Commit Graph

10149 Commits

Author SHA1 Message Date
Matt Borgerson
d73d134bcf target/i386: Fix gen_enter_mmx calls 2023-01-23 00:30:40 -07:00
Matt Borgerson
6ea11938b2 v7.2.0 release
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmOY5qgACgkQnKSrs4Gr
 c8is4ggAuXF4kEk+y8fUw60ykKytM5XeU3emNUw9EPoULhQgEbL+Zc+hH6ZCpn0b
 Pv+Vb4WjkxvY7dEDwvnsfA0Mu3Othy4B+ON4FebQzEhU3fedTD1owGnLlxBIphFv
 0aURRbhC865PUk3BwHef/Ic06QQNSVL6fOqyqFuQ+bVgktXIMk4VjYofCJ39S6TP
 bc8kWNBKrkxQUWaLH5BF4RSFV4/ghvWO5wjvsF0pbxMtkR3lotR9FHQ+S4UbWGee
 b7mUoPB/qlCWMDRCTZujSmP90mYzZamOS+VbpEJwUDhX1g7ScHu94CMjROuX2l2w
 MWkWVu+92QUUTcNbDrUO9Cun61gkFg==
 =Px/i
 -----END PGP SIGNATURE-----

Merge tag 'v7.2.0' into sync/qemu-7.2.0

v7.2.0 release
2023-01-22 13:17:37 -07:00
Stefan Hajnoczi
aaf47c7e8b * Fix potential undefined behavior in cleanup of migration-test
* Fix a s390x instruction that causes Java to crash
 * Fix a typo in a comment in next-fb.c
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmOMRosRHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbVh+Q/+PEMevD61MUr1xl5S1uJpur1Pddr+wSTy
 w2PS6eluP8U6SzNZ2x4pGHBjW/ENfoAY/3UgXP5VBHFVaXDLLOfAhoFf7d/uhFLG
 gMUDxPtpGMw8uZJY08R5irDLin/zjsVacKUQuXwC0qkOVaLJrkYeOYkLrRPcjS/Y
 LiNGmFTVA+odrXX5zH7GPhl12hKrs8Uo44M0K31V8HEwgPT+S+DhY6b7FfjM9w6Q
 H/hmrYoApdLPja38Zha4wj4XF6X8o5lSWtFtUCaLoaPPux7FAtzFxWiuzGPpNX+Z
 7+rLxivVsZrPx2iWm2TRIm4E2qHcA+QhcSkmuGA4Fywgjl1BGlAiiE+QTS/QEtyF
 G199pcZsgkVE5kqc4wz0LYomwmU6kkaItwMJHhnBMQG16OJFg9tRuJdZaoqHRtUs
 OXIMaR/ecGq8F3B6BAmBP9nUet6F7668DIAOmE0AdFgVHQOcIN8+uCCjSn23uu42
 yYn7rPruF39wyyFY9t/CbEflg6ZUTKjs+yuR8ukzU4JYbu8wXOxJ9kwV7l5uPJ/E
 rBFm88UY8QT+XfCx2obN4d3UMetcRcluZkY0EBKoJqTDurhvRQwVu02LWzY22pny
 a0FI+yvJBm6rP2TO9YJQonXSBizbQaa+JjWqb/GO6p3ZMn40uoQxpiozVD/ovOKO
 j9z3B+XxVY8=
 =vuhL
 -----END PGP SIGNATURE-----

Merge tag 'pull-request-2022-12-04' of https://gitlab.com/thuth/qemu into staging

* Fix potential undefined behavior in cleanup of migration-test
* Fix a s390x instruction that causes Java to crash
* Fix a typo in a comment in next-fb.c

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmOMRosRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbVh+Q/+PEMevD61MUr1xl5S1uJpur1Pddr+wSTy
# w2PS6eluP8U6SzNZ2x4pGHBjW/ENfoAY/3UgXP5VBHFVaXDLLOfAhoFf7d/uhFLG
# gMUDxPtpGMw8uZJY08R5irDLin/zjsVacKUQuXwC0qkOVaLJrkYeOYkLrRPcjS/Y
# LiNGmFTVA+odrXX5zH7GPhl12hKrs8Uo44M0K31V8HEwgPT+S+DhY6b7FfjM9w6Q
# H/hmrYoApdLPja38Zha4wj4XF6X8o5lSWtFtUCaLoaPPux7FAtzFxWiuzGPpNX+Z
# 7+rLxivVsZrPx2iWm2TRIm4E2qHcA+QhcSkmuGA4Fywgjl1BGlAiiE+QTS/QEtyF
# G199pcZsgkVE5kqc4wz0LYomwmU6kkaItwMJHhnBMQG16OJFg9tRuJdZaoqHRtUs
# OXIMaR/ecGq8F3B6BAmBP9nUet6F7668DIAOmE0AdFgVHQOcIN8+uCCjSn23uu42
# yYn7rPruF39wyyFY9t/CbEflg6ZUTKjs+yuR8ukzU4JYbu8wXOxJ9kwV7l5uPJ/E
# rBFm88UY8QT+XfCx2obN4d3UMetcRcluZkY0EBKoJqTDurhvRQwVu02LWzY22pny
# a0FI+yvJBm6rP2TO9YJQonXSBizbQaa+JjWqb/GO6p3ZMn40uoQxpiozVD/ovOKO
# j9z3B+XxVY8=
# =vuhL
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 04 Dec 2022 02:04:43 EST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-12-04' of https://gitlab.com/thuth/qemu:
  hw/display/next-fb: Fix comment typo
  target/s390x/tcg: Fix and improve the SACF instruction
  tests/qtest/migration-test: Fix unlink error and memory leaks

