Commit Graph

7587 Commits

Author SHA1 Message Date
Vitaly Kuznetsov
e4adb09f79 i386: assert 'cs->kvm_state' is not null
Coverity reports potential NULL pointer dereference in
get_supported_hv_cpuid_legacy() when 'cs->kvm_state' is NULL. While
'cs->kvm_state' can indeed be NULL in hv_cpuid_get_host(),
kvm_hyperv_expand_features() makes sure that it only happens when
KVM_CAP_SYS_HYPERV_CPUID is supported and KVM_CAP_SYS_HYPERV_CPUID
implies KVM_CAP_HYPERV_CPUID so get_supported_hv_cpuid_legacy() is
never really called. Add asserts to strengthen the protection against
broken KVM behavior.

Coverity: CID 1458243
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210716115852.418293-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-29 10:15:51 +02:00
Matheus Ferst
2d1154bd95 target/ppc: Ease L=0 requirement on cmp/cmpi/cmpl/cmpli for ppc32
In commit 8f0a4b6a9b, we started to require L=0 for ppc32 to match what
The Programming Environments Manual say:

"For 32-bit implementations, the L field must be cleared, otherwise
the instruction form is invalid."

The stricter behavior, however, broke AROS boot on sam460ex, which is a
regression from 6.0. This patch partially reverts the change, raising
the exception only for CPUs known to require L=0 (e500 and e500mc) and
logging a guest error for other cases.

Both behaviors are acceptable by the PowerISA, which allows "the system
illegal instruction error handler to be invoked or yield boundedly
undefined results."

Reported-by: BALATON Zoltan <balaton@eik.bme.hu>
Fixes: 8f0a4b6a9b ("target/ppc: Move cmp/cmpi/cmpl/cmpli to decodetree")
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Message-Id: <20210720135507.2444635-1-matheus.ferst@eldorado.org.br>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-29 10:59:49 +10:00
Richard Henderson
b3d52804c5 target/arm: Add sve-default-vector-length cpu property
Mirror the behavour of /proc/sys/abi/sve_default_vector_length
under the real linux kernel.  We have no way of passing along
a real default across exec like the kernel can, but this is a
decent way of adjusting the startup vector length of a process.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/482
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723203344.968563-4-richard.henderson@linaro.org
[PMM: tweaked docs formatting, document -1 special-case,
 added fixup patch from RTH mentioning QEMU's maximum veclen.]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-27 10:57:40 +01:00
Richard Henderson
ce440581c1 target/arm: Export aarch64_sve_zcr_get_valid_len
Rename from sve_zcr_get_valid_len and make accessible
from outside of helper.c.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723203344.968563-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-27 10:57:40 +01:00
Richard Henderson
dc0bc8e785 target/arm: Correctly bound length in sve_zcr_get_valid_len
Currently, our only caller is sve_zcr_len_for_el, which has
already masked the length extracted from ZCR_ELx, so the
masking done here is a nop.  But we will shortly have uses
from other locations, where the length will be unmasked.

Saturate the length to ARM_MAX_VQ instead of truncating to
the low 4 bits.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723203344.968563-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-27 10:57:40 +01:00
Mao Zhongyi
a476b21672 docs: Update path that mentions deprecated.rst
Missed in commit f3478392 "docs: Move deprecation, build
and license info out of system/"

Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210723065828.1336760-1-maozhongyi@cmss.chinamobile.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-27 10:57:40 +01:00
Peter Maydell
d4f6883912 target/arm: Report M-profile alignment faults correctly to the guest
For M-profile, we weren't reporting alignment faults triggered by the
generic TCG code correctly to the guest.  These get passed into
arm_v7m_cpu_do_interrupt() as an EXCP_DATA_ABORT with an A-profile
style exception.fsr value of 1.  We didn't check for this, and so
they fell through into the default of "assume this is an MPU fault"
and were reported to the guest as a data access violation MPU fault.

Report these alignment faults as UsageFaults which set the UNALIGNED
bit in the UFSR.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-4-peter.maydell@linaro.org
2021-07-27 10:57:39 +01:00
Peter Maydell
0c317eb3dd target/arm: Add missing 'return's after calling v7m_exception_taken()
In do_v7m_exception_exit(), we perform various checks as part of
performing the exception return.  If one of these checks fails, the
architecture requires that we take an appropriate exception on the
existing stackframe.  We implement this by calling
v7m_exception_taken() to set up to take the new exception, and then
immediately returning from do_v7m_exception_exit() without proceeding
any further with the unstack-and-exception-return process.

In a couple of checks that are new in v8.1M, we forgot the "return"
statement, with the effect that if bad code in the guest tripped over
these checks we would set up to take a UsageFault exception but then
blunder on trying to also unstack and return from the original
exception, with the probable result that the guest would crash.

Add the missing return statements.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-3-peter.maydell@linaro.org
2021-07-27 10:57:39 +01:00
Peter Maydell
888f470f12 target/arm: Enforce that M-profile SP low 2 bits are always zero
For M-profile, unlike A-profile, the low 2 bits of SP are defined to be
RES0H, which is to say that they must be hardwired to zero so that
guest attempts to write non-zero values to them are ignored.

Implement this behaviour by masking out the low bits:
 * for writes to r13 by the gdbstub
 * for writes to any of the various flavours of SP via MSR
 * for writes to r13 via store_reg() in generated code

Note that all the direct uses of cpu_R[] in translate.c are in places
where the register is definitely not r13 (usually because that has
been checked for as an UNDEFINED or UNPREDICTABLE case and handled as
UNDEF).

All the other writes to regs[13] in C code are either:
 * A-profile only code
 * writes of values we can guarantee to be aligned, such as
   - writes of previous-SP-value plus or minus a 4-aligned constant
   - writes of the value in an SP limit register (which we already
     enforce to be aligned)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210723162146.5167-2-peter.maydell@linaro.org
2021-07-27 10:57:39 +01:00
Peter Maydell
1d6f147f04 The Hexagon target was silently failing the SIGSEGV test because
the signal handler was not called.
 
 Patch 1/2 fixes the Hexagon target
 Patch 2/2 drops include qemu.h from target/hexagon/op_helper.c
 
 **** Changes in v2 ****
 Drop changes to linux-test.c due to intermittent failures on riscv
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJg/doaAAoJEHsCRPsS3kQi/gIH+gJ6GBmIb7NNDt+tRYjsnOpZ
 QgmkM/cvOBhqo+dUkxWIDXA7i7ZzytBHHG5GoplVkZjm/S+e5aEsuEyqwL6KbcK7
 kB6NvnHA3n9npf5MGcUduHlvPPzDsO7Z4SLrfwkIliiWL/AJ4FzKqEGoviWv2YnN
 k+29YDSv11B1jgXriADBJVnWtCf2CGPsF7BiKMcguZ6Bj+q+fH1cPpe2EWN8R8n2
 D+La/M5qWEC2FcWPCkrCs61Pi/cV+L4M0IA6JAEm8K+MtoDWmsCNWaVsakiNWWg+
 FRiHg45z3cCBvQ+SLQQ4SvsaQriI3M/yIKD6ABNgAfurIiTj4YbHAbeTmfEFYOs=
 =YdBn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/quic/tags/pull-hex-20210725' into staging

The Hexagon target was silently failing the SIGSEGV test because
the signal handler was not called.

Patch 1/2 fixes the Hexagon target
Patch 2/2 drops include qemu.h from target/hexagon/op_helper.c

**** Changes in v2 ****
Drop changes to linux-test.c due to intermittent failures on riscv

# gpg: Signature made Sun 25 Jul 2021 22:39:38 BST
# gpg:                using RSA key 7B0244FB12DE4422
# gpg: Good signature from "Taylor Simpson (Rock on) <tsimpson@quicinc.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 3635 C788 CE62 B91F D4C5  9AB4 7B02 44FB 12DE 4422

* remotes/quic/tags/pull-hex-20210725:
  target/hexagon: Drop include of qemu.h
  Hexagon (target/hexagon) remove put_user_*/get_user_*

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-26 13:36:51 +01:00
Claudio Fontana
5b8978d804 i386: do not call cpudef-only models functions for max, host, base
Some cpu properties have to be set only for cpu models in builtin_x86_defs,
registered with x86_register_cpu_model_type, and not for
cpu models "base", "max", and the subclass "host".

These properties are the ones set by function x86_cpu_apply_props,
(also including kvm_default_props, tcg_default_props),
and the "vendor" property for the KVM and HVF accelerators.

After recent refactoring of cpu, which also affected these properties,
they were instead set unconditionally for all x86 cpus.

This has been detected as a bug with Nested on AMD with cpu "host",
as svm was not turned on by default, due to the wrongful setting of
kvm_default_props via x86_cpu_apply_props, which set svm to "off".

Rectify the bug introduced in commit "i386: split cpu accelerators"
and document the functions that are builtin_x86_defs-only.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: f5cc5a5c ("i386: split cpu accelerators from cpu.c,"...)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/477
Message-Id: <20210723112921.12637-1-cfontana@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-23 15:47:13 +02:00
Lara Lazier
3407259b20 target/i386: Added consistency checks for CR3
All MBZ in CR3 must be zero (APM2 15.5)
Added checks in both helper_vmrun and helper_write_crN.
When EFER.LMA is zero the upper 32 bits needs to be zeroed.

Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210723112740.45962-1-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-23 15:46:20 +02:00
Peter Maydell
7b7ca8ebde Bugfixes.
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmD5bn8UHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroP3AQgAjQ/YziEk0SwA6MeaWfNIdrhj4+I/
 7JXmNlTLRC622IyN9NmJu57Y9Z9PXp/yCLe8V1cTz8K3lnMSBD1ZR1vWB2FtjUnX
 0McaLzcRpmJCeezcKSDJYYVkMQVz2OvNvNyPVK0qRPkt6+knt+9kWNxYAKfsSkln
 L7knUYi4gtM0w0+kQLReohVSJOACQMzl35jXPSArsrWwbZyKZ1pQwgvM3pGMmPv4
 xYNebGjYZRgTul0c5PZsLh9F3TueeTfRvhtwtuyyXPNcvIlgAeV40NuUAXYI6wKF
 FEKtoaBTZUBEOSKK5Z/fYlN+C+e8ItlGurrqvucmjlCqIxotggEf+DYUNQ==
 =/WeY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

Bugfixes.

