Acked-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230530133603.16934-7-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ira Weiny [Tue, 30 May 2023 13:36:01 +0000 (14:36 +0100)]
hw/cxl/events: Add injection of General Media Events
To facilitate testing provide a QMP command to inject a general media
event. The event can be added to the log specified.
Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Acked-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230530133603.16934-6-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ira Weiny [Tue, 30 May 2023 13:36:00 +0000 (14:36 +0100)]
hw/cxl/events: Add event interrupt support
Replace the stubbed out CXL Get/Set Event interrupt policy mailbox
commands. Enable those commands to control interrupts for each of the
event log types.
Skip the standard input mailbox length on the Set command due to DCD
being optional. Perform the checks separately.
Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230530133603.16934-5-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ira Weiny [Tue, 30 May 2023 13:35:59 +0000 (14:35 +0100)]
hw/cxl/events: Wire up get/clear event mailbox commands
CXL testing is benefited from an artificial event log injection
mechanism.
Add an event log infrastructure to insert, get, and clear events from
the various logs available on a device.
Replace the stubbed out CXL Get/Clear Event mailbox commands with
commands that operate on the new infrastructure.
Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230530133603.16934-4-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Tue, 30 May 2023 13:35:58 +0000 (14:35 +0100)]
hw/cxl: Move CXLRetCode definition to cxl_device.h
Following patches will need access to the mailbox return code
type so move it to the header.
Reviewed-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230530133603.16934-3-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ira Weiny [Tue, 30 May 2023 13:35:57 +0000 (14:35 +0100)]
hw/cxl/events: Add event status register
The device status register block was defined. However, there were no
individual registers nor any data wired up.
Define the event status register [CXL 3.0; 8.2.8.3.1] as part of the
device status register block. Wire up the register and initialize the
event status for each log.
To support CXL 3.0 the version of the device status register block needs
to be 2. Change the macro to allow for setting the version.
Signed-off-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230530133603.16934-2-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 26 May 2023 17:00:10 +0000 (18:00 +0100)]
hw/cxl: Add clear poison mailbox command support.
Current implementation is very simple so many of the corner
cases do not exist (e.g. fragmenting larger poison list entries)
Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230526170010.574-5-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 26 May 2023 17:00:09 +0000 (18:00 +0100)]
hw/cxl: Add poison injection via the mailbox.
Very simple implementation to allow testing of corresponding
kernel code. Note that for now we track each 64 byte section
independently. Whilst a valid implementation choice, it may
make sense to fuse entries so as to prove out more complex
corners of the kernel code.
Reviewed-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230526170010.574-4-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Jonathan Cameron [Fri, 26 May 2023 17:00:08 +0000 (18:00 +0100)]
hw/cxl: QMP based poison injection support
Inject poison using QMP command cxl-inject-poison to add an entry to the
poison list.
For now, the poison is not returned CXL.mem reads, but only via the
mailbox command Get Poison List. So a normal memory read to an address
that is on the poison list will not yet result in a synchronous exception
(and similar for partial cacheline writes).
That is left for a future patch.
See CXL rev 3.0, sec 8.2.9.8.4.1 Get Poison list (Opcode 4300h)
Kernel patches to use this interface here:
https://lore.kernel.org/linux-cxl/cover.1665606782.git.alison.schofield@intel.com/
To inject poison using QMP (telnet to the QMP port)
{ "execute": "qmp_capabilities" }
Note that the poison list supported is kept short enough to avoid the
complexity of state machine that is needed to handle the MORE flag.
Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Ira Weiny <ira.weiny@intel.com> Acked-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230526170010.574-3-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Ira Weiny [Fri, 26 May 2023 17:00:07 +0000 (18:00 +0100)]
bswap: Add the ability to store to an unaligned 24 bit field
CXL has 24 bit unaligned fields which need to be stored to. CXL is
specified as little endian.
Define st24_le_p() and the supporting functions to store such a field
from a 32 bit host native value.