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-12-04 11:07:46 -05:00
Stefan Hajnoczi
4bd638ac65 * Fix MMX instructions for system emulators
* Fix uninitialized TranslateFault after canonical address checks
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmOIa40UHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroON/wf6AuomXEtqw6OxPCKwYwnXwAA64mO0
 rN9tFw1YcrlynFkzwaGkGThQOuQen2FXBVx1NL64781oZFYU9Zq04rxH3CpZCVVq
 J/POjnrHzaNeWoipiyj4kBi662FF8a6vS+l3pvwfI38jxi4oqRrPowGuqnqus5LS
 Y88Q5y9u+e5MKSO+MpiH0C8/CxlKaKTIUURAr2YKYvwV5vGGVsCQ0BYAxUsfBq5S
 IijzilFBgj5N1vbNnGp/Ltr1vS4xdSmfugxf+myGO45kyr9MkwYUpSqE0nKuVlHX
 OdbhtOfVgifKPf5vahshILu0dZSeFKAOUuGg3gS1THydTtStjonRQA9TBA==
 =ops5
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Fix MMX instructions for system emulators
* Fix uninitialized TranslateFault after canonical address checks

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmOIa40UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroON/wf6AuomXEtqw6OxPCKwYwnXwAA64mO0
# rN9tFw1YcrlynFkzwaGkGThQOuQen2FXBVx1NL64781oZFYU9Zq04rxH3CpZCVVq
# J/POjnrHzaNeWoipiyj4kBi662FF8a6vS+l3pvwfI38jxi4oqRrPowGuqnqus5LS
# Y88Q5y9u+e5MKSO+MpiH0C8/CxlKaKTIUURAr2YKYvwV5vGGVsCQ0BYAxUsfBq5S
# IijzilFBgj5N1vbNnGp/Ltr1vS4xdSmfugxf+myGO45kyr9MkwYUpSqE0nKuVlHX
# OdbhtOfVgifKPf5vahshILu0dZSeFKAOUuGg3gS1THydTtStjonRQA9TBA==
# =ops5
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 01 Dec 2022 03:53:33 EST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  target/i386: Always completely initialize TranslateFault
  target/i386: allow MMX instructions with CR4.OSFXSR=0

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-12-04 11:00:44 -05:00
Thomas Huth
21be74a9a5 target/s390x/tcg: Fix and improve the SACF instruction
The SET ADDRESS SPACE CONTROL FAST instruction is not privileged, it can be
used from problem space, too. Just the switching to the home address space
is privileged and should still generate a privilege exception. This bug is
e.g. causing programs like Java that use the "getcpu" vdso kernel function
to crash (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990417#26 ).

While we're at it, also check if DAT is not enabled. In that case the
instruction is supposed to generate a special operation exception.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/655
Message-Id: <20221201184443.136355-1-thuth@redhat.com>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-12-03 22:04:40 +01:00
Richard Henderson
8218c048be target/i386: Always completely initialize TranslateFault
In get_physical_address, the canonical address check failed to
set TranslateFault.stage2, which resulted in an uninitialized
read from the struct when reporting the fault in x86_cpu_tlb_fill.

Adjust all error paths to use structure assignment so that the
entire struct is always initialized.

Reported-by: Daniel Hoffman <dhoff749@gmail.com>
Fixes: 9bbcf37219 ("target/i386: Reorg GET_HPHYS")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-12-01 09:53:24 +01:00
Paolo Bonzini
38e65936a8 target/i386: allow MMX instructions with CR4.OSFXSR=0
MMX state is saved/restored by FSAVE/FRSTOR so the instructions are
not illegal opcodes even if CR4.OSFXSR=0.  Make sure that validate_vex
takes into account the prefix and only checks HF_OSFXSR_MASK in the
presence of an SSE instruction.

Fixes: 20581aadec ("target/i386: validate VEX prefixes via the instructions' exception classes", 2022-10-18)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1350
Reported-by: Helge Konetzka (@hejko on gitlab.com)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-12-01 09:05:05 +01:00
Evgeny Ermakov
475e56b630 target/arm: Set TCGCPUOps.restore_state_to_opc for v7m
This setting got missed, breaking v7m.

Fixes: 56c6c98df8 ("target/arm: Convert to tcg_ops restore_state_to_opc")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1347
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Evgeny Ermakov <evgeny.v.ermakov@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221129204146.550394-1-richard.henderson@linaro.org>
2022-11-29 18:15:26 -05:00
Ard Biesheuvel
15f8f4671a target/arm: Use signed quantity to represent VMSAv8-64 translation level
The LPA2 extension implements 52-bit virtual addressing for 4k and 16k
translation granules, and for the former, this means an additional level
of translation is needed. This means we start counting at -1 instead of
0 when doing a walk, and so 'level' is now a signed quantity, and should
be typed as such. So turn it from uint32_t into int32_t.

This avoids a level of -1 getting misinterpreted as being >= 3, and
terminating a page table walk prematurely with a bogus output address.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-22 16:10:25 +00:00
Peter Maydell
26ba00cf58 target/arm: Don't do two-stage lookup if stage 2 is disabled
In get_phys_addr_with_struct(), we call get_phys_addr_twostage() if
the CPU supports EL2.  However, we don't check here that stage 2 is
actually enabled.  Instead we only check that inside
get_phys_addr_twostage() to skip stage 2 translation.  This means
that even if stage 2 is disabled we still tell the stage 1 lookup to
do its page table walks via stage 2.

This works by luck for normal CPU accesses, but it breaks for debug
accesses, which are used by the disassembler and also by semihosting
file reads and writes, because the debug case takes a different code
path inside S1_ptw_translate().

This means that setups that use semihosting for file loads are broken
(a regression since 7.1, introduced in recent ptw refactoring), and
that sometimes disassembly in debug logs reports "unable to read
memory" rather than showing the guest insns.

Fix the bug by hoisting the "is stage 2 enabled?" check up to
get_phys_addr_with_struct(), so that we handle S2 disabled the same
way we do the "no EL2" case, with a simple single stage lookup.

