aboutsummaryrefslogtreecommitdiff
path: root/target
AgeCommit message (Collapse)Author
2024-04-12target/sparc: Use GET_ASI_CODE for ASI_KERNELTXT and ASI_USERTXTRichard Henderson
Reads are done with execute access. It is not clear whether writes are legal at all -- for now, leave helper_st_asi unchanged, so that we continue to raise an mmu fault. This generalizes the exiting code for ASI_KERNELTXT to be usable for ASI_USERTXT as well, by passing down the MemOpIdx to use. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2281 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2059 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1609 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1166 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Tested-by: M Bazz <bazz@bazz1.com>
2024-04-09target/s390x: Use insn_start from DisasContextBaseRichard Henderson
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/riscv: Use insn_start from DisasContextBaseRichard Henderson
To keep the multiple update check, replace insn_start with insn_start_updated. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/microblaze: Use insn_start from DisasContextBaseRichard Henderson
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/i386: Preserve DisasContextBase.insn_start across rewindRichard Henderson
When aborting translation of the current insn, restore the previous value of insn_start. Acked-by: Paolo Bonzini <pbonzini@redhat.com> Tested-by: Jørgen Hansen <Jorgen.Hansen@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/hppa: Use insn_start from DisasContextBaseRichard Henderson
To keep the multiple update check, replace insn_start with insn_start_updated. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/arm: Use insn_start from DisasContextBaseRichard Henderson
To keep the multiple update check, replace insn_start with insn_start_updated. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/m68k: Map FPU exceptions to FPSR registerKeith Packard
Add helpers for reading/writing the 68881 FPSR register so that changes in floating point exception state can be seen by the application. Call these helpers in pre_load/post_load hooks to synchronize exception state. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230803035231.429697-1-keithp@keithp.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/sh4: add missing CHECK_NOT_DELAY_SLOTZack Buhman
CHECK_NOT_DELAY_SLOT is correctly applied to the branch-related instructions, but not to the PC-relative mov* instructions. I verified the existence of an illegal slot exception on a SH7091 when any of these instructions are attempted inside a delay slot. This also matches the behavior described in the SH-4 ISA manual. Signed-off-by: Zack Buhman <zack@buhman.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240407150705.5965-1-zack@buhman.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewd-by: Yoshinori Sato <ysato@users.sourceforge.jp>
2024-04-09target/sh4: Fix mac.w with saturation enabledZack Buhman
The saturation arithmetic logic in helper_macw is not correct. I tested and verified this behavior on a SH7091. Reviewd-by: Yoshinori Sato <ysato@users.sourceforge.jp> Signed-off-by: Zack Buhman <zack@buhman.org> Message-Id: <20240405233802.29128-3-zack@buhman.org> [rth: Reformat helper_macw, add a test case.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2024-04-09target/sh4: Fix mac.l with saturation enabledZack Buhman
The saturation arithmetic logic in helper_macl is not correct. I tested and verified this behavior on a SH7091. Signed-off-by: Zack Buhman <zack@buhman.org> Message-Id: <20240404162641.27528-2-zack@buhman.org> [rth: Reformat helper_macl, add a test case.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2024-04-09target/sh4: Merge mach and macl into a unionRichard Henderson
Allow host access to the entire 64-bit accumulator. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/sh4: mac.w: memory accesses are 16-bit wordsZack Buhman
