* tag 'pull-arm-20220914' of https://gitlab.com/rth7680/qemu:
target/arm: Make boards pass base address to armv7m_load_kernel()
target/arm: Remove useless TARGET_BIG_ENDIAN check in armv7m_load_kernel()
target/arm: Report FEAT_PMUv3p5 for TCG '-cpu max'
target/arm: Support 64-bit event counters for FEAT_PMUv3p5
target/arm: Implement FEAT_PMUv3p5 cycle counter disable bits
target/arm: Rename pmu_8_n feature test functions
target/arm: Detect overflow when calculating next PMU interrupt
target/arm: Honour MDCR_EL2.HPMD in Secure EL2
target/arm: Ignore PMCR.D when PMCR.LC is set
target/arm: Don't mishandle count when enabling or disabling PMU counters
target/arm: Correct value returned by pmu_counter_mask()
target/arm: Don't corrupt high half of PMOVSR when cycle counter overflows
target/arm: Add missing space in comment
target/arm: Advertise FEAT_ETS for '-cpu max'
target/arm: Implement ID_DFR1
target/arm: Implement ID_MMFR5
target/arm: Sort KVM reads of AArch32 ID registers into encoding order
target/arm: Make cpregs 0, c0, c{3-15}, {0-7} correctly RAZ in v8
hw/arm/bcm2835_property: Add support for RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS
target/arm: Add cortex-a35
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Sat, 17 Sep 2022 12:09:50 +0000 (08:09 -0400)]
Merge tag 'tpm-pull-2022-09-13-1' of https://github.com/stefanberger/qemu-tpm into staging
Merge tpm 2022/09/13 v1
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmMgtKIACgkQda1lgCoL
# QhG/Zgf9Gs35w+hPwGQdsrwcDmCHiH6s4Eb7i4SgzPP4/EVR9kwYriKja4HoNvK2
# GHQSXgYX5hazwgkRlNKNJSf2zckbZlr3OhPReZMab6YTVSi79xZRl4rWqKbMxk4K
# 82ueaUkLKm/RrCw69sM6ToSUQjbitseMVKorZ9NXVt9SVj+hwQv28o5U/+h8Q76T
# P3t1VraFV2vaiLhAyp4BY52djZ0AMrUox/27EdAYIPPi7om+fGeWcTQP4GsyWUv1
# h8i+ZSU1QMJ5hF1szzP7bENwSzG7mSIiqMbrqtpysu/ET6r9WblLTSkRtojvms1S
# qb7NzQ3S4NwdCWGz0owEbF5kLmMniw==
# =XMPF
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 13 Sep 2022 12:49:38 EDT
# gpg: using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* tag 'tpm-pull-2022-09-13-1' of https://github.com/stefanberger/qemu-tpm:
tpm_emulator: Have swtpm relock storage upon migration fall-back
tpm_emulator: Use latest tpm_ioctl.h from swtpm project
tpm_crb: Avoid backend startup just before shutdown under Xen
tpm_emulator: Avoid double initialization during migration
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Maydell [Tue, 23 Aug 2022 16:04:17 +0000 (17:04 +0100)]
target/arm: Make boards pass base address to armv7m_load_kernel()
Currently armv7m_load_kernel() takes the size of the block of memory
where it should load the initial guest image, but assumes that it
should always load it at address 0. This happens to be true of all
our M-profile boards at the moment, but it isn't guaranteed to always
be so: M-profile CPUs can be configured (via init-svtor and
init-nsvtor, which match equivalent hardware configuration signals)
to have the initial vector table at any address, not just zero. (For
instance the Teeny board has the boot ROM at address 0x0200_0000.)
Add a base address argument to armv7m_load_kernel(), so that
callers now pass in both base address and size. All the current
callers pass 0, so this is not a behaviour change.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220823160417.3858216-3-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 23 Aug 2022 16:04:16 +0000 (17:04 +0100)]
target/arm: Remove useless TARGET_BIG_ENDIAN check in armv7m_load_kernel()
Arm system emulation targets always have TARGET_BIG_ENDIAN clear, so
there is no need to have handling in armv7m_load_kernel() for the
case when it is defined. Remove the unnecessary code.
Side notes:
* our M-profile implementation is always little-endian (that is, it
makes the IMPDEF choice that the read-only AIRCR.ENDIANNESS is 0)
* if we did want to handle big-endian ELF files here we should do it
the way that hw/arm/boot.c:arm_load_elf() does, by looking at the
ELF header to see what endianness the file itself is
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220823160417.3858216-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:58 +0000 (14:23 +0100)]
target/arm: Report FEAT_PMUv3p5 for TCG '-cpu max'
Update the ID registers for TCG's '-cpu max' to report a FEAT_PMUv3p5
compliant PMU.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-11-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:57 +0000 (14:23 +0100)]
target/arm: Support 64-bit event counters for FEAT_PMUv3p5
With FEAT_PMUv3p5, the event counters are now 64 bit, rather than 32
bit. (Previously, only the cycle counter could be 64 bit, and other
event counters were always 32 bits). For any given event counter,
whether the overflow event is noted for overflow from bit 31 or from
bit 63 is controlled by a combination of PMCR.LP, MDCR_EL2.HLP and
MDCR_EL2.HPMN.
Implement the 64-bit event counter handling. We choose to make our
counters always 64 bits, and mask out the top 32 bits on read or
write of PMXEVCNTR for CPUs which don't have FEAT_PMUv3p5.
(Note that the changes to pmenvcntr_op_start() and
pmenvcntr_op_finish() bring their logic closer into line with that of
pmccntr_op_start() and pmccntr_op_finish(), which already had to cope
with the overflow being either at 32 or 64 bits.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-10-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
FEAT_PMUv3p5 introduces new bits which disable the cycle
counter from counting:
* MDCR_EL2.HCCD disables the counter when in EL2
* MDCR_EL3.SCCD disables the counter when Secure
Add the code to support these bits.
(Note that there is a third documented counter-disable
bit, MDCR_EL3.MCCD, which disables the counter when in
EL3. This is not present until FEAT_PMUv3p7, so is
out of scope for now.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-9-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:55 +0000 (14:23 +0100)]
target/arm: Rename pmu_8_n feature test functions
Our feature test functions that check the PMU version are named
isar_feature_{aa32,aa64,any}_pmu_8_{1,4}. This doesn't match the
current Arm ARM official feature names, which are FEAT_PMUv3p1 and
FEAT_PMUv3p4. Rename these functions to _pmuv3p1 and _pmuv3p4.