# gpg: Signature made Thu 22 Jul 2021 14:11:27 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream:
  configure: Let --without-default-features disable vhost-kernel and vhost-vdpa
  configure: Fix the default setting of the "xen" feature
  configure: Allow vnc to get disabled with --without-default-features
  configure: Fix --without-default-features propagation to meson
  meson: fix dependencies for modinfo
  configure: Drop obsolete check for the alloc_size attribute
  target/i386: Added consistency checks for EFER
  target/i386: Added consistency checks for CR4
  target/i386: Added V_INTR_PRIO check to virtual interrupts
  qemu-config: restore "machine" in qmp_query_command_line_options()
  usb: fix usb-host dependency check
  chardev-spice: add missing module_obj directive
  vl: Parse legacy default_machine_opts
  qemu-config: fix memory leak on ferror()
  qemu-config: never call the callback after an error, fix leak

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-22 18:32:02 +01:00
Lara Lazier
d499f196fe target/i386: Added consistency checks for EFER
EFER.SVME has to be set, and EFER reserved bits must
be zero.
In addition the combinations
 * EFER.LMA or EFER.LME is non-zero and the processor does not support LM
 * non-zero EFER.LME and CR0.PG and zero CR4.PAE
 * non-zero EFER.LME and CR0.PG and zero CR0.PE
 * non-zero EFER.LME, CR0.PG, CR4.PAE, CS.L and CS.D
are all invalid.
(AMD64 Architecture Programmer's Manual, V2, 15.5)

Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210721152651.14683-3-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-22 14:44:47 +02:00
Lara Lazier
213ff024a2 target/i386: Added consistency checks for CR4
All MBZ bits in CR4 must be zero. (APM2 15.5)
Added reserved bitmask and added checks in both
helper_vmrun and helper_write_crN.

Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210721152651.14683-2-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-22 14:44:47 +02:00
Lara Lazier
b128b25a5a target/i386: Added V_INTR_PRIO check to virtual interrupts
The APM2 states that The processor takes a virtual INTR interrupt
if V_IRQ and V_INTR_PRIO indicate that there is a virtual interrupt pending
whose priority is greater than the value in V_TPR.

Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210721152651.14683-1-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-22 14:44:47 +02:00
Peter Maydell
25fc9b79cd target/hexagon: Drop include of qemu.h
The qemu.h file is a CONFIG_USER_ONLY header; it doesn't appear on
the include path for softmmu builds.  Currently we include it
unconditionally in target/hexagon/op_helper.c.  We used to need it
for the put_user_*() and get_user_*() functions, but now that we have
removed the uses of those from op_helper.c, the only reason it's
still there is that we're implicitly relying on it pulling in some
other headers.

Explicitly include the headers we need for other functions, and drop
the include of qemu.h.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210717103017.20491-1-peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Taylor Simpson <tsimpson@quicinc.com>
Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
2021-07-21 15:54:02 -05:00
Taylor Simpson
4699a92779 Hexagon (target/hexagon) remove put_user_*/get_user_*
Replace put_user_* with cpu_st*_data_ra
Replace get_user_* with cpu_ld*_data_ra

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Taylor Simpson <tsimpson@quicinc.com>
Message-Id: <1626384156-6248-2-git-send-email-tsimpson@quicinc.com>
2021-07-21 15:53:09 -05:00
Richard Henderson
b5cf742841 accel/tcg: Remove TranslatorOps.breakpoint_check
The hook is now unused, with breakpoints checked outside translation.

Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21 07:47:05 -10:00
Richard Henderson
e64cb6c231 target/avr: Implement gdb_adjust_breakpoint
Ensure at registration that all breakpoints are in
code space, not data space.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21 07:47:05 -10:00
Richard Henderson
7b9810ea42 target/i386: Implement debug_check_breakpoint
Return false for RF set, as we do in i386_tr_breakpoint_check.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21 07:47:05 -10:00
Richard Henderson
b00d86bc8b target/arm: Implement debug_check_breakpoint
Reuse the code at the bottom of helper_check_breakpoints,
which is what we currently call from *_tr_breakpoint_check.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21 07:47:04 -10:00
Richard Henderson
288a5fe980 target/alpha: Drop goto_tb path in gen_call_pal
We are certain of a page crossing here, entering the
PALcode image, so the call to use_goto_tb that should
have been here will never succeed.

We are shortly going to add an assert to tcg_gen_goto_tb
that would trigger for this case.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21 07:47:04 -10:00
Richard Henderson
be9568b4e0 tcg: Rename helper_atomic_*_mmu and provide for user-only
Always provide the atomic interface using TCGMemOpIdx oi
and uintptr_t retaddr.  Rename from helper_* to cpu_* so
as to (mostly) match the exec/cpu_ldst.h functions, and
to emphasize that they are not callable from TCG directly.

Tested-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-21 07:45:38 -10:00
Peter Maydell
8fe612a183 target/arm: Remove duplicate 'plus1' function from Neon and SVE decode
The Neon and SVE decoders use private 'plus1' functions to implement
"add one" for the !function decoder syntax.  We have a generic
"plus_1" function in translate.h, so use that instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210715095341.701-1-peter.maydell@linaro.org
2021-07-18 10:59:47 +01:00
Richard Henderson
d102058e79 target/arm: Fix offsets for TTBCR
The functions vmsa_ttbcr_write and vmsa_ttbcr_raw_write expect
the offset to be for the complete TCR structure, not the offset
to the low 32-bits of a uint64_t.  Using offsetoflow32 in this
case breaks big-endian hosts.

For TTBCR2, we do want the high 32-bits of a uint64_t.
Use cp15.tcr_el[*].raw_tcr as the offsetofhigh32 argument to
clarify this.

Buglink: https://gitlab.com/qemu-project/qemu/-/issues/187
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210709230621.938821-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-18 10:59:46 +01:00
Jose Martins
bc083a51ca target/riscv: hardwire bits in hideleg and hedeleg
The specification mandates for certain bits to be hardwired in the
hypervisor delegation registers. This was not being enforced.

Signed-off-by: Jose Martins <josemartins90@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210522155902.374439-1-josemartins90@gmail.com
[ Changes by AF:
 - Improve indentation
 - Convert delegable_excps to a #define to avoid failures with GCC 8
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-07-15 08:56:00 +10:00
Bin Meng
232a2c8c85 target/riscv: csr: Remove redundant check in fp csr read/write routines
The following check:

    if (!env->debugger && !riscv_cpu_fp_enabled(env)) {
        return -RISCV_EXCP_ILLEGAL_INST;
    }

is redundant in fflags/frm/fcsr read/write routines, as the check was
already done in fs().

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210627120604.11116-1-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-07-15 08:56:00 +10:00
Bin Meng
b4cb178efb target/riscv: pmp: Fix some typos
%s/CSP/CSR
%s/thie/the

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210627115716.3552-1-bmeng.cn@gmail.com
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2021-07-15 08:56:00 +10:00
Peter Maydell
20a9676179 Cleanup alpha, hppa, or1k wrt tcg_constant_tl.
Implement x86 fcs:fip, fds:fdp.
 Trivial x86 watchpoint cleanup.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmDtwQ0dHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/GnAf/SYNhdmIuKCWk/uk8
 IC0v2sm5KHVFfkfkobQ+04pFB26tX557i2zTtEfj/A5QVlJSvliZowCVIO6JV63N
 9oedLSzdqrxRqDb+Mpmkwnam/k5XfrC20V7os17FuZE98u3Jgky8QNs7Uxq0bCBZ
 01AKB9HNRFKeY2o55IxPwC7CLtyz3SStJJP28aa5ROYK7MIP303qsI5pezgkHgGo
 /qo5GXwHs/Pu4pnFuAJyOfG38wT6uTt7NrAGjTH0VhbAKNMSP/QND+VvxbuCugZR
 6MEVeb+rLy+MN4b3dH6kI89JQvQGBCaWZD/eTF5+8UDPj3I8vpRqufRh8l5WukT1
 Q2g1zA==
 =eqkT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-misc-20210713' into staging

Cleanup alpha, hppa, or1k wrt tcg_constant_tl.
Implement x86 fcs:fip, fds:fdp.
Trivial x86 watchpoint cleanup.

# gpg: Signature made Tue 13 Jul 2021 17:36:29 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth-gitlab/tags/pull-misc-20210713:
  target/hppa: Clean up DisasCond
  target/hppa: Use tcg_constant_*
  target/openrisc: Use dc->zero in gen_add, gen_addc
  target/openrisc: Cache constant 0 in DisasContext
  target/openrisc: Use tcg_constant_tl for dc->R0
  target/openrisc: Use tcg_constant_*
  target/alpha: Use tcg_constant_* elsewhere
  target/alpha: Use tcg_constant_i64 for zero and lit
  target/alpha: Use dest_sink for HW_RET temporary
  target/alpha: Store set into rx flag
  target/i386: Correct implementation for FCS, FIP, FDS and FDP
  target/i386: Split out do_fninit
  target/i386: Trivial code motion and code style fix
  target/i386: Tidy hw_breakpoint_remove

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-14 14:12:08 +01:00
Richard Henderson
6e94937a54 target/hppa: Clean up DisasCond
The a0_is_n flag is redundant with comparing a0 to cpu_psw_n.
The a1_is_0 flag can be removed by initializing a1 to $0,
which also means that cond_prep can be removed entirely.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
29dd6f644a target/hppa: Use tcg_constant_*
Replace uses of tcg_const_* with the allocate and free close together.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
e0efc48fbc target/openrisc: Use dc->zero in gen_add, gen_addc
We still need the t0 temporary for computing overflow,
but we do not need to initialize it to zero first.

Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
118671f02f target/openrisc: Cache constant 0 in DisasContext
We are virtually certain to have fetched constant 0 once, at the
beginning of the TB, so we might as well use it elsewhere.

Reviewed-by: Stafford Horne <shorne@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
4d10fa0ff9 target/openrisc: Use tcg_constant_tl for dc->R0
The temp allocated for tcg_const_tl is auto-freed at branches,
but pure constants are not.  So we can remove the extra hoop
jumping in trans_l_swa.

Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
af42d35401 target/openrisc: Use tcg_constant_*
Replace uses of tcg_const_* allocate and free close together
with tcg_constant_*.

Reviewed-by: Stafford Horne <shorne@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
904bd855d3 target/alpha: Use tcg_constant_* elsewhere
Replace the remaining uses of tcg_const_*.  These uses are
all local, with the allocate and free close together.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
212c88c0c7 target/alpha: Use tcg_constant_i64 for zero and lit
These constant temps do not need to be freed, and
therefore need less bookkeeping from tcg producers.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
3e646c3a3c target/alpha: Use dest_sink for HW_RET temporary
This temp is automatically freed, just like ctx->lit.
But we're about to remove ctx->lit, so use sink instead.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
492f85b92a target/alpha: Store set into rx flag
A paste-o meant that we wrote back the existing value
of the RX flag rather than changing it to TMP.

Use tcg_constant_i64 while we're at it.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Ziqiao Kong
84abdd7d27 target/i386: Correct implementation for FCS, FIP, FDS and FDP
Update FCS:FIP and FDS:FDP according to the Intel Manual Vol.1 8.1.8.
Note that CPUID.(EAX=07H,ECX=0H):EBX[bit 13] is not implemented by
design in this patch and will be added along with TCG features flag
in a separate patch later.

Signed-off-by: Ziqiao Kong <ziqiaokong@gmail.com>
Message-Id: <20210530150112.74411-2-ziqiaokong@gmail.com>
[rth: Push FDS/FDP handling down into mod != 3 case; free last_addr.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Richard Henderson
bbdda9b74f target/i386: Split out do_fninit
Do not call helper_fninit directly from helper_xrstor.
Do call the new helper from do_fsave.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Ziqiao Kong
505910a6e2 target/i386: Trivial code motion and code style fix
A new pair of braces has to be added to declare variables in the case block.
The code style is also fixed according to the transalte.c itself during the
code motion.

Signed-off-by: Ziqiao Kong <ziqiaokong@gmail.com>
Message-Id: <20210530150112.74411-1-ziqiaokong@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
Dmitry Voronetskiy
080ac33542 target/i386: Tidy hw_breakpoint_remove
Since cpu_breakpoint and cpu_watchpoint are in a union,
the code should access only one of them.

Signed-off-by: Dmitry Voronetskiy <davoronetskiy@gmail.com>
Message-Id: <20210613180838.21349-1-davoronetskiy@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-13 08:13:19 -07:00
zhenwei pi
760746ac53 target/i386: Fix cpuid level for AMD
A AMD server typically has cpuid level 0x10(test on Rome/Milan), it
should not be changed to 0x1f in multi-dies case.

* to maintain compatibility with older machine types, only implement
  this change when the CPU's "x-vendor-cpuid-only" property is false

Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: zhenwei pi <pizhenwei@bytedance.com>
Fixes: a94e142899 (target/i386: Add CPUID.1F generation support for multi-dies PCMachine)
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-Id: <20210708170641.49410-1-michael.roth@amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Michael Roth
a7a0da844d target/i386: suppress CPUID leaves not defined by the CPU vendor
Currently all built-in CPUs report cache information via CPUID leaves 2
and 4, but these have never been defined for AMD. In the case of
SEV-SNP this can cause issues with CPUID enforcement. Address this by
allowing CPU types to suppress these via a new "x-vendor-cpuid-only"
CPU property, which is true by default, but switched off for older
machine types to maintain compatibility.

Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: zhenwei pi <pizhenwei@bytedance.com>
Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-Id: <20210708003623.18665-1-michael.roth@amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Vitaly Kuznetsov
cce087f628 i386: Hyper-V SynIC requires POST_MESSAGES/SIGNAL_EVENTS privileges
When Hyper-V SynIC is enabled, we may need to allow Windows guests to make
hypercalls (POST_MESSAGES/SIGNAL_EVENTS). No issue is currently observed
because KVM is very permissive, allowing these hypercalls regarding of
guest visible CPUid bits.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210608120817.1325125-9-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Vitaly Kuznetsov
b26f68c36b i386: HV_HYPERCALL_AVAILABLE privilege bit is always needed
According to TLFS, Hyper-V guest is supposed to check
HV_HYPERCALL_AVAILABLE privilege bit before accessing
HV_X64_MSR_GUEST_OS_ID/HV_X64_MSR_HYPERCALL MSRs but at least some
Windows versions ignore that. As KVM is very permissive and allows
accessing these MSRs unconditionally, no issue is observed. We may,
however, want to tighten the checks eventually. Conforming to the
spec is probably also a good idea.

Enable HV_HYPERCALL_AVAILABLE bit unconditionally.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210608120817.1325125-8-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Vitaly Kuznetsov
5ce48fa354 i386: kill off hv_cpuid_check_and_set()
hv_cpuid_check_and_set() does too much:
- Checks if the feature is supported by KVM;
- Checks if all dependencies are enabled;
- Sets the feature bit in cpu->hyperv_features for 'passthrough' mode.

To reduce the complexity, move all the logic except for dependencies
check out of it. Also, in 'passthrough' mode we don't really need to
check dependencies because KVM is supposed to provide a consistent
set anyway.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210608120817.1325125-7-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Vitaly Kuznetsov
071ce4b03b i386: expand Hyper-V features during CPU feature expansion time
To make Hyper-V features appear in e.g. QMP query-cpu-model-expansion we
need to expand and set the corresponding CPUID leaves early. Modify
x86_cpu_get_supported_feature_word() to call newly intoduced Hyper-V
specific kvm_hv_get_supported_cpuid() instead of
kvm_arch_get_supported_cpuid(). We can't use kvm_arch_get_supported_cpuid()
as Hyper-V specific CPUID leaves intersect with KVM's.

Note, early expansion will only happen when KVM supports system wide
KVM_GET_SUPPORTED_HV_CPUID ioctl (KVM_CAP_SYS_HYPERV_CPUID).

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210608120817.1325125-6-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Vitaly Kuznetsov
d7652b772f i386: make hyperv_expand_features() return bool
Return 'false' when hyperv_expand_features() sets an error.

No functional change intended.

Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210608120817.1325125-5-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Vitaly Kuznetsov
07454e2ea8 i386: hardcode supported eVMCS version to '1'
Currently, the only eVMCS version, supported by KVM (and described in TLFS)
is '1'. When Enlightened VMCS feature is enabled, QEMU takes the supported
eVMCS version range (from KVM_CAP_HYPERV_ENLIGHTENED_VMCS enablement) and
puts it to guest visible CPUIDs. When (and if) eVMCS ver.2 appears a
problem on migration is expected: it doesn't seem to be possible to migrate
from a host supporting eVMCS ver.2 to a host, which only support eVMCS
ver.1.

Hardcode eVMCS ver.1 as the result of 'hv-evmcs' enablement for now. Newer
eVMCS versions will have to have their own enablement options (e.g.
'hv-evmcs=2').

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20210608120817.1325125-4-vkuznets@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-07-13 09:13:29 -04:00
Peter Maydell
57e28d34c0 s390x updates:
- add gen16 cpumodels
 - refactor/cleanup some code
 - bugfixes
 -----BEGIN PGP SIGNATURE-----
 
 iIgEABYIADAWIQRpo7U29cv8ZSCAJsHeiLtWQd5mwQUCYObg3RIcY29odWNrQHJl
 ZGhhdC5jb20ACgkQ3oi7VkHeZsGAdAD/dSZkhfgjNWJjka0hmnyQyNCSzq6jox1L
 PccGyqhkqU8BAM4DUa2bZdst8bLfhUuAA0M5gKkCqkzHdDraBqTL8LQJ
 =H7dn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210708' into staging

s390x updates:
- add gen16 cpumodels
- refactor/cleanup some code
- bugfixes

# gpg: Signature made Thu 08 Jul 2021 12:26:21 BST
# gpg:                using EDDSA key 69A3B536F5CBFC65208026C1DE88BB5641DE66C1
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF
#      Subkey fingerprint: 69A3 B536 F5CB FC65 2080  26C1 DE88 BB56 41DE 66C1

* remotes/cohuck-gitlab/tags/s390x-20210708:
  target/s390x: split sysemu part of cpu models
  target/s390x: move kvm files into kvm/
  target/s390x: remove kvm-stub.c
  target/s390x: use kvm_enabled() to wrap call to kvm_s390_get_hpage_1m
  target/s390x: make helper.c sysemu-only
  target/s390x: split cpu-dump from helper.c
  target/s390x: move sysemu-only code out to cpu-sysemu.c
  target/s390x: start moving TCG-only code to tcg/
  target/s390x: rename internal.h to s390x-internal.h
  target/s390x: remove tcg-stub.c
  hw/s390x: only build tod-tcg from the CONFIG_TCG build
  hw/s390x: tod: make explicit checks for accelerators when initializing
  hw/s390x: rename tod-qemu.c to tod-tcg.c
  target/s390x: meson: add target_user_arch
  s390x/tcg: Fix m5 vs. m4 field for VECTOR MULTIPLY SUM LOGICAL
  target/s390x: Fix CC set by CONVERT TO FIXED/LOGICAL
  s390x/cpumodel: add 3931 and 3932

