuOQ038t3yGvIc0YysOmQgfLjRYlZa884q3wExgrufH+NYbGMj # bFthPjLKgHm+q4k2mH65G98xwXQFT6rdHanw2iEJcPJbhhk9SNWYgaQ0r0Oi2Pfd # zCQ22F1j9UqGcqKh+8tzAfjayRyQUJtgizPXEWanADkpIDYxrRk= # =323/ # -----END PGP SIGNATURE----- # gpg: Signature made Tue 28 Nov 2023 08:36:05 EST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'misc-next-20231128' of https://github.com/philmd/qemu: docs/s390: Fix wrong command example in s390-cpu-topology.rst hw/avr/atmega: Fix wrong initial value of stack pointer hw/audio/via-ac97: Route interrupts using via_isa_set_irq() hw/isa/vt82c686: Route PIRQ inputs using via_isa_set_irq() hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts hw/isa/vt82c686: Bring back via_isa_set_irq() target/hexagon/idef-parser/prepare: use env to invoke bash Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-28hw/avr/atmega: Fix wrong initial value of stack pointerGihun Nam
The current implementation initializes the stack pointer of AVR devices to 0. Although older AVR devices used to be like that, newer ones set it to RAMEND. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1525 Signed-off-by: Gihun Nam <gihun.nam@outlook.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <PH0P222MB0010877445B594724D40C924DEBDA@PH0P222MB0010.NAMP222.PROD.OUTLOOK.COM> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-11-28target/hexagon/idef-parser/prepare: use env to invoke bashSamuel Tardieu
This file is the only one involved in the compilation process which still uses the /bin/bash path. Signed-off-by: Samuel Tardieu <sam@rfc1149.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Anton Johansson <anjo@rev.ng> Message-ID: <20231123211506.636533-1-sam@rfc1149.net> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-11-27target/arm: Handle overflow in calculation of next timer tickPeter Maydell
In commit edac4d8a168 back in 2015 when we added support for the virtual timer offset CNTVOFF_EL2, we didn't correctly update the timer-recalculation code that figures out when the timer interrupt is next going to change state. We got it wrong in two ways: * for the 0->1 transition, we didn't notice that gt->cval + offset can overflow a uint64_t * for the 1->0 transition, we didn't notice that the transition might now happen before the count rolls over, if offset > count In the former case, we end up trying to set the next interrupt for a time in the past, which results in QEMU hanging as the timer fires continuously. In the latter case, we would fail to update the interrupt status when we are supposed to. Fix the calculations in both cases. The test case is Alex Bennée's from the bug report, and tests the 0->1 transition overflow case. Fixes: edac4d8a168 ("target-arm: Add CNTVOFF_EL2") Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/60 Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231120173506.3729884-1-peter.maydell@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-27target/arm: Set IL bit for pauth, SVE access, BTI trap syndromesPeter Maydell
The syndrome register value always has an IL field at bit 25, which is 0 for a trap on a 16 bit instruction, and 1 for a trap on a 32 bit instruction (or for exceptions which aren't traps on a known instruction, like PC alignment faults). This means that our syn_*() functions should always either take an is_16bit argument to determine whether to set the IL bit, or else unconditionally set it. We missed setting the IL bit for the syndrome for three kinds of trap: * an SVE access exception * a pointer authentication check failure * a BTI (branch target identification) check failure All of these traps are AArch64 only, and so the instruction causing the trap is always 64 bit. This means we can unconditionally set the IL bit in the syn_*() function. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231120150121.3458408-1-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-22target/riscv/cpu_helper.c: Fix mxr bit behaviorIvan Klokov