Reported-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20221121212404.1450382-1-peter.maydell@linaro.org
2022-11-22 13:18:22 +00:00
Ard Biesheuvel
312b71abce target/arm: Limit LPA2 effective output address when TCR.DS == 0
With LPA2, the effective output address size is at most 48 bits when
TCR.DS == 0. This case is currently unhandled in the page table walker,
where we happily assume LVA/64k granule when outputsize > 48 and
param.ds == 0, resulting in the wrong conversion to be used from a
page table descriptor to a physical address.

    if (outputsize > 48) {
        if (param.ds) {
            descaddr |= extract64(descriptor, 8, 2) << 50;
        } else {
            descaddr |= extract64(descriptor, 12, 4) << 48;
        }

So cap the outputsize to 48 when TCR.DS is cleared, as per the
architecture.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20221116170316.259695-1-ardb@kernel.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-21 11:46:46 +00:00
Stefan Hajnoczi
a082fab9d2 ppc patch queue for 2022-11-17:
Short queue with a build regression fix when using --disable-tcg.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCY3ZP3wAKCRA82cqW3gMx
 ZB7uAPwN3C8R0YeL+NR44ZlzJVM75TjT1sDYD3oZjEraIfAz9AD7BKRNMPXmmF3A
 sIHlbhVWquFU07ZDq5UmMfa2WudFZgc=
 =z2+u
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20221117' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2022-11-17:

Short queue with a build regression fix when using --disable-tcg.

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCY3ZP3wAKCRA82cqW3gMx
# ZB7uAPwN3C8R0YeL+NR44ZlzJVM75TjT1sDYD3oZjEraIfAz9AD7BKRNMPXmmF3A
# sIHlbhVWquFU07ZDq5UmMfa2WudFZgc=
# =z2+u
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 17 Nov 2022 10:14:39 EST
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20221117' of https://gitlab.com/danielhb/qemu:
  target/ppc: Fix build warnings when building with 'disable-tcg'

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-17 12:39:38 -05:00
Vaibhav Jain
049b4ad669 target/ppc: Fix build warnings when building with 'disable-tcg'
Kowshik reported that building qemu with GCC 12.2.1 for 'ppc64-softmmu'
target is failing due to following build warnings:

<snip>
 ../target/ppc/cpu_init.c:7018:13: error: 'ppc_restore_state_to_opc' defined but not used [-Werror=unused-function]
 7018 | static void ppc_restore_state_to_opc(CPUState *cs,
<snip>

Fix this by wrapping these function definitions in 'ifdef CONFIG_TCG' so that
they are only defined if qemu is compiled with '--enable-tcg'

Reported-by: Kowshik Jois B S <kowsjois@linux.ibm.com>
Fixes: 61bd1d2942 ("target/ppc: Convert to tcg_ops restore_state_to_opc")
Fixes: 670f1da374 ("target/ppc: Implement hashst and hashchk")
Fixes: 53ae2aeb94 ("target/ppc: Implement hashstp and hashchkp")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1319
Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Kowshik Jois B S <kowsjois@linux.vnet.ibm.com>
Message-Id: <20221116131743.658708-1-vaibhav@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-11-17 11:28:04 -03:00
Thomas Huth
44ee69ea16 s390x: Fix spelling errors
Fix typos (discovered with the 'codespell' utility).
Note: Though "migrateable" still seems to be a valid spelling, we change
it to "migratable" since this is the way more common spelling here.

Message-Id: <20221111182828.282251-1-thuth@redhat.com>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-11-16 10:15:26 +01:00
Paolo Bonzini
35d95e4126 target/i386: hardcode R_EAX as destination register for LAHF/SAHF
When translating code that is using LAHF and SAHF in combination with the
REX prefix, the instructions should not use any other register than AH;
however, QEMU selects SPL (SP being register 4, just like AH) if the
REX prefix is present.  To fix this, use deposit directly without
going through gen_op_mov_v_reg and gen_op_mov_reg_v.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/130
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-15 09:34:42 +10:00
Paolo Bonzini
d1bb978ba1 target/i386: fix cmpxchg with 32-bit register destination
Unlike the memory case, where "the destination operand receives a write
cycle without regard to the result of the comparison", rm must not be
touched altogether if the write fails, including not zero-extending
it on 64-bit processors.  This is not how the movcond currently works,
because it is always followed by a gen_op_mov_reg_v to rm.

To fix it, introduce a new function that is similar to gen_op_mov_reg_v
but writes to a TCG temporary.

Considering that gen_extu(ot, oldv) is not needed in the memory case
either, the two cases for register and memory destinations are different
enough that one might as well fuse the two "if (mod == 3)" into one.
So do that too.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/508
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[rth: Add a test case ]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-15 09:34:42 +10:00
Stefan Hajnoczi
3ba5fe46ea MIPS patches queue
- Remove -Wclobbered in nanoMIPS disassembler (Richard Henderson)
 - Fix invalid string formats in nanoMIPS disassembler (myself)
 - Allow Loongson-2F to access XKPHYS in kernel mode (Jiaxun Yang)
 - Octeon opcode fixes (Jiaxun Yang, Pavel Dovgalyuk)
 - MAINTAINERS nanoMIPS update
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmNpnTYACgkQ4+MsLN6t
 wN4t2A//XLIH7uL+u6kqGm45fVyy58R1NDoj2afNv5rRqIcXSrP9zRH00woLmGzs
 pYLbu3yOynY2/OSU3iooAaXjQz8ub3YIpceAQdD26OgnpTrwVzKO9jvQz2UlDrzs
 gETnHfqwZDBzxbqkUXxT7Pe3NRQzRmMgrMYNJm+e7UokCVy3c2PZ6vBdC5zvwS6K
 LwnuEBvG74fV70D42dYay0wTB37z7m5Cf7uMp7TrEA+2HLgIZl+J9AuCmZxZZxdU
 sh0AvNiVaKbHT55lazWAMvmVuUEl5zLTEUa1B0sOv081ZaY3ACBuh6Q8VpNgkgSx
 qxKQbye+LtnDDYckeIRa3jI5Fs5AagC6lPPJJpiiFnMqpQaPYhNDFFjR5LNdwfQ6
 cN1lU4toi2B5LuUmiCEJrAsMgocLaNVnhwas391vtIFZh+onN/wZ1sE1Ur1kZkL7
 and2QDr2C8Y7qnpP3q8QRSz1yz+pyvTRcRIwjrnRGIgOfQUOiYeLB1RO01VOFn8u
 0Oa5gKrtClnQxMfZqoRIGucrnbZdrP/oHwsVOKUdDDNpAceVEJ0dvBiUv6WhQQ/4
 G6Ih2GJ/gJU3Ld8UliA9MCzISbvNoQ6EHYk0YqrH8B/MCzvOLbbmaZban3+xFTma
 c2YGQ16ZIQsZMm00sB1Du8l9H9ms/N0VJcSx9txD2YbQWOA/bMs=
 =gQ7f
 -----END PGP SIGNATURE-----

