qemu.git
8 months agophysmem: fix qemu_ram_alloc_from_fd size calculation
Steve Sistare [Wed, 15 Jan 2025 19:00:28 +0000 (11:00 -0800)]
physmem: fix qemu_ram_alloc_from_fd size calculation

qemu_ram_alloc_from_fd allocates space if file_size == 0.  If non-zero,
it uses the existing space and verifies it is large enough, but the
verification was broken when the offset parameter was introduced.  As
a result, a file smaller than offset passes the verification and causes
errors later.  Fix that, and update the error message to include offset.

Peter provides this concise reproducer:

  $ touch ramfile
  $ truncate -s 64M ramfile
  $ ./qemu-system-x86_64 -object memory-backend-file,mem-path=./ramfile,offset=128M,size=128M,id=mem1,prealloc=on
  qemu-system-x86_64: qemu_prealloc_mem: preallocating memory failed: Bad address

With the fix, the error message is:
  qemu-system-x86_64: mem1 backing store size 0x4000000 is too small for 'size' option 0x8000000 plus 'offset' option 0x8000000

Cc: qemu-stable@nongnu.org
Fixes: 4b870dc4d0c0 ("hostmem-file: add offset option")
Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Acked-by: David Hildenbrand <david@redhat.com>
Link: https://lore.kernel.org/r/1736967650-129648-3-git-send-email-steven.sistare@oracle.com
Signed-off-by: Fabiano Rosas <farosas@suse.de>
8 months agobackends/hostmem-shm: factor out allocation of "anonymous shared memory with an fd"
Steve Sistare [Wed, 15 Jan 2025 19:00:27 +0000 (11:00 -0800)]
backends/hostmem-shm: factor out allocation of "anonymous shared memory with an fd"

Let's factor it out so we can reuse it.

Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/r/1736967650-129648-2-git-send-email-steven.sistare@oracle.com
Signed-off-by: Fabiano Rosas <farosas@suse.de>
8 months agomigration: fix -Werror=maybe-uninitialized
Marc-André Lureau [Tue, 14 Jan 2025 10:48:11 +0000 (14:48 +0400)]
migration: fix -Werror=maybe-uninitialized

../migration/savevm.c: In function ‘qemu_savevm_state_complete_precopy_non_iterable’:
../migration/savevm.c:1560:20: error: ‘ret’ may be used uninitialized [-Werror=maybe-uninitialized]
 1560 |             return ret;
      |                    ^~~

Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250114104811.2612846-1-marcandre.lureau@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
8 months agoMerge tag 'pull-aspeed-20250127' of https://github.com/legoater/qemu into staging
Stefan Hajnoczi [Mon, 27 Jan 2025 16:20:35 +0000 (11:20 -0500)]
Merge tag 'pull-aspeed-20250127' of https://github.com/legoater/qemu into staging

aspeed queue:

* Fixed serial definitions on the command line
* Fixed sdhci write protected pin on AST2600 EVB machine
* Added timer support on AST2700 SoC
* Updated buildroot and SDK images of functional tests
* Removed sd devices creation when -nodefaults is used
* Added software reset mode support on AST2600 SoC

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmeXSIwACgkQUaNDx8/7
# 7KH5Ew/+Ne9Z0lksOEUw5BJ6Qm3U2oLS90hcjo3MBHpmMHX0MXY2qYOKV2aS7spO
# kvWpTUiPaT682X4IrBuxdCdi2F80dhJSmky81vMn7a3+DZgSsUoPEgw2Ophm5Q37
# 788qVEKk55F8m4r4ZCpAd3+Mc+3rVw6YQW/Rvu2+fVbfaLu6dE4fnQdXmDYc2EzF
# pCYAcYlRp19dP0YnBJnv4/JK6Eybced1VG1cKGNy8VSyMY3vWM7ZOdP4Ybz+d88R
# 0DNEIGRQJQZZFNxvkEJX/tPsK+m2M9G/t5YOuJP22EoF3L8v+rnt7yg+NWE4pbtI
# dqzg8ikICidcP6NMYjTe6C2m9PBcKBhbPumRZOW1lWRoZOShy6cHO7KajJZ3oj8K
# GUOEEh7i5tKbPGdg46ifc0waGMKh97S3dy/8V/N2XqPfL99TXfRAyiq0sG0mS1je
# xGV9vN7LPJ9OYMri6U5SLewrWO93q7Vv4SBv7iDVupZ8Ww6wcJaCWgvUWjxbK7SH
# qE003RvQYmK6gkCH4cYnI2LZBlJyp7wKdO7nG4K2vI+05GVpALTkZPcCQ84WhF5L
# 8wO5wrQPalQrOwkvankqgEJOifWmBAi3Gs/3y/tRg+u4VHoPKcaXLujBqq8pZl6F
# meYAzqqksFj8PJwiCVJVNcHpqvhmyBzvvPAf6NEgbRsDyUiFZAo=
# =gOq1
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 27 Jan 2025 03:49:16 EST
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg:                 aka "Cédric Le Goater <clg@kaod.org>" [full]
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-aspeed-20250127' of https://github.com/legoater/qemu:
  docs/system/arm/aspeed: Remove tacoma-bmc from the documentation
  aspeed/wdt: Support software reset mode for AST2600
  aspeed/wdt: Fix coding style
  aspeed: Create sd devices only when defaults are enabled
  test/functional: Update buildroot images to 2024.11
  test/functional: Update the Aspeed aarch64 test
  aspeed/soc: Support Timer for AST2700
  hw/timer/aspeed: Add AST2700 Support
  hw/timer/aspeed: Refactor Timer Callbacks for SoC-Specific Implementations
  hw/arm/aspeed: Invert sdhci write protected pin for AST2600 EVB
  hw/sd/sdhci: Introduce a new Write Protected pin inverted property
  hw/arm/aspeed: fix connect_serial_hds_to_uarts

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agoMerge tag 'hppa-system-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa...
Stefan Hajnoczi [Mon, 27 Jan 2025 16:20:21 +0000 (11:20 -0500)]
Merge tag 'hppa-system-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa into staging

hppa updates

* Fixes booting a Linux kernel which is provided on the command line.
* Allow more than 4GB RAM on 64-bit boxes

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZ5PvvgAKCRD3ErUQojoP
# X7JQAQCn2MR4k4lfClDZHNmAFUNw51j56SB5HC/FCUKfOx4dCQD/Tf2OV/gstMOz
# nfpvIH6ouXZ2/p5npzTyOt+A8fwUpw0=
# =qrs7
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Jan 2025 14:53:34 EST
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'hppa-system-for-v10-pull-request' of https://github.com/hdeller/qemu-hppa:
  hw/hppa: Fix booting Linux kernel with initrd
  hw/hppa: Support up to 256 GiB RAM on 64-bit machines

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
8 months agodocs/system/arm/aspeed: Remove tacoma-bmc from the documentation
Thomas Huth [Fri, 24 Jan 2025 17:45:07 +0000 (18:45 +0100)]
docs/system/arm/aspeed: Remove tacoma-bmc from the documentation

The tacoma-bmc machine has recently been removed, so let's remove
it from the documentation now, too.

Fixes: 2b1b66e01f ("arm: Remove tacoma-bmc machine")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250124174507.27348-1-thuth@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed/wdt: Support software reset mode for AST2600
Jamin Lin [Fri, 24 Jan 2025 03:02:49 +0000 (11:02 +0800)]
aspeed/wdt: Support software reset mode for AST2600

On the AST2400 and AST2500 platforms, the system can only be reset by enabling
the WDT (Watchdog Timer) and waiting for the WDT timeout. However, starting
from the AST2600 platform, the reset event can be triggered directly and
intentionally by software, without relying on the WDT timeout.

This mechanism, referred to as "software restart", is implemented in hardware.
When using the software restart mechanism, the WDT counter is not enabled.

To trigger a reset generation in software mode, write 0xAEEDF123 to register
0x24 and software mode reset only support SOC reset mode.

A new function, "aspeed_wdt_is_soc_reset_mode", is introduced to determine
whether the SoC reset mode is active.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250124030249.1706996-3-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed/wdt: Fix coding style
Jamin Lin [Fri, 24 Jan 2025 03:02:48 +0000 (11:02 +0800)]
aspeed/wdt: Fix coding style

Fix coding style issues from checkpatch.pl.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250124030249.1706996-2-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed: Create sd devices only when defaults are enabled
Cédric Le Goater [Wed, 22 Jan 2025 07:09:09 +0000 (08:09 +0100)]
aspeed: Create sd devices only when defaults are enabled

When the -nodefaults option is set, sd devices should not be
automatically created by the machine. Instead they should be defined
on the command line.

Note that it is not currently possible to define which bus an
"sd-card" device is attached to:

  -blockdev node-name=drive0,driver=file,filename=/path/to/file.img \
  -device sd-card,drive=drive0,id=sd0

and the first bus named "sd-bus" will be used.

Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20250122070909.1138598-10-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agotest/functional: Update buildroot images to 2024.11
Cédric Le Goater [Wed, 22 Jan 2025 07:09:08 +0000 (08:09 +0100)]
test/functional: Update buildroot images to 2024.11

The main changes compared to upstream 2024.11 buildroot are

- bumped Linux to version 6.11.11 with a custom config
- changed U-Boot to OpenBMC branch for more support
- included extra target packages

See branch [1] for more details.

There is a slight output change when powering off the machine,
the console now contains :

    reboot: Power off not available: System halted

Adjust accordingly the expect string in
do_test_arm_aspeed_buildroot_poweroff().