According to RISCV Specification sect 9.5 on two stage translation when V=1 the vsstatus(mstatus in QEMU's terms) field MXR, which makes execute-only pages readable, only overrides VS-stage page protection. Setting MXR at HS-level(mstatus_hs), however, overrides both VS-stage and G-stage execute-only permissions. The hypervisor extension changes the behavior of MXR\MPV\MPRV bits. Due to RISCV Specification sect. 9.4.1 when MPRV=1, explicit memory accesses are translated and protected, and endianness is applied, as though the current virtualization mode were set to MPV and the current nominal privilege mode were set to MPP. vsstatus.MXR makes readable those pages marked executable at the VS translation stage. Fixes: 36a18664ba ("target/riscv: Implement second stage MMU") Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-ID: <20231121071757.7178-3-ivan.klokov@syntacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-11-22target/riscv/cpu_helper.c: Invalid exception on MMU translation stageIvan Klokov
According to RISCV privileged spec sect. 5.3.2 Virtual Address Translation Process access-fault exceptions may raise only after PMA/PMP check. Current implementation generates an access-fault for mbare mode even if there were no PMA/PMP errors. This patch removes the erroneous MMU mode check and generates an access-fault exception based on the pmp_violation flag only. Fixes: 1448689c7b ("target/riscv: Allow specifying MMU stage") Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-ID: <20231121071757.7178-2-ivan.klokov@syntacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-11-22target/riscv: don't verify ISA compatibility for zicntr and zihpmClément Chigot
The extensions zicntr and zihpm were officially added in the privilege instruction set specification 1.12. However, QEMU has been implemented them long before it and thus they are forced to be on during the cpu initialization to ensure compatibility (see riscv_cpu_init). riscv_cpu_disable_priv_spec_isa_exts was not updated when the above behavior was introduced, resulting in these extensions to be disabled after all. Signed-off-by: Clément Chigot <chigot@adacore.com> Fixes: c004099330 ("target/riscv: add zicntr extension flag for TCG") Fixes: 0824121660 ("target/riscv: add zihpm extension flag for TCG") Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20231114123913.536194-1-chigot@adacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2023-11-21Merge tag 'pull-target-arm-20231121' of ↵Stefan Hajnoczi
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * enable FEAT_RNG on Neoverse-N2 * hw/intc/arm_gicv3: ICC_PMR_EL1 high bits should be RAZ * Fix SME FMOPA (16-bit), BFMOPA * hw/core/machine: Constify MachineClass::valid_cpu_types[] * stm32f* machines: Report error when user asks for wrong CPU type * hw/arm/fsl-imx: Do not ignore Error argument # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmVchLYZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kHMD/47tKxzrsXc6+V9esRQGi2H # 1hAgLBwglEdxLXokF+Di41sh/fvK7wYVXO/hiWlq+9h3kG3D/u1N5r1TdMPMUb9j # 4Sg3rOejn7nzkxVZ6MZ/K/1j84C9bfrt4sboVHZVRvWuvbiyuTuivEr4IqLYO4x3 # AIwhFMQ5gbNrmClZh/DBxj0keO13cp63Fg2JSSICdi+1Dw9rRXTyhJloMu1omeqc # k/BXzjSeNXpLSMyGWBR3uaPcJBaGC1xnz3Z1V7fUY1EYD2Cu1oo5lEZ9aNO5t30d # XW/qVGLa3b1Cb7WuEO247RnU3N2oZotozjFtdj/8IQoYWspM9RHyipEimUlegVdO # 3fpu8QGsN1ljNiwjdk0i6OwS7SGxcPtteFOaqEf/Yogj4EOKTn/Rx5TT4vJ5DhmI # 2w/9J15JWDIE1paNwecuFWbxCOOzSsOtSxzuyLSZDU3GlNfJ4zoF6YboROLYfejy # NXZABFhGd/0ykX7r0VY1GGYXUQ+akv6q+VDmVZCP9gMiRUiqmFPwMLMLlcuHb8G5 # 8UztN5SvOG2EYXj28Zx0BnGCNiGdI15rWMb0veqAtbnn3yEdltW3O475BAhZ0PB7 # OVpLWnXwmWURm/BGlwb1PH5s3kgWgzOebcBgcnCftwFQ8EedQAQDA5FmT+nK5SfV # VoOf89PngTubU6B3BOfeBw== # =thIa # -----END PGP SIGNATURE----- # gpg: Signature made Tue 21 Nov 2023 05:21:42 EST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20231121' of https://git.linaro.org/people/pmaydell/qemu-arm: hw/arm/fsl-imx: Do not ignore Error argument hw/arm/stm32f100: Report error when incorrect CPU is used hw/arm/stm32f205: Report error when incorrect CPU is used hw/arm/stm32f405: Report error when incorrect CPU is used hw/core/machine: Constify MachineClass::valid_cpu_types[] target/arm: Fix SME FMOPA (16-bit), BFMOPA hw/intc/arm_gicv3: ICC_PMR_EL1 high bits should be RAZ target/arm: enable FEAT_RNG on Neoverse-N2 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-21target/ppc: Fix bugs in VSX_CVT_FP_TO_INT and VSX_CVT_FP_TO_INT2 macrosJohn Platts
