Atish Patra [Thu, 6 Feb 2025 09:58:47 +0000 (01:58 -0800)]
 
target/riscv: Mask out upper sscofpmf bits during validation
As per the ISA definition, the upper 8 bits in hpmevent are defined
by Sscofpmf for privilege mode filtering and overflow bits while the
lower 56 bits are desginated for platform specific hpmevent values.
For the reset case, mhpmevent value should have zero in lower 56 bits.
Software may set the OF bit to indicate disable interrupt.
Ensure that correct value is checked after masking while clearing the
event encodings.
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Message-ID: <
20250206-pmu_minor_fixes-v2-2-
1bb0f4aeb8b4@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Atish Patra [Thu, 6 Feb 2025 09:58:46 +0000 (01:58 -0800)]
 
target/riscv: Fix the hpmevent mask
As per the latest privilege specification v1.13[1], the sscofpmf
only reserves first 8 bits of hpmeventX. Update the corresponding
masks accordingly.
[1]https://github.com/riscv/riscv-isa-manual/issues/1578
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250206-pmu_minor_fixes-v2-1-
1bb0f4aeb8b4@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rob Bradford [Thu, 6 Feb 2025 15:34:10 +0000 (15:34 +0000)]
 
disas/riscv: Add missing Sdtrig CSRs
This reflects the latest frozen version of the RISC-V Debug
specification (1.0.0-rc4) which includes the Sdtrig extension.
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250206153410.236636-3-rbradford@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rob Bradford [Thu, 6 Feb 2025 15:34:09 +0000 (15:34 +0000)]
 
disas/riscv: Fix minor whitespace issues
Some extra spaces made into into the RISC-V opcode data table.
Signed-off-by: Rob Bradford <rbradford@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250206153410.236636-2-rbradford@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
julia [Mon, 3 Feb 2025 06:18:52 +0000 (17:18 +1100)]
 
target/riscv: log guest errors when reserved bits are set in PTEs
For instance, QEMUs newer than 
b6ecc63c569bb88c0fcadf79fb92bf4b88aefea8
would silently treat this akin to an unmapped page (as required by the
RISC-V spec, admittedly). However, not all hardware platforms do (e.g.
CVA6) which leads to an apparent QEMU bug.
Instead, log a guest error so that in future, incorrectly set up page
tables can be debugged without bisecting QEMU.
Signed-off-by: julia <midnight@trainwit.ch>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20250203061852.
2931556-1-midnight@trainwit.ch>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rajnesh Kanwal [Wed, 5 Feb 2025 11:18:50 +0000 (11:18 +0000)]
 
target/riscv: machine: Add Control Transfer Record state description
Add a subsection to machine.c to migrate CTR CSR state
Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250205-b4-ctr_upstream_v6-v6-6-
439d8e06c8ef@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rajnesh Kanwal [Wed, 5 Feb 2025 11:18:49 +0000 (11:18 +0000)]
 
target/riscv: Add CTR sctrclr instruction.
CTR extension adds a new instruction sctrclr to quickly
clear the recorded entries buffer.
Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250205-b4-ctr_upstream_v6-v6-5-
439d8e06c8ef@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rajnesh Kanwal [Wed, 5 Feb 2025 11:18:48 +0000 (11:18 +0000)]
 
target/riscv: Add support to record CTR entries.
This commit adds logic to records CTR entries of different types
and adds required hooks in TCG and interrupt/Exception logic to
record events.
This commit also adds support to invoke freeze CTR logic for breakpoint
exceptions and counter overflow interrupts.
Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250205-b4-ctr_upstream_v6-v6-4-
439d8e06c8ef@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rajnesh Kanwal [Wed, 5 Feb 2025 11:18:47 +0000 (11:18 +0000)]
 
target/riscv: Add support for Control Transfer Records extension CSRs.
This commit adds support for [m|s|vs]ctrcontrol, sctrstatus and
sctrdepth CSRs handling.
Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250205-b4-ctr_upstream_v6-v6-3-
439d8e06c8ef@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rajnesh Kanwal [Wed, 5 Feb 2025 11:18:46 +0000 (11:18 +0000)]
 