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-12 19:15:11 +01:00
Peter Maydell
552fda48e0 MIPS patches queue
- Rename Raven ASIC PCI bridge, add PCI_IO_BASE_ADDR definition
 - Various Toshiba TX79 opcodes implemented
 - Rewrite UHI errno_mips() using switch statement
 - Few fixes and improvements in the SONIC model (dp8393x)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmDrXtEACgkQ4+MsLN6t
 wN6wEQ//S+E65VWQAZFpyVBQYMoGeMeJUy5ABA7ec7uI1Zvsr1Xq/skw7Z/4ys29
 Lfdg5dqxyL+Wj5g/LjE5+Cfql59DjP3HsK8D0DyYBtwMju8iCFh+TYPOAoUQ3Qhl
 1tsOY32aaE1Fi7EvmpEJs91LbwpOAxdoCRRy5ScoZ54+XPaG8xA318dYVgvc8tpc
 W+vdUZfZ2nn/8SF3vEBi8KkcrNtW36h4WzjTN+aA6I5O9TZ66I0lBuix4VX5yCKl
 4zRRYOSepcWvU23FNN4H4lJCwMOqb5lcul7Shfq78KRqX1g0WUhIrfDBR19wqypj
 YF9llgwZXXnU+R9aOrtQpfBh4eDjySaZmOyaIg3oR+BZWAYk6Lvf7fL8hSW0HhWX
 8k2uic9uMoQlcs434Q7uzVwoMEh5aPl9GHiUOxBd7pM+P6xsB8S7vLzdmd23npuy
 r/6ALnoWLzPrN+y6tHtqu70rpyE+klh+S09jwNJZSzECGLG3nkACSOdwv7TKyPki
 gJfwIYdtC+JEVIr48GnvbzsTV+aBG5TItHuQpaJciD000P4m0dYXpDoaO7cxH4Qt
 AAUtYkvEYPE0ktWvTt2jQDn8Ma1SdKdtfWKRcWKaMiBM44GoRqyWaUQhjGLwto6v
 ocY0/JplqdcKdPIedFAw2ednlDqeJpRMs0ikv1yhgtts1nQ8MF0=
 =t1ur
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/mips-20210711' into staging

MIPS patches queue

- Rename Raven ASIC PCI bridge, add PCI_IO_BASE_ADDR definition
- Various Toshiba TX79 opcodes implemented
- Rewrite UHI errno_mips() using switch statement
- Few fixes and improvements in the SONIC model (dp8393x)

# gpg: Signature made Sun 11 Jul 2021 22:12:49 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/mips-20210711:
  dp8393x: don't force 32-bit register access
  dp8393x: Rewrite dp8393x_get() / dp8393x_put()
  dp8393x: Store CAM registers as 16-bit
  dp8393x: Replace 0x40 magic value by SONIC_REG_COUNT definition
  dp8393x: Replace address_space_rw(is_write=1) by address_space_write()
  dp8393x: fix CAM descriptor entry index
  target/mips: Rewrite UHI errno_mips() using switch statement
  target/mips/tx79: Introduce SQ opcode (Store Quadword)
  target/mips/tx79: Introduce LQ opcode (Load Quadword)
  target/mips/tx79: Introduce PROT3W opcode (Parallel Rotate 3 Words)
  target/mips/tx79: Introduce PPACW opcode (Parallel Pack to Word)
  target/mips/tx79: Introduce PCGT* (Parallel Compare for Greater Than)
  target/mips/tx79: Introduce PCEQ* opcodes (Parallel Compare for Equal)
  target/mips/tx79: Introduce PEXTL[BHW] opcodes (Parallel Extend Lower)
  target/mips/tx79: Introduce PEXTUW (Parallel Extend Upper from Word)
  target/mips/tx79: Introduce PSUB* opcodes (Parallel Subtract)
  target/mips/tx79: Introduce PAND/POR/PXOR/PNOR opcodes (parallel logic)
  hw/pci-host/raven: Add PCI_IO_BASE_ADDR definition
  hw/pci-host: Rename Raven ASIC PCI bridge as raven.c

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-12 15:58:17 +01:00
Peter Maydell
bd38ae26ce Add translator_use_goto_tb.
Cleanups in prep of breakpoint fixes.
 Misc fixes.
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmDpvModHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/1jgf+J1JMsPfxlSCwbbdc
 WEuWEcuKdcDFqhsePa6LaPYHTKuEEwavTG0kPbLIVZW2f6BTBeSYxAC6EWhq7pWo
 MGMhIOZM3fF0Yj+azuoybu9qxQ/K/aLM3GYt/OU00mvzturBezz+ka8MvWCrUwta
 XlhxhwnKsSP7lDWPBBjcdIIGiFJyxIRoU43giWaXrsvsc8ORJbmy7rgZfTKAit+w
 AvtQlc7TBi5nImz6f/KmEoy8mHEOhMf7czzo+v0u97lTiNK717/AHEwMfX9J585O
 GjlA9XmUUsNAciuLy48F1rHkgJxYAwo0G2shklpqPaOP5FctKm1reCSb8VEfAGaX
 Xq3UVA==
 =E9i/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210710' into staging

Add translator_use_goto_tb.
Cleanups in prep of breakpoint fixes.
Misc fixes.

# gpg: Signature made Sat 10 Jul 2021 16:29:14 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth-gitlab/tags/pull-tcg-20210710: (41 commits)
  cpu: Add breakpoint tracepoints
  tcg: Remove TCG_TARGET_HAS_goto_ptr
  accel/tcg: Log tb->cflags with -d exec
  accel/tcg: Split out log_cpu_exec
  accel/tcg: Move tb_lookup to cpu-exec.c
  accel/tcg: Move helper_lookup_tb_ptr to cpu-exec.c
  target/i386: Use cpu_breakpoint_test in breakpoint_handler
  tcg: Fix prologue disassembly
  target/xtensa: Use translator_use_goto_tb
  target/tricore: Use tcg_gen_lookup_and_goto_ptr
  target/tricore: Use translator_use_goto_tb
  target/sparc: Use translator_use_goto_tb
  target/sh4: Use translator_use_goto_tb
  target/s390x: Remove use_exit_tb
  target/s390x: Use translator_use_goto_tb
  target/rx: Use translator_use_goto_tb
  target/riscv: Use translator_use_goto_tb
  target/ppc: Use translator_use_goto_tb
  target/openrisc: Use translator_use_goto_tb
  target/nios2: Use translator_use_goto_tb
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-12 11:02:39 +01:00
Peter Maydell
d1987c8114 * More SVM fixes (Lara)
* Module annotation database (Gerd)
 * Memory leak fixes (myself)
 * Build fixes (myself)
 * --with-devices-* support (Alex)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmDoeBgUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroMtFAgAippmxRt3lt+tcdSrCOZlKmxW6veK
 nUidtzfH5uE8vQsh5Q98WCEq871C/C+St1gK+q2H/MLrJeAqZD39DV+SKTuZ6Tcp
 3jL0iYC+oO0OjkHppDQTUDweF9KrsAW1WEeNz2th1OUDSjBXuXbZ+N497taouX18
 p2UN0gKNsOO2/QFrKL5KO7vSC56eBGoZz6gKtw/7dDtJBtizf1xKBRHW43b+CnQJ
 mHLs7Tj6oMC+vnMHkUKLH/6za3WJF1XHs5fp2isRgqoOSP8m0r6CMg8JnFIvmQf/
 tbLospKSWqcgD5C5PlFm2wSOjdU7zuPKM7wchhKrrEIvdDPhXaKrlpwi5Q==
 =GFX1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* More SVM fixes (Lara)
* Module annotation database (Gerd)
* Memory leak fixes (myself)
* Build fixes (myself)
* --with-devices-* support (Alex)

# gpg: Signature made Fri 09 Jul 2021 17:23:52 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (48 commits)
  meson: Use input/output for entitlements target
  configure: allow the selection of alternate config in the build
  configs: rename default-configs to configs and reorganise
  hw/arm: move CONFIG_V7M out of default-devices
  hw/arm: add dependency on OR_IRQ for XLNX_VERSAL
  meson: Introduce target-specific Kconfig
  meson: switch function tests from compilation to linking
  vl: fix leak of qdict_crumple return value
  target/i386: fix exceptions for MOV to DR
  target/i386: Added DR6 and DR7 consistency checks
  target/i386: Added MSRPM and IOPM size check
  monitor/tcg: move tcg hmp commands to accel/tcg, register them dynamically
  usb: build usb-host as module
  monitor/usb: register 'info usbhost' dynamically
  usb: drop usb_host_dev_is_scsi_storage hook
  monitor: allow register hmp commands
  accel: build tcg modular
  accel: add tcg module annotations
  accel: build qtest modular
  accel: add qtest module annotations
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-11 22:20:51 +01:00
Philippe Mathieu-Daudé
d859a77dbd target/mips: Rewrite UHI errno_mips() using switch statement
Linking on Haiku OS fails:

  /boot/system/develop/tools/bin/../lib/gcc/x86_64-unknown-haiku/8.3.0/../../../../x86_64-unknown-haiku/bin/ld:
  error: libqemu-mips-softmmu.fa.p/target_mips_tcg_sysemu_mips-semi.c.o(.rodata) is too large (0xffff405a bytes)
  /boot/system/develop/tools/bin/../lib/gcc/x86_64-unknown-haiku/8.3.0/../../../../x86_64-unknown-haiku/bin/ld:
  final link failed: memory exhausted
  collect2: error: ld returned 1 exit status

This is because the host_to_mips_errno[] uses errno as index,
for example:

  static const uint16_t host_to_mips_errno[] = {
      [ENAMETOOLONG] = 91,
      ...

and Haiku defines [*] ENAMETOOLONG as:

   12 /* Error baselines */
   13 #define B_GENERAL_ERROR_BASE              INT_MIN
   ..
   22 #define B_STORAGE_ERROR_BASE              (B_GENERAL_ERROR_BASE + 0x6000)
  ...
  106 #define B_NAME_TOO_LONG                   (B_STORAGE_ERROR_BASE + 4)
  ...
  211 #define ENAMETOOLONG                      B_TO_POSIX_ERROR(B_NAME_TOO_LONG)

so the array ends up beeing indeed too big.

Since POSIX errno can't be use as indexes on Haiku,
rewrite errno_mips() using a switch statement.