This commit was created with:
sed -i -e 's/pmu_8_/pmuv3p/g' target/arm/*.[ch]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-8-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:54 +0000 (14:23 +0100)]
target/arm: Detect overflow when calculating next PMU interrupt
In pmccntr_op_finish() and pmevcntr_op_finish() we calculate the next
point at which we will get an overflow and need to fire the PMU
interrupt or set the overflow flag. We do this by calculating the
number of nanoseconds to the overflow event and then adding it to
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL). However, we don't check
whether that signed addition overflows, which can happen if the next
PMU interrupt would happen massively far in the future (250 years or
more).
Since QEMU assumes that "when the QEMU_CLOCK_VIRTUAL rolls over" is
"never", the sensible behaviour in this situation is simply to not
try to set the timer if it would be beyond that point. Detect the
overflow, and skip setting the timer in that case.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-7-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:53 +0000 (14:23 +0100)]
target/arm: Honour MDCR_EL2.HPMD in Secure EL2
The logic in pmu_counter_enabled() for handling the 'prohibit event
counting' bits MDCR_EL2.HPMD and MDCR_EL3.SPME is written in a way
that assumes that EL2 is never Secure. This used to be true, but the
architecture now permits Secure EL2, and QEMU can emulate this.
Refactor the prohibit logic so that we effectively OR together
the various prohibit bits when they apply, rather than trying to
construct an if-else ladder where any particular state of the CPU
ends up in exactly one branch of the ladder.
This fixes the Secure EL2 case and also is a better structure for
adding the PMUv8.5 bits MDCR_EL2.HCCD and MDCR_EL3.SCCD.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-6-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:52 +0000 (14:23 +0100)]
target/arm: Ignore PMCR.D when PMCR.LC is set
The architecture requires that if PMCR.LC is set (for a 64-bit cycle
counter) then PMCR.D (which enables the clock divider so the counter
ticks every 64 cycles rather than every cycle) should be ignored. We
were always honouring PMCR.D; fix the bug so we correctly ignore it
in this situation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-5-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:51 +0000 (14:23 +0100)]
target/arm: Don't mishandle count when enabling or disabling PMU counters
The PMU cycle and event counter infrastructure design requires that
operations on the PMU register fields are wrapped in pmu_op_start()
and pmu_op_finish() calls (or their more specific pmmcntr and
pmevcntr equivalents). This includes any changes to registers which
affect whether the counter should be enabled or disabled, but we
forgot to do this.
The effect of this bug is that in sequences like:
* disable the cycle counter (PMCCNTR) using the PMCNTEN register
* write a value such as 0xfffff000 to the PMCCNTR
* restart the counter by writing to PMCNTEN
the value written to the cycle counter is corrupted, and it starts
counting from the wrong place. (Essentially, we fail to record that
the QEMU_CLOCK_VIRTUAL timestamp when the counter should be considered
to have started counting is the point when PMCNTEN is written to enable
the counter.)
Add the necessary bracketing calls, so that updates to the various
registers which affect whether the PMU is counting are handled
correctly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-4-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:50 +0000 (14:23 +0100)]
target/arm: Correct value returned by pmu_counter_mask()
pmu_counter_mask() accidentally returns a value with bits [63:32]
set, because the expression it returns is evaluated as a signed value
that gets sign-extended to 64 bits. Force the whole expression to be
evaluated with 64-bit arithmetic with ULL suffixes.
The main effect of this bug was that a guest could write to the bits
in the high half of registers like PMCNTENSET_EL0 that are supposed
to be RES0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-3-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 22 Aug 2022 13:23:49 +0000 (14:23 +0100)]
target/arm: Don't corrupt high half of PMOVSR when cycle counter overflows
When the cycle counter overflows, we are intended to set bit 31 in PMOVSR
to indicate this. However a missing ULL suffix means that we end up
setting all of bits 63-31. Fix the bug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822132358.3524971-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 19 Aug 2022 11:00:52 +0000 (12:00 +0100)]
target/arm: Add missing space in comment
Fix a missing space before a comment terminator.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220819110052.2942289-7-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 19 Aug 2022 11:00:51 +0000 (12:00 +0100)]
target/arm: Advertise FEAT_ETS for '-cpu max'
The architectural feature FEAT_ETS (Enhanced Translation
Synchronization) is a set of tightened guarantees about memory
ordering involving translation table walks:
* if memory access RW1 is ordered-before memory access RW2 then it
is also ordered-before any translation table walk generated by RW2
that generates a translation fault, address size fault or access
fault
* TLB maintenance on non-exec-permission translations is guaranteed
complete after a DSB (ie it does not need the context
synchronization event that you have to have if you don’t have
FEAT_ETS)
For QEMU’s implementation we don’t reorder translation table walk
accesses, and we guarantee to finish the TLB maintenance as soon as
the TLB op is done (the tlb_flush functions will complete at the end
of the TLB, and TLB ops always end the TB because they’re sysreg
writes).
So we’re already compliant and all we need to do is say so in the ID
registers for the 'max' CPU.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220819110052.2942289-6-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 19 Aug 2022 11:00:50 +0000 (12:00 +0100)]
target/arm: Implement ID_DFR1
In Armv8.6, a new AArch32 ID register ID_DFR1 is defined; implement
it. We don't have any CPUs with features that they need to advertise
here yet, but plumbing in the ID register gives it the right name
when debugging and will help in future when we do add a CPU that
has non-zero ID_DFR1 fields.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220819110052.2942289-5-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 19 Aug 2022 11:00:49 +0000 (12:00 +0100)]
target/arm: Implement ID_MMFR5
In Armv8.6 a new AArch32 ID register ID_MMFR5 is defined.
Implement this; we want to be able to use it to report to
the guest that we implement FEAT_ETS.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220819110052.2942289-4-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 19 Aug 2022 11:00:48 +0000 (12:00 +0100)]
target/arm: Sort KVM reads of AArch32 ID registers into encoding order
The code that reads the AArch32 ID registers from KVM in
kvm_arm_get_host_cpu_features() does so almost but not quite in
encoding order. Move the read of ID_PFR2 down so it's really in
encoding order.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220819110052.2942289-3-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 19 Aug 2022 11:00:47 +0000 (12:00 +0100)]
target/arm: Make cpregs 0, c0, c{3-15}, {0-7} correctly RAZ in v8
In the AArch32 ID register scheme, coprocessor registers with
encoding cp15, 0, c0, c{0-7}, {0-7} are all in the space covered by
what in v6 and v7 was called the "CPUID scheme", and are supposed to
RAZ if they're not allocated to a specific ID register. For our
pre-v8 CPUs we get this right, because the regdefs in
id_pre_v8_midr_cp_reginfo[] cover these RAZ requirements. However
for v8 we failed to put in the necessary patterns to cover this, so
we end up UNDEFing on everything we didn't have an ID register for.