target/riscv: Add Control Transfer Records CSR definitions.
The Control Transfer Records (CTR) extension provides a method to
record a limited branch history in register-accessible internal chip
storage.
This extension is similar to Arch LBR in x86 and BRBE in ARM.
The Extension has been stable and the latest release can be found here
https://github.com/riscv/riscv-control-transfer-records/releases/tag/v1.0_rc5
Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250205-b4-ctr_upstream_v6-v6-2-
439d8e06c8ef@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rajnesh Kanwal [Wed, 5 Feb 2025 11:18:45 +0000 (11:18 +0000)]
 
target/riscv: Remove obsolete sfence.vm instruction
Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Jason Chien <jason.chien@sifive.com>
Message-ID: <
20250205-b4-ctr_upstream_v6-v6-1-
439d8e06c8ef@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Alistair Francis [Tue, 28 Jan 2025 06:05:46 +0000 (16:05 +1000)]
 
MAINTAINERS: Remove Bin Meng from RISC-V maintainers
Bin Meng has been a long time contributor and maintainer for QEMU RISC-V
and has been very beneficial to the RISC-V ecosystem.
Unfortunately his email has started to bounce so this patch is removing
them from MAINTAINERS. If in the future Bin Meng wants to return we will
happily re-add them.
Note that I'm not removing Bin Meng as a "SD (Secure Card)" maintainer.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Acked-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20250128060546.
1374394-1-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Vasilis Liaskovitis [Thu, 16 Jan 2025 16:10:07 +0000 (17:10 +0100)]
 
hw/riscv/virt: Add serial alias in DTB
Add an "aliases" node with a "serial0" entry for the single UART
in the riscv virt machine.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2774
Signed-off-by: Vasilis Liaskovitis <vliaskovitis@suse.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250116161007.39710-1-vliaskovitis@suse.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Rodrigo Dias Correa [Tue, 14 Jan 2025 21:21:50 +0000 (22:21 +0100)]
 
goldfish_rtc: Fix tick_offset migration
Instead of migrating the raw tick_offset, goldfish_rtc migrates a
recalculated value based on QEMU_CLOCK_VIRTUAL. As QEMU_CLOCK_VIRTUAL
stands still across a save-and-restore cycle, the guest RTC becomes out
of sync with the host RTC when the VM is restored.
As described in the bug description, it looks like this calculation was
copied from pl031 RTC, which had its tick_offset migration fixed by
Commit 
032cfe6a79c8 ("pl031: Correctly migrate state when using -rtc
clock=host").
Migrate the tick_offset directly, adding it as a version-dependent field
to VMState. Keep the old behavior when migrating from previous versions.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2033
Signed-off-by: Rodrigo Dias Correa <r@drigo.nl>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250114212150.228241-1-r@drigo.nl>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jason Chien [Wed, 15 Jan 2025 14:17:30 +0000 (22:17 +0800)]
 
hw/riscv/riscv-iommu-bits: Remove duplicate definitions
The header contains duplicate macro definitions.
This commit eliminates the duplicate part.
Signed-off-by: Jason Chien <jason.chien@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115141730.30858-2-jason.chien@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Jason Chien [Wed, 15 Jan 2025 14:17:29 +0000 (22:17 +0800)]
 
hw/riscv/riscv-iommu: Remove redundant struct members
Initially, the IOMMU would create a thread, but this thread was removed in
the merged version. The struct members for thread control should have been
removed as well, but they were not removed in commit 
0c54acb8243
("hw/riscv: add RISC-V IOMMU base emulation").
Signed-off-by: Jason Chien <jason.chien@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115141730.30858-1-jason.chien@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 15 Jan 2025 18:43:16 +0000 (15:43 -0300)]
 