[*] https://github.com/haiku/haiku/blob/r1beta3/headers/os/support/Errors.h#L130

Reported-by: Richard Zak <richard.j.zak@gmail.com>
Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210706130723.1178961-1-f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
80ad630357 target/mips/tx79: Introduce SQ opcode (Store Quadword)
Introduce the SQ opcode (Store Quadword).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-27-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
aaaa82a9f9 target/mips/tx79: Introduce LQ opcode (Load Quadword)
Introduce the LQ opcode (Load Quadword) and remove unreachable code.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-26-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
dce4808f74 target/mips/tx79: Introduce PROT3W opcode (Parallel Rotate 3 Words)
Introduce the PROT3W opcode (Parallel Rotate 3 Words).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-25-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
71c49f39b9 target/mips/tx79: Introduce PPACW opcode (Parallel Pack to Word)
Introduce the PPACW opcode (Parallel Pack to Word).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-22-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
8bd42c00f2 target/mips/tx79: Introduce PCGT* (Parallel Compare for Greater Than)
Introduce the 'Parallel Compare for Greater Than' opcodes:

 - PCGTB (Parallel Compare for Greater Than Byte)
 - PCGTH (Parallel Compare for Greater Than Halfword)
 - PCGTW (Parallel Compare for Greater Than Word)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-15-f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
82fbf9fc80 target/mips/tx79: Introduce PCEQ* opcodes (Parallel Compare for Equal)
Introduce the 'Parallel Compare for Equal' opcodes:

 - PCEQB (Parallel Compare for Equal Byte)
 - PCEQH (Parallel Compare for Equal Halfword)
 - PCEQW (Parallel Compare for Equal Word)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-14-f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
a9ea77f2dc target/mips/tx79: Introduce PEXTL[BHW] opcodes (Parallel Extend Lower)
Introduce the 'Parallel Extend Lower' opcodes:

 - PEXTLB (Parallel Extend Upper from Byte)
 - PEXTLH (Parallel Extend Upper from Halfword)
 - PEXTLW (Parallel Extend Upper from Word)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-13-f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
0bc6937296 target/mips/tx79: Introduce PEXTUW (Parallel Extend Upper from Word)
Introduce the PEXTUW opcode (Parallel Extend Upper from Word).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210309145653.743937-12-f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
709324dc05 target/mips/tx79: Introduce PSUB* opcodes (Parallel Subtract)
Introduce the 'Parallel Subtract' opcodes:

 - PSUBB (Parallel Subtract Byte)
 - PSUBH (Parallel Subtract Halfword)
 - PSUBW (Parallel Subtract Word)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <820210309145653.743937-11-f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Philippe Mathieu-Daudé
2d4ab117be target/mips/tx79: Introduce PAND/POR/PXOR/PNOR opcodes (parallel logic)
Introduce the parallel logic opcodes:

 - PAND (Parallel AND)
 - POR  (Parallel OR)
 - PXOR (Parallel XOR)
 - PNOR (Parallel NOR)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210214175912.732946-16-f4bug@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-07-11 22:29:54 +02:00
Peter Maydell
86108e23d7 Trivial patches pull request 20210709
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmDosQwSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748Jy0QAKj5svKv2Ad5ncvAwYBSRKQxnB4jg0MR
 /jZfshyw6cLL5aHV4HkCmsAVfPEo+f9CmUEXJBkXiJJsvthXAQw/xkskQe3iaRuF
 hQggYDjA94XabkWY35ie0OHVdwNpDzdKPt+gFft4UpstlNJkTb+jUoDi2+bjTFbS
 NsuDi5W4MYwt4r7Zauf1q4298bjNx2652aPXftRhCbbInHv0Nx++tfpDMrO3BTbH
 aINykWi552MjNFP/fzZQcJvKlOx8k/YTDgypIJl5fl4qZeh4HWOYX+92UuNdZDaP
 JFslAu7mF7E5iRTqJCEv3doXwG3HA5llhtYw5gaDGXj6i6GFrswNFtJE0qB/ZB8o
 EARt62u/+Z2Z8GYj2WmSbDXnMwQMaf3GbvTYlNaFV6HLmtIg3eR+DySFoBCj1SP4
 ZgYa3phH/xpE5fPPcnZ6Ae4OzzrEOQaK2PgBhT6wCuY6ZAbY1SrRbXvCuDA+BLyr
 i6hycblGT3LF3YfT5cw5ek+jqliOUcXivzPjomwJVpFdrXKa+iC4JHxQGSn+Wayw
 mXHx7JmQ4oxiizUNOxAEUo4FlZlerN5DyBmY/YuY7IpjuL6DmwchEDcirO72BiKL
 C5npCVx37WJvJ8EM1REo75kkWTzKgMdUMjRjGzBf/MqPTNMe/fXMHF2OeRyOlbcX
 +x5tnSU45fTJ
 =6fZ6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.1-pull-request' into staging

Trivial patches pull request 20210709

# gpg: Signature made Fri 09 Jul 2021 21:26:52 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-for-6.1-pull-request:
  util/guest-random: Fix size arg to tail memcpy
  migration: fix typo in mig_throttle_guest_down comment
  target/xtensa/xtensa-semi: Fix compilation problem on Haiku
  hw/virtio: Document *_should_notify() are called within rcu_read_lock()
  misc: Remove redundant new line in perror()
  virtiofsd: Add missing newline in error message
  misc: Fix "havn't" typo
  memory: Display MemoryRegion name in read/write ops trace events
  qemu-option: Drop dead assertion

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-11 18:49:25 +01:00
Peter Maydell
3cfcc329af target-arm queue:
* New machine type: stm32vldiscovery
  * hw/intc/arm_gicv3_cpuif: Fix virtual irq number check in icv_[dir|eoir]_write
  * hw/gpio/pl061: Honour Luminary PL061 PUR and PDR registers
  * virt: Fix implementation of GPIO-based powerdown/shutdown mechanism
  * Correct the encoding of MDCCSR_EL0 and DBGDSCRint
  * hw/intc: Improve formatting of MEMTX_ERROR guest error message
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmDodKYZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3lLWD/9Ux5FW5GfJstzcLyMaEQCA
 KMw9I18YYDXKnynxn8vqBYPV49pN8Hc/4xFcCuhVhsNMBiLMvRpNrnzCad2hylVJ
 JrFkyHO78ibdTRqUCWtnToFnNR37gBei1sL8jlcaex789ifDX7KOpfERqvIa313o
 5iMEDLOtbkqauyNXPpMxmS/imP13VLD0iuChQwYM6tYnVKja7uFScJRlU6/3ayRL
 sZC0Yc8WUuwICmYOxXTu/ANhJo3XsTWMLN9RMlpDQ7PV4nT4hJP2MPtdkEiUpNZo
 aon/w/Fe+PB1DW6MSfyYYrrJTh9SmpylB+kiEVnZtf5RQB7URpTo0Oyb1CF4xz97
 YbUqgSwJtTAeYku6H/2tmXvD87I1w7i7Y6E16Gjo5WXqs7bULYEAR9/l0dt3FMSW
 MoKAlhnwB7eU/p2kd5NZEkPPx9W/Z0B/nFFctVEKkQpo2CrJoOJX08RsPpFrwGSE
 Sr8wnyvRQr7YzWwkG/q11Y+uS9SIszuEYZYqEGw1AVBgi78dMVPSFiXktRnV3ERI
 FQWb7xzQe2pTtTc0W4yrudMxk8bCJvGIa9SYTW4Z5CxO0EJkBOOPTwoIGoNEeLLC
 NYGDGeaDYy5aCdqRwBz+oguBhRgqIiQagSjPljnJ4vJPQhJvdFik2nuK5JYbKnPl
 7G0GxqlDhMQs9tXTQ523Rw==
 =AkRd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210709' into staging

target-arm queue:
 * New machine type: stm32vldiscovery
 * hw/intc/arm_gicv3_cpuif: Fix virtual irq number check in icv_[dir|eoir]_write
 * hw/gpio/pl061: Honour Luminary PL061 PUR and PDR registers
 * virt: Fix implementation of GPIO-based powerdown/shutdown mechanism
 * Correct the encoding of MDCCSR_EL0 and DBGDSCRint
 * hw/intc: Improve formatting of MEMTX_ERROR guest error message

# gpg: Signature made Fri 09 Jul 2021 17:09:10 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210709:
  hw/intc: Improve formatting of MEMTX_ERROR guest error message
  target/arm: Correct the encoding of MDCCSR_EL0 and DBGDSCRint
  hw/arm/stellaris: Expand comment about handling of OLED chipselect
  hw/gpio/pl061: Document a shortcoming in our implementation
  hw/gpio/pl061: Convert to 3-phase reset and assert GPIO lines correctly on reset
  hw/arm/virt: Make PL061 GPIO lines pulled low, not high
  hw/gpio/pl061: Make pullup/pulldown of outputs configurable
  hw/gpio/pl061: Honour Luminary PL061 PUR and PDR registers
  hw/gpio/pl061: Document the interface of this device
  hw/gpio/pl061: Add tracepoints for register read and write
  hw/gpio/pl061: Clean up read/write offset handling logic
  hw/gpio/pl061: Convert DPRINTF to tracepoints
  hw/intc/arm_gicv3_cpuif: Fix virtual irq number check in icv_[dir|eoir]_write
  tests/boot-serial-test: Add STM32VLDISCOVERY board testcase
  docs/system: arm: Add stm32 boards description
  stm32vldiscovery: Add the STM32VLDISCOVERY Machine
  stm32f100: Add the stm32f100 SoC

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-11 13:11:32 +01:00
Richard Henderson
50b208b848 target/i386: Use cpu_breakpoint_test in breakpoint_handler
The loop is performing a simple boolean test for the existence
of a BP_CPU breakpoint at EIP.  Plus it gets the iteration wrong,
if we happen to have a BP_GDB breakpoint at the same address.