This is a problem because in Armv8 some encodings in 0, c0, c3, {0-7}
are now being used for new ID registers, and guests might thus start
trying to read them. (We already have one of these: ID_PFR2.)
For v8 CPUs, we already have regdefs for 0, c0, c{0-2}, {0-7} (that
is, the space is completely allocated with no reserved spaces). Add
entries to v8_idregs[] covering 0, c0, c3, {0-7}:
* c3, {0-2} is the reserved AArch32 space corresponding to the
AArch64 MVFR[012]_EL1
* c3, {3,5,6,7} are reserved RAZ for both AArch32 and AArch64
(in fact some of these are given defined meanings in Armv8.6,
but we don't implement them yet)
* c3, 4 is ID_PFR2 (already defined)
We then programmatically add RAZ patterns for AArch32 for
0, c0, c{4..15}, {0-7}:
* c4-c7 are unused, and not shared with AArch64 (these
are the encodings corresponding to where the AArch64
specific ID registers live in the system register space)
* c8-c15 weren't required to RAZ in v6/v7, but v8 extends
the AArch32 reserved-should-RAZ space to cover these;
the equivalent area of the AArch64 sysreg space is not
defined as must-RAZ
Note that the architecture allows some registers in this space
to return an UNKNOWN value; we always return 0.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220819110052.2942289-2-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Enrik Berkhan [Fri, 12 Aug 2022 14:35:19 +0000 (16:35 +0200)]
hw/arm/bcm2835_property: Add support for RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS
In more recent Raspbian OS Linux kernels, the fb driver gives up
immediately if RPI_FIRMWARE_FRAMEBUFFER_GET_NUM_DISPLAYS fails or no
displays are reported.
This change simply always reports one display. It makes bcm2835_fb work
again with these more recent kernels.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Enrik Berkhan <Enrik.Berkhan@inka.de>
Message-Id: <20220812143519.59134-1-Enrik.Berkhan@inka.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Stefan Berger [Mon, 12 Sep 2022 17:47:41 +0000 (13:47 -0400)]
tpm_emulator: Have swtpm relock storage upon migration fall-back
Swtpm may release the lock once the last one of its state blobs has been
migrated out. In case of VM migration failure QEMU now needs to notify
swtpm that it should again take the lock, which it can otherwise only do
once it has received the first TPM command from the VM.
Only try to send the lock command if swtpm supports it. It will not have
released the lock (and support shared storage setups) if it doesn't
support the locking command since the functionality of releasing the lock
upon state blob reception and the lock command were added to swtpm
'together'.
If QEMU sends the lock command and the storage has already been locked
no error is reported.
If swtpm does not receive the lock command (from older version of QEMU),
it will lock the storage once the first TPM command has been received. So
sending the lock command is an optimization.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20220912174741.1542330-3-stefanb@linux.ibm.com
Ross Lagerwall [Fri, 26 Aug 2022 14:38:41 +0000 (15:38 +0100)]
tpm_crb: Avoid backend startup just before shutdown under Xen
When running under Xen and the guest reboots, it boots into a new domain
with a new QEMU process (and a new swtpm process if using the emulator
backend). The existing reset function is triggered just before the old
QEMU process exists which causes QEMU to startup the TPM backend and
then immediately shut it down. This is probably harmless but when using
the emulated backend, it wastes CPU and IO time reloading state, etc.
Fix this by calling the reset function directly from realize() when
running under Xen. During a reboot, this will be called by the QEMU
process for the new domain.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20220826143841.1515326-1-ross.lagerwall@citrix.com Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Ross Lagerwall [Mon, 1 Aug 2022 14:25:25 +0000 (15:25 +0100)]
tpm_emulator: Avoid double initialization during migration
When resuming after a migration, the backend sends CMD_INIT to the
emulator from the startup callback, then it sends the migration state
from the vmstate to the emulator, then it sends CMD_INIT again. Skip the
first CMD_INIT during a migration to avoid initializing the TPM twice.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
* tag 'pull-qapi-2022-09-07' of git://repo.or.cz/qemu/armbru:
qapi: fix examples of events missing timestamp
qapi: fix example of query-hotpluggable-cpus command
qapi: fix examples of blockdev-add with qcow2
qapi: fix example of MEM_UNPLUG_ERROR event
qapi: fix example of DEVICE_UNPLUG_GUEST_ERROR event
qapi: fix example of NIC_RX_FILTER_CHANGED event
qapi: fix example of BLOCK_JOB_READY event
qapi: fix example of query-dump-guest-memory-capability command
qapi: fix example of query-vnc command
qapi: fix example of query-ballon command
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:40 +0000 (10:58 +0200)]
qapi: fix examples of events missing timestamp
I've used real timestamp and changing them one by one so they would
not be all equal.
Problem was noticed when using the example as a test case for Go
bindings.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-11-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:39 +0000 (10:58 +0200)]
qapi: fix example of query-hotpluggable-cpus command
The example return type has the wrong member name. Fix it.
Problem was noticed when using the example as a test case for Go
bindings.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-10-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:38 +0000 (10:58 +0200)]
qapi: fix examples of blockdev-add with qcow2
The examples use "qcow2" driver with the wrong member name for
BlockdevRef alternate type. This patch changes all wrong member names
from "file" to "data-file" which is the correct member name in
BlockdevOptionsQcow2 for the BlockdevRef field.
Problem was noticed when using the example as a test case for Go
bindings.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-9-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:37 +0000 (10:58 +0200)]
qapi: fix example of MEM_UNPLUG_ERROR event
Example output was missing ',' delimiter. Fix it.
Problem was noticed when trying to load the example into python's json
library.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-8-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:36 +0000 (10:58 +0200)]
qapi: fix example of DEVICE_UNPLUG_GUEST_ERROR event
Example output is missing a ',' delimiter and it has an extra ending
curly bracket. Fix it.
Problem was noticed when trying to load the example into python's json
library.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-7-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:35 +0000 (10:58 +0200)]
qapi: fix example of NIC_RX_FILTER_CHANGED event
Example output has an extra ending curly bracket. Fix it.