The use of b, w, l, q as the size specifier is limiting. So "24" was
used for the size part of the function name.
Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20230526170010.574-2-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmST/loSHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L748dQcQAKjU2vMketVOc5jXCtF7Jej/F6j21kpk
# Wmt/XuR8FDeohHVyWvQ1quxcewn6DfA+aPx1xqnn0nRBcnuqT/g4IHdXFzwMUxMo
# R3CSUHhMbT/tv8gkbn0q+vg1DffGRr65tc+UUOSkyIttF0Lw6ZgZSoUIcUN4zCvk
# zx+Z8T7UEJl/EMGGe6awS2cuCZcFB4pdLzkKUKOrAtaJ35eBnBPTClfijHwW7c+5
# tsiH/O/AenRP4oxYu/r4Z2tsYTSIkU8a5MAFQNxEIuupbrLDYixoV3yS7NuR9Ylg
# KurOLqdNIlW4vhH2080JijMm1JeX9oXboPc5XMe69v+jFEcdBbpKLvd8ryIhG9SA
# RItGkTJDOBp9ALho9rdQDH/W3JxSDX3ohsDVdn8e3nCR9UBRIlO/OFrLS73siHcD
# mOatC1mMjZwo+6/liTQwhKvCjSkQp+vh7bw/+zhyprmHkkZXs9FASr8EGLrryq4G
# 5wV0qIyNmRrpRXBGcMKGlnmXZ4CZ1XqcGL9xvG5VYVImcjJMEJBBs2aNYLrW1d4Q
# 8FkuqeFunRIf5LcG2EMBgBnIBA28Rgm5AtUMAeu6N8kM5oLYG8mFPOevvN4Da8Mp
# Fluyjtl4vT6xwqV4l0dGcxYtHnV98j7oXXuKx7g2L5ko7l7ZpfrNbkgF9bD4VnWv
# 7HTL0KK8nLEs
# =f/mF
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 Jun 2023 09:55:06 AM CEST
# gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined]
# gpg: aka "Laurent Vivier <laurent@vivier.eu>" [undefined]
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* tag 'q800-for-8.1-pull-request' of https://github.com/vivier/qemu-m68k: (24 commits)
mac_via: fix rtc command decoding for the PRAM seconds registers
mac_via: fix rtc command decoding from PRAM addresses 0x0 to 0xf
q800: move macfb device to Q800MachineState
q800: don't access Nubus bus directly from the mac-nubus-bridge device
q800: move mac-nubus-bridge device to Q800MachineState
q800: move SWIM device to Q800MachineState
q800: move ESP device to Q800MachineState
q800: move escc_orgate device to Q800MachineState
q800: move ESCC device to Q800MachineState
q800: move dp8393x device to Q800MachineState
hw/net/dp8393x.c: move TYPE_DP8393X and dp8393xState into dp8393x.h
q800: move VIA2 device to Q800MachineState
q800: move VIA1 device to Q800MachineState
q800: reimplement mac-io region aliasing using IO memory region
q800: introduce mac-io container memory region
q800: move GLUE device to Q800MachineState
q800-glue.c: switch TypeInfo registration to use DEFINE_TYPES() macro
q800: move GLUE device into separate q800-glue.c file
q800: move ROM memory region to Q800MachineState
q800: move CPU object into Q800MachineState
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:53 +0000 (09:53 +0100)]
mac_via: fix rtc command decoding for the PRAM seconds registers
Analysis of the MacOS toolbox ROM code shows that on startup it attempts 2
separate reads of the seconds registers with commands 0x9d...0x91 followed by
0x8d..0x81 without resetting the command to its initial value. The PRAM seconds
value is only accepted when the values of the 2 separate reads match.
From this we conclude that bit 4 of the rtc command is not decoded or we don't
care about its value when reading the PRAM seconds registers. Implement this
decoding change so that both reads return successfully which allows the MacOS
toolbox ROM to correctly set the date/time.