We have a function for this: cpu_breakpoint_test.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20210620062317.1399034-1-richard.henderson@linaro.org>
2021-07-09 20:05:27 -07:00
Thomas Huth
3b51b50668 target/xtensa/xtensa-semi: Fix compilation problem on Haiku
The errno numbers are very large on Haiku, so the linking currently
fails there with a "final link failed: memory exhausted" error
message. We should not use the errno number as array indexes here,
thus convert the code to a switch-case statement instead. A clever
compiler should be able to optimize this code in a similar way
anway.

Reported-by: Richard Zak <richard.j.zak@gmail.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210706081822.1316551-1-thuth@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-07-09 18:42:46 +02:00
Philippe Mathieu-Daudé
a476123243 misc: Fix "havn't" typo
Fix "havn't (make)" -> "haven't (made)" typo.

Reviewed-by: Luis Pires <luis.pires@eldorado.org.br>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210629051400.2573253-1-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-07-09 18:42:46 +02:00
Richard Henderson
70c6eb46d7 target/xtensa: Use translator_use_goto_tb
Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
3806471563 target/tricore: Use tcg_gen_lookup_and_goto_ptr
The non-single-step case of gen_goto_tb may use
tcg_gen_lookup_and_goto_ptr to indirectly chain.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
d6b6f26170 target/tricore: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
5645aa2e76 target/sparc: Use translator_use_goto_tb
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
3f1e209845 target/sh4: Use translator_use_goto_tb
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
95cc1cb39e target/s390x: Remove use_exit_tb
We have not needed to end a TB for I/O since ba3e792669
("icount: clean up cpu_can_io at the entry to the block").

In use_goto_tb, the check for singlestep_enabled is in the
generic translator_use_goto_tb.  In s390x_tr_tb_stop, the
check for singlestep_enabled is in the preceding do_debug test.

Which leaves only FLAG_MASK_PER: fold that test alone into
the two callers of use_exit tb.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
7379c0c82e target/s390x: Use translator_use_goto_tb
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
f3f713cc15 target/rx: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
c54d50c1d6 target/riscv: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
6e9cc373ec target/ppc: Use translator_use_goto_tb
Reviewed-by: Luis Pires <luis.pires@eldorado.org.br>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
adf1f3dee6 target/openrisc: Use translator_use_goto_tb
Reorder the control statements to allow using the page boundary
check from translator_use_goto_tb().

Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
6082414e3f target/nios2: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
34f5e75a94 target/mips: Fix missing else in gen_goto_tb
Do not emit dead code for the singlestep_enabled case,
after having exited the TB with a debug exception.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
97eea3c19b target/mips: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
725930c2a5 target/microblaze: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
fbf565c4e0 target/m68k: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Acked-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
b473534d5d target/i386: Use translator_use_goto_tb
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
57f914983c target/hppa: Use translator_use_goto_tb
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
ca92d7f89b target/cris: Use translator_use_goto_tb
The test for singlestepping is done in translator_use_goto_tb,
so we may elide it from cris_tr_tb_stop.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
1810afd56a target/avr: Mark some helpers noreturn
All of these helpers end with cpu_loop_exit.

Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
a50d52bc3b target/avr: Use translator_use_goto_tb
Single stepping is not the only reason not to use goto_tb.
If goto_tb is disallowed, and single-stepping is not enabled,
then use tcg_gen_lookup_and_goto_tb to indirectly chain.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
97f11c8169 target/arm: Use translator_use_goto_tb for aarch32
Just use translator_use_goto_tb directly at the one call site,
rather than maintaining a local wrapper.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
0285162bdf target/arm: Use translator_use_goto_tb for aarch64
We have not needed to end a TB for I/O since ba3e792669
("icount: clean up cpu_can_io at the entry to the block"),
and gdbstub singlestep is handled by the generic function.

Drop the unused 'n' argument to use_goto_tb.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:42:28 -07:00
Richard Henderson
73fce314db target/arm: Use DISAS_TOO_MANY for ISB and SB
Using gen_goto_tb directly misses the single-step check.
Let the branch or debug exception be emitted by arm_tr_tb_stop.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:41:53 -07:00
Richard Henderson
21a7e89ece target/alpha: Use translator_use_goto_tb
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:41:53 -07:00
Richard Henderson
3fd3442abe target/alpha: Remove in_superpage
The number of links across (normal) pages using this is low,
and it will shortly violate the contract for breakpoints.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:41:53 -07:00
Richard Henderson
cba201f4c7 target/alpha: Remove use_exit_tb
We have not needed to end a TB for I/O since ba3e792669
("icount: clean up cpu_can_io at the entry to the block").
We do not need to use exit_tb for singlestep, which only
means generate one insn per TB.

Which leaves only singlestep_enabled, which means raise a
debug trap after every TB, which does not use exit_tb,
which would leave the function mis-named.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:41:53 -07:00
Philippe Mathieu-Daudé
1797b08d24 tcg: Avoid including 'trace-tcg.h' in target translate.c
The root trace-events only declares a single TCG event:

  $ git grep -w tcg trace-events
  trace-events:115:# tcg/tcg-op.c
  trace-events:137:vcpu tcg guest_mem_before(TCGv vaddr, uint16_t info) "info=%d", "vaddr=0x%016"PRIx64" info=%d"

and only a tcg/tcg-op.c uses it:

  $ git grep -l trace_guest_mem_before_tcg
  tcg/tcg-op.c

therefore it is pointless to include "trace-tcg.h" in each target
(because it is not used). Remove it.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210629050935.2570721-1-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-09 09:38:33 -07:00
Philippe Mathieu-Daudé
f4063f9c31 meson: Introduce target-specific Kconfig
Add a target-specific Kconfig. We need the definitions in Kconfig so
the minikconf tool can verify they exits. However CONFIG_FOO is only
enabled for target foo via the meson.build rules.

Two architecture have a particularity, ARM and MIPS. As their
translators have been split you can potentially build a plain 32 bit
build along with a 64-bit version including the 32-bit subset.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210131111316.232778-6-f4bug@amsat.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707131744.26027-2-alex.bennee@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-09 18:21:34 +02:00
Paolo Bonzini
533883fd7e target/i386: fix exceptions for MOV to DR
Use raise_exception_ra (without error code) when raising the illegal
opcode operation; raise #GP when setting bits 63:32 of DR6 or DR7.

Move helper_get_dr to sysemu/ since it is a privileged instruction
that is not needed on user-mode emulators.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-09 18:21:34 +02:00
Lara Lazier
acf23ffb58 target/i386: Added DR6 and DR7 consistency checks
DR6[63:32] and DR7[63:32] are reserved and need to be zero.
(AMD64 Architecture Programmer's Manual, V2, 15.5)

Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210705081802.18960-3-laramglazier@gmail.com>
[Ignore for 32-bit builds. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-09 18:21:33 +02:00
Lara Lazier
481077b28b target/i386: Added MSRPM and IOPM size check
The address of the last entry in the MSRPM and
in the IOPM must be smaller than the largest physical address.
(APM2 15.10-15.11)

Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210705081802.18960-2-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-09 18:21:33 +02:00
hnick@vmware.com
49a6f3bffb target/arm: Correct the encoding of MDCCSR_EL0 and DBGDSCRint
Signed-off-by: Nick Hudson <hnick@vmware.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-09 16:09:12 +01:00
Bharata B Rao
82123b756a target/ppc: Support for H_RPT_INVALIDATE hcall
If KVM_CAP_RPT_INVALIDATE KVM capability is enabled, then

- indicate the availability of H_RPT_INVALIDATE hcall to the guest via
  ibm,hypertas-functions property.
- Enable the hcall

Both the above are done only if the new sPAPR machine capability
cap-rpt-invalidate is set.

Signed-off-by: Bharata B Rao <bharata@linux.ibm.com>
Message-Id: <20210706112440.1449562-3-bharata@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 11:01:06 +10:00
Lucas Mateus Castro (alqotel)
89bb5a4dfd target/ppc: Don't compile ppc_tlb_invalid_all without TCG
The function ppc_tlb_invalid_all is not compiled anymore in a TCG-less
environment, and the call to that function has been disabled in this
situation

Signed-off-by: Lucas Mateus Castro (alqotel) <lucas.araujo@eldorado.org.br>
Message-Id: <20210708164957.28096-2-lucas.araujo@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:44:25 +10:00
BALATON Zoltan
5e994fc019 target/ppc: Allow virtual hypervisor on CPU without HV
Change the assert in ppc_store_sdr1() to allow vhyp to be set on CPUs
without HV bit. This allows using the vhyp interface for firmware
emulation on pegasos2.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <21c7745aabbb68fcc50bb2ffaf16b939ba21261c.1624811233.git.balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Nicholas Piggin
caf590ddc9 target/ppc: mtmsrd is an illegal instruction on BookE
MSR is a 32-bit register in BookE and there is no mtmsrd instruction.

Cc: Christian Zigotzky <chzigotzky@xenosoft.de>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20210706051321.609046-1-npiggin@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Bruno Larsen (billionai)
d423baf9b4 target/ppc: change ppc_hash32_xlate to use mmu_idx
Changed hash32 address translation to use the supplied mmu_idx, instead
of using what was stored in the msr, for parity purposes (radix64
already uses that) and for conceptual correctness, all the relevant
functions should always use the supplied mmu_idx, as there are no
guarantees that the mmu_idx stored in the CPU variable will not desync.

Signed-off-by: Bruno Larsen (billionai) <bruno.larsen@eldorado.org.br>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20210706150316.21005-3-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Bruno Larsen (billionai)
a97c4d3c1e target/ppc: introduce mmu-books.h
Intrudoce a header common to all BookS MMUs, that can hold code that is
common to hash32 and book3s-v3 MMUs.

Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Bruno Larsen (billionai) <bruno.larsen@eldorado.org.br>
Message-Id: <20210706150316.21005-2-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Bruno Larsen (billionai)
03695a9870 target/ppc: changed ppc_hash64_xlate to use mmu_idx
Changed hash64 address translation to use the supplied mmu_idx instead
of using the one stored in the msr, for parity purposes (other book3s
MMUs already use it).