[1] https://github.com/legoater/buildroot/commits/aspeed-2024.11

Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
Link: https://lore.kernel.org/qemu-devel/20250122070909.1138598-9-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agotest/functional: Update the Aspeed aarch64 test
Cédric Le Goater [Wed, 22 Jan 2025 07:09:07 +0000 (08:09 +0100)]
test/functional: Update the Aspeed aarch64 test

Bumped SDK version to v09.03. v09.04 is available but not yet
supported in QEMU.

Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
Link: https://lore.kernel.org/qemu-devel/20250122070909.1138598-8-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agoaspeed/soc: Support Timer for AST2700
Jamin Lin [Mon, 13 Jan 2025 06:44:55 +0000 (14:44 +0800)]
aspeed/soc: Support Timer for AST2700

Add Timer model for AST2700 Timer support. The Timer controller include 8 sets
of 32-bit decrement counters.

The base address of TIMER0 to TIMER7 as following.
Base Address of Timer 0 = 0x12C1_0000
Base Address of Timer 1 = 0x12C1_0040
Base Address of Timer 2 = 0x12C1_0080
Base Address of Timer 3 = 0x12C1_00C0
Base Address of Timer 4 = 0x12C1_0100
Base Address of Timer 5 = 0x12C1_0140
Base Address of Timer 6 = 0x12C1_0180
Base Address of Timer 7 = 0x12C1_01C0

The interrupt of TIMER0 to TIMER7 as following.
GICINT16 = TIMER 0 interrupt
GICINT17 = TIMER 1 interrupt
GICINT18 = TIMER 2 interrupt
GICINT19 = TIMER 3 interrupt
GICINT20 = TIMER 4 interrupt
GICINT21 = TIMER 5 interrupt
GICINT22 = TIMER 6 interrupt
GICINT23 = TIMER 7 interrupt

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/20250113064455.1660564-4-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/timer/aspeed: Add AST2700 Support
Jamin Lin [Mon, 13 Jan 2025 06:44:54 +0000 (14:44 +0800)]
hw/timer/aspeed: Add AST2700 Support

The timer controller include 8 sets of 32-bit decrement counters, based on
either PCLK or 1MHZ clock and the design of timer controller between AST2600
and AST2700 are almost the same.

TIMER0 – TIMER7 has their own individual control and interrupt status register.
In other words, users are able to set timer control in register TMC10 with
different TIMER base address and clear timer control and interrupt status in
register TMC14 with different TIMER base address.

Introduce new "aspeed_2700_timer_read" and "aspeed_2700_timer_write" callback
functions and a new ast2700 class to support AST2700.

The base address of TIMER0 to TIMER7 as following.
Base Address of Timer 0 = 0x12C1_0000
Base Address of Timer 1 = 0x12C1_0040
Base Address of Timer 2 = 0x12C1_0080
Base Address of Timer 3 = 0x12C1_00C0
Base Address of Timer 4 = 0x12C1_0100
Base Address of Timer 5 = 0x12C1_0140
Base Address of Timer 6 = 0x12C1_0180
Base Address of Timer 7 = 0x12C1_01C0

The register address space of each TIMER is "0x40" , and uses the following
formula to get the index and register of each TIMER.

timer_index = offset >> 6;
timer_offset = offset & 0x3f;

The TMC010 is a counter control set and interrupt status register. Write "1" to
TMC10[3:0] will set the specific bits to "1". Introduce a new
"aspeed_2700_timer_set_ctrl" function to handle this register behavior.

The TMC014 is a counter control clear and interrupt status register, to clear
the specific bits to "0", it should write "1" to  TMC14[3:0] on the same bit
position. Introduce a new "aspeed_2700_timer_clear_ctrl" function to handle
this register behavior. TMC014 does not support read operation.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Acked-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/20250113064455.1660564-3-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/timer/aspeed: Refactor Timer Callbacks for SoC-Specific Implementations
Jamin Lin [Mon, 13 Jan 2025 06:44:53 +0000 (14:44 +0800)]
hw/timer/aspeed: Refactor Timer Callbacks for SoC-Specific Implementations

The register set have a significant change in AST2700. The TMC00-TMC3C
are used for TIMER0 and TMC40-TMC7C are used for TIMER1. In additional,
TMC20-TMC3C and TMC60-TMC7C are reserved registers for TIMER0 and TIMER1,
respectively.

Besides, each TIMER has their own control and interrupt status register.
In other words, users are able to set control and interrupt status for TIMER0
in one register. Both aspeed_timer_read and aspeed_timer_write callback
functions are not compatible AST2700.

Introduce common read and write functions for ASPEED timers.
Modify the aspeed_timer_read and aspeed_timer_write functions to delegate to
SoC-specific callbacks first.
Update the AST2400, AST2500, AST2600 and AST1030 specific read and write
functions to call the common implementations for common register accesses.

This refactoring improves the organization of call delegation and prepares the
codebase for future SoC-specific specializations, such as the AST2700.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/20250113064455.1660564-2-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/arm/aspeed: Invert sdhci write protected pin for AST2600 EVB
Jamin Lin [Thu, 14 Nov 2024 09:48:39 +0000 (17:48 +0800)]
hw/arm/aspeed: Invert sdhci write protected pin for AST2600 EVB

The Write Protect pin of SDHCI model is default active low to match the SDHCI
spec. So, write enable the bit 19 should be 1 and write protected the bit 19
should be 0 at the Present State Register (0x24).

According to the design of AST2600 EVB, the Write Protected pin is active
high by default. To support it, introduces a new "sdhci_wp_inverted"
property in ASPEED MACHINE State and set it true for AST2600 EVB
and set "wp_inverted" property true of sdhci-generic model.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20241114094839.4128404-4-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/sd/sdhci: Introduce a new Write Protected pin inverted property
Jamin Lin [Thu, 14 Nov 2024 09:48:38 +0000 (17:48 +0800)]
hw/sd/sdhci: Introduce a new Write Protected pin inverted property

The Write Protect pin of SDHCI model is default active low to match the SDHCI
spec. So, write enable the bit 19 should be 1 and write protected the bit 19
should be 0 at the Present State Register (0x24). However, some boards are
design Write Protected pin active high. In other words, write enable the bit 19
should be 0 and write protected the bit 19 should be 1 at the
Present State Register (0x24). To support it, introduces a new "wp-inverted"
property and set it false by default.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Acked-by: Cédric Le Goater <clg@redhat.com>
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20241114094839.4128404-3-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
8 months agohw/arm/aspeed: fix connect_serial_hds_to_uarts
Kenneth Jia [Thu, 12 Dec 2024 12:42:04 +0000 (20:42 +0800)]
hw/arm/aspeed: fix connect_serial_hds_to_uarts

In the loop, we need ignore the index increase when uart == uart_chosen
We should increase the index only after we allocate a serial.

Signed-off-by: Kenneth Jia <kenneth_jia@asus.com>
Fixes: d2b3eaefb4d7 ("aspeed: Refactor UART init for multi-SoC machines")
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/5f9b0c53f1644922ba85522046e92f4c@asus.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
9 months agohw/hppa: Fix booting Linux kernel with initrd
Helge Deller [Wed, 22 Jan 2025 16:15:00 +0000 (17:15 +0100)]
hw/hppa: Fix booting Linux kernel with initrd

Commit 20f7b890173b ("hw/hppa: Reset vCPUs calling resettable_reset()")
broke booting the Linux kernel with initrd which may have been provided
on the command line. The problem is, that the mentioned commit zeroes
out initial registers which were preset with addresses for the Linux
kernel and initrd.

Fix it by adding proper variables which are set shortly before starting
the firmware.

Signed-off-by: Helge Deller <deller@gmx.de>
Fixes: 20f7b890173b ("hw/hppa: Reset vCPUs calling resettable_reset()")
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9 months agohw/hppa: Support up to 256 GiB RAM on 64-bit machines
Helge Deller [Wed, 22 Jan 2025 14:00:53 +0000 (15:00 +0100)]
hw/hppa: Support up to 256 GiB RAM on 64-bit machines

Allow up to 256 GB RAM, which is the maximum a rp8440 machine (the very
last 64-bit PA-RISC machine) physically supports.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
9 months agoMerge tag 'linux-user-fix-gupnp-pull-request' of https://github.com/hdeller/qemu...
Stefan Hajnoczi [Fri, 24 Jan 2025 19:43:07 +0000 (14:43 -0500)]
Merge tag 'linux-user-fix-gupnp-pull-request' of https://github.com/hdeller/qemu-hppa into staging

linux-user: Add support for various missing netlink sockopt entries

Add missing sockopt calls and thus fix building the debian gupnp package in a chroot.