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:52 +0000 (09:53 +0100)]
mac_via: fix rtc command decoding from PRAM addresses 0x0 to 0xf
A comparison between the rtc command table included in the comment and the code
itself shows that the decoding for PRAM addresses 0x0 to 0xf is being done on
the raw command, and not the shifted version held in value.
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:49 +0000 (09:53 +0100)]
q800: move mac-nubus-bridge device to Q800MachineState
Also change the instantiation of the mac-nubus-bridge device to use
object_initialize_child() and map the Nubus address space using
memory_region_add_subregion() instead of sysbus_mmio_map().
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230621085353.113233-21-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Mark Cave-Ayland [Wed, 21 Jun 2023 08:53:40 +0000 (09:53 +0100)]
q800: reimplement mac-io region aliasing using IO memory region
The current use of aliased memory regions causes us 2 problems: firstly the
output of "info qom-tree" is absolutely huge and difficult to read, and
secondly we have already reached the internal limit for memory regions as
adding any new memory region into the mac-io region causes QEMU to assert
with "phys_section_add: Assertion `map->sections_nb < TARGET_PAGE_SIZE'
failed".
Implement the mac-io region aliasing using a single IO memory region that
applies IO_SLICE_MASK representing the maximum size of the aliased region and
then forwarding the access to the existing mac-io memory region using the
address space API.
Merge tag 'pull-tricore-20230621-1' of https://github.com/bkoppelmann/qemu into staging
- Implement privilege levels for TriCore
- Fix missing REG_PAIR() for insns using two 32 regs
- Fix erroneously saving PSW.CDC on CALL insns
- Added some missing v1.6.2 insns
# -----BEGIN PGP SIGNATURE-----
#
# iQJTBAABCgA9FiEEbmNqfoPy3Qz6bm43CtLGOWtpyhQFAmSTIWsfHGtiYXN0aWFu
# QG1haWwudW5pLXBhZGVyYm9ybi5kZQAKCRAK0sY5a2nKFEVCEACQFRGj/7ADOWm3
# lhkHGgkwpTgx+YKgeI4rfQ5/AKie9b7BUNljPVp1m2AvPFHU/r/0POzziCTDM+Ty
# M90h5gsEgxNRRVS1T+VkfFTKop7yImo48niDBF4mByP9DZGweCvGEvPD2g/FYvLP
# 0Up13F0NiWKMvocKp/jjI5qejpJqwtn1hjWHTpEXya3u+K/iEku1alI72Xo2oMKW
# pKW2iO/mC4cuEzOdpZt4LSzs9ZMsVpFzVn81VIda9CU2rlSpu+oQevgdWWJhgZGa
# 520JnIsrervsJumBWPxh9R0nrjuhHu34I4HXD38eGhD+Ioz2DQnHy2bA99pIVR7B
# qtHoDNhl7wqWgXBqntS9HvnvDAFyYdVM6aLqw9C7AxKXdRBuxy14R3/hrwMZghRs
# vYx3GUcFHSMJT1tkc8a/P14/mz5SB6/cdjVgPQtTCPBJccly4oc4EG3qn7wYqowZ
# Pbq48h+3+QZ7BsC9sT2AiPq+AmLjxRZRq7SE6YrYrjRDIJz/3IoTR600KW5XsFsj
# gZu/SYWdbNXAVr4c7CCg77lXXQ2/GhPHgCYFjL3djIKwlPP79bhT4cvLXK71yF/4
# 3RcCBt9kRggxDz6E/4I+u5cE4oMbyN1f6AoIn80GUheDstWMACYph5RhbIskxRhY
# PWwJ8ML0c7SOy0A74UbCT82gn1He1A==
# =IKrz
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Jun 2023 06:12:27 PM CEST
# gpg: using RSA key 6E636A7E83F2DD0CFA6E6E370AD2C6396B69CA14
# gpg: issuer "kbastian@mail.uni-paderborn.de"
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6E63 6A7E 83F2 DD0C FA6E 6E37 0AD2 C639 6B69 CA14
* tag 'pull-tricore-20230621-1' of https://github.com/bkoppelmann/qemu:
target/tricore: Fix ICR.IE offset in RESTORE insn
target/tricore: Honour privilege changes on PSW write
target/tricore: Implement privilege level for all insns
target/tricore: Introduce priv tb flag
target/tricore: Indirect jump insns use tcg_gen_lookup_and_goto_ptr()
target/tricore: ENABLE exit to main-loop
target/tricore: Introduce DISAS_TARGET_EXIT
target/tricore: Fix RR_JLI clobbering reg A[11]
target/tricore: Fix helper_ret() not correctly restoring PSW