The patch below fixes a bug in the VSX_CVT_FP_TO_INT and VSX_CVT_FP_TO_INT2 macros in target/ppc/fpu_helper.c where a non-NaN floating point value from the source vector is incorrectly converted to 0, 0x80000000, or 0x8000000000000000 instead of the expected value if a preceding source floating point value from the same source vector was a NaN. The bug in the VSX_CVT_FP_TO_INT and VSX_CVT_FP_TO_INT2 macros in target/ppc/fpu_helper.c was introduced with commit c3f24257e3c0. This patch also adds a new vsx_f2i_nan test in tests/tcg/ppc64 that checks that the VSX xvcvspsxws, xvcvspuxws, xvcvspsxds, xvcvspuxds, xvcvdpsxws, xvcvdpuxws, xvcvdpsxds, and xvcvdpuxds instructions correctly convert non-NaN floating point values to integer values if the source vector contains NaN floating point values. Fixes: c3f24257e3c0 ("target/ppc: Clear fpstatus flags on helpers missing it") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1941 Signed-off-by: John Platts <john_platts@hotmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2023-11-20target/arm: Fix SME FMOPA (16-bit), BFMOPARichard Henderson
Perform the loop increment unconditionally, not nested within the predication. Cc: qemu-stable@nongnu.org Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1985 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-id: 20231117193135.1180657-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-20target/arm: enable FEAT_RNG on Neoverse-N2Marcin Juszkiewicz
I noticed that Neoverse-V1 has FEAT_RNG enabled so let enable it also on Neoverse-N2. Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231114103443.1652308-1-marcin.juszkiewicz@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-20Merge tag 'hppa64-fixes-pull-request' of ↵Stefan Hajnoczi
https://github.com/hdeller/qemu-hppa into staging HPPA64-PATCHES-for-8.2 Two patches for 8.2. The SHRPD patch fixes a real translation bug which then allows to boot the 64-bit Linux kernels of the Debian-11 and Debian-12 installation CDs. The second patch adds the instruction byte sequence to the assembly log. This is not an actual bug fix, but it's important since it helps a lot when trying to fix qemu translation bugs on hppa. # -----BEGIN PGP SIGNATURE----- # # iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZVfHPwAKCRD3ErUQojoP # X3TrAQD2SfFsTWIYqTamh1ZHmydaJRL1xhXmPMqXgXFkDmiyhQD/VeyIyWEGj5Oe # x70WR8HrtkadsUddgSGzFRChaVb0/wI= # =Sapq # -----END PGP SIGNATURE----- # gpg: Signature made Fri 17 Nov 2023 15:04:15 EST # gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F # gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown] # gpg: aka "Helge Deller <deller@kernel.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603 # Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F * tag 'hppa64-fixes-pull-request' of https://github.com/hdeller/qemu-hppa: disas/hppa: Show hexcode of instruction along with disassembly target/hppa: Fix 64-bit SHRPD instruction Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-20Merge tag 'pull-error-2023-11-17' of https://repo.or.cz/qemu/armbru into stagingStefan Hajnoczi
Error reporting patches for 2023-11-17 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmVXLq8SHGFybWJydUBy # ZWRoYXQuY29tAAoJEDhwtADrkYZTBIsP/3vTjS2QJ2JdjgZV7ARGyfAxsPbG4TS2 # JHqFsF37vY5u+gYjcBJsmDY8YBpYWQFkOYJ8RJtCdedOnW2gML88vc3XKcUrUc7T # ebN8KnpA8mx5nr0SMGD+/w72xZl917lGFhXRqazvS2i0dbJvuAsacoo300oIZncx # 5480GiJpNc/QBUdU9ywFWwQOVzJynn32e1OFWLmbL2xH+kcgMbgWgrEMQUb0D99+ # J9PjKCJxVlJFKEjph7iLCahID5V1gjJTzp3iESOWbO7BTFuKJZ8E510oXd1ng86c # JLOEcu4vhC4JNvMx5R31nVz4LXfQD8Hf1pSVL64gTybVq3bEMhv/wLUuG/AcPIuL # t1GxRhGqY2yXbnP3GfP9xNhFps0uLmJF7g5Q/ao2sEwOiPmGmNKcK7xV6OkYJdIr # isbb+bot19NN+B7r1ZWkb7BEhM99PtHZtsrmnPZ7T19CX/cy2k0D0W78nqJE0AJU # sBhwuntou+DvBbLB3KD33OcE0UI93IxICaqR56q4lwydYOQ4p8VCTRI1aoDrZpPx # Q+kMs+sy3q7CGMKEScnb+HeA8KuvKFGqw3XKJwYQsTITRd+NdWnQ7dKAC2J2sRvO # DRGhUEmOiaDv3HdmToV3owfLsH9raK6Oh8KYjxiOoiJ1Tb0+sZvxayemQ97mRVuJ # r+yle/BX1ODY # =7QAS # -----END PGP SIGNATURE----- # gpg: Signature made Fri 17 Nov 2023 04:13:19 EST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * tag 'pull-error-2023-11-17' of https://repo.or.cz/qemu/armbru: target/i386/cpu: Improve error message for property "vendor" balloon: Fix a misleading error message net: Fix a misleading error message ui/qmp-cmds: Improve two error messages qga: Improve guest-exec-status error message hmp: Improve sync-profile error message spapr/pci: Correct "does not support hotplugging error messages Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-20Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into stagingStefan Hajnoczi