This fixes debian bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1044651

Signed-off-by: Helge Deller <deller@gmx.de>
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZ5OPdwAKCRD3ErUQojoP
# X9EWAP0ZvoDehmNzgWMlUpWT+d4O06kMsrDsi+tRddUUSJgp4wEAuuycr4go4b9b
# 6xLDLr81C7MFEGsztGcRVhPwVdDJxAU=
# =Lw8U
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Jan 2025 08:02:47 EST
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'linux-user-fix-gupnp-pull-request' of https://github.com/hdeller/qemu-hppa:
  linux-user: netlink: Add missing QEMU_IFLA entries
  linux-user: netlink: add netlink neighbour emulation
  linux-user: netlink: Add emulation of IP_MULTICAST_IF
  linux-user: netlink: Add IP_PKTINFO cmsg parsing
  linux-user: Use unique error messages for cmsg parsing
  linux-user: netlink: Add missing IFA_PROTO to host_to_target_data_addr_rtattr()

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agoMerge tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu into staging
Stefan Hajnoczi [Fri, 24 Jan 2025 15:02:01 +0000 (10:02 -0500)]
Merge tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu into staging

loongarch queue

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCZ5M4AwAKCRAfewwSUazn
# 0aJAAP45/9qfbGSYiMCrBXpRFlyvtRN+GEXHEsERfk9Q1V+tQgEA/mMiUEcyc/xc
# Z1Z27cDoqUFRhPmxbd6/KyTGHzo2+As=
# =Zanw
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Jan 2025 01:49:39 EST
# gpg:                using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7  13C4 8E86 8FB7 A176 9D4C
#      Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3  D1A4 1F7B 0C12 51AC E7D1

* tag 'pull-loongarch-20250124' of https://gitlab.com/bibo-mao/qemu:
  target/loongarch: Dump all generic CSR registers
  target/loongarch: Set unused flag with CSR registers
  target/loongarch: Add common source file for CSR register
  target/loongarch: Add common header file for CSR registers
  target/loongarch: Add generic csr function type
  target/loongarch: Remove static CSR function setting
  target/loongarch: Add dynamic function access with CSR register

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agolinux-user: netlink: Add missing QEMU_IFLA entries
Helge Deller [Fri, 29 Nov 2024 09:11:52 +0000 (10:11 +0100)]
linux-user: netlink: Add missing QEMU_IFLA entries

This fixes the following qemu warnings when building debian gupnp package:
 Unknown host QEMU_IFLA type: 61
 Unknown host QEMU_IFLA type: 58
 Unknown host QEMU_IFLA type: 59
 Unknown host QEMU_IFLA type: 60
 Unknown host QEMU_IFLA type: 32820

QEMU_IFLA type 32820 is actually NLA_NESTED | QEMU_IFLA_PROP_LIST (a nested
entry), which is why rta_type needs to be masked with NLA_TYPE_MASK.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: add netlink neighbour emulation
Helge Deller [Mon, 20 Jan 2025 21:22:31 +0000 (22:22 +0100)]
linux-user: netlink: add netlink neighbour emulation

Fixes various warnings in the testsuite while building gupnp:
 gssdp-net-DEBUG: Failed to send netlink message: Operation not supported
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: 127.0.0.1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Mismatch between host header and host IP (192.168.1.2, expected: 127.0.0.1)
 gupnp-context-DEBUG: Mismatch between host header and host IP (fe80::01, expected: 127.0.0.1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Failed to parse HOST header from request: Invalid IPv6 address ?[fe80::01%1]? in URI
 gupnp-context-DEBUG: Failed to parse HOST header from request: Invalid IPv6 address ?[fe80::01%eth0]? in URI
 gupnp-context-DEBUG: Failed to parse HOST header from request: Could not parse port ?:1? in URI
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)
 gupnp-context-DEBUG: Mismatch between host header and host port (80, expected 4711)
 gupnp-context-DEBUG: Mismatch between host header and host IP (example.com, expected: ::1)

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: Add emulation of IP_MULTICAST_IF
Helge Deller [Sun, 19 Jan 2025 04:26:10 +0000 (05:26 +0100)]
linux-user: netlink: Add emulation of IP_MULTICAST_IF

Add IP_MULTICAST_IF and share the code with IP_ADD_MEMBERSHIP / IP_DROP_MEMBERSHIP.
Sharing the code makes sense, because the manpage of ip(7) says:

IP_MULTICAST_IF (since Linux 1.2)
      Set the local device for a multicast socket.  The argument
      for setsockopt(2) is an ip_mreqn or (since Linux 3.5)
      ip_mreq structure similar to IP_ADD_MEMBERSHIP, or an
      in_addr structure.  (The kernel determines which structure
      is being passed based on the size passed in optlen.)  For
      getsockopt(2), the argument is an in_addr structure.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: Add IP_PKTINFO cmsg parsing
Helge Deller [Sun, 19 Jan 2025 02:20:03 +0000 (03:20 +0100)]
linux-user: netlink: Add IP_PKTINFO cmsg parsing

Fixes those warnings:
 Unsupported host ancillary data: 0/8

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: Use unique error messages for cmsg parsing
Helge Deller [Fri, 29 Nov 2024 08:53:23 +0000 (09:53 +0100)]
linux-user: Use unique error messages for cmsg parsing

Avoid using the same error message for two different code paths
as it complicates determining the one which actually triggered.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agolinux-user: netlink: Add missing IFA_PROTO to host_to_target_data_addr_rtattr()
Helge Deller [Mon, 20 Jan 2025 21:20:41 +0000 (22:20 +0100)]
linux-user: netlink: Add missing IFA_PROTO to host_to_target_data_addr_rtattr()

Fix this warning:
 Unknown host IFA type: 11

While adding IFA_PROTO, convert all IFA_XXX values over to QEMU_IFA_XXX values
to avoid a build failure on Ubuntu 22.04 (kernel v5.18 which does not know
IFA_PROTO yet).

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
9 months agotarget/loongarch: Dump all generic CSR registers
Bibo Mao [Thu, 16 Jan 2025 11:21:31 +0000 (19:21 +0800)]
target/loongarch: Dump all generic CSR registers

CSR registers is import system control registers, it had better
dump all CSR registers when VM is running in system mode.

Here is dump output example of CSR registers:
 CSR000: CRMD   b4               PRMD   4                EUEN   0                MISC   0
 CSR004: ECFG   71c1c            ESTAT  0                ERA    9000000002c31300 BADV   12022c0e0
 CSR008: BADI   2b0000
 CSR012: EENTRY 90000000046b0000
 CSR016: TLBIDX ffffffff8e000228 TLBEHI 120228000        TLBELO0 400000016f19001f TLBELO1 400000016f1a401f
 CSR024: ASID   a0004            PGDL   90000001016f0000 PGDH   9000000004680000 PGD    0
 CSR028: PWCL   5e56e            PWCH   2e4              STLBPS e                RVACFG 0
 CSR032: CPUID  0                PRCFG1 72f8             PRCFG2 3ffff000         PRCFG3 8073f2
 CSR048: SAVE0  0                SAVE1  af9c             SAVE2  12010d6a8        SAVE3  8300000
 CSR052: SAVE4  0                SAVE5  0                SAVE6  0                SAVE7  0
 CSR064: TID    0                TCFG   8f0ca15          TVAL   4cefd8b          CNTC   fffffffffe688aaa
 CSR068: TICLR  0
 CSR096: LLBCTL 1
 CSR136: TLBRENTRY 46ba000       TLBRBADV ffff8000130d81e2 TLBRERA 9000000003585cb8 TLBRSAVE ffff8000130d81e0
 CSR140: TLBRELO0 1fe00043       TLBRELO1 40             TLBREHI ffff8000130d800e TLBRPRMD 0
 CSR384: DMW0   8000000000000001 DMW1   9000000000000011 DMW2   0                DMW3   0

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Set unused flag with CSR registers
Bibo Mao [Thu, 16 Jan 2025 11:09:25 +0000 (19:09 +0800)]
target/loongarch: Set unused flag with CSR registers

On LA464, some CSR registers are not used such as CSR_SAVE8 -
CSR_SAVE15, also CSR registers relative with MCE is not used now.

Flag CSRFL_UNUSED is added for these registers, so that it will
not dumped. In order to keep compatiblity, these CSR registers are
not removed since it is used in vmstate already.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add common source file for CSR register
Bibo Mao [Thu, 16 Jan 2025 06:22:19 +0000 (14:22 +0800)]
target/loongarch: Add common source file for CSR register

Common source file csr.c is added here, it can be used by both
TCG mode and kvm mode. The common code is removed from file
tcg/insn_trans/trans_privileged.c.inc to csrc.c

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add common header file for CSR registers
Bibo Mao [Wed, 22 Jan 2025 07:21:01 +0000 (15:21 +0800)]
target/loongarch: Add common header file for CSR registers

Common header file csr.h is added here, it can be used by both
TCG mode and kvm mode.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add generic csr function type
Bibo Mao [Wed, 22 Jan 2025 07:13:41 +0000 (15:13 +0800)]
target/loongarch: Add generic csr function type

Parameter type TCGv and TCGv_ptr for function GenCSRRead and GenCSRWrite
is not used in non-TCG mode. Generic csr function type is added here
with parameter void type, so that it passes to compile with non-TCG mode.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Remove static CSR function setting
Bibo Mao [Mon, 13 Jan 2025 03:43:44 +0000 (11:43 +0800)]
target/loongarch: Remove static CSR function setting

Since CSR function setting is done dynamically in TCG mode, remove
static CSR function setting here.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agotarget/loongarch: Add dynamic function access with CSR register
Bibo Mao [Mon, 13 Jan 2025 03:28:18 +0000 (11:28 +0800)]
target/loongarch: Add dynamic function access with CSR register

With CSR register, dynamic function access is used for CSR register
access in TCG mode, so that csr info can be used by other modules.