target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs
target/tricore: Correctly fix saving PSW.CDE to CSA on call
target/tricore: Fix out-of-bounds index in imask instruction
target/tricore: Add DISABLE insn variant
target/tricore: Implement SYCSCALL insn
target/tricore: Add shuffle insn
target/tricore: Add crc32.b insn
target/tricore: Add crc32l.w insn
target/tricore: Add LHA insn
target/tricore: Add popcnt.w insn
target/tricore: Introduce ISA 1.6.2 feature
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
from ISA v1.6.1 onwards the bit position of ICR.IE changed.
ctx->icr_ie_offset contains the correct value for the ISA version used
by the vCPU. We also need to exit this tb here, as we might have enabled
interrupts.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-9-kbastian@mail.uni-paderborn.de>
target/tricore: Honour privilege changes on PSW write
the CPU can change the privilege level by writing the corresponding bits
in PSW. If this happens all instructions after this 'mtcr' in the TB are
translated with the wrong privilege level. So we have to exit to the
cpu_loop() and start translating again with the new privilege level.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230621142302.1648383-8-kbastian@mail.uni-paderborn.de>
target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs
some insns were not checking if an even index was used to access a 64
bit register. In the worst case that could lead to a buffer overflow as
reported in https://gitlab.com/qemu-project/qemu/-/issues/1698.
Siqi Chen [Mon, 12 Jun 2023 11:32:42 +0000 (13:32 +0200)]
target/tricore: Fix out-of-bounds index in imask instruction
When translating "imask" instruction of Tricore architecture, QEMU did not check whether the register index was out of bounds, resulting in a global-buffer-overflow.
this variant saves the 'IE' bit to a 'd' register. The 'IE' bitfield
changed from ISA version 1.6.1, so we add icr_ie_offset to DisasContext
as with the other DISABLE insn.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230614100039.1337971-9-kbastian@mail.uni-paderborn.de>
That commit tries to make a field in the CPUState struct not be
present when CONFIG_USER_ONLY is set. Unfortunately, you can't
conditionally omit fields in structs like this based on ifdefs that
are set per-target. If you try it, then code in files compiled
per-target (where CONFIG_USER_ONLY is or can be set) will disagree
about the struct layout with files that are compiled once-only (where
this kind of ifdef is never set).
This manifests specifically in 'make check-tcg' failing, because code
in cpus-common.c that sets up the CPUState::cpu_index field puts it
at a different offset from the code in plugins/core.c in
qemu_plugin_vcpu_init_hook() which reads the cpu_index field. The
latter then hits an assert because from its point of view every
thread has a 0 cpu_index. There might be other weird behaviour too.
Mostly we catch this kind of bug because the CONFIG_whatever is
listed in include/exec/poison.h and so the reference to it in
build-once source files will then cause a compiler error.
Unfortunately CONFIG_USER_ONLY is an exception to that: we have some
places where we use it in "safe" ways in headers that will be seen by
once-only source files (e.g. ifdeffing out function prototypes) and
it would be a lot of refactoring to be able to get to a position
where we could poison it. This leaves us in a "you have to be
careful to walk around the bear trap" situation...