Before this change, executing a code sequence such as: mova tblm,r0 mov r0,r1 mova tbln,r0 clrs clrmac mac.w @r0+,@r1+ mac.w @r0+,@r1+ .align 4 tblm: .word 0x1234 .word 0x5678 tbln: .word 0x9abc .word 0xdefg Does not result in correct behavior: Expected behavior: first macw : macl = 0x1234 * 0x9abc + 0x0 mach = 0x0 second macw: macl = 0x5678 * 0xdefg + 0xb00a630 mach = 0x0 Observed behavior (qemu-sh4eb, prior to this commit): first macw : macl = 0x5678 * 0xdefg + 0x0 mach = 0x0 second macw: (unaligned longword memory access, SIGBUS) Various SH-4 ISA manuals also confirm that `mac.w` is a 16-bit word memory access, not a 32-bit longword memory access. Signed-off-by: Zack Buhman <zack@buhman.org> Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240402093756.27466-1-zack@buhman.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-09target/hppa: Fix IIAOQ, IIASQ for pa2.0Richard Henderson
The contents of IIAOQ depend on PSW_W. Follow the text in "Interruption Instruction Address Queues", pages 2-13 through 2-15. Tested-by: Sven Schnelle <svens@stackframe.org> Tested-by: Helge Deller <deller@gmx.de> Reported-by: Sven Schnelle <svens@stackframe.org> Fixes: b10700d826c ("target/hppa: Update IIAOQ, IIASQ for pa2.0") Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-04-08target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3Peter Maydell
When we do an AT address translation operation, the page table walk is supposed to be performed in the context of the EL we're doing the walk for, so for instance an AT S1E2R walk is done for EL2. In the pseudocode an EL is passed to AArch64.AT(), which calls SecurityStateAtEL() to find the security state that we should be doing the walk with. In ats_write64() we get this wrong, instead using the current security space always. This is fine for AT operations performed from EL1 and EL2, because there the current security state and the security state for the lower EL are the same. But for AT operations performed from EL3, the current security state is always either Secure or Root, whereas we want to use the security state defined by SCR_EL3.{NS,NSE} for the walk. This affects not just guests using FEAT_RME but also ones where EL3 is Secure state and the EL3 code is trying to do an AT for a NonSecure EL2 or EL1. Use arm_security_space_below_el3() to get the SecuritySpace to pass to do_ats_write() for all AT operations except the AT S1E3* operations. Cc: qemu-stable@nongnu.org Fixes: e1ee56ec2383 ("target/arm: Pass security space rather than flag for AT instructions") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2250 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240405180232.3570066-1-peter.maydell@linaro.org
2024-04-05target/arm: Fix CNTPOFF_EL2 trap to missing EL3Pierre-Clément Tosi
EL2 accesses to CNTPOFF_EL2 should only ever trap to EL3 if EL3 is present, as described by the reference manual (for MRS): /* ... */ elsif PSTATE.EL == EL2 then if Halted() && HaveEL(EL3) && /*...*/ then UNDEFINED; elsif HaveEL(EL3) && SCR_EL3.ECVEn == '0' then /* ... */ else X[t, 64] = CNTPOFF_EL2; However, the existing implementation of gt_cntpoff_access() always returns CP_ACCESS_TRAP_EL3 for EL2 accesses with SCR_EL3.ECVEn unset. In pseudo-code terminology, this corresponds to assuming that HaveEL(EL3) is always true, which is wrong. As a result, QEMU panics in access_check_cp_reg() when started without EL3 and running EL2 code accessing the register (e.g. any recent KVM booting a guest). Therefore, add the HaveEL(EL3) check to gt_cntpoff_access(). Fixes: 2808d3b38a52 ("target/arm: Implement FEAT_ECV CNTPOFF_EL2 handling") Signed-off-by: Pierre-Clément Tosi <ptosi@google.com> Message-id: m3al6amhdkmsiy2f62w72ufth6dzn45xg5cz6xljceyibphnf4@ezmmpwk4tnhl Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-04-02accel/hvf: Un-inline hvf_arch_supports_guest_debug()Philippe Mathieu-Daudé
See previous commit and commit 9de9fa5cf2 ("Avoid using inlined functions with external linkage") for rationale. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240313184954.42513-3-philmd@linaro.org>
2024-04-02target/ppc: Rename init_excp_4xx_softmmu() -> init_excp_4xx()Philippe Mathieu-Daudé
Unify with other init_excp_FOO() in the same file. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20240313213339.82071-5-philmd@linaro.org>