Signed-off-by: Bibo Mao <maobibo@loongson.cn>
9 months agoMerge tag 'pull-request-2025-01-21v2' of https://gitlab.com/thuth/qemu into staging
Stefan Hajnoczi [Wed, 22 Jan 2025 14:59:02 +0000 (09:59 -0500)]
Merge tag 'pull-request-2025-01-21v2' of https://gitlab.com/thuth/qemu into staging

* Fix bugs related to the new "boot order" feature in the s390-ccw bios
* Fix crash that occurs when introspecting older s390-virtio-ccw machines
* Fix error in pbkdf code on fast machines (e.g. s390x with crypto adapter)
* Convert kvm_xen_guest avocado test to the functional framework

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmeQpIYRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXYKA/9HddJS8Ljxwwme2XL1uSXreTGGKjE4QO1
# NKaEyJFfu5KAXCgufr/L4mLLxc8Bdf+qEux1v9u49OadMlYf/WzG5BYW42bLBrnK
# zhZZGnuLZHU6kzhK3OMQ0kJLYVGneKU8WahHiPaOfIjuEr+6SoMfb5N8ttSOG7ry
# Np3HvA5K5m4pOL0kSMJiiCqKSzRPbzWaxxwwB5j+iD4NB5NfLo8kEH1iXqRqkEBQ
# zkM0ab0pYYYZil6DqpNQ84QbWY0qJfhj+1GhsVugTE46ePdr7t7v3K1TFq27cGPw
# seJiUAdQwjUfblmlyjcuZfXr1p2sNAY2xocg/6dyIqroOVU9SxVwqrZAOvXd9t2r
# 7UEoT0EfEkDaEaL3T2me6AEtxpkXwEw/usVHv/79vdAVX4VxHUQz3YxUnG4kByXJ
# AEwUzq9Pm7mIV6I3zZ1AZHmBxENshhL0pBGdsL9F/Wv1tkPEf1WnDJ+1d2v2Hpag
# Pr5i6RikG0x8LoT1+G2Swr43fhOLGybqIiy7T4d4WiCuR3szfj1FCeJoMTEK6jHg
# 29Fps7ypQhfkSCcMCvk8VwImb+lc5bQPrV1PKcpEnLZbf3jU6myO/Ac3j2cnfYd6
# 3HidYK3GTpL7hMegyYh/nmFNp/edsgcky7SnDvcxsedVbwLxX112DaVed1ngPXmu
# 6ZLrIhNk7BU=
# =4IXO
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 22 Jan 2025 02:55:50 EST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2025-01-21v2' of https://gitlab.com/thuth/qemu:
  pc-bios: Update the s390 bios images with the recent changes
  pc-bios/s390-ccw: Abort IPL on invalid loadparm
  pc-bios/s390-ccw/netmain: Fix error messages with regards to the TFTP server
  pc-bios/s390-ccw: Fix boot problem with virtio-net devices
  pc-bios/s390-ccw/virtio: Add a function to reset a virtio device
  hw/s390x: Fix crash that occurs when inspecting older versioned machines types
  crypto: fix bogus error benchmarking pbkdf on fast machines
  MAINTAINERS: Remove myself as Avocado Framework reviewer
  tests/functional: Convert the kvm_xen_guest avocado test

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agopc-bios: Update the s390 bios images with the recent changes
Thomas Huth [Mon, 20 Jan 2025 15:28:28 +0000 (16:28 +0100)]
pc-bios: Update the s390 bios images with the recent changes

Fix the problem with the non-quiesced virtio-net device and
make sure to abort the boot process if the user specified a wrong
loadparm parameter.

Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agopc-bios/s390-ccw: Abort IPL on invalid loadparm
Jared Rossi [Fri, 17 Jan 2025 21:22:35 +0000 (16:22 -0500)]
pc-bios/s390-ccw: Abort IPL on invalid loadparm

Because the loadparm specifies an exact kernel the user wants to boot, if the
loadparm is invalid it must represent a misconfiguration of the guest. Thus we
should abort the IPL immediately, without attempting to use other devices, to
avoid booting into an unintended guest image.

Signed-off-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250117212235.1324063-2-jrossi@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agopc-bios/s390-ccw/netmain: Fix error messages with regards to the TFTP server
Thomas Huth [Thu, 16 Jan 2025 11:58:26 +0000 (12:58 +0100)]
pc-bios/s390-ccw/netmain: Fix error messages with regards to the TFTP server

The code in net_init_ip() currently bails out early if "rc" is less
than 0, so the if-statements that check for negative "rc" codes to
print out some specific error messages with regards to the TFTP server
are never reached. Move them earlier to bring that dead code back to
life.

Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Tested-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250116115826.192047-4-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agopc-bios/s390-ccw: Fix boot problem with virtio-net devices
Thomas Huth [Thu, 16 Jan 2025 11:58:25 +0000 (12:58 +0100)]
pc-bios/s390-ccw: Fix boot problem with virtio-net devices

When we are trying to boot from virtio-net devices, the
s390-ccw bios currently leaves the virtio-net device enabled
after using it. That means that the receiving virt queues will
continue to happily write incoming network packets into memory.
This can corrupt data of the following boot process. For example,
if you set up a second guest on a virtual network and create a
lot of broadcast traffic there, e.g. with:

 ping -i 0.02 -s 1400  -b 192.168.1.255

and then you try to boot a guest with two boot devices, a network
device first (which should not be bootable) and e.g. a bootable SCSI
CD second, then this guest will fail to load the kernel from the CD
image:

 $ qemu-system-s390x -m 2G -nographic -device virtio-scsi-ccw \
    -netdev tap,id=net0 -device virtio-net-ccw,netdev=net0,bootindex=1 \
    -drive if=none,file=test.iso,format=raw,id=cd1 \
    -device scsi-cd,drive=cd1,bootindex=2
 LOADPARM=[        ]

 Network boot device detected
 Network boot starting...
   Using MAC address: 52:54:00:12:34:56
   Requesting information via DHCP: done
   Using IPv4 address: 192.168.1.76
   Using TFTP server: 192.168.1.1
 Trying pxelinux.cfg files...
   TFTP error: ICMP ERROR "port unreachable"
   Receiving data:  0 KBytes
 Repeating TFTP read request...
   TFTP error: ICMP ERROR "port unreachable"
 Failed to load OS from network.
 Failed to IPL from this network!
 LOADPARM=[        ]

 Using virtio-scsi.

 ! virtio-scsi:setup:inquiry: response VS RESP=ff !
 ERROR: No suitable device for IPL. Halting...

We really have to shut up the virtio-net devices after we're not
using it anymore. The easiest way to do this is to simply reset
the device, so let's do that now.

Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Tested-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250116115826.192047-3-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agopc-bios/s390-ccw/virtio: Add a function to reset a virtio device
Thomas Huth [Thu, 16 Jan 2025 11:58:24 +0000 (12:58 +0100)]
pc-bios/s390-ccw/virtio: Add a function to reset a virtio device

To be able to properly silence a virtio device after using it,
we need a global function to reset the device.

Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Reviewed-by: Eric Farman <farman@linux.ibm.com>
Tested-by: Jared Rossi <jrossi@linux.ibm.com>
Message-ID: <20250116115826.192047-2-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agohw/s390x: Fix crash that occurs when inspecting older versioned machines types
Thomas Huth [Mon, 20 Jan 2025 07:07:05 +0000 (08:07 +0100)]
hw/s390x: Fix crash that occurs when inspecting older versioned machines types

qemu-system-s390x currently crashes when trying to inspect older
machines types, for example:

 $ echo '{ "execute": "qmp_capabilities" }
         { "execute": "qom-list-properties","arguments":
           { "typename": "s390-ccw-virtio-3.0-machine"}}' \
   | ./qemu-system-s390x -qmp stdio -no-shutdown
 {"QMP": {"version": {"qemu": {"micro": 50, "minor": 2, "major": 9},
  "package": "v9.2.0-1071-g81e97df3e7"}, "capabilities": ["oob"]}}
 {"return": {}}
 **
 Bail out! ERROR:../target/s390x/cpu_models.c:832:s390_set_qemu_cpu_model:
  assertion failed: (QTAILQ_EMPTY_RCU(&cpus_queue))
 Aborted (core dumped)

The problem is that the versioned s390-ccw-virtio machine types
use instance_init() to set global state that should be initialized
before the CPUs get instantiated. But instance_init() is not called
only for the machine that is finally used, it is also called for
temporary instances of objects that are e.g. just created for
introspection. That means that those instance_init() functions can
also be called while a machine (and its CPUs) is already created,
which triggers the assertion in cpu_models.c.

So we must not use instance_init() for setting global state, but
use the machine->init() function instead, which is really only called
once when the machine comes to life.

Fixes: 3b00f702c2 ("s390x/cpumodel: add zpci, aen and ais facilities")
Message-ID: <20250120085059.239345-1-thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agocrypto: fix bogus error benchmarking pbkdf on fast machines
Daniel P. Berrangé [Thu, 9 Jan 2025 09:37:46 +0000 (09:37 +0000)]
crypto: fix bogus error benchmarking pbkdf on fast machines

We're seeing periodic reports of errors like:

$ qemu-img create -f luks --object secret,data=123456,id=sec0 \
                  -o key-secret=sec0 luks-info.img 1M
  Formatting 'luks-info.img', fmt=luks size=1048576 key-secret=sec0
  qemu-img: luks-info.img: Unable to get accurate CPU usage

This error message comes from a recent attempt to workaround a
kernel bug with measuring rusage in long running processes:

  commit c72cab5ad9f849bbcfcf4be7952b8b8946cc626e
  Author: Tiago Pasqualini <tiago.pasqualini@canonical.com>
  Date:   Wed Sep 4 20:52:30 2024 -0300

    crypto: run qcrypto_pbkdf2_count_iters in a new thread

Unfortunately this has a subtle bug on machines which are very fast.

On the first time around the loop, the 'iterations' value is quite
small (1 << 15), and so will run quite fast. Testing has shown that
some machines can complete this benchmarking task in as little as
7 milliseconds.