Problem was noticed when trying to load the example into python's json
library.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-6-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:34 +0000 (10:58 +0200)]
qapi: fix example of BLOCK_JOB_READY event
Example output is missing ',' delimiter. Fix it.
Problem was noticed when trying to load the example into python's json
library.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-5-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:33 +0000 (10:58 +0200)]
qapi: fix example of query-dump-guest-memory-capability command
Example output is missing closing curly brackets. Fix it.
Problem was noticed when trying to load the example into python's json
library.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-4-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:32 +0000 (10:58 +0200)]
qapi: fix example of query-vnc command
Example output has an extra ',' delimiter in member "websocket" and it
lacks it in "family" member. Fix it.
Problem was noticed when trying to load the example into python's json
library.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-3-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Victor Toso [Thu, 1 Sep 2022 08:58:31 +0000 (10:58 +0200)]
qapi: fix example of query-ballon command
Example output has an extra ',' delimiter. Fix it.
Problem was noticed when trying to load the example into python's json
library.
Signed-off-by: Victor Toso <victortoso@redhat.com>
Message-Id: <20220901085840.22520-2-victortoso@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Stefan Hajnoczi [Wed, 7 Sep 2022 12:02:43 +0000 (08:02 -0400)]
Merge tag 'pull-riscv-to-apply-20220907' of https://github.com/alistair23/qemu into staging
First RISC-V PR for QEMU 7.2
* Update [m|h]tinst CSR in interrupt handling
* Force disable extensions if priv spec version does not match
* fix shifts shamt value for rv128c
* move zmmul out of the experimental
* virt: pass random seed to fdt
* Add checks for supported extension combinations
* Upgrade OpenSBI to v1.1
* Fix typo and restore Pointer Masking functionality for RISC-V
* Add mask agnostic behaviour (rvv_ma_all_1s) for vector extension
* Add Zihintpause support
* opentitan: bump opentitan version
* microchip_pfsoc: fix kernel panics due to missing peripherals
* Remove additional priv version check for mcountinhibit
* virt machine device tree improvements
* Add xicondops in ISA entry
* Use official extension names for AIA CSRs
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmMYUCUACgkQIeENKd+X
# cFRpEQf/T1FFcGq3TZrEPmqMdFPUSb+SEJNgwYFfloqkNjB2HIFbd2tKWAE1Tgjr
# esV00p7YPyox1Ct+fKdwSxDxRSN9OI56v+nI8ZFwluVu7vpChuTFmOHur8rNxl1T
# 8MZgP2kMxMOJSnyHCS2iV9AUFdTExS65DbmlAKzi5fpBtt9jYTPSXsI49MP8+Ku/
# 1gdv5ZF5BXDJsGs7xHvE92dRzQEVN+As64IjlknFHHpmCM1b+Ah3GekXUbKmBuDG
# /NaZyZNPCYxdRmPm/D7k0SOMZSJ9sLyhXTetZ0ZpBxG1ioClX37yS5wn4NLsCz/2
# fXrnML+MQFUKZ03AZ9lWvxcu7kXfWA==
# =7mGD
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 07 Sep 2022 04:02:45 EDT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* tag 'pull-riscv-to-apply-20220907' of https://github.com/alistair23/qemu: (44 commits)
target/riscv: Update the privilege field for sscofpmf CSRs
hw/riscv: virt: Add PMU DT node to the device tree
target/riscv: Add few cache related PMU events
target/riscv: Simplify counter predicate function
target/riscv: Add sscofpmf extension support
target/riscv: Add vstimecmp support
target/riscv: Add stimecmp support
hw/intc: Move mtimer/mtimecmp to aclint
target/riscv: Use official extension names for AIA CSRs
target/riscv: Add xicondops in ISA entry
hw/core: fix platform bus node name
hw/riscv: virt: fix syscon subnode paths
hw/riscv: virt: fix the plic's address cells
hw/riscv: virt: fix uart node name
target/riscv: Remove additional priv version check for mcountinhibit
hw/riscv: microchip_pfsoc: fix kernel panics due to missing peripherals
hw/riscv: opentitan: bump opentitan version
target/riscv: Fix priority of csr related check in riscv_csrrw_check
hw/riscv: remove 'fdt' param from riscv_setup_rom_reset_vec()
target/riscv: Add Zihintpause support
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Atish Patra [Wed, 24 Aug 2022 22:16:58 +0000 (15:16 -0700)]
target/riscv: Simplify counter predicate function
All the hpmcounters and the fixed counters (CY, IR, TM) can be represented
as a unified counter. Thus, the predicate function doesn't need handle each
case separately.
Simplify the predicate function so that we just handle things differently
between RV32/RV64 and S/HS mode.
Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-Id: <20220824221701.41932-3-atishp@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Atish Patra [Wed, 24 Aug 2022 22:16:57 +0000 (15:16 -0700)]
target/riscv: Add sscofpmf extension support
The Sscofpmf ('Ss' for Privileged arch and Supervisor-level extensions,
and 'cofpmf' for Count OverFlow and Privilege Mode Filtering)
extension allows the perf to handle overflow interrupts and filtering
support. This patch provides a framework for programmable
counters to leverage the extension. As the extension doesn't have any
provision for the overflow bit for fixed counters, the fixed events
can also be monitoring using programmable counters. The underlying
counters for cycle and instruction counters are always running. Thus,
a separate timer device is programmed to handle the overflow.
Atish Patra [Wed, 24 Aug 2022 22:13:57 +0000 (15:13 -0700)]
target/riscv: Add vstimecmp support
vstimecmp CSR allows the guest OS or to program the next guest timer
interrupt directly. Thus, hypervisor no longer need to inject the
timer interrupt to the guest if vstimecmp is used. This was ratified
as a part of the Sstc extension.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-Id: <20220824221357.41070-4-atishp@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Atish Patra [Wed, 24 Aug 2022 22:13:56 +0000 (15:13 -0700)]
target/riscv: Add stimecmp support
stimecmp allows the supervisor mode to update stimecmp CSR directly
to program the next timer interrupt. This CSR is part of the Sstc
extension which was ratified recently.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-Id: <20220824221357.41070-3-atishp@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Atish Patra [Wed, 24 Aug 2022 22:13:55 +0000 (15:13 -0700)]
hw/intc: Move mtimer/mtimecmp to aclint
Historically, The mtime/mtimecmp has been part of the CPU because
they are per hart entities. However, they actually belong to aclint
which is a MMIO device.