Fixes: d7ee93e243597 ("cputlb: Restrict SavedIOTLB to system emulation") Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230620175712.1331625-1-peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-tcg-20230620' of https://gitlab.com/rth7680/qemu into staging
tcg: Define _CALL_AIX for clang on ppc64
accel/tcg: Build fix for macos catalina
accel/tcg: Handle MO_ATOM_WITHIN16 in do_st16_leN
accel/tcg: Restrict SavedIOTLB to system emulation
accel/tcg: Use generic 'helper-proto-common.h' header
plugins: Remove unused 'exec/helper-proto.h' header
*: Check for CONFIG_USER_ONLY instead of CONFIG_SOFTMMU
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmSRYmIdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8zbAgAlX4GcShS1OU1BDRe
# b0HHHj1fFBB/9yk8f/5WuQb2snYS+pcZCez9XeT175ugovXSOz+shvmFrbRPvpfj
# q8C88CIKCJRsXnhWqKWOKDqgTttu2WNXOvCe0eCZbUoGQ9K1seMvUBq6T50fNv2H
# fXeHtLSu/+jiHIN3+woJqdgrkp0cko2rrpnwIpjuIsY1iz/J/VKEHmnv7Ah+GsRs
# OTYnR7iN6uhBXVll14r3UCylbgdEz58sSSEi3dYYfaTRuijDwOzM0evhk6+5XzHP
# DYwGdbtDE5HJOrCLiKegk80Gh6v1XVZQWnn9PdiN1eJcQsWNT9mYV9/4IsCVrsF4
# 8r5KUg==
# =JmjK
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Jun 2023 10:25:06 AM CEST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20230620' of https://gitlab.com/rth7680/qemu:
cputlb: Restrict SavedIOTLB to system emulation
exec/cpu-defs: Check for SOFTMMU instead of !USER_ONLY
accel/tcg/cpu-exec: Use generic 'helper-proto-common.h' header
plugins: Remove unused 'exec/helper-proto.h' header
meson: Replace softmmu_ss -> system_ss
meson: Replace CONFIG_SOFTMMU -> CONFIG_SYSTEM_ONLY
meson: Alias CONFIG_SOFTMMU -> CONFIG_SYSTEM_ONLY
accel/tcg: Check for USER_ONLY definition instead of SOFTMMU one
hw/core/cpu: Check for USER_ONLY definition instead of SOFTMMU one
target/ppc: Check for USER_ONLY definition instead of SOFTMMU one
target/m68k: Check for USER_ONLY definition instead of SOFTMMU one
target/tricore: Remove pointless CONFIG_SOFTMMU guard
target/i386: Simplify i386_tr_init_disas_context()
tcg/ppc: Define _CALL_AIX for clang on ppc64(be)
accel/tcg: Handle MO_ATOM_WITHIN16 in do_st16_leN
host/include/x86_64: Use __m128i for "x" constraints
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Commit 2f3a57ee47 ("cputlb: ensure we save the IOTLB data in
case of reset") added the SavedIOTLB structure -- which is
system emulation specific -- in the generic CPUState structure.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20221216215519.5522-3-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
exec/cpu-defs: Check for SOFTMMU instead of !USER_ONLY
We want to check the softmmu tlb availability, not
if we are targetting system emulation. Besides, this
code could be used by user emulation in the future.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230605230216.17202-1-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg/cpu-exec: Use generic 'helper-proto-common.h' header
We only need lookup_tb_ptr() prototype.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230611085846.21415-3-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230611085846.21415-2-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We use the user_ss[] array to hold the user emulation sources,
and the softmmu_ss[] array to hold the system emulation ones.
Hold the latter in the 'system_ss[]' array for parity with user
emulation.