Unfortunately the 'getrusage' data is not updated at the time of
the 'getrusage' call, it is done asynchronously by the scheduler.
The 7 millisecond completion time for the benchmark is short
enough that 'getrusage' sometimes reports 0 accumulated execution
time.

As a result the 'delay_ms == 0' sanity check in the above commit
is triggering non-deterministically on such machines.

The benchmarking loop intended to run multiple times, increasing
the 'iterations' value until the benchmark ran for > 500 ms, but
the sanity check doesn't allow this to happen.

To fix it, we keep a loop counter and only run the sanity check
after we've been around the loop more than 5 times. At that point
the 'iterations' value is high enough that even with infrequent
updates of 'getrusage' accounting data on fast machines, we should
see a non-zero value.

Fixes: https://lore.kernel.org/qemu-devel/ffe542bb-310c-4616-b0ca-13182f849fd1@redhat.com/
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2336437
Reported-by: Thomas Huth <thuth@redhat.com>
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250109093746.1216300-1-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agoMAINTAINERS: Remove myself as Avocado Framework reviewer
Philippe Mathieu-Daudé [Mon, 6 Jan 2025 05:50:24 +0000 (06:50 +0100)]
MAINTAINERS: Remove myself as Avocado Framework reviewer

While I was very enthusiastic when Avocado was presented to
the QEMU community and pushed forward to have it integrated,
time passed and I lost interest. Be honest, remove my R: tag
to not give fake expectation I'd review patches related to
Avocado anymore.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250106055024.70139-1-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agotests/functional: Convert the kvm_xen_guest avocado test
Thomas Huth [Mon, 13 Jan 2025 08:25:15 +0000 (09:25 +0100)]
tests/functional: Convert the kvm_xen_guest avocado test

Use the serial console to execute the commands in the guest instead
of using ssh since we don't have ssh support in the functional
framework yet.

Acked-by: David Woodhouse <dwmw@amazon.co.uk>
Message-ID: <20250113082516.57894-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
9 months agoMerge tag 'pull-tcg-20250117' of https://gitlab.com/rth7680/qemu into staging
Stefan Hajnoczi [Tue, 21 Jan 2025 13:27:20 +0000 (08:27 -0500)]
Merge tag 'pull-tcg-20250117' of https://gitlab.com/rth7680/qemu into staging

tcg:
  - Add TCGOP_TYPE, TCGOP_FLAGS.
  - Pass type and flags to tcg_op_supported, tcg_target_op_def.
  - Split out tcg-target-has.h and unexport from tcg.h.
  - Reorg constraint processing; constify TCGOpDef.
  - Make extract, sextract, deposit opcodes mandatory.
  - Merge ext{8,16,32}{s,u} opcodes into {s}extract.
tcg/mips: Expand bswap unconditionally
tcg/riscv: Use SRAIW, SRLIW for {s}extract_i64
tcg/riscv: Use BEXTI for single-bit extractions
tcg/sparc64: Use SRA, SRL for {s}extract_i64

disas/riscv: Guard dec->cfg dereference for host disassemble
util/cpuinfo-riscv: Detect Zbs
accel/tcg: Call tcg_tb_insert() for one-insn TBs
linux-user: Add missing /proc/cpuinfo fields for sparc

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmeKnzUdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+Kvgf+LG9UjXlWF9GK923E
# TllBL2rLf1OOdtTXWO15VcvGMoWDwB3tVBdhihdvXmnWju+WbfMk6mct5NhzsKn9
# LmuugMIZs+hMROj+bgMK8x47jRIh5N2rDYxcEgmyfIpYb2o9qvyqKecGVRlSJTCE
# bmt5UFbvPThBb8upoMfq3F6evuMx0szBP7wrOwSR/VGpmzIr20UTEWo6I1ALp4uj
# paFaysYol4em3dIhkiuV9cL7E0EIObaNa7l9RUci/BmTq+JaVxUnW1Y2i0PEwKwG
# FJSfYTJk3wBgAVxC2zC2g3ZM7uKuecSXMpiFopTiuyQLp7Q61i9kCNvEq0qY5tdb
# DaqR/g==
# =cv4O
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 17 Jan 2025 13:19:33 EST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20250117' of https://gitlab.com/rth7680/qemu: (68 commits)
  softfloat: Constify helpers returning float_status field
  accel/tcg: Call tcg_tb_insert() for one-insn TBs
  tcg: Document tb_lookup() and tcg_tb_lookup()
  linux-user: Add missing /proc/cpuinfo fields for sparc
  tcg/riscv: Use BEXTI for single-bit extractions
  util/cpuinfo-riscv: Detect Zbs
  tcg: Remove TCG_TARGET_HAS_deposit_{i32,i64}
  tcg: Remove TCG_TARGET_HAS_{s}extract_{i32,i64}
  tcg/tci: Remove assertions for deposit and extract
  tcg/tci: Provide TCG_TARGET_{s}extract_valid
  tcg/sparc64: Use SRA, SRL for {s}extract_i64
  tcg/s390x: Fold the ext{8,16,32}[us] cases into {s}extract
  tcg/riscv: Use SRAIW, SRLIW for {s}extract_i64
  tcg/riscv64: Fold the ext{8,16,32}[us] cases into {s}extract
  tcg/ppc: Fold the ext{8,16,32}[us] cases into {s}extract
  tcg/mips: Fold the ext{8,16,32}[us] cases into {s}extract
  tcg/loongarch64: Fold the ext{8,16,32}[us] cases into {s}extract
  tcg/arm: Add full [US]XT[BH] into {s}extract
  tcg/aarch64: Expand extract with offset 0 with andi
  tcg/aarch64: Provide TCG_TARGET_{s}extract_valid
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agoMerge tag 'pull-riscv-to-apply-20250119-1' of https://github.com/alistair23/qemu...
Stefan Hajnoczi [Sun, 19 Jan 2025 13:55:46 +0000 (08:55 -0500)]
Merge tag 'pull-riscv-to-apply-20250119-1' of https://github.com/alistair23/qemu into staging

Second RISC-V PR for 10.0

* Reduce the overhead for simple RISC-V vector unit-stride loads and stores
* Add V bit to GDB priv reg
* Add 'sha' support
* Add traces for exceptions in user mode
* Update Pointer Masking to Zjpm v1.0
* Add Smrnmi support
* Fix timebase-frequency when using KVM acceleration
* Add RISC-V Counter delegation ISA extension support
* Add support for Smdbltrp and Ssdbltrp extensions
* Introduce a translation tag for the IOMMU page table cache
* Support Supm and Sspm as part of Zjpm v1.0
* Convert htif debug prints to trace event

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmeMUUwACgkQr3yVEwxT
# gBNgDQ/+JeqcsbJRX+PZQJEV06tDIJpk+mfaBHUYSGdNkjI9fzowNaxFIEB2vaLt
# 4+xAGMnJ4vMcjJyBcPOn1FKAlowM7MsUNITOF9Rstnyriqnj2UsUZ9YBtkuG6gWH
# ZHoYEKu7mAZoZw5RRx4TatHDXw7TYfUsrDPrn+x6yeCZTq9ruRTlHkzp2LC725Vq
# KTnbWAP7WlqiJaSxB5eIFYT5tYP1Blp0yD358B037C57EU9j5zm2FQdFmVK1+xRF
# dFg/urBIzfAjjkCS/t9DmH+S6NgMEut6udUhllk/KUJAzWvsggc4wZZlWjFOJFJY
# fIxx3alhY3pcm1PYjFpf15Poz6Pqva/KGjwgZafirKQtPbRSzfRkUwcHOYRTQT9j
# abeiB44XPaeIl8Jvw7GLxcWtlJ5NmBrZho+2Z9mIhB/Ix5H3PDgs18Oc/s73P2qQ
# JFLRb7cpYy1HbRc0ugvwAmOTY1t6HX8HAtT+3rNhiXpXnj4RW2C/WU1cEqrg8QkM
# cTPiy2zHoBhAWt9aDK1Kvbhb1vur3JaF7rk9jeKlriFr87Ly+yPU+8mnEDw40NMR
# Tc9nivqmOqqXS5AM9O/W1uzTWzpxIUy7XBy3cuSk0uZCoge4IE2Or7P2Rb2uyaNZ
# RkAo/PL2N1cMjP7gB3kLRtYY7FA+nal66KhfbHPRHqj+ZwUAxzs=
# =F3IG
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 18 Jan 2025 20:11:40 EST
# gpg:                using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65  9296 AF7C 9513 0C53 8013

* tag 'pull-riscv-to-apply-20250119-1' of https://github.com/alistair23/qemu: (50 commits)
  hw/char/riscv_htif: Convert HTIF_DEBUG() to trace events
  target/riscv: Support Supm and Sspm as part of Zjpm v1.0
  hw/riscv/riscv-iommu.c: Introduce a translation tag for the page table cache
  target/riscv: Add Smdbltrp ISA extension enable switch
  target/riscv: Implement Smdbltrp behavior
  target/riscv: Implement Smdbltrp sret, mret and mnret behavior
  target/riscv: Add Smdbltrp CSRs handling
  target/riscv: Add Ssdbltrp ISA extension enable switch
  target/riscv: Implement Ssdbltrp exception handling
  target/riscv: Implement Ssdbltrp sret, mret and mnret behavior
  target/riscv: Add Ssdbltrp CSRs handling
  target/riscv: Fix henvcfg potentially containing stale bits
  target/riscv: Add configuration for S[m|s]csrind, Smcdeleg/Ssccfg
  target/riscv: Add implied rule for counter delegation extensions
  target/riscv: Invoke pmu init after feature enable
  target/riscv: Add counter delegation/configuration support
  target/riscv: Add select value range check for counter delegation
  target/riscv: Add counter delegation definitions
  target/riscv: Add properties for counter delegation ISA extensions
  target/riscv: Support generic CSR indirect access
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agohw/char/riscv_htif: Convert HTIF_DEBUG() to trace events
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 22:36:09 +0000 (23:36 +0100)]
hw/char/riscv_htif: Convert HTIF_DEBUG() to trace events

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250116223609.81594-1-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Support Supm and Sspm as part of Zjpm v1.0
Alexey Baturo [Mon, 13 Jan 2025 19:44:09 +0000 (22:44 +0300)]
target/riscv: Support Supm and Sspm as part of Zjpm v1.0

The Zjpm v1.0 spec states there should be Supm and Sspm extensions that
are used in profile specification. Enabling Supm extension enables both
Ssnpm and Smnpm, while Sspm enables only Smnpm.