Move them to the ACLINT device. This also emulates the real hardware
more closely.
Reviewed-by: Anup Patel <anup@brainfault.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-Id: <20220824221357.41070-2-atishp@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Sat, 20 Aug 2022 04:29:58 +0000 (09:59 +0530)]
target/riscv: Use official extension names for AIA CSRs
The arch review of AIA spec is completed and we now have official
extension names for AIA: Smaia (M-mode AIA CSRs) and Ssaia (S-mode
AIA CSRs).
Refer, section 1.6 of the latest AIA v0.3.1 stable specification at
https://github.com/riscv/riscv-aia/releases/download/0.3.1-draft.32/riscv-interrupts-032.pdf)
Based on above, we update QEMU RISC-V to:
1) Have separate config options for Smaia and Ssaia extensions
which replace RISCV_FEATURE_AIA in CPU features
2) Not generate AIA INTC compatible string in virt machine
Signed-off-by: Anup Patel <apatel@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220820042958.377018-1-apatel@ventanamicro.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Conor Dooley [Wed, 10 Aug 2022 18:46:12 +0000 (19:46 +0100)]
hw/core: fix platform bus node name
"platform" is not a valid name for a bus node in dt-schema, so warnings
can be see in dt-validate on a dump of the riscv virt dtb:
/stuff/qemu/qemu.dtb: platform@4000000: $nodename:0: 'platform@4000000' does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml
"platform-bus" is a valid name, so use that instead.
CC: Rob Herring <robh@kernel.org> Fixes: 11d306b9df ("hw/arm/sysbus-fdt: helpers for platform bus nodes addition") Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Message-id: 20220810184612.157317-5-mail@conchuod.ie Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Conor Dooley [Wed, 10 Aug 2022 18:46:11 +0000 (19:46 +0100)]
hw/riscv: virt: fix syscon subnode paths
The reset and poweroff features of the syscon were originally added to
top level, which is a valid path for a syscon subnode. Subsequently a
reorganisation was carried out while implementing NUMA in which the
subnodes were moved into the /soc node. As /soc is a "simple-bus", this
path is invalid, and so dt-validate produces the following warnings:
/stuff/qemu/qemu.dtb: soc: poweroff: {'value': [[21845]], 'offset': [[0]], 'regmap': [[4]], 'compatible': ['syscon-poweroff']} should not be valid under {'type': 'object'}
From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml
/stuff/qemu/qemu.dtb: soc: reboot: {'value': [[30583]], 'offset': [[0]], 'regmap': [[4]], 'compatible': ['syscon-reboot']} should not be valid under {'type': 'object'}
From schema: /home/conor/.local/lib/python3.9/site-packages/dtschema/schemas/simple-bus.yaml
Move the syscon subnodes back to the top level and silence the warnings.
Reported-by: Rob Herring <robh@kernel.org> Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20220810184612.157317-4-mail@conchuod.ie Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/ Fixes: 18df0b4695 ("hw/riscv: virt: Allow creating multiple NUMA sockets") Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Conor Dooley [Wed, 10 Aug 2022 18:46:10 +0000 (19:46 +0100)]
hw/riscv: virt: fix the plic's address cells
When optional AIA PLIC support was added the to the virt machine, the
address cells property was removed leading the issues with dt-validate
on a dump from the virt machine:
/stuff/qemu/qemu.dtb: plic@c000000: '#address-cells' is a required property
From schema: /stuff/linux/Documentation/devicetree/bindings/interrupt-controller/sifive,plic-1.0.0.yaml
Add back the property to suppress the warning.
Reported-by: Rob Herring <robh@kernel.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Message-id: 20220810184612.157317-3-mail@conchuod.ie Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/ Fixes: e6faee6585 ("hw/riscv: virt: Add optional AIA APLIC support to virt machine") Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Conor Dooley [Wed, 10 Aug 2022 18:46:09 +0000 (19:46 +0100)]
hw/riscv: virt: fix uart node name
"uart" is not a node name that complies with the dt-schema.
Change the node name to "serial" to ix warnings seen during
dt-validate on a dtbdump of the virt machine such as:
/stuff/qemu/qemu.dtb: uart@10000000: $nodename:0: 'uart@10000000' does not match '^serial(@.*)?$'
From schema: /stuff/linux/Documentation/devicetree/bindings/serial/8250.yaml
Reported-by: Rob Herring <robh@kernel.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Message-id: 20220810184612.157317-2-mail@conchuod.ie Link: https://lore.kernel.org/linux-riscv/20220803170552.GA2250266-robh@kernel.org/ Fixes: 04331d0b56 ("RISC-V VirtIO Machine") Signed-off-by: Conor Dooley <conor.dooley@microchip.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Conor Dooley [Sat, 13 Aug 2022 13:51:27 +0000 (14:51 +0100)]
hw/riscv: microchip_pfsoc: fix kernel panics due to missing peripherals
Booting using "Direct Kernel Boot" for PolarFire SoC & skipping u-boot
entirely is probably not advisable, but it does at least show signs of
life. Recent Linux kernel versions make use of peripherals that are
missing definitions in QEMU and lead to kernel panics. These issues
almost certain rear their head for other methods of booting, but I was
unable to figure out a suitable HSS version that is recent enough to
support these peripherals & works with QEMU.
With these peripherals added, booting a kernel with the following hangs
hangs waiting for the system controller's hwrng, but the kernel no
longer panics. With the Linux driver for hwrng disabled, it boots to
console.
More peripherals are added than strictly required to fix the panics in
the hopes of avoiding a replication of this problem in the future.
Some of the peripherals which are in the device tree for recent kernels
are implemented in the FPGA fabric. The eMMC/SD mux, which exists as
an unimplemented device is replaced by a wider entry. This updated
entry covers both the mux & the remainder of the FPGA fabric connected
to the MSS using Fabric Interrconnect (FIC) 3.
Note: with this patch we now skip the usage of the opentitan
`boot_rom`. The Opentitan boot rom contains hw verification
for devies which we are currently not supporting in qemu. As of now,
the `boot_rom` has no major significance, however, would be good to
support in the future.
Tested by running utests from the latest tock [1]
(that supports this version of OT).
[1] https://github.com/tock/tock/pull/3056
Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220812005229.358850-1-wilfred.mallawa@opensource.wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Wed, 3 Aug 2022 12:36:52 +0000 (20:36 +0800)]
target/riscv: Fix priority of csr related check in riscv_csrrw_check
Normally, riscv_csrrw_check is called when executing Zicsr instructions.