Mechanical change doing:
$ sed -i -e s/softmmu_ss/system_ss/g $(git grep -l softmmu_ss)
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230613133347.82210-10-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since we *might* have user emulation with softmmu,
use the clearer 'CONFIG_SYSTEM_ONLY' key to check
for system emulation.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230613133347.82210-9-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We use the CONFIG_USER_ONLY key to describe user emulation,
and the CONFIG_SOFTMMU key to describe system emulation. Alias
it as 'CONFIG_SYSTEM_ONLY' for parity with user emulation.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230613133347.82210-8-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Check for USER_ONLY definition instead of SOFTMMU one
Since we *might* have user emulation with softmmu,
replace the system emulation check by !user emulation one.
Invert some if() ladders for clarity.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230613133347.82210-7-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
hw/core/cpu: Check for USER_ONLY definition instead of SOFTMMU one
Since we *might* have user emulation with softmmu,
replace the system emulation check by !user emulation one.
Invert the #ifdef'ry in TCGCPUOps structure for clarity.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230613133347.82210-6-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/ppc: Check for USER_ONLY definition instead of SOFTMMU one
Since we *might* have user emulation with softmmu,
replace the system emulation check by !user emulation one.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20230613133347.82210-5-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
target/m68k: Check for USER_ONLY definition instead of SOFTMMU one
Since we *might* have user emulation with softmmu,
replace the system emulation check by !user emulation one.
Invert some if() ladders for clarity.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230613133347.82210-4-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since cpu_mmu_index() is well-defined for user-only,
we can remove the surrounding #ifdef'ry entirely.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230613133347.82210-2-philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Restructure the ifdef ladder, separating 64-bit from 32-bit,
and ensure _CALL_AIX is set for ELF v1. Fixes the build for
ppc64 big-endian host with clang.
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Otherwise we hit the default assert not reached.
Handle it as MO_ATOM_NONE, because of size and misalignment.
We already handle this correctly in do_ld16_beN.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
host/include/x86_64: Use __m128i for "x" constraints
The macOS catalina compiler produces an error for __int128_t
as the type for allocation with SSE inline asm constraint.
Create a new X86Int128Union type and use the vector type for
all SSE register inputs and outputs.
Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-target-arm-20230619' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Fix return value from LDSMIN/LDSMAX 8/16 bit atomics
* Return correct result for LDG when ATA=0
* Conversion of system insns, loads and stores to decodetree
* hw/intc/allwinner-a10-pic: Handle IRQ levels other than 0 or 1
* hw/sd/allwinner-sdhost: Don't send non-boolean IRQ line levels
* hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
* hw/arm/Kconfig: sbsa-ref uses Bochs display
* imx_serial: set wake bit when we receive a data byte
* docs: sbsa: document board to firmware interface
* hw/misc/bcm2835_property: avoid hard-coded constants
* tag 'pull-target-arm-20230619' of https://git.linaro.org/people/pmaydell/qemu-arm: (33 commits)
hw/misc/bcm2835_property: Handle CORE_CLK_ID firmware property
hw/misc/bcm2835_property: Replace magic frequency values by definitions
hw/misc/bcm2835_property: Use 'raspberrypi-fw-defs.h' definitions
hw/arm/raspi: Import Linux raspi definitions as 'raspberrypi-fw-defs.h'
docs: sbsa: document board to firmware interface
imx_serial: set wake bit when we receive a data byte
hw/arm/Kconfig: sbsa-ref uses Bochs display
hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
hw/sd/allwinner-sdhost: Don't send non-boolean IRQ line levels
hw/intc/allwinner-a10-pic: Handle IRQ levels other than 0 or 1
target/arm: Convert load/store tags insns to decodetree
target/arm: Convert load/store single structure to decodetree
target/arm: Convert load/store (multiple structures) to decodetree
target/arm: Convert LDAPR/STLR (imm) to decodetree
target/arm: Convert load (pointer auth) insns to decodetree
target/arm: Convert atomic memory ops to decodetree
target/arm: Convert LDR/STR reg+reg to decodetree