Merge tag 'mips-20221108' of https://github.com/philmd/qemu into staging

MIPS patches queue

- Remove -Wclobbered in nanoMIPS disassembler (Richard Henderson)
- Fix invalid string formats in nanoMIPS disassembler (myself)
- Allow Loongson-2F to access XKPHYS in kernel mode (Jiaxun Yang)
- Octeon opcode fixes (Jiaxun Yang, Pavel Dovgalyuk)
- MAINTAINERS nanoMIPS update

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmNpnTYACgkQ4+MsLN6t
# wN4t2A//XLIH7uL+u6kqGm45fVyy58R1NDoj2afNv5rRqIcXSrP9zRH00woLmGzs
# pYLbu3yOynY2/OSU3iooAaXjQz8ub3YIpceAQdD26OgnpTrwVzKO9jvQz2UlDrzs
# gETnHfqwZDBzxbqkUXxT7Pe3NRQzRmMgrMYNJm+e7UokCVy3c2PZ6vBdC5zvwS6K
# LwnuEBvG74fV70D42dYay0wTB37z7m5Cf7uMp7TrEA+2HLgIZl+J9AuCmZxZZxdU
# sh0AvNiVaKbHT55lazWAMvmVuUEl5zLTEUa1B0sOv081ZaY3ACBuh6Q8VpNgkgSx
# qxKQbye+LtnDDYckeIRa3jI5Fs5AagC6lPPJJpiiFnMqpQaPYhNDFFjR5LNdwfQ6
# cN1lU4toi2B5LuUmiCEJrAsMgocLaNVnhwas391vtIFZh+onN/wZ1sE1Ur1kZkL7
# and2QDr2C8Y7qnpP3q8QRSz1yz+pyvTRcRIwjrnRGIgOfQUOiYeLB1RO01VOFn8u
# 0Oa5gKrtClnQxMfZqoRIGucrnbZdrP/oHwsVOKUdDDNpAceVEJ0dvBiUv6WhQQ/4
# G6Ih2GJ/gJU3Ld8UliA9MCzISbvNoQ6EHYk0YqrH8B/MCzvOLbbmaZban3+xFTma
# c2YGQ16ZIQsZMm00sB1Du8l9H9ms/N0VJcSx9txD2YbQWOA/bMs=
# =gQ7f
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 07 Nov 2022 19:05:10 EST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* tag 'mips-20221108' of https://github.com/philmd/qemu:
  MAINTAINERS: Inherit from nanoMIPS
  disas/nanomips: Tidy read for 48-bit opcodes
  disas/nanomips: Split out read_u16
  disas/nanomips: Merge insn{1,2,3} into words[3]
  disas/nanomips: Move setjmp into nanomips_dis
  disas/nanomips: Remove headers already included by "qemu/osdep.h"
  disas/nanomips: Use G_GNUC_PRINTF to avoid invalid string formats
  disas/nanomips: Fix invalid PRIx64 format calling img_format()
  disas/nanomips: Fix invalid PRId64 format calling img_format()
  target/mips: Don't check COP1X for 64 bit FP mode
  target/mips: Disable DSP ASE for Octeon68XX
  target/mips: Enable LBX/LWX/* instructions for Octeon
  target/mips: Cast offset field of Octeon BBIT to int16_t
  target/mips: Set CP0St_{KX, SX, UX} for Loongson-2F

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-08 11:33:27 -05:00
Jiaxun Yang
2a2105a262 target/mips: Don't check COP1X for 64 bit FP mode
Some implementations (i.e. Loongson-2F) may decide to implement
a 64 bit FPU without implementing COP1X instructions.

As the eligibility of 64 bit FP instructions is already determined
by CP0St_FR, there is no need to check for COP1X again.

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20221102165719.190378-1-jiaxun.yang@flygoat.com>
[PMD: Add missing trailing parenthesis (buildfix)]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08 01:04:25 +01:00
Jiaxun Yang
4bfc895383 target/mips: Disable DSP ASE for Octeon68XX
I don't have access to Octeon68XX hardware but according
to my investigation Octeon never had DSP ASE support.

As per "Cavium Networks OCTEON Plus CN50XX Hardware Reference
Manual" CP0C3_DSPP is reserved bit and read as 0. Also I do have
access to a Ubiquiti Edgerouter 4 which has Octeon CN7130 processor
and I can confirm CP0C3_DSPP is read as 0 on that processor.

Further more, in linux kernel:
arch/mips/include/asm/mach-cavium-octeon/cpu-feature-overrides.h
cpu_has_dsp is overridden as 0.

So I believe we shouldn't emulate DSP in QEMU as well.

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <20221031132531.18122-4-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08 01:04:25 +01:00
Pavel Dovgalyuk
4525ea7e0c target/mips: Enable LBX/LWX/* instructions for Octeon
This patch changes condition and function name for enabling
indexed load instructions for Octeon vCPUs. Octeons do not
have DSP extension, but implement LBX-and-others.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <166728058455.229236.13834649461181619195.stgit@pasha-ThinkPad-X280>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08 01:04:25 +01:00
Jiaxun Yang
0e8b3010af target/mips: Cast offset field of Octeon BBIT to int16_t
As per "Cavium Networks OCTEON Plus CN50XX Hardware Reference
Manual" offset field is signed 16 bit value. However arg_BBIT.offset
is unsigned. We need to cast it as signed to do address calculation.

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20221031132531.18122-3-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08 01:04:25 +01:00
Jiaxun Yang
8063db0fc8 target/mips: Set CP0St_{KX, SX, UX} for Loongson-2F
As per an unpublished document, in later reversion of chips
CP0St_{KX, SX, UX} is not writeable and hardcoded to 1.

Without those bits set, kernel is unable to access XKPHYS address
segment. So just set them up on CPU reset.

Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221031132531.18122-2-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2022-11-08 01:04:25 +01:00
Stefan Hajnoczi
622a84ef76 pull-loongarch-20221107
-----BEGIN PGP SIGNATURE-----
 
 iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCY2hz5gAKCRBAov/yOSY+
 31ESA/9ppQVu70y8AnA/aYCzC6koQxxAsaD/lvwc7M1xzeZnjwOsVnsFLpZITTJj
 2+2O/BlEO3uRvAtV6E7Vtu9D/+Cc+HQ7yOFnwbY0jZmePThp3YYtTg6o+2T7/9ya
 RMicgny1SYjsOjG8/Uam9+dRbH5QheNFwid0BWFhMts9MDB3Mg==
 =zZ8m
 -----END PGP SIGNATURE-----

Merge tag 'pull-loongarch-20221107' of https://gitlab.com/gaosong/qemu into staging

pull-loongarch-20221107

# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCY2hz5gAKCRBAov/yOSY+
# 31ESA/9ppQVu70y8AnA/aYCzC6koQxxAsaD/lvwc7M1xzeZnjwOsVnsFLpZITTJj
# 2+2O/BlEO3uRvAtV6E7Vtu9D/+Cc+HQ7yOFnwbY0jZmePThp3YYtTg6o+2T7/9ya
# RMicgny1SYjsOjG8/Uam9+dRbH5QheNFwid0BWFhMts9MDB3Mg==
# =zZ8m
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 06 Nov 2022 21:56:38 EST
# gpg:                using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C  6C2C 40A2 FFF2 3926 3EDF

* tag 'pull-loongarch-20221107' of https://gitlab.com/gaosong/qemu:
  target/loongarch: Fix return value of CHECK_FPE
  target/loongarch: Separate the hardware flags into MMU index and PLV

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-07 15:21:45 -05:00
Rui Wang
e913bace61
target/loongarch: Fix return value of CHECK_FPE
Regarding the patchset v3 has been merged into main line, and not
approved, this patch updates to patchset v4.

Fixes: 2419978c ("target/loongarch: Fix emulation of float-point disable exception")
Link: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg00808.html
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Rui Wang <wangrui@loongson.cn>
Message-Id: <20221107024526.702297-3-wangrui@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-11-07 10:54:11 +08:00
Rui Wang
c8885b8839
target/loongarch: Separate the hardware flags into MMU index and PLV
Regarding the patchset v3 has been merged into main line, and not
approved, this patch updates to patchset v4.

Fixes: b4bda200 ("target/loongarch: Adjust the layout of hardware flags bit fields")
Link: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg00808.html
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Rui Wang <wangrui@loongson.cn>
Message-Id: <20221107024526.702297-2-wangrui@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-11-07 10:54:08 +08:00
Philippe Mathieu-Daudé
5d756c82c9 target/tricore: Rename csfr.def -> csfr.h.inc
We use the .h.inc extension to include C headers. To be consistent
with the rest of the codebase, rename the C headers using the .def
extension.

IDE/tools using our .editorconfig / .gitattributes will leverage
this consistency.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221025235006.7215-4-philmd@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-11-05 20:35:45 +01:00
Philippe Mathieu-Daudé
9cef8d9926 target/s390x: Rename insn-data/format.def -> insn-data/format.h.inc
We use the .h.inc extension to include C headers. To be consistent
with the rest of the codebase, rename the C headers using the .def
extension.

IDE/tools using our .editorconfig / .gitattributes will leverage
this consistency.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221025235006.7215-3-philmd@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-11-05 20:35:45 +01:00
Philippe Mathieu-Daudé
0f208a9747 target/m68k: Rename qregs.def -> qregs.h.inc
We use the .h.inc extension to include C headers. To be consistent
with the rest of the codebase, rename the C headers using the .def
extension.

IDE/tools using our .editorconfig / .gitattributes will leverage
this consistency.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221025235006.7215-2-philmd@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-11-05 20:35:45 +01:00
Stefan Hajnoczi
6295a58ad1 target-arm queue:
* Fix regression booting Trusted Firmware
  * Honor HCR_E2H and HCR_TGE in ats_write64()
  * Copy the entire vector in DO_ZIP
  * Fix Privileged Access Never (PAN) for aarch32
  * Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB
  * Set SCR_EL3.HXEn when direct booting kernel
  * Set SME and SVE EL3 vector lengths when direct booting kernel
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmNk+KkZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vUsD/9SYZP3ne2OZxBe8he98jJ5
 6apODiBksBLUM+1bKEoYW8Kw4XpS10I1Tbnxe7n0bNAfIiZlsZ7HJAJaYWy4MX4k
 Bq0v1EIFo+Obumocc14ZzWcw9yPpHOGavKHXfPxTtIw0amtOmh3aMBPuOZKiMSaq
 TdI/8654DbAOY3Hp/r6WnXwEgAc23kx/PtGhQFdU4iWhzTdeQeFkgCCsVMO02zFQ
 ZM4wiAATpfNfgf5+Wxoin6RQ8nI9PF+Xf7HhN3d1CiXju3vOl+geYNkubJzIopv1
 itLcnvduYE6+5oJsnXZ4FDNO6/nnqWRNqtyDf0/NjLROfj84BPJpZqMX+FR6Q0I0
 d+4/oEw4A46qfaS5b4/YelbJOiUgiViWU1Xs3g2dkeTMT8CyGfDrJ2HRDKN7AaHo
 llL7s1calkX2oSs+gU0BAw8xRETGwMBSOpF6JmPVh277LjvWfN1vsJzVUG3wrSXL
 G7qa2h+fHV5Xu876sc/i0+d4qHuqcE/EU86VQ6X40f+dRzN02rkSCPAxzGFwLXOr
 8fl5MsX6z5pqcubnzxkhi66ZHc6fXsvtUjKBxyrVpMyjMlV9PTJ2Q1RCgVctErXk
 lDzsLuplzPSjZBy3Peib/rLnmYUxJHyPe0RFYIumzZv/UHwL4GjZgkI842UVBpAL
 FvIGblcCXHhdP4UFvqgZhw==
 =Fcb4
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20221104' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Fix regression booting Trusted Firmware
 * Honor HCR_E2H and HCR_TGE in ats_write64()
 * Copy the entire vector in DO_ZIP
 * Fix Privileged Access Never (PAN) for aarch32
 * Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB
 * Set SCR_EL3.HXEn when direct booting kernel
 * Set SME and SVE EL3 vector lengths when direct booting kernel