Signed-off-by: Bruno Larsen (billionai) <bruno.larsen@eldorado.org.br>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210628133610.1143-4-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Bruno Larsen (billionai)
3f9f76d5bb target/ppc: fix address translation bug for radix mmus
This commit attempts to fix a technical hiccup first mentioned by Richard
Henderson in
https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg06247.html

To sumarize the hiccup here, when radix-style mmus are translating an
address, they might need to call a second level of translation, with
hypervisor privileges. However, the way it was being done up until
this point meant that the second level translation had the same
privileges as the first level. It could lead to a bug in address
translation when running KVM inside a TCG guest, but this bug was never
experienced by users, so this isn't as much a bug fix as it is a
correctness cleanup.

This patch attempts that cleanup by making radix64_*_xlate functions
receive the mmu_idx, and passing one with the correct permission for the
second level translation.

The mmuidx macros added by this patch are only correct for non-bookE
mmus, because BookE style set the IS and DS bits inverted and there
might be other subtle differences. However, there doesn't seem to be
BookE cpus that have radix-style mmus, so we left a comment there to
document the issue, in case a machine does have that and was missed.

As part of this cleanup, we now need to send the correct mmmu_idx
when calling get_phys_page_debug, otherwise we might not be able to see the
memory that the CPU could

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Bruno Larsen (billionai) <bruno.larsen@eldorado.org.br>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Message-Id: <20210628133610.1143-2-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Fabiano Rosas
ba1b5df070 target/ppc: Fix compilation with DEBUG_BATS debug option
../target/ppc/mmu-hash32.c: In function 'ppc_hash32_bat_lookup':
../target/ppc/mmu-hash32.c:204:13: error: 'BATu' undeclared (first use in this function);
  204 |             BATu = &BATut[i];
      |             ^~~~
      |             BATut
../target/ppc/mmu-hash32.c:205:13: error: 'BATl' undeclared (first use in this function);
  205 |             BATl = &BATlt[i];
      |             ^~~~
      |             BATlt
../target/ppc/mmu-hash32.c:206:13: error: 'BEPIu' undeclared (first use in this function)
  206 |             BEPIu = *BATu & BATU32_BEPIU;
      |             ^~~~~
../target/ppc/mmu-hash32.c:206:29: error: 'BATU32_BEPIU' undeclared (first use in this function);
  206 |             BEPIu = *BATu & BATU32_BEPIU;
      |                             ^~~~~~~~~~~~
      |                             BATU32_BEPI
../target/ppc/mmu-hash32.c:207:13: error: 'BEPIl' undeclared (first use in this function)
  207 |             BEPIl = *BATu & BATU32_BEPIL;
      |             ^~~~~
../target/ppc/mmu-hash32.c:207:29: error: 'BATU32_BEPIL' undeclared (first use in this function);
  207 |             BEPIl = *BATu & BATU32_BEPIL;
      |                             ^~~~~~~~~~~~
      |                             BATU32_BEPI
../target/ppc/mmu-hash32.c:208:13: error: 'bl' undeclared (first use in this function)
  208 |             bl = (*BATu & 0x00001FFC) << 15;
      |             ^~

Fixes: 9813279664 ("target-ppc: Disentangle BAT code for 32-bit hash MMUs")
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20210702215235.1941771-4-farosas@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Fabiano Rosas
d3841fce0d target/ppc: Fix compilation with FLUSH_ALL_TLBS debug option
../target/ppc/mmu_helper.c: In function 'helper_store_ibatu':
../target/ppc/mmu_helper.c:1802:17: error: unused variable 'cpu' [-Werror=unused-variable]
 1802 |     PowerPCCPU *cpu = env_archcpu(env);
      |                 ^~~
../target/ppc/mmu_helper.c: In function 'helper_store_dbatu':
../target/ppc/mmu_helper.c:1838:17: error: unused variable 'cpu' [-Werror=unused-variable]
 1838 |     PowerPCCPU *cpu = env_archcpu(env);
      |                 ^~~
../target/ppc/mmu_helper.c: In function 'helper_store_601_batu':
../target/ppc/mmu_helper.c:1874:17: error: unused variable 'cpu' [-Werror=unused-variable]
 1874 |     PowerPCCPU *cpu = env_archcpu(env);
      |                 ^~~
../target/ppc/mmu_helper.c: In function 'helper_store_601_batl':
../target/ppc/mmu_helper.c:1919:17: error: unused variable 'cpu' [-Werror=unused-variable]
 1919 |     PowerPCCPU *cpu = env_archcpu(env);

Fixes: db70b31144 ("target/ppc: Use env_cpu, env_archcpu")
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20210702215235.1941771-3-farosas@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Fabiano Rosas
26ba91db6c target/ppc: Fix compilation with DUMP_PAGE_TABLES debug option
../target/ppc/mmu_helper.c: In function 'get_segment_6xx_tlb':
../target/ppc/mmu_helper.c:514:46: error: passing argument 1 of
'ppc_hash32_hpt_mask' from incompatible pointer type [-Werror=incompatible-pointer-types]

  514 |                          ppc_hash32_hpt_mask(env) + 0x80);
      |                                              ^~~
      |                                              |
      |                                              CPUPPCState *

Fixes: 36778660d7 ("target/ppc: Eliminate htab_base and htab_mask variables")
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20210702215235.1941771-2-farosas@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
cbf35bac39 target/ppc: Restrict ppc_cpu_tlb_fill to TCG
This function is used by TCGCPUOps, and is thus TCG specific.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-10-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
51806b5458 target/ppc: Introduce ppc_xlate
Create one common dispatch for all of the ppc_*_xlate functions.
Use ppc64_v3_radix to directly dispatch between ppc_radix64_xlate
and ppc_hash64_xlate.

Remove the separate *_handle_mmu_fault and *_get_phys_page_debug
functions, using common code for ppc_cpu_tlb_fill and
ppc_cpu_get_phys_page_debug.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-9-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
af44a14236 target/ppc: Split out ppc_jumbo_xlate
Mirror the interface of ppc_radix64_xlate (mostly), putting all
of the logic for older mmu translation into a single entry point.
For booke, we need to add mmu_idx to the xlate-style interface.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-8-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
6c3c873c63 target/ppc: Split out ppc_hash32_xlate
Mirror the interface of ppc_radix64_xlate, putting all of
the logic for hash32 translation into a single entry point.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-7-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
1a8c647bbd target/ppc: Split out ppc_hash64_xlate
Mirror the interface of ppc_radix64_xlate, putting all of
the logic for hash64 translation into a single function.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-6-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
077a370499 target/ppc: Use bool success for ppc_radix64_xlate
Instead of returning non-zero for failure, return true for success.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-5-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
42a611240e target/ppc: Push real-mode handling into ppc_radix64_xlate
This removes some incomplete duplication between
ppc_radix64_handle_mmu_fault and ppc_radix64_get_phys_page_debug.
The former was correct wrt SPR_HRMOR and the latter was not.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-4-bruno.larsen@eldorado.org.br>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:19 +10:00
Richard Henderson
1b4d1cb31a target/ppc: Use MMUAccessType with *_handle_mmu_fault
These changes were waiting until we didn't need to match
the function type of PowerPCCPUClass.handle_mmu_fault.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-3-bruno.larsen@eldorado.org.br>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:18 +10:00
Richard Henderson
db20cc2c56 target/ppc: Remove PowerPCCPUClass.handle_mmu_fault
Instead, use a switch on env->mmu_model.  This avoids some
replicated information in cpu setup.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210621125115.67717-2-bruno.larsen@eldorado.org.br>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:18 +10:00
Greg Kurz
642f6f59cd target/ppc: Drop PowerPCCPUClass::interrupts_big_endian()
This isn't used anymore.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210622140926.677618-3-groug@kaod.org>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:18 +10:00
Greg Kurz
c11dc15d3a target/ppc: Introduce ppc_interrupts_little_endian()
PowerPC CPUs use big endian by default but starting with POWER7,
server grade CPUs use the ILE bit of the LPCR special purpose
register to decide on the endianness to use when handling
interrupts. This gives a clue to QEMU on the endianness the
guest kernel is running, which is needed when generating an
ELF dump of the guest or when delivering an FWNMI machine
check interrupt.

Commit 382d2db62b ("target-ppc: Introduce callback for interrupt
endianness") added a class method to PowerPCCPUClass to modelize
this : default implementation returns a fixed "big endian" value,
while POWER7 and newer do the LPCR_ILE check. This is suboptimal
as it forces to implement the method for every new CPU family, and
it is very unlikely that this will ever be different than what we
have today.

We basically only have three cases to consider:
a) CPU doesn't have an LPCR => big endian
b) CPU has an LPCR but doesn't support the ILE bit => big endian
c) CPU has an LPCR and supports the ILE bit => little or big endian

Instead of class methods, introduce an inline helper that checks the
ILE bit in the LPCR_MASK to decide on the outcome. The new helper
words little endian instead of big endian. This allows to drop a !
operator in ppc_cpu_do_fwnmi_machine_check().

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210622140926.677618-2-groug@kaod.org>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2021-07-09 10:38:18 +10:00
Cho, Yu-Chen
7ab3eb42b0 target/s390x: split sysemu part of cpu models
split sysemu part of cpu models,
also create a tiny _user.c with just the (at least for now),
empty implementation of apply_cpu_model.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-15-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:59 +02:00
Cho, Yu-Chen
67043607d1 target/s390x: move kvm files into kvm/
move kvm files into kvm/
After the reshuffling, update MAINTAINERS accordingly.
Make use of the new directory:

target/s390x/kvm/

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-14-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:59 +02:00
Cho, Yu-Chen
777ef689b5 target/s390x: remove kvm-stub.c
all function calls are protected by kvm_enabled(),
so we do not need the stubs.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-13-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:59 +02:00
Cho, Yu-Chen
1fc66ac17a target/s390x: use kvm_enabled() to wrap call to kvm_s390_get_hpage_1m
this will allow to remove the kvm stubs.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-12-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:59 +02:00
Cho, Yu-Chen
da94488546 target/s390x: make helper.c sysemu-only
Now that we have moved cpu-dump functionality out of helper.c,
we can make the module sysemu-only.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-11-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:59 +02:00
Cho, Yu-Chen
98be64d2f4 target/s390x: split cpu-dump from helper.c
Splitting this functionality also allows us to make helper.c sysemu-only.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-10-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:58 +02:00
Cho, Yu-Chen
72ffb6310b target/s390x: move sysemu-only code out to cpu-sysemu.c
move sysemu-only code out to cpu-sysemu.c

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-9-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:57 +02:00
Cho, Yu-Chen
c9274b6bf0 target/s390x: start moving TCG-only code to tcg/
move everything related to translate, as well as HELPER code in tcg/

mmu_helper.c stays put for now, as it contains both TCG and KVM code.