target/arm: Convert LDR/STR with 12-bit immediate to decodetree
target/arm: Convert ld/st reg+imm9 insns to decodetree
target/arm: Convert load/store-pair to decodetree
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Sergey Kambalin <sergey.kambalin@auriga.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230612223456.33824-5-philmd@linaro.org
Message-Id: <20230531155258.8361-1-sergey.kambalin@auriga.com>
[PMD: Split from bigger patch: 3/4] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMM: added a comment about RPI_FIRMWARE_CORE_CLK_RATE
really being SoC-specific] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We plan to add more hardware information into DeviceTree to limit amount
of hardcoded values in firmware.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20230531171834.236569-1-marcin.juszkiewicz@linaro.org
[PMM: fix format nits, add text about platform version fields from
a comment in the C source file] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Martin Kaiser [Thu, 15 Jun 2023 14:22:56 +0000 (15:22 +0100)]
imx_serial: set wake bit when we receive a data byte
The Linux kernel added a flood check for RX data recently in commit 496a4471b7c3 ("serial: imx: work-around for hardware RX flood"). This
check uses the wake bit in the UART status register 2. The wake bit
indicates that the receiver detected a start bit on the RX line. If the
kernel sees a number of RX interrupts without the wake bit being set, it
treats this as spurious data and resets the UART port. imx_serial does
never set the wake bit and triggers the kernel's flood check.
This patch adds support for the wake bit. wake is set when we receive a
new character (it's not set for break events). It seems that wake is
cleared by the kernel driver, the hardware does not have to clear it
automatically after data was read.
The wake bit can be configured as an interrupt source. Support this
mechanism as well.
Co-developed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Martin Kaiser <martin@kaiser.cx> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20230607092112.655098-1-marcin.juszkiewicz@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 6 Jun 2023 13:49:17 +0000 (14:49 +0100)]
hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
The nrf51_timer has a free-running counter which we implement using
the pattern of using two fields (update_counter_ns, counter) to track
the last point at which we calculated the counter value, and the
counter value at that time. Then we can find the current counter
value by converting the difference in wall-clock time between then
and now to a tick count that we need to add to the counter value.
Unfortunately the nrf51_timer's implementation of this has a bug
which means it loses time every time update_counter() is called.
After updating s->counter it always sets s->update_counter_ns to
'now', even though the actual point when s->counter hit the new value
will be some point in the past (half a tick, say). In the worst case
(guest code in a tight loop reading the counter, icount mode) the
counter is continually queried less than a tick after it was last
read, so s->counter never advances but s->update_counter_ns does, and
the guest never makes forward progress.
The fix for this is to only advance update_counter_ns to the
timestamp of the last tick, not all the way to 'now'. (This is the
pattern used in hw/misc/mps2-fpgaio.c's counter.)
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20230606134917.3782215-1-peter.maydell@linaro.org
Peter Maydell [Tue, 6 Jun 2023 10:46:09 +0000 (11:46 +0100)]
hw/sd/allwinner-sdhost: Don't send non-boolean IRQ line levels
QEMU allows qemu_irq lines to transfer arbitrary integers. However
the convention is that for a simple IRQ line the values transferred
are always 0 and 1. The A10 SD controller device instead assumes a
0-vs-non-0 convention, which happens to work with the interrupt
controller it is wired up to.
Coerce the value to boolean to follow our usual convention.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230606104609.3692557-3-peter.maydell@linaro.org
Peter Maydell [Tue, 6 Jun 2023 10:46:08 +0000 (11:46 +0100)]
hw/intc/allwinner-a10-pic: Handle IRQ levels other than 0 or 1
In commit 2c5fa0778c3b430 we fixed an endianness bug in the Allwinner
A10 PIC model; however in the process we introduced a regression.
This is because the old code was robust against the incoming 'level'
argument being something other than 0 or 1, whereas the new code was
not.
In particular, the allwinner-sdhost code treats its IRQ line
as 0-vs-non-0 rather than 0-vs-1, so when the SD controller
set its IRQ line for any reason other than transmit the
interrupt controller would ignore it. The observed effect
was a guest timeout when rebooting the guest kernel.