trivial patches for 2023-11-16 # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmVVxz4PHG1qdEB0bHMu # bXNrLnJ1AAoJEHAbT2saaT5ZI+cH+wexpGPHmmWHaA0moo+1MZPC3pbEvOXq184b # oeGRUidq89380DzsxkIxrDn98KisKnIX3oGZ56Q394Ntg7J2xyFN/KsvQhzpElSb # 01Ws90NVoHIXoXZKNIOFZXkqOLCB+kwqZ1PFiYwALEJkEPBfpV40dTWuyCnxh1D8 # lKHtk5bLKzDbTmDYYfnZ7zkP6CLMhRH7A7evdb/4+W+phbqTHeKbSgq8QhNvVX8n # 38yzPTQPlMyXHw7Psio62N7wz86wEiGkYELud1nPPlA902paM5FHMdjYBohm/ZCM # 4E12gzMg4SgwBIsWoyE/1tUAjyJXeChocxOVLFqDXXaiYgomAh0= # =x0bq # -----END PGP SIGNATURE----- # gpg: Signature made Thu 16 Nov 2023 02:39:42 EST # gpg: using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59 # gpg: issuer "mjt@tls.msk.ru" # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [full] # gpg: aka "Michael Tokarev <mjt@corpit.ru>" [full] # gpg: aka "Michael Tokarev <mjt@debian.org>" [full] # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59 * tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu: (27 commits) util/range.c: spelling fix: inbetween util/filemonitor-inotify.c: spelling fix: kenel tests/qtest/ufs-test.c: spelling fix: tranfer tests/qtest/migration-test.c: spelling fix: bandwith target/riscv/cpu.h: spelling fix: separatly include/hw/virtio/vhost.h: spelling fix: sate include/hw/hyperv/dynmem-proto.h: spelling fix: nunber, atleast include/block/ufs.h: spelling fix: setted hw/net/cadence_gem.c: spelling fixes: Octects hw/mem/memory-device.c: spelling fix: ontaining contrib/vhost-user-gpu/virgl.c: spelling fix: mesage migration/rdma.c: spelling fix: asume target/hppa: spelling fixes: Indicies, Truely target/arm/tcg: spelling fixes: alse, addreses docs/system/arm/emulation.rst: spelling fix: Enhacements docs/devel/migration.rst: spelling fixes: doen't, diferent, responsability, recomend docs/about/deprecated.rst: spelling fix: becase gdbstub: spelling fix: respectivelly hw/cxl: spelling fixes: limitaions, potentialy, intialized linux-user: spelling fixes: othe, necesary ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-17target/hppa: Fix 64-bit SHRPD instructionHelge Deller
When shifting the two joined 64-bit registers right, shift the upper 64-bit register to the left and the lower 64-bit register to the right before merging them with OR. Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-17target/i386/cpu: Improve error message for property "vendor"Markus Armbruster
Improve $ qemu-system-x86_64 -device max-x86_64-cpu,vendor=me qemu-system-x86_64: -device max-x86_64-cpu,vendor=me: Property '.vendor' doesn't take value 'me' to qemu-system-x86_64: -device max-x86_64-cpu,vendor=0123456789abc: value of property 'vendor' must consist of exactly 12 characters Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-ID: <20231031111059.3407803-8-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> [Typo corrected]
2023-11-15target/riscv/cpu.h: spelling fix: separatlyMichael Tokarev
Fixes: 40336d5b1d4c "target/riscv: Add HS-mode virtual interrupt and IRQ filtering support." Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-11-15target/hppa: spelling fixes: Indicies, TruelyMichael Tokarev
Fixes: bb67ec32a0bb "target/hppa: Include PSW_P in tb flags and mmu index" Fixes: d7553f3591bb "target/hppa: Populate an interval tree with valid tlb entries" Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-11-15target/arm/tcg: spelling fixes: alse, addresesMichael Tokarev
Fixes: 179e9a3baccc "target/arm: Define new TB flag for ATA0" Fixes: 5d7b37b5f675 "target/arm: Implement the CPY* instructions" Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-11-14target/sparc: Fix RETURNRichard Henderson
Perform window restore before pc update. Required in order to recognize any window underflow trap with the current pc. Fixes: 86b82fe021f4 ("target/sparc: Move JMPL, RETT, RETURN to decodetree") Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-14Merge tag 'pull-request-2023-11-14' of https://gitlab.com/thuth/qemu into ↵Stefan Hajnoczi