And we can only do access control for existed CSRs. So the priority of
CSR related check, from highest to lowest, should be as follows:
1) check whether Zicsr is supported: raise RISCV_EXCP_ILLEGAL_INST if not
2) check whether csr is existed: raise RISCV_EXCP_ILLEGAL_INST if not
3) do access control: raise RISCV_EXCP_ILLEGAL_INST or RISCV_EXCP_VIRT_
INSTRUCTION_FAULT if not allowed
The predicates contain parts of function of both 2) and 3), So they need
to be placed in the middle of riscv_csrrw_check
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220803123652.3700-1-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
hw/riscv: remove 'fdt' param from riscv_setup_rom_reset_vec()
The 'fdt' param is not being used in riscv_setup_rom_reset_vec().
Simplify the API by removing it. While we're at it, remove the redundant
'return' statement at the end of function.
Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Alistair Francis <alistair.francis@wdc.com> Cc: Bin Meng <bin.meng@windriver.com> Cc: Vijai Kumar K <vijai@behindbytes.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220728181926.2123771-1-danielhb413@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Dao Lu [Mon, 25 Jul 2022 03:47:28 +0000 (20:47 -0700)]
target/riscv: Add Zihintpause support
Added support for RISC-V PAUSE instruction from Zihintpause extension,
enabled by default.
Tested-by: Heiko Stuebner <heiko@sntech.de> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Dao Lu <daolu@rivosinc.com>
Message-Id: <20220725034728.2620750-2-daolu@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
According to v-spec, mask agnostic behavior can be either kept as
undisturbed or set elements' bits to all 1s. To distinguish the
difference of mask policies, QEMU should be able to simulate the mask
agnostic behavior as "set mask elements' bits to all 1s".
There are multiple possibility for agnostic elements according to
v-spec. The main intent of this patch-set tries to add option that
can distinguish between mask policies. Setting agnostic elements to
all 1s allows QEMU to express this.
This commit adds option 'rvv_ma_all_1s' is added to enable the
behavior, it is default as disabled.
Signed-off-by: eop Chen <eop.chen@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <165570784143.17634.35095816584573691-10@git.sr.ht> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
target/riscv: rvv: Add mask agnostic for vv instructions
According to v-spec, mask agnostic behavior can be either kept as
undisturbed or set elements' bits to all 1s. To distinguish the
difference of mask policies, QEMU should be able to simulate the mask
agnostic behavior as "set mask elements' bits to all 1s".
There are multiple possibility for agnostic elements according to
v-spec. The main intent of this patch-set tries to add option that
can distinguish between mask policies. Setting agnostic elements to
all 1s allows QEMU to express this.
This is the first commit regarding the optional mask agnostic
behavior. Follow-up commits will add this optional behavior
for all rvv instructions.
Signed-off-by: eop Chen <eop.chen@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <165570784143.17634.35095816584573691-1@git.sr.ht> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Bin Meng [Tue, 19 Jul 2022 08:26:35 +0000 (16:26 +0800)]
docs: List kvm as a supported accelerator on RISC-V
Since commit fbf43c7dbf18 ("target/riscv: enable riscv kvm accel"),
KVM accelerator is supported on RISC-V. Let's document it.
Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220719082635.3741878-1-bin.meng@windriver.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Bin Meng [Wed, 13 Jul 2022 09:00:31 +0000 (17:00 +0800)]
roms/opensbi: Upgrade from v1.0 to v1.1
Upgrade OpenSBI from v1.0 to v1.1 and the pre-built bios images.
The v1.1 release includes the following commits:
5b99603 lib: utils/ipi: Fix size check in aclint_mswi_cold_init() 6dde435 lib: utils/sys: Extend HTIF library to allow custom base address 8257262 platform: sifive_fu740: do not use a global in da9063_reset/shutdown fb688d9 platform: sifive_fu740: fix reset when watchdog is running 5d025eb lib: fix pointer of type 'void *' used in arithmetic 632f593 lib: sbi: Map only the counters enabled in hardware 3b7c204 lib: sbi: Disable interrupt during config matching a26dc60 lib: sbi: Disable interrupt and inhibit counting in M-mode during init 5d53b55 Makefile: fix build with binutils 2.38 6ad8917 lib: fix compilation when strings.h is included ce4c018 lib: utils/serial: Round UART8250 baud rate divisor to nearest integer 01250d0 include: sbi: Add AIA related CSR defines 8f96070 lib: sbi: Detect AIA CSRs at boot-time 65b4c7c lib: sbi: Use AIA CSRs for local interrupts when available 222132f lib: sbi: Add sbi_trap_set_external_irqfn() API 5f56314 lib: utils/irqchip: Allow multiple FDT irqchip drivers 1050940 include: sbi: Introduce nascent_init() platform callback 55e79f8 lib: sbi: Enable mie.MEIE bit for IPIs based on external interrupts. 9f73669 lib: utils/irqchip: Add IMSIC library 811da5c lib: utils/irqchip: Add FDT based driver for IMSIC 7127aaa lib: utils: Disable appropriate IMSIC DT nodes in fdt_fixups() 9979265 lib: utils/irqchip: Add APLIC initialization library 3461219 lib: utils/irqchip: Add FDT based driver for APLIC 8e2ef4f lib: utils: Disable appropriate APLIC DT nodes in fdt_fixups() 3a69cc1 lib: sbi: fix typo in is_region_subset f2ccf2f lib: sbi: verbose sbi_domain_root_add_memregion f3f4604 lib: sbi: Add a simple external interrupt handling framework 4998a71 lib: utils: serial: Initial commit of xlnx-uartlite 2dfbd3c lib: pmp_set/pmp_get moved errors from runtime to compile time b6b7220 firmware: Fix code for accessing hart_count and stack_size d552fc8 lib: Add error messages via conditional compilation for the future 555bdb1 include: Use static asserts for SBI_PLATFORM_xxx_OFFSET defines 1b42d3a include: Use static asserts for SBI_SCRATCH_xxx_OFFSET defines 7924a0b include: Use static asserts for FW_DYNAMIC_INFO_xxx_OFFSET defines 722f80d include: Add defines for [m|h|s]envcfg CSRs 31fecad lib: sbi: Detect menvcfg CSR at boot time 47d6765 lib: sbi: Enable Zicbo[m|z] extensions in the menvcfg CSR 794986f lib: sbi: Enable Svpbmt extension in the menvcfg CSR 499601a lib: sbi: Add Smstateen extension defines d44568a lib: sbi: Detect Smstateen CSRs at boot-time 3383d6a lib: irqchip/imsic: configure mstateen 5c5cbb5 lib: utils/serial: support 'reg-offset' property c1e47d0 include: correct the definition of MSTATUS_VS 9cd95e1 lib: sbi/hart: preserve csr validation value 4035ae9 docs: pmu: Improve the PMU DT bindings d62f6da lib: sbi: Implement