Handle level values other than 0 or 1, to restore the old
behaviour.
Fixes: 2c5fa0778c3b430 ("hw/intc/allwinner-a10-pic: Don't use set_bit()/clear_bit()") Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230606104609.3692557-2-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:24 +0000 (11:20 +0100)]
target/arm: Convert load/store tags insns to decodetree
Convert the instructions in the load/store memory tags instruction
group to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-21-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:24 +0000 (11:20 +0100)]
target/arm: Convert load/store single structure to decodetree
Convert the ASIMD load/store single structure insns to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230602155223.2040685-20-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 19 Jun 2023 10:20:24 +0000 (11:20 +0100)]
target/arm: Convert load/store (multiple structures) to decodetree
Convert the instructions in the ASIMD load/store multiple structures
instruction classes to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-19-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:23 +0000 (11:20 +0100)]
target/arm: Convert LDAPR/STLR (imm) to decodetree
Convert the instructions in the LDAPR/STLR (unscaled immediate)
group to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-18-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:23 +0000 (11:20 +0100)]
target/arm: Convert load (pointer auth) insns to decodetree
Convert the instructions in the load/store register (pointer
authentication) group ot decodetree: LDRAA, LDRAB.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-17-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:23 +0000 (11:20 +0100)]
target/arm: Convert atomic memory ops to decodetree
Convert the insns in the atomic memory operations group to
decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-16-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:23 +0000 (11:20 +0100)]
target/arm: Convert LDR/STR reg+reg to decodetree
Convert the LDR and STR instructions which take a register
plus register offset to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-15-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:22 +0000 (11:20 +0100)]
target/arm: Convert LDR/STR with 12-bit immediate to decodetree
Convert the LDR and STR instructions which use a 12-bit immediate
offset to decodetree. We can reuse the existing LDR and STR
trans functions for these.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-14-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:22 +0000 (11:20 +0100)]
target/arm: Convert ld/st reg+imm9 insns to decodetree
Convert the load and store instructions which use a 9-bit
immediate offset to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-13-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:22 +0000 (11:20 +0100)]
target/arm: Convert load/store-pair to decodetree
Convert the load/store register pair insns (LDP, STP,
LDNP, STNP, LDPSW, STGP) to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230602155223.2040685-12-peter.maydell@linaro.org Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 19 Jun 2023 10:20:21 +0000 (11:20 +0100)]
target/arm: Convert load reg (literal) group to decodetree
Convert the "Load register (literal)" instruction class to
decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-11-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:21 +0000 (11:20 +0100)]
target/arm: Convert LDXP, STXP, CASP, CAS to decodetree
Convert the load/store exclusive pair (LDXP, STXP, LDAXP, STLXP),
compare-and-swap pair (CASP, CASPA, CASPAL, CASPL), and compare-and
swap (CAS, CASA, CASAL, CASL) instructions to decodetree.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-10-peter.maydell@linaro.org
Peter Maydell [Mon, 19 Jun 2023 10:20:21 +0000 (11:20 +0100)]
target/arm: Convert load/store exclusive and ordered to decodetree
Convert the instructions in the load/store exclusive (STXR,
STLXR, LDXR, LDAXR) and load/store ordered (STLR, STLLR,
LDAR, LDLAR) to decodetree.
Note that for STLR, STLLR, LDAR, LDLAR this fixes an under-decoding
in the legacy decoder where we were not checking that the RES1 bits
in the Rs and Rt2 fields were set.
The new function ldst_iss_sf() is equivalent to the existing
disas_ldst_compute_iss_sf(), but it takes the pre-decoded 'ext' field
rather than taking an undecoded two-bit opc field and extracting
'ext' from it. Once all the loads and stores have been converted
to decodetree disas_ldst_compute_iss_sf() will be unused and
can be deleted.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-9-peter.maydell@linaro.org
projects / mirror_qemu.git / log