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmNk+KkZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vUsD/9SYZP3ne2OZxBe8he98jJ5
# 6apODiBksBLUM+1bKEoYW8Kw4XpS10I1Tbnxe7n0bNAfIiZlsZ7HJAJaYWy4MX4k
# Bq0v1EIFo+Obumocc14ZzWcw9yPpHOGavKHXfPxTtIw0amtOmh3aMBPuOZKiMSaq
# TdI/8654DbAOY3Hp/r6WnXwEgAc23kx/PtGhQFdU4iWhzTdeQeFkgCCsVMO02zFQ
# ZM4wiAATpfNfgf5+Wxoin6RQ8nI9PF+Xf7HhN3d1CiXju3vOl+geYNkubJzIopv1
# itLcnvduYE6+5oJsnXZ4FDNO6/nnqWRNqtyDf0/NjLROfj84BPJpZqMX+FR6Q0I0
# d+4/oEw4A46qfaS5b4/YelbJOiUgiViWU1Xs3g2dkeTMT8CyGfDrJ2HRDKN7AaHo
# llL7s1calkX2oSs+gU0BAw8xRETGwMBSOpF6JmPVh277LjvWfN1vsJzVUG3wrSXL
# G7qa2h+fHV5Xu876sc/i0+d4qHuqcE/EU86VQ6X40f+dRzN02rkSCPAxzGFwLXOr
# 8fl5MsX6z5pqcubnzxkhi66ZHc6fXsvtUjKBxyrVpMyjMlV9PTJ2Q1RCgVctErXk
# lDzsLuplzPSjZBy3Peib/rLnmYUxJHyPe0RFYIumzZv/UHwL4GjZgkI842UVBpAL
# FvIGblcCXHhdP4UFvqgZhw==
# =Fcb4
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 04 Nov 2022 07:34:01 EDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20221104' of https://git.linaro.org/people/pmaydell/qemu-arm:
  target/arm: Two fixes for secure ptw
  target/arm: Honor HCR_E2H and HCR_TGE in ats_write64()
  target/arm: Copy the entire vector in DO_ZIP
  target/arm: Fix Privileged Access Never (PAN) for aarch32
  target/arm: Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB
  hw/arm/boot: Set SCR_EL3.HXEn when booting kernel
  hw/arm/boot: Set SME and SVE EL3 vector lengths when booting kernel

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-04 11:01:17 -04:00
Richard Henderson
cead7fa4c0 target/arm: Two fixes for secure ptw
Reversed the sense of non-secure in get_phys_addr_lpae,
and failed to initialize attrs.secure for ARMMMUIdx_Phys_S.

Fixes: 48da29e4 ("target/arm: Add ptw_idx to S1Translate")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1293
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04 10:58:58 +00:00
Ake Koomsin
638d5dbd78 target/arm: Honor HCR_E2H and HCR_TGE in ats_write64()
We need to check HCR_E2H and HCR_TGE to select the right MMU index for
the correct translation regime.

To check for EL2&0 translation regime:
- For S1E0*, S1E1* and S12E* ops, check both HCR_E2H and HCR_TGE
- For S1E2* ops, check only HCR_E2H

Signed-off-by: Ake Koomsin <ake@igel.co.jp>
Message-id: 20221101064250.12444-1-ake@igel.co.jp
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04 10:58:58 +00:00
Richard Henderson
302ad91209 target/arm: Copy the entire vector in DO_ZIP
With odd_ofs set, we weren't copying enough data.

Fixes: 09eb6d7025 ("target/arm: Move sve zip high_ofs into simd_data")
Reported-by: Idan Horowitz <idan.horowitz@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20221031054144.3574-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04 10:58:58 +00:00
Timofey Kutergin
6f2d9d7441 target/arm: Fix Privileged Access Never (PAN) for aarch32
When we implemented the PAN support we theoretically wanted
to support it for both AArch32 and AArch64, but in practice
several bugs made it essentially unusable with an AArch32
guest. Fix all those problems:

    - Use CPSR.PAN to check for PAN state in aarch32 mode
    - throw permission fault during address translation when PAN is
      enabled and kernel tries to access user acessible page
    - ignore SCTLR_XP bit for armv7 and armv8 (conflicts with SCTLR_SPAN).

Signed-off-by: Timofey Kutergin <tkutergin@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20221027112619.2205229-1-tkutergin@gmail.com
[PMM: tweak commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-11-04 10:58:58 +00:00
Peter Maydell
4870f38b0b target/arm: Make TLBIOS and TLBIRANGE ops trap on HCR_EL2.TTLB
The HCR_EL2.TTLB bit is supposed to trap all EL1 execution of TLB
maintenance instructions.  However we have added new TLB insns for
FEAT_TLBIOS and FEAT_TLBIRANGE, and forgot to set their accessfn to
access_ttlb.  Add the missing accessfns.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-04 10:58:58 +00:00
Rui Wang
2419978cb0
target/loongarch: Fix emulation of float-point disable exception
We need to emulate it to generate a floating point disable exception
when CSR.EUEN.FPE is zero.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Rui Wang <wangrui@loongson.cn>
Message-Id: <20221104040517.222059-3-wangrui@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-11-04 17:10:53 +08:00
Rui Wang
b4bda2006f
target/loongarch: Adjust the layout of hardware flags bit fields
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Rui Wang <wangrui@loongson.cn>
Message-Id: <20221104040517.222059-2-wangrui@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-11-04 17:10:52 +08:00
Song Gao
8752b13060
target/loongarch: Fix raise_mmu_exception() set wrong exception_index
When the address is invalid address, We should set exception_index
according to MMUAccessType, and EXCCODE_ADEF need't update badinstr.
Otherwise, The system enters an infinite loop. e.g:
run test.c on system mode
test.c:
    #include<stdio.h>

    void (*func)(int *);

    int main()
    {
        int i = 8;
        void *ptr = (void *)0x4000000000000000;
        func = ptr;
        func(&i);
        return 0;
    }

Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20221101073210.3934280-2-gaosong@loongson.cn>
2022-11-04 17:09:50 +08:00
Song Gao
a6b129c810
target/loongarch: Add exception subcode
We need subcodes to distinguish the same excode cs->exception_indexs,
such as EXCCODE_ADEF/EXCCODE_ADEM.

Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20221101073210.3934280-1-gaosong@loongson.cn>
2022-11-04 17:09:50 +08:00
Xiaojuan Yang
a649fffcc9
hw/intc: Fix LoongArch extioi coreisr accessing
1. When cpu read or write extioi COREISR reg, it should access
the reg belonged to itself, so the cpu index of 's->coreisr'
is current cpu number. Using MemTxAttrs' requester_id to get
the cpu index.
2. it need not to mask 0x1f when calculate the coreisr array index.

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221021015307.2570844-3-yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
2022-11-04 17:07:40 +08:00
Stefan Hajnoczi
7f5acfcb66 * bug fixes
* reduced memory footprint for IPI virtualization on Intel processors
 * asynchronous teardown support (Linux only)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNiVykUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroN0Swf/YxjphCtFgYYSO14WP+7jAnfRZLhm
 0xWChWP8rco5I352OBFeFU64Av5XoLGNn6SZLl8lcg86lQ/G0D27jxu6wOcDDHgw
 0yTDO1gevj51UKsbxoC66OWSZwKTEo398/BHPDcI2W41yOFycSdtrPgspOrFRVvf
 7M3nNjuNPsQorZeuu8NGr3jakqbt99ZDXcyDEWbrEAcmy2JBRMbGgT0Kdnc6aZfW
 CvL+1ljxzldNwGeNBbQW2QgODbfHx5cFZcy4Daze35l5Ra7K/FrgAzr6o/HXptya
 9fEs5LJQ1JWI6JtpaWwFy7fcIIOsJ0YW/hWWQZSDt9JdAJFE5/+vF+Kz5Q==
 =CgrO
 -----END PGP SIGNATURE-----

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* bug fixes
* reduced memory footprint for IPI virtualization on Intel processors
* asynchronous teardown support (Linux only)

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNiVykUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroN0Swf/YxjphCtFgYYSO14WP+7jAnfRZLhm
# 0xWChWP8rco5I352OBFeFU64Av5XoLGNn6SZLl8lcg86lQ/G0D27jxu6wOcDDHgw
# 0yTDO1gevj51UKsbxoC66OWSZwKTEo398/BHPDcI2W41yOFycSdtrPgspOrFRVvf
# 7M3nNjuNPsQorZeuu8NGr3jakqbt99ZDXcyDEWbrEAcmy2JBRMbGgT0Kdnc6aZfW
# CvL+1ljxzldNwGeNBbQW2QgODbfHx5cFZcy4Daze35l5Ra7K/FrgAzr6o/HXptya
# 9fEs5LJQ1JWI6JtpaWwFy7fcIIOsJ0YW/hWWQZSDt9JdAJFE5/+vF+Kz5Q==
# =CgrO
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 02 Nov 2022 07:40:25 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  target/i386: Fix test for paging enabled
  util/log: Close per-thread log file on thread termination
  target/i386: Set maximum APIC ID to KVM prior to vCPU creation
  os-posix: asynchronous teardown for shutdown on Linux
  target/i386: Fix calculation of LOCK NEG eflags

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-03 10:54:37 -04:00
Richard Henderson
03a60ae9ca target/i386: Fix test for paging enabled
If CR0.PG is unset, pg_mode will be zero, but it will also be zero
for non-PAE/non-PSE page tables with CR0.WP=0.  Restore the
correct test for paging enabled.

Fixes: 98281984a3 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221102091232.1092552-1-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-02 12:35:16 +01:00
Stefan Hajnoczi
0d37413c63 testing and plugin updates for 7.2:
- cleanup win32/64 docker files
   - update test-mingw test
   - add flex/bison to debian-all-test
   - handle --enable-static/--disable-pie in config
   - extend timeouts on x86_64 avocado tests
   - add flex/bison to debian-hexagon-cross
   - use regular semihosting for nios2 check-tcg
   - fix obscure linker error to nios2 softmmu tests
   - various windows portability fixes for tests
   - clean-up of MAINTAINERS
   - use -machine none when appropriate in avocado
   - make raspi2_initrd test detect shutdown
   - disable sh4 rd2 tests on gitlab
   - re-enable threadcount/linux-test for sh4
   - clean-up s390x handling of "ex" instruction
   - better handle new CPUs in execlog plugin
   - pass CONFIG_DEBUG_TCG to plugin builds
   - try and avoid races in test-io-channel-command
   - speed up ssh key checking for tests/vm
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmNhI/MACgkQ+9DbCVqe
 KkSFXggAg0HIpBDcNz0V5Mh5p69F14pwbDSygKqGDFBebdOHeL7f+WCvQPUGEWxp
 814zjvRY3SC4Mo4mtzguRvNu0styaUpemvRw5FDYK48GpEjg2eVxTnAFD4nr7ud0
 dhw3iaHP+RjA6s3EpPUqQ5nlZEgFJ+Tvkckk3wKSpksBYA4tJra6Uey5kpZ27x0T
 KOzB2P6w+9B/B11n/aeSxvRPZdnXt2MyfS/3pwwfoFYioEyaEQ3Ie6ooachtdSL3
 PEvnJVK0VVYbZQwBXJlycNLlK/D++s4AEwmnZ5GmvDFuXlkRO9YMy9Wa5TKJl7gz
 76Aw1KHsE03SyAPvH4bE7eGkIwhJOQ==
 =6hXE
 -----END PGP SIGNATURE-----

Merge tag 'pull-testing-for-7.2-011122-3' of https://github.com/stsquad/qemu into staging

testing and plugin updates for 7.2:

  - cleanup win32/64 docker files
  - update test-mingw test
  - add flex/bison to debian-all-test
  - handle --enable-static/--disable-pie in config
  - extend timeouts on x86_64 avocado tests
  - add flex/bison to debian-hexagon-cross
  - use regular semihosting for nios2 check-tcg
  - fix obscure linker error to nios2 softmmu tests
  - various windows portability fixes for tests
  - clean-up of MAINTAINERS
  - use -machine none when appropriate in avocado
  - make raspi2_initrd test detect shutdown
  - disable sh4 rd2 tests on gitlab
  - re-enable threadcount/linux-test for sh4
  - clean-up s390x handling of "ex" instruction
  - better handle new CPUs in execlog plugin
  - pass CONFIG_DEBUG_TCG to plugin builds
  - try and avoid races in test-io-channel-command
  - speed up ssh key checking for tests/vm

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmNhI/MACgkQ+9DbCVqe
# KkSFXggAg0HIpBDcNz0V5Mh5p69F14pwbDSygKqGDFBebdOHeL7f+WCvQPUGEWxp
# 814zjvRY3SC4Mo4mtzguRvNu0styaUpemvRw5FDYK48GpEjg2eVxTnAFD4nr7ud0
# dhw3iaHP+RjA6s3EpPUqQ5nlZEgFJ+Tvkckk3wKSpksBYA4tJra6Uey5kpZ27x0T
# KOzB2P6w+9B/B11n/aeSxvRPZdnXt2MyfS/3pwwfoFYioEyaEQ3Ie6ooachtdSL3
# PEvnJVK0VVYbZQwBXJlycNLlK/D++s4AEwmnZ5GmvDFuXlkRO9YMy9Wa5TKJl7gz
# 76Aw1KHsE03SyAPvH4bE7eGkIwhJOQ==
# =6hXE
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Nov 2022 09:49:39 EDT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-testing-for-7.2-011122-3' of https://github.com/stsquad/qemu: (31 commits)
  tests/vm: use -o IdentitiesOnly=yes for ssh
  tests/unit: cleanups for test-io-channel-command
  contrib/plugins: protect execlog's last_exec expansion
  contrib/plugins: enable debug on CONFIG_DEBUG_TCG
  tests/tcg: include CONFIG_PLUGIN in config-host.mak
  target/s390x: fake instruction loading when handling 'ex'
  target/s390x: don't probe next pc for EXecuted insns
  target/s390x: don't use ld_code2 to probe next pc
  tests/tcg: re-enable threadcount for sh4
  tests/tcg: re-enable linux-test for sh4
  tests/avocado: disable sh4 rd2 tests on Gitlab
  tests/avocado: raspi2_initrd: Wait for guest shutdown message before stopping
  tests/avocado: set -machine none for userfwd and vnc tests
  MAINTAINERS: fix-up for check-tcg Makefile changes
  MAINTAINERS: add features_to_c.sh to gdbstub files
  MAINTAINERS: add entries for the key build bits
  hw/usb: dev-mtp: Use g_mkdir()
  block/vvfat: Unify the mkdir() call
  tcg: Avoid using hardcoded /tmp
  semihosting/arm-compat-semi: Avoid using hardcoded /tmp
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-11-01 13:39:06 -04:00
Richard Henderson
6317933086 target/i386: Expand eflags updates inline
The helpers for reset_rf, cli, sti, clac, stac are
completely trivial; implement them inline.

Drop some nearby #if 0 code.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-01 08:31:41 +11:00
Richard Henderson
3d419a4dd2 accel/tcg: Remove will_exit argument from cpu_restore_state
The value passed is always true, and if the target's
synchronize_from_tb hook is non-trivial, not exiting
may be erroneous.

Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-01 08:31:41 +11:00
Richard Henderson
cc30dc441b target/openrisc: Use cpu_unwind_state_data for mfspr
Since we do not plan to exit, use cpu_unwind_state_data
and extract exactly the data requested.

This is a bug fix, in that we no longer clobber dflag.

Consider:

        l.j       L2         // branch
        l.mfspr   r1, ppc    // delay

L1:     boom
L2:     l.lwa     r3, (r4)

Here, dflag would be set by cpu_restore_state (because that is the current
state of the cpu), but but not cleared by tb_stop on exiting the TB
(because DisasContext has recorded the current value as zero).

The next TB begins at L2 with dflag incorrectly set.  If the load has a
tlb miss, then the exception will be delivered as per a delay slot:
with DSX set in the status register and PC decremented (delay slots
restart by re-executing the branch). This will cause the return from
interrupt to go to L1, and boom!

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-01 08:31:41 +11:00
Richard Henderson
5813c5c74a target/openrisc: Always exit after mtspr npc
We have called cpu_restore_state asserting will_exit.
Do not go back on that promise.  This affects icount.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-01 08:31:41 +11:00
Richard Henderson
f484f213c9 target/i386: Use cpu_unwind_state_data for tpr access
Avoid cpu_restore_state, and modifying env->eip out from
underneath the translator with TARGET_TB_PCREL.  There is
some slight duplication from x86_restore_state_to_opc,
but it's just a few lines.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1269
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-11-01 08:31:37 +11:00
Alex Bennée
9fa97e04ae target/s390x: fake instruction loading when handling 'ex'
The s390x EXecute instruction is a bit weird as we synthesis the
executed instruction from what we have stored in memory. This missed
the plugin instrumentation.

Work around this with a special helper to inform the rest of the
translator about the instruction so things stay consistent.

Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20221027183637.2772968-26-alex.bennee@linaro.org>
2022-10-31 20:37:59 +00:00
Alex Bennée
621aab6c7d target/s390x: don't probe next pc for EXecuted insns
We have finished the TB anyway so we can shortcut the other tests by
checking dc->ex_value first.

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221027183637.2772968-25-alex.bennee@linaro.org>
2022-10-31 20:37:59 +00:00
Alex Bennée
efe7c4f08d target/s390x: don't use ld_code2 to probe next pc
This isn't an translator picking up an instruction so we shouldn't use
the translator_lduw function which has side effects for plugins.

Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20221027183637.2772968-24-alex.bennee@linaro.org>
2022-10-31 20:37:59 +00:00