Sstc extension 474a9d4 lib: sbi: Fix mstatus_init() for RV32 when Sscofpmf is not available e576b3e include: sbi: Define SBI_PMU_HW_EVENT_MAX to 256 b0c9df5 lib: sbi: Fix mhpmeventh access for rv32 in absence of sscofpmf 1a754bb lib: sbi: Detect and print privileged spec version 5a6be99 lib: sbi: Remove 's' and 'u' from misa_string() output 5b8b377 lib: sbi: Update the name of ISA string printed at boot time d4b563c lib: sbi: Remove MCOUNTEREN and SCOUNTEREN hart features dbc3d8f lib: sbi: Remove MCOUNTINHIBT hart feature 97a17c2 lib: sbi: Remove MENVCFG hart feature a6ab94f lib: sbi: Fix AIA feature detection cad6c91 lib: sbi: Convert hart features into hart extensions be4903a lib: sbi: Detect hart features only once for each hart 994ace3 lib: sbi: Add sbi_hart_update_extension() function 023f0ad lib: sbi_platform: Add callback to populate HART extensions f726f2d Makefile: Allow generated C source to be anywhere in build directory 7fb474b Makefile: Add support for generating C array at compile time 73cf511 lib: utils/reset: Generate FDT reset driver list at compile-time 1e62705 lib: utils/serial: Generate FDT serial driver list at compile-time bfeb305 lib: utils/timer: Generate FDT timer driver list at compile-time 3a69d12 lib: utils/irqchip: Generate FDT irqchip driver list at compile-time 4ee0c57 lib: utils/ipi: Generate FDT ipi driver list at compile-time 998ed43 lib: utils/i2c: Generate FDT i2c adapter driver list at compile-time 4eacd82 lib: utils/gpio: Generate FDT gpio driver list at compile-time a3a3c60 platform: generic: Generate platform override module list at compile-time 9a7a677 platform: generic: Move Sifive platform overrides into own directory 851c14d lib: utils/irqchip: fix typo when checking for CPU node 90a9dd2 lib: utils/fdt: introduce fdt_node_is_enabled() 616da52 lib: utils: check if CPU node is enabled 575bb4e platform: generic: check if CPU node is enabled 1bc67db lib: utils/fdt: rename fdt_parse_max_hart_id f067bb8 lib: sbi: fix system_opcode_insn fab0379 lib: utils/fdt: Require match data to be const 295e5f3 lib: sbi_timer: Drop unnecessary get_platform_ticks wrapper ff65bfe lib: sbi_illegal_insn: Constify illegal_insn_table cb8271c lib: sbi_illegal_insn: Add emulation for fence.tso adc3388 lib: sbi_trap: Redirect exception based on hedeleg ce1d618 platform: generic: add overrides for vendor extensions b20ed9f lib: sbi_hsm: Call a device hook during hart resume 79e42eb lib: sbi_hsm: Assume a consistent resume address 2ea7799 lib: irqchip/plic: Constify plic_data pointers 8c362e7 lib: irqchip/plic: Factor out a context init function 415ecf2 lib: irqchip/plic: Add context save/restore helpers 2b79b69 lib: irqchip/plic: Add priority save/restore helpers 69be3df lib: utils/irqchip: Add FDT wrappers for PLIC save/restore functions 5e56758 lib: utils/irqchip: Add wrapper for T-HEAD PLIC delegation 9dc5ec5 platform: Add HSM implementation for Allwinner D1 551c70c include: sbi: Add mtinst/htinst psuedoinstructions 187127f lib: sbi: Fixup tinst for exceptions in sbi_misaligned_*() a07402a lib: sbi: Fix tval and tinst for sbi_get_insn() c653001 lib: utils: Remove CSRs that set/clear an IMSIC interrupt file bits 7738345 lib: utils/timer: Add a separate compatible for the D1 CLINT d76a196 lib: irqchip/plic: fix typo in plic_warm_irqchip_init 6f1fe98 lib: utils/timer: Remove Allwinner D1 CLINT compatibles c6fdbcf include: sbi: Change spec version to 1.0 3f66465 lib: pmu: allow to use the highest available counter 4489876 include: Bump-up version to 1.1
Signed-off-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220713090613.204046-1-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Mon, 18 Jul 2022 13:09:55 +0000 (21:09 +0800)]
target/riscv: Simplify the check in hmode to reuse the check in riscv_csrrw_check
Just add 1 to the effective privledge level when in HS mode, then reuse
the check of 'effective_priv < csr_priv' in riscv_csrrw_check to replace
the privilege level related check in hmode. Then, hmode will only check
whether H extension is supported.
When accessing Hypervior CSRs:
1) If accessing from M privilege level, the check of
'effective_priv< csr_priv' passes, returns hmode(...) which will return
RISCV_EXCP_ILLEGAL_INST when H extension is not supported and return
RISCV_EXCP_NONE otherwise.
2) If accessing from HS privilege level, effective_priv will add 1,
the check passes and also returns hmode(...) too.
3) If accessing from VS/VU privilege level, the check fails, and
returns RISCV_EXCP_VIRT_INSTRUCTION_FAULT
4) If accessing from U privilege level, the check fails, and returns
RISCV_EXCP_ILLEGAL_INST
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220718130955.11899-7-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Mon, 18 Jul 2022 13:09:54 +0000 (21:09 +0800)]
target/riscv: Fix checks in hmode/hmode32
Add check for the implicit dependence between H and S
Csrs only existed in RV32 will not trigger virtual instruction fault
when not in RV32 based on section 8.6.1 of riscv-privileged spec
(draft-20220717)
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220718130955.11899-6-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Mon, 18 Jul 2022 13:09:53 +0000 (21:09 +0800)]
target/riscv: Add check for csrs existed with U extension
Add umode/umode32 predicate for mcounteren, menvcfg/menvcfgh
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220718130955.11899-5-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Mon, 18 Jul 2022 13:09:52 +0000 (21:09 +0800)]
target/riscv: Fix checkpatch warning may triggered in csr_ops table
Fix the lines with over 80 characters
Fix the lines which are obviously misalgined with other lines in the
same group
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220718130955.11899-4-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Mon, 18 Jul 2022 13:09:51 +0000 (21:09 +0800)]
target/riscv: H extension depends on I extension
Add check for "H depends on an I base integer ISA with 32 x registers"
which is stated at the beginning of chapter 8 of the riscv-privileged
spec(draft-20220717)
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220718130955.11899-3-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Mon, 18 Jul 2022 13:09:50 +0000 (21:09 +0800)]
target/riscv: Add check for supported privilege mode combinations
There are 3 suggested privilege mode combinations listed in section 1.2
of the riscv-privileged spec(draft-20220717):
1) M, 2) M, U 3) M, S, U
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220718130955.11899-2-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This is confirmed to successfully initialize the
RNG on Linux 5.19-rc2.