After the reshuffling, update MAINTAINERS accordingly.
Make use of the new directory:

target/s390x/tcg/

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-8-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:56 +02:00
Cho, Yu-Chen
b6b4722307 target/s390x: rename internal.h to s390x-internal.h
The internal.h file is renamed to s390x-internal.h, because of the
risk of collision with other files with the same name.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-7-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:56 +02:00
Cho, Yu-Chen
dda740dec5 target/s390x: remove tcg-stub.c
now that we protect all calls to the tcg-specific functions
with if (tcg_enabled()), we do not need the TCG stub anymore.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-6-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:55 +02:00
Cho, Yu-Chen
33f6a7d66f target/s390x: meson: add target_user_arch
the lack of target_user_arch makes it hard to fully leverage the
build system in order to separate user code from sysemu code.

Provide it, so that we can avoid the proliferation of #ifdef
in target code.

Signed-off-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Cho, Yu-Chen <acho@suse.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210707105324.23400-2-acho@suse.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 14:01:52 +02:00
David Hildenbrand
af4ba0ec8f s390x/tcg: Fix m5 vs. m4 field for VECTOR MULTIPLY SUM LOGICAL
The element size is located in m5, not in m4. As there is no m4, qemu
currently crashes with an assertion, trying to lookup that field.

Reproduced and tested via GO, which ends up using VMSL once the
Vector enhancements facility is around for verifying certificates with
elliptic curves.

Reported-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/449
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Fixes: 8c18fa5b3e ("s390x/tcg: Implement VECTOR MULTIPLY SUM LOGICAL")
Message-Id: <20210705090341.58289-1-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 13:57:25 +02:00
Ulrich Weigand
2876105704 target/s390x: Fix CC set by CONVERT TO FIXED/LOGICAL
The FP-to-integer conversion instructions need to set CC 3 whenever
a "special case" occurs; this is the case whenever the instruction
also signals the IEEE invalid exception.  (See e.g. figure 19-18
in the Principles of Operation.)

However, qemu currently will set CC 3 only in the case where the
input was a NaN.  This is indeed one of the special cases, but
there are others, most notably the case where the input is out
of range of the target data type.

This patch fixes the problem by switching these instructions to
the "static" CC method and computing the correct result directly
in the helper.  (It cannot be re-computed later as the information
about the invalid exception is no longer available.)

This fixes a bug observed when running the wasmtime test suite
under the s390x-linux-user target.

Signed-off-by: Ulrich Weigand <ulrich.weigand@de.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210630105058.GA29130@oc3748833570.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 13:57:25 +02:00
Christian Borntraeger
fb4a081216 s390x/cpumodel: add 3931 and 3932
This defines 5 new facilities and the new 3931 and 3932 machines.
As before the name is not yet known and we do use gen16a and gen16b.
The new features are part of the full model.

The default model is still empty (same as z15) and will be added
in a separate patch at a later point in time.

Also add the dependencies of new facilities and as a fix for z15 add
a dependency from S390_FEAT_VECTOR_PACKED_DECIMAL_ENH to
S390_VECTOR_PACKED_DECIMAL.

[merged <20210701084348.26556-1-borntraeger@de.ibm.com>]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20210622201923.150205-2-borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-07-07 13:57:25 +02:00
David Edmondson
48e5c98a38 target/i386: Move X86XSaveArea into TCG
Given that TCG is now the only consumer of X86XSaveArea, move the
structure definition and associated offset declarations and checks to a
TCG specific header.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20210705104632.2902400-9-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 08:33:51 +02:00
David Edmondson
fea4500841 target/i386: Populate x86_ext_save_areas offsets using cpuid where possible
Rather than relying on the X86XSaveArea structure definition,
determine the offset of XSAVE state areas using CPUID leaf 0xd where
possible (KVM and HVF).

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20210705104632.2902400-8-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 08:33:48 +02:00
David Edmondson
3568987f78 target/i386: Observe XSAVE state area offsets
Rather than relying on the X86XSaveArea structure definition directly,
the routines that manipulate the XSAVE state area should observe the
offsets declared in the x86_ext_save_areas array.

Currently the offsets declared in the array are derived from the
structure definition, resulting in no functional change.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20210705104632.2902400-7-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 07:54:53 +02:00
David Edmondson
5aa10ab1a0 target/i386: Make x86_ext_save_areas visible outside cpu.c
Provide visibility of the x86_ext_save_areas array and associated type
outside of cpu.c.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20210705104632.2902400-6-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 07:54:53 +02:00
David Edmondson
c0198c5f87 target/i386: Pass buffer and length to XSAVE helper
In preparation for removing assumptions about XSAVE area offsets, pass
a buffer pointer and buffer length to the XSAVE helper functions.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20210705104632.2902400-5-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 07:54:53 +02:00
David Edmondson
fde7482100 target/i386: Clarify the padding requirements of X86XSaveArea
Replace the hard-coded size of offsets or structure elements with
defined constants or sizeof().

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20210705104632.2902400-4-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 07:54:53 +02:00
David Edmondson
436463b84b target/i386: Consolidate the X86XSaveArea offset checks
Rather than having similar but different checks in cpu.h and kvm.c,
move them all to cpu.h.
Message-Id: <20210705104632.2902400-3-david.edmondson@oracle.com>

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 07:54:53 +02:00
David Edmondson
ac7b7cae4e target/i386: Declare constants for XSAVE offsets
Declare and use manifest constants for the XSAVE state component
offsets.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20210705104632.2902400-2-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-06 07:54:53 +02:00
Peter Maydell
711c0418c8 MIPS patches queue
- Extract nanoMIPS, microMIPS, Code Compaction from translate.c
 - Allow PCI config accesses smaller than 32-bit on Bonito64 device
 - Fix migration of g364fb device on Jazz Magnum
 - Fix dp8393x PROM checksum on Jazz Magnum and Quadra 800
 - Map the UART devices unconditionally on Jazz Magnum
 - Add functional test booting Linux on the Fuloong 2E
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmDfMnMACgkQ4+MsLN6t
 wN71nhAArpyoJ5mTkt54wAxZwxvqjWAyesvogV4pLIvOyNJmQcExY/Ly8Qb5dbDg
 2PEhCpDU7GlT7oCfgh7O5KrEjnqVfmHQzzbvQ0Ygq9kL5hdjaSSlHB/yeirU7CR1
 cMQXfj9kvRVa5Oayt3L+kiKgTA0f1vbGmnveiFxJKJupyVDtursstD3nSZCThSVL
 FWdFJbqLzvTY3cQqLBVq7jEnN7LzSYeYnq8Tvri0nuwoBwLJY382IljqsQZrGHzr
 Bbya3KFInMrQK5VAM0pOkfvPYXZmtJ8i8VuR6S+IdICiZ+61sknKRUq5z09/4NXA
 HaxarWO/fv07qd7q6Z2+i5Q6fiDrV4p2qfHeddM4Xwqvu8O98EPhaBE3veLOiNgr
 VxgkJFslI1gstje31qqvNjFxB+cOIBYjWTlIVu1xOuOKGWMjMT+9XcVLseweA2rT
 H/nTKnWTAiJ/mxT4KIv59SS0ZQa4QJ3CjYr26AcQ9YrJ9vCMay8rLPEn0iVlhB2H
 ZyW4Be84ynEvuAvvuWt1AXvFjT41Zqj4Px1M6Pa15e9eV6guiW1KV13Thb45gJqt
 LTQtoME83r3gUhQOcoZaowYh6ffCbjtW3eAcTZP3Zu7fOeBjSye+CvS9NJMtK3Vj
 0/YjtqGPUvjNy4sR9VqkRRPMZpHftMTRILxaFm8Y5tlThkAydw0=
 =rR+B
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/mips-20210702' into staging

MIPS patches queue

- Extract nanoMIPS, microMIPS, Code Compaction from translate.c
- Allow PCI config accesses smaller than 32-bit on Bonito64 device
- Fix migration of g364fb device on Jazz Magnum
- Fix dp8393x PROM checksum on Jazz Magnum and Quadra 800
- Map the UART devices unconditionally on Jazz Magnum
- Add functional test booting Linux on the Fuloong 2E

# gpg: Signature made Fri 02 Jul 2021 16:36:19 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/mips-20210702:
  hw/mips/jazz: Map the UART devices unconditionally
  hw/mips/jazz: specify correct endian for dp8393x device
  hw/m68k/q800: fix PROM checksum and MAC address storage
  qemu/bitops.h: add bitrev8 implementation
  dp8393x: remove onboard PROM containing MAC address and checksum
  hw/m68k/q800: move PROM and checksum calculation from dp8393x device to board
  hw/mips/jazz: move PROM and checksum calculation from dp8393x device to board
  dp8393x: convert to trace-events
  dp8393x: checkpatch fixes
  g364fb: add VMStateDescription for G364SysBusState
  g364fb: use RAM memory region for framebuffer
  tests/acceptance: Test Linux on the Fuloong 2E machine
  hw/pci-host/bonito: Allow PCI config accesses smaller than 32-bit
  hw/pci-host/bonito: Trace PCI config accesses smaller than 32-bit
  target/mips: Extract nanoMIPS ISA translation routines
  target/mips: Extract the microMIPS ISA translation routines
  target/mips: Extract Code Compaction ASE translation routines
  target/mips: Add declarations for generic TCG helpers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-04 14:04:12 +01:00