staging * Fix s390x PV dumps in case of errors # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmVTXR4RHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbUzBg//ZDrzcInE59jo6zuEJiDYdqkauxiJWqdm # PF3AaemZdww/SZ94960BLCPLm/53L4qeNHl9F4HMoCCqfqp6gUVouc0Rh5kd8/Bn # 0+ND4Ni20LgKrr/10M8frVreujYhWEtILWA3Ef3HkMWGt45RB8mMwpYwmIZh6DHv # B45xZaiOWzXNtroGSEBO52MuWzAlbBi68iVCS8xJ/q5xOe0s6julS4EwGo8P6R0c # VZKlGM8KVndPPiRmG4NSyqpg91fp2p0Zo4Ol6GMSMsljvLB4aSIu0lDMR2FjreIv # Fjmz78CZbNmgh/7edH1+vj+P083kEGwD7j1WHq4gbFONFdP8Gp0NQjhj/Zl4HsQh # aCwVMuSdQmg7KEvn1wXc29kL9rBsG/5t5mSPkAzvM/kDahchtltpRxFYgcTGLhNs # lT4cBjXSmyL2bCc1lX4sEw3/0RZE2GTRtuvP3caJWMZAAxYuE18LstWalPV5ttqe # p7Xg/XRjOYlM2FGIMI9L5KR4mNKzWduvxnU/3o7qHUOEtWe9mICzCwC8UilLYbjd # sGRJ5KRYN2nIzqTm0K50rrXPop9zVUHRSl37/9bV9+z6mFAh6Tg4+gIdQPayTo0S # omRpMUMxmKkKSk1lTFWRr59sxTI+S5ANbRLeApxJsxXGCvoOzAn4nE7fxEpmTR2e # ocddl9Wg4+w= # =sFZX # -----END PGP SIGNATURE----- # gpg: Signature made Tue 14 Nov 2023 06:42:22 EST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2023-11-14' of https://gitlab.com/thuth/qemu: target/s390x/arch_dump: Add arch cleanup function for PV dumps dump: Add arch cleanup function target/s390x/dump: Remove unneeded dump info function pointer init Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-14Merge tag 'pull-target-arm-20231113' of ↵Stefan Hajnoczi
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * hw/arm/virt: fix GIC maintenance IRQ registration * target/arm: HVC at EL3 should go to EL3, not EL2 * target/arm: Correct MTE tag checking for reverse-copy MOPS * target/arm/tcg: enable PMU feature for Cortex-A8 and A9 # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmVSYL0ZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3iLND/99dZKHgNJx1k7aeGX8t4lU # MTU0AsFndpx/WjWbviyfrO17B0FIi6kwhggDk2cXrXF26eBFcx5ruJ6sw9R1ZvsV # y6Z1rhjd+skj3PMxGMU/I0XeR3TXJNo2eLAeKyPy4W75+5I0zT4PMEPJ05WylVTs # RXuAhlyCXX9uTT2ILtGRiThpRrgnzGE3DU2Ry32s0+qjYq5U89J0+0kYPg6VFg29 # Lfj4zCwVu3/xX7Me+b84bTDxlQD4LSGdibscd0aCiMyamzfLl/naoDLvFIia/Q7h # 4epcw3Bu+3nTicg70i9k6iNP4nDXPO9V2dbopJVd9wcgPBXicyoDrLA8CQdp+04v # /vHT9+IZ4pFUcUp1+A9s6CcSMDeYOSPrQsd96HwaTtw/RjpxhLKC6EEpswpr5d4q # SBU5I6lUe47HuwLxPpqucwNk/o4/9PZKBDSI1SUKoLPVyOvSS0sxJlTdQCyHCgmU # ogjnFnw9J16X/GOWzS3tUD+9GS8s7WqJHyFl0t5ngvvamFTdquPFSFXQfZMTwAU1 # vVSam4oi51ON2sVjkR7Pn7BrTBE1QnsudB8Sc9If/LGhFSuNUKlj13+pWrGMty+n # q9fFS5MuNlvVehX3mr+i4PA6WWYCZ0wHzTvXtYxKkyu1CZi53r9H1pZPwb6URjUt # ceyJngaQH5dgtkVgCNSoRQ== # =4D8I # -----END PGP SIGNATURE----- # gpg: Signature made Mon 13 Nov 2023 12:45:33 EST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20231113' of https://git.linaro.org/people/pmaydell/qemu-arm: target/arm/tcg: enable PMU feature for Cortex-A8 and A9 target/arm: Correct MTE tag checking for reverse-copy MOPS target/arm: HVC at EL3 should go to EL3, not EL2 hw/arm/virt: fix GIC maintenance IRQ registration Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-14target/s390x/arch_dump: Add arch cleanup function for PV dumpsJanosch Frank
PV dumps block vcpu runs until dump end is reached. If there's an error between PV dump init and PV dump end the vm will never be able to run again. One example of such an error is insufficient disk space for the dump file. Let's add a cleanup function that tries to do a dump end. The dump completion data is discarded but there's no point in writing it to a file anyway if there's a possibility that other PV dump data is missing. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <20231109120443.185979-4-frankja@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-11-14target/s390x/dump: Remove unneeded dump info function pointer initJanosch Frank
dump_state_prepare() now sets the function pointers to NULL so we only need to touch them if we're going to use them. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-ID: <20231109120443.185979-2-frankja@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-11-13target/hppa: Reduce TARGET_PHYS_ADDR_SPACE_BITS to 40Richard Henderson
This is the value that is supported by both PA-8500 and Astro. If we support a larger address space than expected, we trip up software that did not fill in all of the page table bits, expecting them to be ignored. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-13target/hppa: Replace MMU_PHYS_IDX with MMU_ABS_IDX, MMU_ABS_W_IDXRichard Henderson