Cc: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220613115810.178210-1-Jason@zx2c4.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Weiwei Li [Sun, 10 Jul 2022 10:15:46 +0000 (18:15 +0800)]
target/riscv: move zmmul out of the experimental properties
- Zmmul is ratified and is now version 1.0
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220710101546.3907-1-liweiwei@iscas.ac.cn> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
For rv128c shifts, a shamt of 0 is a shamt of 64, while for rv32c/rv64c
it stays 0 and is a hint instruction that does not change processor state.
For rv128c right shifts, the 6-bit shamt is in addition sign extended to
7 bits.
Signed-off-by: Frédéric Pétrot <frederic.petrot@univ-grenoble-alpes.fr> Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220710110451.245567-1-frederic.petrot@univ-grenoble-alpes.fr> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Thu, 30 Jun 2022 06:11:50 +0000 (11:41 +0530)]
target/riscv: Force disable extensions if priv spec version does not match
We should disable extensions in riscv_cpu_realize() if minimum required
priv spec version is not satisfied. This also ensures that machines with
priv spec v1.11 (or lower) cannot enable H, V, and various multi-letter
extensions.
Fixes: a775398be2e9 ("target/riscv: Add isa extenstion strings to the device tree") Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Anup Patel <apatel@ventanamicro.com> Signed-off-by: Rahul Pathak <rpathak@ventanamicro.com>
Message-Id: <20220630061150.905174-3-apatel@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Anup Patel [Thu, 30 Jun 2022 06:11:49 +0000 (11:41 +0530)]
target/riscv: Update [m|h]tinst CSR in riscv_cpu_do_interrupt()
We should write transformed instruction encoding of the trapped
instruction in [m|h]tinst CSR at time of taking trap as defined
by the RISC-V privileged specification v1.12.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Anup Patel <apatel@ventanamicro.com> Acked-by: dramforever <dramforever@live.com>
Message-Id: <20220630061150.905174-2-apatel@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
* tag 'pull-tcg-20220906' of https://gitlab.com/rth7680/qemu:
target/riscv: Make translator stop before the end of a page
target/riscv: Add MAX_INSN_LEN and insn_len
target/i386: Make translator stop before the end of a page
target/s390x: Make translator stop before the end of a page
accel/tcg: Add fast path for translator_ld*
accel/tcg: Add pc and host_pc params to gen_intermediate_code
accel/tcg: Remove translator_ldsw
accel/tcg: Document the faulting lookup in tb_lookup_cmp
accel/tcg: Use probe_access_internal for softmmu get_page_addr_code_hostp
accel/tcg: Move qemu_ram_addr_from_host_nofail to physmem.c
accel/tcg: Make tb_htable_lookup static
accel/tcg: Unlock mmap_lock after longjmp
accel/tcg: Properly implement get_page_addr_code for user-only
accel/tcg: Introduce is_same_page()
tests/tcg/i386: Move smc_code2 to an executable section
linux-user: Clear translations on mprotect()
linux-user: Honor PT_GNU_STACK
linux-user/x86_64: Allocate vsyscall page as a commpage
linux-user/hppa: Allocate page zero as a commpage
linux-user/arm: Mark the commpage executable
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
target/riscv: Make translator stop before the end of a page
Right now the translator stops right *after* the end of a page, which
breaks reporting of fault locations when the last instruction of a
multi-insn translation block crosses a page boundary.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1155 Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Wed, 17 Aug 2022 15:05:05 +0000 (17:05 +0200)]
target/i386: Make translator stop before the end of a page
Right now translator stops right *after* the end of a page, which
breaks reporting of fault locations when the last instruction of a
multi-insn translation block crosses a page boundary.
An implementation, like the one arm and s390x have, would require an
i386 length disassembler, which is burdensome to maintain. Another
alternative would be to single-step at the end of a guest page, but
this may come with a performance impact.
Fix by snapshotting disassembly state and restoring it after we figure
out we crossed a page boundary. This includes rolling back cc_op
updates and emitted ops.
Ilya Leoshkevich [Wed, 17 Aug 2022 15:05:04 +0000 (17:05 +0200)]
target/s390x: Make translator stop before the end of a page
Right now translator stops right *after* the end of a page, which
breaks reporting of fault locations when the last instruction of a
multi-insn translation block crosses a page boundary.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220817150506.592862-3-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Cache the translation from guest to host address, so we may
use direct loads when we hit on the primary translation page.
Look up the second translation page only once, during translation.
This obviates another lookup of the second page within tb_gen_code
after translation.
Fixes a bug in that plugin_insn_append should be passed the bytes
in the original memory order, not bswapped by pieces.
accel/tcg: Document the faulting lookup in tb_lookup_cmp
It was non-obvious to me why we can raise an exception in
the middle of a comparison function, but it works.
While nearby, use TARGET_PAGE_ALIGN instead of open-coding.
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The mmap_lock is held around tb_gen_code. While the comment
is correct that the lock is dropped when tb_gen_code runs out
of memory, the lock is *not* dropped when an exception is
raised reading code for translation.
Acked-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Thu, 11 Aug 2022 09:55:31 +0000 (11:55 +0200)]
accel/tcg: Introduce is_same_page()
Introduce a function that checks whether a given address is on the same
page as where disassembly started. Having it improves readability of
the following patches.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220811095534.241224-3-iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
[rth: Make the DisasContextBase parameter const.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Wed, 17 Aug 2022 15:05:03 +0000 (17:05 +0200)]
linux-user: Clear translations on mprotect()
Currently it's possible to execute pages that do not have PAGE_EXEC
if there is an existing translation block. Fix by invalidating TBs
that touch the affected pages.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220817150506.592862-2-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
projects / mirror_qemu.git / log