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250113194410.1307494-1-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agohw/riscv/riscv-iommu.c: Introduce a translation tag for the page table cache
Jason Chien [Fri, 8 Nov 2024 11:01:47 +0000 (19:01 +0800)]
hw/riscv/riscv-iommu.c: Introduce a translation tag for the page table cache

This commit introduces a translation tag to avoid invalidating an entry
that should not be invalidated when IOMMU executes invalidation commands.
E.g. IOTINVAL.VMA with GV=0, AV=0, PSCV=1 invalidates both a mapping
of single stage translation and a mapping of nested translation with
the same PSCID, but only the former one should be invalidated.

Signed-off-by: Jason Chien <jason.chien@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20241108110147.11178-1-jason.chien@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Smdbltrp ISA extension enable switch
Clément Léger [Thu, 16 Jan 2025 13:15:36 +0000 (14:15 +0100)]
target/riscv: Add Smdbltrp ISA extension enable switch

Add the switch to enable the Smdbltrp ISA extension and disable it for
the max cpu. Indeed, OpenSBI when Smdbltrp is present, M-mode double
trap is enabled by default and MSTATUS.MDT needs to be cleared to avoid
taking a double trap. OpenSBI does not currently support it so disable
it for the max cpu to avoid breaking regression tests.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250116131539.2475785-1-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Implement Smdbltrp behavior
Clément Léger [Fri, 10 Jan 2025 12:54:39 +0000 (13:54 +0100)]
target/riscv: Implement Smdbltrp behavior

When the Smsdbltrp ISA extension is enabled, if a trap happens while
MSTATUS.MDT is already set, it will trigger an abort or an NMI is the
Smrnmi extension is available.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-9-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Implement Smdbltrp sret, mret and mnret behavior
Clément Léger [Fri, 10 Jan 2025 12:54:38 +0000 (13:54 +0100)]
target/riscv: Implement Smdbltrp sret, mret and mnret behavior

When the Ssdbltrp extension is enabled, SSTATUS.MDT field is cleared
when executing sret if executed in M-mode. When executing mret/mnret,
SSTATUS.MDT is cleared.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-8-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Smdbltrp CSRs handling
Clément Léger [Fri, 10 Jan 2025 12:54:37 +0000 (13:54 +0100)]
target/riscv: Add Smdbltrp CSRs handling

Add `ext_smdbltrp`in RISCVCPUConfig and implement MSTATUS.MDT behavior.
Also set MDT to 1 at reset according to the specification.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-7-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Ssdbltrp ISA extension enable switch
Clément Léger [Fri, 10 Jan 2025 12:54:36 +0000 (13:54 +0100)]
target/riscv: Add Ssdbltrp ISA extension enable switch

Add the switch to enable the Ssdbltrp ISA extension.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-6-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Implement Ssdbltrp exception handling
Clément Léger [Fri, 10 Jan 2025 12:54:35 +0000 (13:54 +0100)]
target/riscv: Implement Ssdbltrp exception handling

When the Ssdbltrp ISA extension is enabled, if a trap happens in S-mode
while SSTATUS.SDT isn't cleared, generate a double trap exception to
M-mode.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-5-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Implement Ssdbltrp sret, mret and mnret behavior
Clément Léger [Fri, 10 Jan 2025 12:54:34 +0000 (13:54 +0100)]
target/riscv: Implement Ssdbltrp sret, mret and mnret behavior

When the Ssdbltrp extension is enabled, SSTATUS.SDT field is cleared
when executing sret. When executing mret/mnret, SSTATUS.SDT is cleared
when returning to U, VS or VU and VSSTATUS.SDT is cleared when returning
to VU from HS.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-4-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Ssdbltrp CSRs handling
Clément Léger [Fri, 10 Jan 2025 12:54:33 +0000 (13:54 +0100)]
target/riscv: Add Ssdbltrp CSRs handling

Add ext_ssdbltrp in RISCVCPUConfig and implement MSTATUS.SDT,
{H|M}ENVCFG.DTE and modify the availability of MTVAL2 based on the
presence of the Ssdbltrp ISA extension.

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-3-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Fix henvcfg potentially containing stale bits
Clément Léger [Fri, 10 Jan 2025 12:54:32 +0000 (13:54 +0100)]
target/riscv: Fix henvcfg potentially containing stale bits

With the current implementation, if we had the following scenario:
- Set bit x in menvcfg
- Set bit x in henvcfg
- Clear bit x in menvcfg
then, the internal variable env->henvcfg would still contain bit x due
to both a wrong menvcfg mask used in write_henvcfg() as well as a
missing update of henvcfg upon menvcfg update.
This can lead to some wrong interpretation of the context. In order to
update henvcfg upon menvcfg writing, call write_henvcfg() after writing
menvcfg. Clearing henvcfg upon writing the new value is also needed in
write_henvcfg() as well as clearing henvcfg upper part when writing it
with write_henvcfgh().

Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250110125441.3208676-2-cleger@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add configuration for S[m|s]csrind, Smcdeleg/Ssccfg
Atish Patra [Fri, 10 Jan 2025 08:21:39 +0000 (00:21 -0800)]
target/riscv: Add configuration for S[m|s]csrind, Smcdeleg/Ssccfg

Add configuration options so that they can be enabled/disabld from
qemu commandline.

Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-11-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add implied rule for counter delegation extensions
Atish Patra [Fri, 10 Jan 2025 08:21:38 +0000 (00:21 -0800)]
target/riscv: Add implied rule for counter delegation extensions

The counter delegation/configuration extensions depend on the following
extensions.

1. Smcdeleg - To enable counter delegation from M to S
2. S[m|s]csrind - To enable indirect access CSRs

Add an implied rule so that these extensions are enabled by default
if the sscfg extension is enabled.

Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-10-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Invoke pmu init after feature enable
Atish Patra [Fri, 10 Jan 2025 08:21:37 +0000 (00:21 -0800)]
target/riscv: Invoke pmu init after feature enable

The dependant ISA features are enabled at the end of cpu_realize
in finalize_features. Thus, PMU init should be invoked after that
only. Move the init invocation to riscv_tcg_cpu_finalize_features.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-9-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add counter delegation/configuration support
Kaiwen Xue [Fri, 10 Jan 2025 08:21:36 +0000 (00:21 -0800)]
target/riscv: Add counter delegation/configuration support

The Smcdeleg/Ssccfg adds the support for counter delegation via
S*indcsr and Ssccfg.

It also adds a new shadow CSR scountinhibit and menvcfg enable bit (CDE)
to enable this extension and scountovf virtualization.

Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com>
Co-developed-by: Atish Patra <atishp@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-8-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add select value range check for counter delegation
Kaiwen Xue [Fri, 10 Jan 2025 08:21:35 +0000 (00:21 -0800)]
target/riscv: Add select value range check for counter delegation

This adds checks in ops performed on xireg and xireg2-xireg6 so that the
counter delegation function will receive a valid xiselect value with the
proper extensions enabled.

Co-developed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-7-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add counter delegation definitions
Kaiwen Xue [Fri, 10 Jan 2025 08:21:34 +0000 (00:21 -0800)]
target/riscv: Add counter delegation definitions

This adds definitions for counter delegation, including the new
scountinhibit register and the mstateen.CD bit.

Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-6-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add properties for counter delegation ISA extensions
Atish Patra [Fri, 10 Jan 2025 08:21:33 +0000 (00:21 -0800)]
target/riscv: Add properties for counter delegation ISA extensions

This adds the properties for counter delegation ISA extensions
(Smcdeleg/Ssccfg). Definitions of new registers and and implementation
will come in the next set of patches.

Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-5-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Support generic CSR indirect access
Kaiwen Xue [Fri, 10 Jan 2025 08:21:32 +0000 (00:21 -0800)]
target/riscv: Support generic CSR indirect access

This adds the indirect access registers required by sscsrind/smcsrind
and the operations on them. Note that xiselect and xireg are used for
both AIA and sxcsrind, and the behavior of accessing them depends on
whether each extension is enabled and the value stored in xiselect.

Co-developed-by: Atish Patra <atishp@rivosinc.com>
Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-4-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Enable S*stateen bits for AIA
Atish Patra [Fri, 10 Jan 2025 08:21:31 +0000 (00:21 -0800)]
target/riscv: Enable S*stateen bits for AIA

As per the ratified AIA spec v1.0, three stateen bits control AIA CSR
access.

Bit 60 controls the indirect CSRs
Bit 59 controls the most AIA CSR state
Bit 58 controls the IMSIC state such as stopei and vstopei

Enable the corresponding bits in [m|h]stateen and enable corresponding
checks in the CSR accessor functions.

Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-3-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Decouple AIA processing from xiselect and xireg
Kaiwen Xue [Fri, 10 Jan 2025 08:21:30 +0000 (00:21 -0800)]
target/riscv: Decouple AIA processing from xiselect and xireg

Since xiselect and xireg also will be of use in sxcsrind, AIA should
have its own separated interface when those CSRs are accessed.

Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-2-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add properties for Indirect CSR Access extension
Kaiwen Xue [Fri, 10 Jan 2025 08:21:29 +0000 (00:21 -0800)]
target/riscv: Add properties for Indirect CSR Access extension

This adds the properties for sxcsrind. Definitions of new registers and
implementations will come with future patches.

Signed-off-by: Kaiwen Xue <kaiwenx@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <20250110-counter_delegation-v5-1-e83d797ae294@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agohw/riscv/virt: Remove unnecessary use of &first_cpu
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 23:13:44 +0000 (00:13 +0100)]
hw/riscv/virt: Remove unnecessary use of &first_cpu

virt_machine_init() creates the HARTs vCPUs, then later
virt_machine_done() calls create_fdt_sockets(), so the
latter has access to the first vCPU via:

  RISCVVirtState {
    RISCVHartArrayState {
      RISCVCPU *harts;
      ...

    } soc[VIRT_SOCKETS_MAX];
    ...

  } s;

Directly use that instead of the &first_cpu global.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250112231344.34632-3-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Have kvm_riscv_get_timebase_frequency() take RISCVCPU cpu
Philippe Mathieu-Daudé [Sun, 12 Jan 2025 23:13:43 +0000 (00:13 +0100)]
target/riscv: Have kvm_riscv_get_timebase_frequency() take RISCVCPU cpu

Keep kvm_riscv_get_timebase_frequency() prototype aligned with
the other ones declared in "kvm_riscv.h", have it take a RISCVCPU
cpu as argument. Include "target/riscv/cpu-qom.h" which declares
the RISCVCPU typedef.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250112231344.34632-2-philmd@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Zicfilp support for Smrnmi
Frank Chang [Mon, 6 Jan 2025 05:43:36 +0000 (13:43 +0800)]
target/riscv: Add Zicfilp support for Smrnmi

Zicfilp extension introduces the MNPELP (bit 9) in mnstatus.
The MNPELP field holds the previous ELP.

When a RNMI trap is delivered, the MNPELP is set to ELP and ELP set
to NO_LP_EXPECTED. Upon a mnret, if the mnstatus.MNPP holds the
value y, then ELP is set to the value of MNPELP if yLPE is 1;
otherwise, it is set to NO_LP_EXPECTED.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-7-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Smrnmi cpu extension
Tommy Wu [Mon, 6 Jan 2025 05:43:35 +0000 (13:43 +0800)]
target/riscv: Add Smrnmi cpu extension

This adds the properties for ISA extension Smrnmi.

Also, when Smrnmi is present, the firmware (e.g., OpenSBI) must set
mnstatus.NMIE to 1 before enabling any interrupts. Otherwise, all
interrupts will be disabled. Since our current OpenSBI does not
support Smrnmi yet, let's disable Smrnmi for the 'max' type CPU for
now. We can re-enable it once OpenSBI includes proper support for it.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Tommy Wu <tommy.wu@sifive.com>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-6-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Smrnmi mnret instruction
Tommy Wu [Mon, 6 Jan 2025 05:43:34 +0000 (13:43 +0800)]
target/riscv: Add Smrnmi mnret instruction

This patch adds a new instruction 'mnret'. 'mnret' is an M-mode-only
instruction that uses the values in `mnepc` and `mnstatus` to return to the
program counter, privilege mode, and virtualization mode of the
interrupted context.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Tommy Wu <tommy.wu@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-5-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Handle Smrnmi interrupt and exception
Tommy Wu [Mon, 6 Jan 2025 05:43:33 +0000 (13:43 +0800)]
target/riscv: Handle Smrnmi interrupt and exception

Because the RNMI interrupt trap handler address is implementation defined.
We add the 'rnmi-interrupt-vector' and 'rnmi-exception-vector' as the property
of the harts. It’s very easy for users to set the address based on their
expectation. This patch also adds the functionality to handle the RNMI signals.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Tommy Wu <tommy.wu@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-4-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add Smrnmi CSRs
Tommy Wu [Mon, 6 Jan 2025 05:43:32 +0000 (13:43 +0800)]
target/riscv: Add Smrnmi CSRs

The Smrnmi extension adds the 'mnscratch', 'mnepc', 'mncause',
'mnstatus' CSRs.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Tommy Wu <tommy.wu@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-3-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add 'ext_smrnmi' in the RISCVCPUConfig
Tommy Wu [Mon, 6 Jan 2025 05:43:31 +0000 (13:43 +0800)]
target/riscv: Add 'ext_smrnmi' in the RISCVCPUConfig

The boolean variable 'ext_smrnmi' is used to determine whether the
Smrnmi extension exists.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Signed-off-by: Tommy Wu <tommy.wu@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106054336.1878291-2-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Enable updates for pointer masking variables and thus enable pointer...
Alexey Baturo [Mon, 6 Jan 2025 10:23:46 +0000 (13:23 +0300)]
target/riscv: Enable updates for pointer masking variables and thus enable pointer masking extension

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106102346.1100149-8-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Apply pointer masking for virtualized memory accesses
Alexey Baturo [Mon, 6 Jan 2025 10:23:45 +0000 (13:23 +0300)]
target/riscv: Apply pointer masking for virtualized memory accesses

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106102346.1100149-7-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Update address modify functions to take into account pointer masking
Alexey Baturo [Mon, 6 Jan 2025 10:23:44 +0000 (13:23 +0300)]
target/riscv: Update address modify functions to take into account pointer masking

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106102346.1100149-6-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add pointer masking tb flags
Alexey Baturo [Mon, 6 Jan 2025 10:23:43 +0000 (13:23 +0300)]
target/riscv: Add pointer masking tb flags

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-ID: <20250106102346.1100149-5-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add helper functions to calculate current number of masked bits for...
Alexey Baturo [Mon, 6 Jan 2025 10:23:42 +0000 (13:23 +0300)]
target/riscv: Add helper functions to calculate current number of masked bits for pointer masking

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106102346.1100149-4-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Add new CSR fields for S{sn, mn, m}pm extensions as part of Zjpm v1.0
Alexey Baturo [Mon, 6 Jan 2025 10:23:41 +0000 (13:23 +0300)]
target/riscv: Add new CSR fields for S{sn, mn, m}pm extensions as part of Zjpm v1.0

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106102346.1100149-3-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: Remove obsolete pointer masking extension code.
Alexey Baturo [Mon, 6 Jan 2025 10:23:40 +0000 (13:23 +0300)]
target/riscv: Remove obsolete pointer masking extension code.

Zjpm extension is finally ratified. And it's much simplier compared to the experimental one.
The newer version doesn't allow to specify custom mask or base for pointer masking.
Instead it allows only certain options for masking top bits.

Signed-off-by: Alexey Baturo <baturo.alexey@gmail.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106102346.1100149-2-baturo.alexey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: add trace in riscv_raise_exception()
Daniel Henrique Barboza [Mon, 6 Jan 2025 17:37:34 +0000 (14:37 -0300)]
target/riscv: add trace in riscv_raise_exception()

When using system mode we can get the CPU traps being taken via the
'riscv_trap' trace or the "-d int" qemu log. User mode does not a way of
logging/showing exceptions to users.

Add a trace in riscv_raise_exception() to allow qemu-riscv(32/64) users
to check all exceptions being thrown. This is particularly useful to
help identifying insns that are throwing SIGILLs.

As it is today we need to debug their binaries to identify where the
illegal insns are:

$ ~/work/qemu/build/qemu-riscv64 -cpu rv64 ./foo.out
Illegal instruction (core dumped)

After this change users can capture the trace and use EPC to pinpoint
the insn:

$ ~/work/qemu/build/qemu-riscv64 -cpu rv64 -trace riscv_exception ./foo.out
riscv_exception 8 (user_ecall) on epc 0x17cd2
riscv_exception 8 (user_ecall) on epc 0x17cda
riscv_exception 8 (user_ecall) on epc 0x17622
(...)
riscv_exception 2 (illegal_instruction) on epc 0x1053a
Illegal instruction (core dumped)

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250106173734.412353-3-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: use RISCVException enum in exception helpers
Daniel Henrique Barboza [Mon, 6 Jan 2025 17:37:33 +0000 (14:37 -0300)]
target/riscv: use RISCVException enum in exception helpers

Do a cosmetic change in riscv_raise_exception() to change 'exception'
type from uint32_t to RISCVException, making it a bit clear that the
arg is directly correlated to the RISCVException enum.

As a side effect, change 'excp' type from int to RISCVException in
generate_exception() to guarantee that all callers of
riscv_raise_exception() will use the enum.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250106173734.412353-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv/tcg: add sha
Daniel Henrique Barboza [Wed, 18 Dec 2024 11:40:26 +0000 (08:40 -0300)]
target/riscv/tcg: add sha

'sha' is the augmented hypervisor extension, defined in RVA22 as a set of
the following extensions:

- RVH
- Ssstateen
- Shcounterenw (always present)
- Shvstvala (always present)
- Shtvala (always present)
- Shvstvecd (always present)
- Shvsatpa (always present)
- Shgatpa (always present)

We can claim support for 'sha' by checking if we have RVH and ssstateen.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241218114026.1652352-10-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: add shgatpa
Daniel Henrique Barboza [Wed, 18 Dec 2024 11:40:25 +0000 (08:40 -0300)]
target/riscv: add shgatpa

shgatpa is defined in RVA22 as:

"For each supported virtual memory scheme SvNN supported in satp, the
corresponding hgatp SvNNx4 mode must be supported. The hgatp mode Bare
must also be supported."