Align the language with pa2.0, separating absolute and physical. The translation from absolute to physical depends on PSW.W, and we prefer not to flush between changes, therefore use 2 mmu_idx. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-13target/hppa: Introduce MMU_IDX_MMU_DISABLEDRichard Henderson
Reduce the number of direct checks against MMU_PHYS_IDX. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-13target/hppa: Fix possible overflow in TLB size calculationHelge Deller
Coverty found that the shift of TARGET_PAGE_SIZE (32-bit type) might overflow. Fix it by casting TARGET_PAGE_SIZE to a 64-bit type before doing the shift (CID 1523902 and CID 1523908). Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de> Message-Id: <ZU6F/H8CZr3q4pP/@p100> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-13target/hppa: Fix calculation of CR_IIASQ back registerHelge Deller
Need to use iasq_b and iaoq_b to determine back register of CR_IIASQ. This fixes random faults when booting up Linux user space. Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-13target/hppa: Use PRIV_P_TO_MMU_IDX in helper_probeRichard Henderson
Direct privilege level to mmu_idx mapping has been false for some time. Provide the correct value to hppa_get_physical_address. Fixes: fa824d99f9b ("target/hppa: Switch to use MMU indices 11-15") Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-13target/hppa: Use only low 2 immediate bits for PROBEIRichard Henderson
During the conversion to decodetree, the 2-bit mask was lost. Fixes: deee69a19fd ("target/hppa: Convert memory management insns") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-13target/arm/tcg: enable PMU feature for Cortex-A8 and A9Nikita Ostrenkov
According to the technical reference manual, the Cortex-A9 has a Perfomance Unit Monitor (PMU): https://developer.arm.com/documentation/100511/0401/performance-monitoring-unit/about-the-performance-monitoring-unit The Cortex-A8 does also. We already already define the PMU registers when emulating the Cortex-A8 and Cortex-A9, because we put them in v7_cp_reginfo[] rather than guarding them behind ARM_FEATURE_PMU. So the only thing that setting the feature bit changes is that the registers actually do something. Enable ARM_FEATURE_PMU for Cortex-A8 and Cortex-A9, to avoid this anomaly. (The A8 and A9 PMU predates the standardisation of ID_DFR0.PerfMon, so the field there is 0, but the PMU is still present.) Signed-off-by: Nikita Ostrenkov <n.ostrenkov@gmail.com> Message-id: 20231112165658.2335-1-n.ostrenkov@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: tweaked commit message; also enable PMU for A8] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-11-13target/arm: Correct MTE tag checking for reverse-copy MOPSPeter Maydell
When we are doing a FEAT_MOPS copy that must be performed backwards, we call mte_mops_probe_rev(), passing it the address of the last byte in the region we are probing. However, allocation_tag_mem_probe() wants the address of the first byte to get the tag memory for. Because we passed it (ptr, size) we could incorrectly trip the allocation_tag_mem_probe() check for "does this access run across to the following page", and if that following page happened not to be valid then we would assert. We know we will always be only dealing with a single page because the code that calls mte_mops_probe_rev() ensures that. We could make mte_mops_probe_rev() pass 'ptr - (size - 1)' to allocation_tag_mem_probe(), but then we would have to adjust the returned 'mem' pointer to get back to the tag RAM for the last byte of the region. It's simpler to just pass in a size of 1 byte, because we know that allocation_tag_mem_probe() in pure-probe single-page mode doesn't care about the size. Fixes: 69c51dc3723b ("target/arm: Implement MTE tag-checking functions for FEAT_MOPS copies") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20231110162546.2192512-1-peter.maydell@linaro.org
2023-11-13target/arm: HVC at EL3 should go to EL3, not EL2Peter Maydell