target/riscv: add RVA23S64 profile
Add RVA23S64 as described in [1]. This profile inherits all mandatory
extensions of RVA23U64 and RVA22S64, making it a child of both profiles.
A new "rva23s64" profile CPU is also added. This is the generated
riscv,isa for it (taken via -M dumpdtb):
rv64imafdcbvh_zic64b_zicbom_zicbop_zicboz_ziccamoa_ziccif_zicclsm_
ziccrse_zicond_zicntr_zicsr_zifencei_zihintntl_zihintpause_zihpm_zimop_
zmmul_za64rs_zaamo_zalrsc_zawrs_zfa_zfhmin_zca_zcb_zcd_zcmop_zba_zbb_zbs_
zkt_zvbb_zve32f_zve32x_zve64f_zve64d_zve64x_zvfhmin_zvkb_zvkt_shcounterenw_
sha_shgatpa_shtvala_shvsatpa_shvstvala_shvstvecd_smnpm_smstateen_ssccptr_
sscofpmf_sscounterenw_ssnpm_ssstateen_sstc_sstvala_sstvecd_ssu64xl_
supm_svade_svinval_svnapot_svpbmt
[1] https://github.com/riscv/riscv-profiles/blob/main/src/rva23-profile.adoc
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115184316.
2344583-7-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 15 Jan 2025 18:43:15 +0000 (15:43 -0300)]
 
target/riscv: add RVA23U64 profile
Add RVA23U64 as described in [1]. Add it as a child of RVA22U64 since
all RVA22U64 mandatory extensions are also present in RVA23U64. What's
left then is to list the mandatory extensions that are RVA23 only.
A new "rva23u64" CPU is also added.
[1] https://github.com/riscv/riscv-profiles/blob/main/src/rva23-profile.adoc
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115184316.
2344583-6-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 15 Jan 2025 18:43:14 +0000 (15:43 -0300)]
 
target/riscv: change priv_ver check in validate_profile()
The S profiles do a priv_ver check during validation to see if the
running priv_ver is compatible with it. This check is done by comparing
if the running priv_ver is equal to the priv_ver the profile specifies.
There is an universe where we added RVA23S64 support based on both
RVA23U64 and RVA22S64 and this error is being thrown:
qemu-system-riscv64: warning: Profile rva22s64 requires
    priv spec v1.12.0, but priv ver v1.13.0 was set
We're enabling RVA22S64 (priv_ver 1.12) as a dependency of RVA23S64
(priv_ver 1.13) and complaining to users about what we did ourselves.
There's no drawback in allowing a profile to run in an env that has a
priv_ver newer than it's required by it. So, like Hiro Nakamura saves
the future by changing the past, change the priv_ver check now to allow
profiles to run in a newer priv_ver. This universe will have one less
warning to deal with.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115184316.
2344583-5-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 15 Jan 2025 18:43:13 +0000 (15:43 -0300)]
 
target/riscv: add profile u_parent and s_parent
The current 'parent' mechanic for profiles allows for one profile to be
a child of a previous/older profile, enabling all its extensions (and
the parent profile itself) and sparing us from tediously listing all
extensions for every profile.
This works fine for u-mode profiles. For s-mode profiles this is not
enough: a s-mode profile extends not only his equivalent u-mode profile
but also the previous s-mode profile. This means, for example, that
RVA23S64 extends both RVA23U64 and RVA22S64.
To fit this usage, rename the existing 'parent' to 'u_parent' and add a
new 's_parent' attribute for profiles. Handle both like we were doing
with the previous 'parent' attribute, i.e. if set, enable it. This
change does nothing for the existing profiles but will make RVA23S64
simpler.
Suggested-by: Andrew Jones <ajones@ventanamicro.com>
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115184316.
2344583-4-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 15 Jan 2025 18:43:12 +0000 (15:43 -0300)]
 