2024-04-02target/arm: take HSTR traps of cp15 accesses to EL2, not EL1Peter Maydell
The HSTR_EL2 register allows the hypervisor to trap AArch32 EL1 and EL0 accesses to cp15 registers. We incorrectly implemented this so they trap to EL1 when we detect the need for a HSTR trap at code generation time. (The check in access_check_cp_reg() which we do at runtime to catch traps from EL0 is correctly routing them to EL2.) Use the correct target EL when generating the code to take the trap. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2226 Fixes: 049edada5e93df ("target/arm: Make HSTR_EL2 traps take priority over UNDEF-at-EL1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20240325133116.2075362-1-peter.maydell@linaro.org
2024-03-31Merge tag 'pull-ppc-for-9.0-3-20240331' of https://gitlab.com/npiggin/qemu ↵Peter Maydell
into staging Various fixes for recent regressions and new code. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCgAdFiEETkN92lZhb0MpsKeVZ7MCdqhiHK4FAmYJEQMACgkQZ7MCdqhi # HK6l0BAAkVf/BXKJxMu3jLvCpK/fBYGytvfHBR9PdWeBwIirqsk3L8eI/Fb5qkMZ # NMrfECyHR9LTcWb6/Pi/PGciNNWeyleN6IuVBeWfraIFyfHcxpwEKH8P+cXr5EWq # WDg+1GUt9+FHuAC9UdGZ81UzX7qeI9VfD3wHceqJ/XRU3qjj67DPZjTpsvxuP64+ # N7MhdEM69F34uiIAn1aNCceXiS00dvtu6lDl3+18TzT8sNc6S3qdyxVcqfRhTJfY # FMZIN3j2hQrVOElEQE9vAOeJyjAQCM+U0y3XZIZHFUw/GTwKV0tm08RFnnxprteG # 67vR5uXrDEELnU/1PA1YeyaBMA3Z3Nc36XbGf8zTD6rKkS2z0lWMcs72pPIxbMXj # c4FdnHaE+Q5ngy5s1p6bm5xM7WOEhrsJkgIu2N0weRroe0nAxywDWw3uQlMoV8Oc # Xet/xM2IKdc0PLzTvFO7xKnW3oqavJ4CX/6XgrGBoMDZKO1JRqaMixGtYKmoH/1h # 96+jdRbPTZAY8aoiFWW7t065lvdWt74A6QITcn2Kqm04j3MGJfyWMU6dakBzwuri # PhOkf40o8qn8KN0JNfSO+IXhYVRRotLO/s9H7TEyQiXm25qrGMIF9FErnbDseZil # rGR4eL0lcwJboYH9RSRWg0NNqpUekvqBzdnS+G0Ad3J+qaMYoik= # =7UPB # -----END PGP SIGNATURE----- # gpg: Signature made Sun 31 Mar 2024 08:30:11 BST # gpg: using RSA key 4E437DDA56616F4329B0A79567B30276A8621CAE # gpg: Good signature from "Nicholas Piggin <npiggin@gmail.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 4E43 7DDA 5661 6F43 29B0 A795 67B3 0276 A862 1CAE * tag 'pull-ppc-for-9.0-3-20240331' of https://gitlab.com/npiggin/qemu: tests/avocado: ppc_hv_tests.py set alpine time before setup-alpine tests/avocado: Fix ppc_hv_tests.py xorriso dependency guard target/ppc: Do not clear MSR[ME] on MCE interrupts to supervisor target/ppc: Fix GDB register indexing on secondary CPUs target/ppc: Restore [H]DEXCR to 64-bits target/ppc/mmu-radix64: Use correct string format in walk_tree() hw/ppc/spapr: Include missing 'sysemu/tcg.h' header spapr: nested: use bitwise NOT operator for flags check Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-03-30target/ppc: Do not clear MSR[ME] on MCE interrupts to supervisorNicholas Piggin
Hardware clears the MSR[ME] bit when delivering a machine check interrupt, so that is what QEMU does. The spapr environment runs in supervisor mode though, and receives machine check interrupts after they are processed by the hypervisor, and MSR[ME] must always be enabled in supervisor mode (otherwise it could checkstop the system). So MSR[ME] must not be cleared when delivering machine checks to the supervisor. The fix to prevent supervisor mode from modifying MSR[ME] also prevented it from re-enabling the incorrectly cleared MSR[ME] bit when returning from handling the interrupt. Before that fix, the problem was not very noticable with well-behaved code. So the Fixes tag is not strictly correct, but practically they go together. Found by kvm-unit-tests machine check tests (not yet upstream). Fixes: 678b6f1af75ef ("target/ppc: Prevent supervisor from modifying MSR[ME]") Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
2024-03-30target/ppc: Fix GDB register indexing on secondary CPUsBenjamin Gray