AArch64 permits code at EL3 to use the HVC instruction; however the exception we take should go to EL3, not down to EL2 (see the pseudocode AArch64.CallHypervisor()). Fix the target EL. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com> Message-id: 20231109151917.1925107-1-peter.maydell@linaro.org
2023-11-12target/hppa: Mask reserved PSW bits in expand_sm_immHelge Deller
The system mask is a restricted subset of the psw, with only a couple of reserved bits. It is better to handle this up front in the translator than require helper_swap_system_mask to use cpu_hppa_get_psw and cpu_hppa_put_psw. Signed-off-by: Helge Deller <deller@gmx.de> [rth: Handle this in expand_sm_imm not helper_swap_system_mask.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-11-08target/arm: hide aliased MIDR from gdbstubAlex Bennée
This is just a constant alias register with the same value as the "other" MIDR so it serves no purpose being presented to gdbstub. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20231106185112.2755262-6-alex.bennee@linaro.org>
2023-11-08target/arm: hide all versions of DBGD[RS]AR from gdbstubAlex Bennée
This avoids two duplicates being presented to gdbstub. As the registers are RAZ anyway it is unlikely their value would be of use to someone using gdbstub anyway. Acked-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20231106185112.2755262-5-alex.bennee@linaro.org>
2023-11-08target/arm: mark the 32bit alias of PAR when LPAE enabledAlex Bennée
We also mark it ARM_CP_NO_GDB so we avoid duplicate PAR's in the system register XML we send to gdb. Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20231107105145.2916124-1-alex.bennee@linaro.org>
2023-11-08Merge tag 'pull-request-2023-11-07' of https://gitlab.com/thuth/qemu into ↵Stefan Hajnoczi
staging * Fix s390x CPU reconfiguration information in the SCLP facility map * Fix condition code problem in the CLC and LAALG instruction * Fix ordering of the new s390x topology list entries * Add some more files to the MAINTAINERS file * Allow newer versions of Tesseract in the m68k nextcube test # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmVKgksRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbWIHg//TM3JOpsMEqHKlUKqOJH02mFQrK6H7LG0 # BC56FG7T+/mpYs1NTG92t8nCK03C2ZCweQWD7ZulRJAjPhZv+TF5bJEForivU7+k # PKEshz9xKCWn2YGyNnf2LA06J1JkF215+KlReOoxwSgj1cPlHfBLQ0DtxmpJJZ1G # h5p4d26BbSlwR58HrFWTlhgJMPenl59BETUGIK1FklBxunmZeeijddfniAhOT44y # i0u9/H9KCg3tkwBROUy+42QV+ef32kz/yvi5RmYQI5W7PixO4sxH6MYduOjshsu9 # wK70f8EOwiZV6lFxqmbV7vxFeNnp5IuaVU7PMBoAkwZqLw99mSFy1+1BabCuL5b+ # 3iUTiD4UW48MYwE2Ua6Lit4kpfjhwcp/UYz6pIk6TCBQX6LfzO+nj+rod0GdIpyZ # 4Lwm7jBtpTlYkGrsMvpA/qcidOtqPA1lmBTNlY1hFodQF6KWtyObn0w5AM80xeeU # /mGxQDz97Bpz7LKZvhu+k38jaWvnJFnl3jF1zet88CYL9YL+YI/k1KjhFafCXb0V # 38Xpt5JTWxyLSh2B3gx0OpokX5bftvW9GlLix0HqL7c23uYwR2Bq+Rd6I8SAlk4C # uJq6gqP8IFBFHfgbmyqf/fyd/eHxm7J1voIdy9PZyxZ1JYT9A7yu56qV6SJYwCpr # aARwui/Dm4o= # =y+cC # -----END PGP SIGNATURE----- # gpg: Signature made Wed 08 Nov 2023 02:30:35 HKT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2023-11-07' of https://gitlab.com/thuth/qemu: target/s390x/cpu topology: Fix ordering and creation of TLEs tests/tcg/s390x: Test ADD LOGICAL WITH CARRY tests/tcg/s390x: Test LAALG with negative cc_src target/s390x: Fix LAALG not updating cc_src tests/tcg/s390x: Test CLC with inaccessible second operand target/s390x: Fix CLC corrupting cc_src target/s390x/cpu_models: Use 'first_cpu' in s390_get_feat_block() s390/sclp: fix SCLP facility map tests/avocado: Allow newer versions of tesseract in the nextcube test MAINTAINERS: Add artist.c to the hppa machine section MAINTAINERS: Add the virtio-gpu documentation to the corresponding section Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-08Merge tag 'misc-cpus-20231107' of https://github.com/philmd/qemu into stagingStefan Hajnoczi