target/riscv: use RVB in RVA22U64
From the time we added RVA22U64 until now the spec didn't declare 'RVB'
as a dependency, using zba/zbb/zbs instead. Since then the RVA22 spec
[1] added the following in the 'RVA22U64 Mandatory Extensions' section:
"B Bit-manipulation instructions
Note: The B extension comprises the Zba, Zbb, and Zbs extensions. At the
time of RVA22U64's ratification, the B extension had not yet been
defined, and so RVA22U64 explicitly mandated Zba, Zbb, and Zbs instead.
Mandating B is equivalent."
It is also equivalent to QEMU (see riscv_cpu_validate_b() in
target/riscv/tcg/tcg-cpu.c).
Finally, RVA23U64 [2] directly mentions RVB as a mandatory extension,
not citing zba/zbb/zbs.
To make it clear that RVA23U64 will extend RVA22U64 (i.e. RVA22 is a
parent of RVA23), use RVB in RVA22U64 as well.
(bios-tables-test change: RVB added to riscv,isa)
[1] https://github.com/riscv/riscv-profiles/blob/main/src/profiles.adoc#61-rva22u64-profile
[2] https://github.com/riscv/riscv-profiles/blob/main/src/rva23-profile.adoc#rva23u64-profile
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115184316.
2344583-3-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Wed, 15 Jan 2025 18:43:11 +0000 (15:43 -0300)]
 
target/riscv: add ssu64xl
ssu64xl is defined in RVA22 as:
"sstatus.UXL must be capable of holding the value 2 (i.e., UXLEN=64 must
be supported)."
This is always true in TCG and it's mandatory for RVA23, so claim
support for it.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250115184316.
2344583-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Huang Borong [Wed, 15 Jan 2025 03:51:05 +0000 (11:51 +0800)]
 
hw/intc/riscv_aplic: Remove redundant "hart_idx" masking
Remove the redundant masking of "hart_idx", as the same operation is
performed later during address calculation.
This change impacts the "hart_idx" value in the final qemu_log_mask()
call. The original "hart_idx" parameter should be used for logging to
ensure accuracy, rather than the masked value.
Signed-off-by: Huang Borong <huangborong@bosc.ac.cn>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-ID: <
20250115035105.19600-1-huangborong@bosc.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Tue, 21 Jan 2025 17:06:26 +0000 (14:06 -0300)]
 
target/riscv: throw debug exception before page fault
In the RISC-V privileged ISA section 3.1.15 table 15, it is determined
that a debug exception that is triggered from a load/store has a higher
priority than a possible fault that this access might trigger.
This is not the case ATM as shown in [1]. Adding a breakpoint in an
address that deliberately will fault is causing a load page fault
instead of a debug exception. The reason is that we're throwing in the
page fault as soon as the fault occurs (end of riscv_cpu_tlb_fill(),
raise_mmu_exception()), not allowing the installed watchpoints to
trigger.
Call cpu_check_watchpoint() in the page fault path to search and execute
any watchpoints that might exist for the address, never returning back
to the fault path. If no watchpoints are found cpu_check_watchpoint()
will return and we'll fall-through the regular path to
raise_mmu_exception().
[1] https://gitlab.com/qemu-project/qemu/-/issues/2627
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2627
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20250121170626.
1992570-3-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Tue, 21 Jan 2025 17:06:25 +0000 (14:06 -0300)]
 
target/riscv/debug.c: use wp size = 4 for 32-bit CPUs
The mcontrol select bit (19) is always zero, meaning our triggers will
always match virtual addresses. In this condition, if the user does not
specify a size for the trigger, the access size defaults to XLEN.
At this moment we're using def_size = 8 regardless of CPU XLEN. Use
def_size = 4 in case we're running 32 bits.
Fixes: 95799e36c1 ("target/riscv: Add initial support for the Sdtrig extension")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20250121170626.
1992570-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Max Chou [Fri, 24 Jan 2025 09:05:38 +0000 (17:05 +0800)]
 
target/riscv: rvv: Fix incorrect vlen comparison in prop_vlen_set
In prop_vlen_set function, there is an incorrect comparison between
vlen(bit) and vlenb(byte).
This will cause unexpected error when user applies the `vlen=1024` cpu
option with a vendor predefined cpu type that the default vlen is
1024(vlenb=128).
Fixes: 4f6d036ccc ("target/riscv/cpu.c: remove cpu->cfg.vlen")
Signed-off-by: Max Chou <max.chou@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20250124090539.
2506448-1-max.chou@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Max Chou [Fri, 24 Jan 2025 10:14:47 +0000 (18:14 +0800)]
 