The GDB server protocol assigns an arbitrary numbering of the SPRs. We track this correspondence on each SPR with gdb_id, using it to resolve any SPR requests GDB makes. Early on we generate an XML representation of the SPRs to give GDB, including this numbering. However the XML is cached globally, and we skip setting the SPR gdb_id values on subsequent threads if we detect it is cached. This causes QEMU to fail to resolve SPR requests against secondary CPUs because it cannot find the matching gdb_id value on that thread's SPRs. This is a minimal fix to first assign the gdb_id values, then return early if the XML is cached. Otherwise we generate the XML using the now already initialised gdb_id values. Fixes: 1b53948ff8f7 ("target/ppc: Use GDBFeature for dynamic XML") Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
2024-03-30target/ppc: Restore [H]DEXCR to 64-bitsBenjamin Gray
The DEXCR emulation was recently changed to a 32-bit register, possibly because it does have a 32-bit read-only view. It is a full 64-bit SPR though, so use the corresponding 64-bit write functions. Fixes: fbda88f7abdee ("target/ppc: Fix width of some 32-bit SPRs") Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
2024-03-30target/ppc/mmu-radix64: Use correct string format in walk_tree()Philippe Mathieu-Daudé
'mask', 'nlb' and 'base_addr' are all uin64_t types. Use the corresponding PRIx64 format. Fixes: d2066bc50d ("target/ppc: Check page dir/table base alignment") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
2024-03-29target/hppa: Clear psw_n for BE on use_nullify_skip pathRichard Henderson
Along this path we have already skipped the insn to be nullified, so the subsequent insn should be executed. Cc: qemu-stable@nongnu.org Reported-by: Sven Schnelle <svens@stackframe.org> Tested-by: Sven Schnelle <svens@stackframe.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-29target/hppa: Add diag instructions to set/restore shadow registersHelge Deller
The 32-bit PA-7300LC (PCX-L2) CPU and the 64-bit PA8700 (PCX-W2) CPU use different diag instructions to save or restore the CPU registers to/from the shadow registers. Implement those per-CPU architecture diag instructions to fix those parts of the HP ODE testcases (L2DIAG and WDIAG, section 1) which test the shadow registers. Signed-off-by: Helge Deller <deller@gmx.de> [rth: Use decodetree to distinguish cases] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Helge Deller <deller@gmx.de> Tested-by: Helge Deller <deller@gmx.de>
2024-03-29target/hppa: Move diag argument handling to decodetreeRichard Henderson
Split trans_diag into per-operation functions. Reviewed-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-29target/hppa: Generate getshadowregs inlineRichard Henderson
This operation is trivial and does not require a helper. Reviewed-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Fix overflow computation for shladdRichard Henderson
Overflow indicator should include the effect of the shift step. We had previously left ??? comments about the issue. Tested-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Replace c with uv in do_condRichard Henderson
Prepare for proper indication of shladd unsigned overflow. The UV indicator will be zero/not-zero instead of a single bit. Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Squash d for pa1.x during decodeRichard Henderson
The cond_need_ext predicate was created while we still had a 32-bit compilation mode. It now makes more sense to treat D as an absolute indicator of a 64-bit operation. Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Fix unit carry conditionsRichard Henderson
Split do_unit_cond to do_unit_zero_cond to only handle conditions versus zero. These are the only ones that are legal for UXOR. Simplify trans_uxor accordingly. Rename do_unit to do_unit_addsub, since xor has been split. Properly compute carry-out bits for add and subtract, mirroring the code in do_add and do_sub. Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Fixes: b2167459ae4 ("target-hppa: Implement basic arithmetic") Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Optimize UADDCM with no conditionRichard Henderson
With r1 as zero is by far the most common usage of UADDCM, as the easiest way to invert a register. The compiler does occasionally use the addition step as well, and we can simplify that to avoid a temp and write directly into the destination. Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Fix DCOR reconstruction of carry bitsRichard Henderson