Misc hardware patch queue HW emulation: - PMBus fixes and tests (Titus) - IDE fixes and tests (Fiona) - New ADM1266 sensor (Titus) - Better error propagation in PCI-ISA i82378 (Philippe) - Declare SD model QOM types using DEFINE_TYPES macro (Philippe) Topology: - Fix CPUState::nr_cores calculation (Zhuocheng Ding and Zhao Liu) Monitor: - Synchronize CPU state in 'info lapic' (Dongli Zhang) QOM: - Have 'cpu-qom.h' target-agnostic (Philippe) - Move ArchCPUClass definition to each target's cpu.h (Philippe) - Call object_class_is_abstract once in cpu_class_by_name (Philippe) UI: - Use correct key names in titles on MacOS / SDL2 (Adrian) MIPS: - Fix MSA BZ/BNZ and TX79 LQ/SQ opcodes (Philippe) Nios2: - Create IRQs *after* vCPU is realized (Philippe) PPC: - Restrict KVM objects to system emulation (Philippe) - Move target-specific definitions out of 'cpu-qom.h' (Philippe) S390X: - Make hw/s390x/css.h and hw/s390x/sclp.h headers target agnostic (Philippe) X86: - HVF & KVM cleanups (Philippe) Various targets: - Use env_archcpu() to optimize (Philippe) Misc: - Few global variable shadowing removed (Philippe) - Introduce cpu_exec_reset_hold and factor tcg_cpu_reset_hold out (Philippe) - Remove few more 'softmmu' mentions (Philippe) - Fix and cleanup in vl.c (Akihiko & Marc-André) - Resource leak fix in dump (Zongmin Zhou) - MAINTAINERS updates (Thomas, Daniel) # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmVKKmEACgkQ4+MsLN6t # wN4xHQ//X/enH4C7K3VP/tSinDiwmXN2o61L9rjqSDQkBaCtktZx4c8qKSDL7V4S # vwzmvvBn3biMXQwZNVJo9d0oz2qoaF9tI6Ao0XDHAan9ziagfG9YMqWhkCfj077Q # jLdCqkUuMJBvQgXGB1a6UgCme8PQx7h0oqjbCNfB0ZBls24b5DiEjO87LE4OTbTi # zKRhYEpZpGwIVcy+1dAsbaBpGFP06sr1doB9Wz4c06eSx7t0kFSPk6U4CyOPrGXh # ynyCxPwngxIXmarY8gqPs3SBs7oXsH8Q/ZOHr1LbuXhwSuw/0zBQU9aF7Ir8RPan # DB79JjPrtxTAhICKredWT79v9M18D2/1MpONgg4vtx5K2FzGYoAJULCHyfkHMRSM # L6/H0ZQPHvf7w72k9EcSQIhd0wPlMqRmfy37/8xcLiw1h4l/USx48QeKaeFWeSEu # DgwSk+R61HbrKvQz/U0tF98zUEyBaQXNrKmyzht0YE4peAtpbPNBeRHkd0GMae/Z # HOmkt8QlFQ0T14qSK7mSHaSJTUzRvFGD01cbuCDxVsyCWWsesEikXBACZLG5RCRY # Rn1WeX1H9eE3kKi9iueLnhzcF9yM5XqFE3f6RnDzY8nkg91lsTMSQgFcIpv6uGyp # 3WOTNSC9SoFyI3x8pCWiKOGytPUb8xk+PnOA85wYvVmT+7j6wus= # =OVdQ # -----END PGP SIGNATURE----- # gpg: Signature made Tue 07 Nov 2023 20:15:29 HKT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'misc-cpus-20231107' of https://github.com/philmd/qemu: (75 commits) dump: Add close fd on error return to avoid resource leak ui/sdl2: use correct key names in win title on mac MAINTAINERS: Add more guest-agent related files to the corresponding section MAINTAINERS: Add include/hw/xtensa/mx_pic.h to the XTFPGA machine section MAINTAINERS: update libvirt devel mailing list address MAINTAINERS: Add the CAN documentation file to the CAN section MAINTAINERS: Add include/hw/timer/tmu012.h to the SH4 R2D section hw/sd: Declare QOM types using DEFINE_TYPES() macro hw/i2c: pmbus: reset page register for out of range reads hw/i2c: pmbus: immediately clear faults on request tests/qtest: add tests for ADM1266 hw/sensor: add ADM1266 device model hw/i2c: pmbus: add VCAP register hw/i2c: pmbus: add fan support hw/i2c: pmbus: add vout mode bitfields hw/i2c: pmbus add support for block receive tests/qtest: ahci-test: add test exposing reset issue with pending callback hw/ide: reset: cancel async DMA operation before resetting state hw/cpu: Update the comments of nr_cores and nr_dies system/cpus: Fix CPUState.nr_cores' calculation ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2023-11-07target/s390x/cpu topology: Fix ordering and creation of TLEsNina Schoetterl-Glausch
In case of horizontal polarization entitlement has no effect on ordering. Moreover, since the comparison is used to insert CPUs at the correct position in the TLE list, this affects the creation of TLEs and now correctly collapses horizontally polarized CPUs into one TLE. Fixes: f4f54b582f ("target/s390x/cpu topology: handle STSI(15) and build the SYSIB") Signed-off-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com> Message-ID: <20231027163637.3060537-1-nsg@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-11-07target/s390x: Fix LAALG not updating cc_srcIlya Leoshkevich
LAALG uses op_laa() and wout_addu64(). The latter expects cc_src to be set, but the former does not do it. This can lead to assertion failures if something sets cc_src to neither 0 nor 1 before. Fix by introducing op_laa_addu64(), which sets cc_src, and using it for LAALG. Fixes: 4dba4d6fef61 ("target/s390x: Use atomic operations for LOAD AND OP") Cc: qemu-stable@nongnu.org Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-ID: <20231106093605.1349201-4-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>