Claim support for shgatpa since this is always true for TCG.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241218114026.1652352-9-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: add shvsatpa
Daniel Henrique Barboza [Wed, 18 Dec 2024 11:40:24 +0000 (08:40 -0300)]
target/riscv: add shvsatpa

shvsatpa is defined in RVA22 as:

"All translation modes supported in satp must be supported in vsatp."

This is always true in TCG so let's claim support for it.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241218114026.1652352-8-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: add shvstvecd
Daniel Henrique Barboza [Wed, 18 Dec 2024 11:40:23 +0000 (08:40 -0300)]
target/riscv: add shvstvecd

shvstvecd is defined in RVA22 as:

"vstvec.MODE must be capable of holding the value 0 (Direct).
When vstvec.MODE=Direct, vstvec.BASE must be capable of holding any
valid four-byte-aligned address."

This is always true for TCG so let's claim support for it.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241218114026.1652352-7-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: add shtvala
Daniel Henrique Barboza [Wed, 18 Dec 2024 11:40:22 +0000 (08:40 -0300)]
target/riscv: add shtvala

shtvala is described in RVA22 as:

"htval must be written with the faulting guest physical address
in all circumstances permitted by the ISA."

This is the case since commit 3067553993, so claim support for shtvala.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241218114026.1652352-6-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: add shvstvala
Daniel Henrique Barboza [Wed, 18 Dec 2024 11:40:21 +0000 (08:40 -0300)]
target/riscv: add shvstvala

shvstvala is defined in RVA22 as:

"vstval must be written in all cases described above for stval."

By "cases describe above" the doc refer to the description of sstvala:

"stval must be written with the faulting virtual address for load,
store, and instruction page-fault, access-fault, and misaligned
exceptions, and for breakpoint exceptions other than those caused by
execution of the EBREAK or C.EBREAK instructions. For
virtual-instruction and illegal-instruction exceptions, stval must be
written with the faulting instruction."

We already have sstvala, and our vstval follows the same rules as stval,
so we can claim to support shvstvala too.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241218114026.1652352-5-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: add shcounterenw
Daniel Henrique Barboza [Wed, 18 Dec 2024 11:40:20 +0000 (08:40 -0300)]
target/riscv: add shcounterenw

shcounterenw is defined in RVA22 as:

"For any hpmcounter that is not read-only zero, the corresponding bit in
hcounteren must be writable."

This is always true in TCG so let's claim support for it.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20241218114026.1652352-4-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agoriscv/gdbstub: add V bit to priv reg
Yanfeng Liu [Sun, 15 Dec 2024 21:36:35 +0000 (05:36 +0800)]
riscv/gdbstub: add V bit to priv reg

This adds virtualization mode (V bit) as bit(2) of register `priv`
per RiscV debug spec v1.0.0-rc4. Checked with gdb-multiarch v12.1.

Note that GDB may display `INVALID` tag for `priv` reg when V bit
is set, this doesn't affect actual access to the bit though.

Signed-off-by: Yanfeng Liu <yfliu2008@qq.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <tencent_1993B55C24DE7979BF34B200F78287002907@qq.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: rvv: speed up small unit-stride loads and stores
Craig Blackmore [Wed, 18 Dec 2024 14:23:53 +0000 (14:23 +0000)]
target/riscv: rvv: speed up small unit-stride loads and stores

Calling `vext_continuous_ldst_tlb` for load/stores up to 6 bytes
significantly improves performance.

Co-authored-by: Helene CHELIN <helene.chelin@embecosm.com>
Co-authored-by: Paolo Savini <paolo.savini@embecosm.com>
Co-authored-by: Craig Blackmore <craig.blackmore@embecosm.com>
Signed-off-by: Helene CHELIN <helene.chelin@embecosm.com>
Signed-off-by: Paolo Savini <paolo.savini@embecosm.com>
Signed-off-by: Craig Blackmore <craig.blackmore@embecosm.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241218142353.1027938-3-craig.blackmore@embecosm.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agotarget/riscv: rvv: fix typo in vext continuous ldst function names
Craig Blackmore [Wed, 18 Dec 2024 14:23:52 +0000 (14:23 +0000)]
target/riscv: rvv: fix typo in vext continuous ldst function names

Replace `continus` with `continuous`.

Signed-off-by: Craig Blackmore <craig.blackmore@embecosm.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Max Chou <max.chou@sifive.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20241218142353.1027938-2-craig.blackmore@embecosm.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
9 months agoMerge tag 'qtest-20250117-pull-request' of https://gitlab.com/farosas/qemu into staging
Stefan Hajnoczi [Sat, 18 Jan 2025 23:37:16 +0000 (18:37 -0500)]
Merge tag 'qtest-20250117-pull-request' of https://gitlab.com/farosas/qemu into staging

Qtest pull request

- RISCV CSR test
- migration recover changed to OOB
- removal of dead code in test-x86-cpuid-compat

# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmeKbx4QHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnRD7D/9v4ovvGn/IwSXjjpOpkjhCSgV8TMi1F61P
# hqB5TTCY8yejvT7JauplMUHmcJsVCNx+HF36D+YjxBjqrhQE8vzPRXgcLxHL9RX4
# Kwgdk24kFKADE3gsiys9gOpwRhmtY0/2CT5LvitfJRMxUNPtm0Mr7qM3Z0Taeusu
# lxZgIMTBeNakpY5vua8nlLQ4r+/Df6S3TFFAaQ4UYab/T5zHVcjKaySXDlT1QXpp
# M+Be21jPxuUYJnKCSxMCUtuY9wkSPcITzJW91V+JxL9STSpsKpnQe10JWDRbwLBt
# /am2Jg5f8iFEblCwr5aQRMwXB+e/Y7K4qKPOUalj+weGnCXh9DmWPXnV6qzdZNO8
# sePKoFj1AMtqbVf3iOpDBRkH8dECiDh1jHmflW1grF0BuOwOw8dKYW+i2qz9ZDiW
# rKWKfRcZZ059aOCQWqpMC9TGQ8osMC/v6GGJwiPBDLapGjnAm5d1683w4Z1l8tAg
# vf9yti2mpzK15PB6doEj/IuZr8WKWFMklizmMMZpXgHIUpjtm3JFKXX/jGHcD3KU
# E8F4ns3zPMlq7ncIwc6GADRB3XzEuzzuXAaEO8HMN0fYHevfnFIon749udyBDI/n
# a1/CTzTmchItwzgpdvcoiKO6gkg6DO9n08QULCMPSVCtl5KAlz5yuwxWGI/rM6u7
# ixPi8i24oA==
# =i4AD
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 17 Jan 2025 09:54:22 EST
# gpg:                using RSA key AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg:                issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg:                 aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3  64CF C798 DC74 1BEC 319D

* tag 'qtest-20250117-pull-request' of https://gitlab.com/farosas/qemu:
  tests/qtest/test-x86-cpuid-compat: Remove tests related to pc-i440fx-2.3
  tests/qtest/migration: Use out-of-band execution for migrate-recover
  tests/qtest: Introduce qtest_init_with_env_and_capabilities()
  tests/qtest: QTest example for RISC-V CSR register
  target/riscv: Add RISC-V CSR qtest support

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
9 months agosoftfloat: Constify helpers returning float_status field
Philippe Mathieu-Daudé [Thu, 16 Jan 2025 21:43:58 +0000 (22:43 +0100)]
softfloat: Constify helpers returning float_status field

These helpers don't alter float_status. Make it const.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250116214359.67295-1-philmd@linaro.org>

9 months agoaccel/tcg: Call tcg_tb_insert() for one-insn TBs
Ilya Leoshkevich [Thu, 16 Jan 2025 21:31:33 +0000 (22:31 +0100)]
accel/tcg: Call tcg_tb_insert() for one-insn TBs

Currently one-insn TBs created from I/O memory are not added to
region_trees. Therefore, when they generate exceptions, they are not
handled by cpu_restore_state_from_tb().

For x86 this is not a problem, because x86_restore_state_to_opc() only
restores pc and cc, which already have the correct values if the first
TB instruction causes an exception. However, on several other
architectures, restore_state_to_opc() is not stricly limited to state
restoration and affects some exception-related registers, where guests
can notice incorrect values, for example:

- arm's exception.syndrome;
- hppa's unwind_breg;
- riscv's excp_uw2;
- s390x's int_pgm_ilen.

Fix by always calling tcg_tb_insert(). This may increase the size of
region_trees, but tcg_region_reset_all() clears it once code_gen_buffer
fills up, so it will not grow uncontrollably.

Do not call tb_link_page(), which would add such TBs to the QHT, to
prevent tb_lookup() from finding them. These TBs are single-use, since
subsequent reads from I/O memory may return different values; they are
not removed from code_gen_buffer only in order to keep things simple.

Co-developed-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250116213214.5695-2-iii@linux.ibm.com>

9 months agotcg: Document tb_lookup() and tcg_tb_lookup()
Ilya Leoshkevich [Thu, 16 Jan 2025 21:31:32 +0000 (22:31 +0100)]
tcg: Document tb_lookup() and tcg_tb_lookup()

These similarly named functions serve different purposes; add
docstrings to highlight them.

Suggested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250116213214.5695-1-iii@linux.ibm.com>