The carry bits for each nibble N are located in bit (N+1)*4, so the shift by 3 was off by one. Furthermore, the carry bit for the most significant carry bit is indeed located in bit 64, which is located in a different storage word. Use a double-word shift-right to reassemble into a single word and place them all at bit 0 of their respective nibbles. Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Fixes: b2167459ae4 ("target-hppa: Implement basic arithmetic") Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Use gva_offset_mask() everywhereSven Schnelle
Move it to cpu.h, so it can also be used in hppa_form_gva_psw(). Signed-off-by: Sven Schnelle <svens@stackframe.org> Reviewed-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240324080945.991100-2-svens@stackframe.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Fix EIRR, EIEM versus icountRichard Henderson
Call translator_io_start before write to EIRR. Move evaluation of EIRR vs EIEM to hppa_cpu_exec_interrupt. Exit TB after write to EIEM, but otherwise use a straight store. Reviewed-by: Helge Deller <deller@gmx.de> Tested-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Tidy read of interval timerRichard Henderson
The call to gen_helper_read_interval_timer is identical on both sides of the IF. Reviewed-by: Helge Deller <deller@gmx.de> Tested-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Mark interval timer write as ioRichard Henderson
Reviewed-by: Helge Deller <deller@gmx.de> Tested-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Fix ADD/SUB trap on overflow for narrow modeSven Schnelle
Fixes: c53e401ed9ff ("target/hppa: Remove TARGET_REGISTER_BITS") Signed-off-by: Sven Schnelle <svens@stackframe.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240321184228.611897-2-svens@stackframe.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Handle unit conditions for wide modeSven Schnelle
Wide mode provides two more conditions, add them. Fixes: 59963d8fdf42 ("target/hppa: Pass d to do_unit_cond") Signed-off-by: Sven Schnelle <svens@stackframe.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240321184228.611897-1-svens@stackframe.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Fix B,GATE for wide modeRichard Henderson
Do not clobber the high bits of the address by using a 32-bit deposit. Reviewed-by: Helge Deller <deller@gmx.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-27target/hppa: Fix BE,L set of sr0Richard Henderson
The return address comes from IA*Q_Next, and IASQ_Next is always equal to IASQ_Back, not IASQ_Front. Tested-by: Helge Deller <deller@gmx.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-26target/tricore/helper: Use correct string format in cpu_tlb_fill()Philippe Mathieu-Daudé
'address' got converted from target_ulong to vaddr in commit 68d6eee73c ("target/tricore: Convert to CPUClass::tlb_fill"). Use the corresponding format string to avoid casting. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20240319051413.6956-1-philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
2024-03-26target/i386/tcg: Enable page walking from MMIO memoryGregory Price
CXL emulation of interleave requires read and write hooks due to requirement for subpage granularity. The Linux kernel stack now enables using this memory as conventional memory in a separate NUMA node. If a process is deliberately forced to run from that node $ numactl --membind=1 ls the page table walk on i386 fails. Useful part of backtrace: (cpu=cpu@entry=0x555556fd9000, fmt=fmt@entry=0x555555fe3378 "cpu_io_recompile: could not find TB for pc=%p") at ../../cpu-target.c:359 (retaddr=0, addr=19595792376, attrs=..., xlat=<optimized out>, cpu=0x555556fd9000, out_offset=<synthetic pointer>) at ../../accel/tcg/cputlb.c:1339 (cpu=0x555556fd9000, full=0x7fffee0d96e0, ret_be=ret_be@entry=0, addr=19595792376, size=size@entry=8, mmu_idx=4, type=MMU_DATA_LOAD, ra=0) at ../../accel/tcg/cputlb.c:2030 (cpu=cpu@entry=0x555556fd9000, p=p@entry=0x7ffff56fddc0, mmu_idx=<optimized out>, type=type@entry=MMU_DATA_LOAD, memop=<optimized out>, ra=ra@entry=0) at ../../accel/tcg/cputlb.c:2356 (cpu=cpu@entry=0x555556fd9000, addr=addr@entry=19595792376, oi=oi@entry=52, ra=ra@entry=0, access_type=access_type@entry=MMU_DATA_LOAD) at ../../accel/tcg/cputlb.c:2439 at ../../accel/tcg/ldst_common.c.inc:301 at ../../target/i386/tcg/sysemu/excp_helper.c:173 (err=0x7ffff56fdf80, out=0x7ffff56fdf70, mmu_idx=0, access_type=MMU_INST_FETCH, addr=18446744072116178925, env=0x555556fdb7c0) at ../../target/i386/tcg/sysemu/excp_helper.c:578 (cs=0x555556fd9000, addr=18446744072116178925, size=<optimized out>, access_type=MMU_INST_FETCH, mmu_idx=0, probe=<optimized out>, retaddr=0) at ../../target/i386/tcg/sysemu/excp_helper.c:604 Avoid this by plumbing the address all the way down from x86_cpu_tlb_fill() where is available as retaddr to the actual accessors which provide it to probe_access_full() which already handles MMIO accesses. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2180 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2220 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-ID: <20240307155304.31241-2-Jonathan.Cameron@huawei.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2024-03-25target/s390x: Use mutable temporary value for op_tsIdo Plat
Otherwise TCG would assume the register that holds t1 would be constant and reuse whenever it needs the value within it. Cc: qemu-stable@nongnu.org Fixes: f1ea739bd598 ("target/s390x: Use tcg_constant_* in local contexts") Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> [iii: Adjust a newline and capitalization, add tags] Signed-off-by: Ido Plat <ido.plat@ibm.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Message-ID: <20240318202722.20675-1-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2024-03-22Merge tag 'pull-loongarch-20240322' of https://gitlab.com/gaosong/qemu into ↵Peter Maydell
staging pull-loongarch-20240322 # -----BEGIN PGP SIGNATURE----- # # iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZf1WZgAKCRBAov/yOSY+ # 35zZBADDPLM3130Q/2zsGhol1C538i4+hYRbrX+OsLnlaldyE3NqCPcgaKwVE3xS # T9aOln91rDyQedz4DVYYSx+Oa1JpRjGko957REmopL50SJOYi6n7YhHJksaUirjJ # tMDZdPClOegieOpCu8LgJAVhaxTpZvfLedJVPt7O6Fl/uP3pLg== # =XLqh # -----END PGP SIGNATURE----- # gpg: Signature made Fri 22 Mar 2024 09:59:02 GMT # gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF # gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF * tag 'pull-loongarch-20240322' of https://gitlab.com/gaosong/qemu: target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int' Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2024-03-22target/loongarch: Fix qemu-system-loongarch64 assert failed with the option ↵Song Gao
'-d int' qemu-system-loongarch64 assert failed with the option '-d int', the helper_idle() raise an exception EXCP_HLT, but the exception name is undefined. Signed-off-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240321123606.1704900-1-gaosong@loongson.cn>
2024-03-22target/riscv/kvm: fix timebase-frequency when using KVM accelerationYong-Xuan Wang
The timebase-frequency of guest OS should be the same with host machine. The timebase-frequency value in DTS should be got from hypervisor when using KVM acceleration. Signed-off-by: Yong-Xuan Wang <yongxuan.wang@sifive.com> Message-ID: <20240314061510.9800-1-yongxuan.wang@sifive.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2024-03-22target/riscv: Fix mode in riscv_tlb_fillIrina Ryapolova
Need to convert mmu_idx to privilege mode for PMP function. Signed-off-by: Irina Ryapolova <irina.ryapolova@syntacore.com> Fixes: b297129ae1 ("target/riscv: propagate PMP permission to TLB page") Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-ID: <20240320172828.23965-1-irina.ryapolova@syntacore.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2024-03-22target/riscv: rvv: Remove the dependency of Zvfbfmin to ZfbfminMax Chou
According to the Zvfbfmin definition in the RISC-V BF16 extensions spec, the Zvfbfmin extension only requires either the V extension or the Zve32f extension. Signed-off-by: Max Chou <max.chou@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240321170929.1162507-1-max.chou@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>