target/riscv: rvv: Fix unexpected behavior of vector reduction instructions when vl is 0
According to the Vector Reduction Operations section in the RISC-V "V"
Vector Extension spec,
"If vl=0, no operation is performed and the destination register is not
updated."
The vd should be updated when vl is larger than 0.
Fixes: fe5c9ab1fc ("target/riscv: vector single-width integer reduction instructions")
Fixes: f714361ed7 ("target/riscv: rvv-1.0: implement vstart CSR")
Signed-off-by: Max Chou <max.chou@sifive.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20250124101452.
2519171-1-max.chou@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Tue, 21 Jan 2025 18:48:47 +0000 (15:48 -0300)]
 
target/riscv/cpu_helper.c: fix bad_shift in riscv_cpu_interrupt()
Coverity reported a BAD_SHIFT issue in the following code:
 > 2097
 >>>>      CID 
1590355:  Integer handling issues  (BAD_SHIFT)
 >>>>      In expression "hdeleg >> cause", right shifting by more than 63
       bits has undefined behavior.  The shift amount, "cause", is at least 64.
 > 2098         vsmode_exc = env->virt_enabled && (((hdeleg >> cause) & 1) || vs_injected);
 > 2099         /*
It is not clear to me how the tool guarantees that '"cause" is at least
64', but indeed there's no guarantees that it would be < 64 in the
'async = true' code path.
A simple fix to avoid a potential UB is to add a 'cause < 64' guard like
'mode' is already doing right before 'vsmode_exc'.
Resolves: Coverity CID 
1590355
Fixes: 967760f62c ("target/riscv: Implement Ssdbltrp exception handling")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250121184847.
2109128-6-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Tue, 21 Jan 2025 18:48:46 +0000 (15:48 -0300)]
 
target/riscv/csr.c: fix deadcode in aia_smode32()
Coverity reported a DEADCODE ticket in this function, as follows:
 >>>>      CID 
1590358:  Control flow issues  (DEADCODE)
 >>>>      Execution cannot reach this statement: "return ret;".
 > 380             return ret;
 > 381         }
The cause is that the 'if (ret != RISCV_EXCP_NONE)' conditional is
duplicated:
    ret = smstateen_acc_ok(env, 0, SMSTATEEN0_AIA);
    if (ret != RISCV_EXCP_NONE) {
        return ret;
    }
    if (ret != RISCV_EXCP_NONE) {
        return ret;
    }
Remove the duplication to fix the deadcode.
Resolves: Coverity CID 
1590358
Fixes: dbcb6e1ccf ("target/riscv: Enable S*stateen bits for AIA")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250121184847.
2109128-5-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Tue, 21 Jan 2025 18:48:45 +0000 (15:48 -0300)]
 
target/riscv/csr.c: fix deadcode in rmw_xiregi()
Coverity found a DEADCODE issue in rmw_xiregi() claiming that we can't
reach 'RISCV_EXCP_VIRT_INSTRUCTION_FAULT' at the 'done' label:
 > 2652     done:
 >>>>      CID 
1590357:  Control flow issues  (DEADCODE)
 >>>>      Execution cannot reach the expression "RISCV_EXCP_VIRT_INSTRUCTION_FAULT"
     inside this statement: "return (env->virt_enabled &...".
 > 2653         return (env->virt_enabled && virt) ?
 > 2654                 RISCV_EXCP_VIRT_INSTRUCTION_FAULT : RISCV_EXCP_ILLEGAL_INST;
This happens because 'virt' is being set to 'false' and it will remain
as 'false' in any code path where 'done' will be called. The label can
be safely reduced to:
done:
     return RISCV_EXCP_ILLEGAL_INST;
And that will leave us with the following usage of a 'goto' skipping a
single 'return' to do another single 'return':
     } else {
        goto done;
     }
     return rmw_xireg_csrind(env, csrno, isel, val, new_val, wr_mask);
done:
     return RISCV_EXCP_ILLEGAL_INST;
Which we will eliminate it and just do 'return RISCV_EXCP_ILLEGAL_INST'
instead.
Resolves: Coverity CID 
1590357
Fixes: 5e33a20827 ("target/riscv: Support generic CSR indirect access")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250121184847.
2109128-4-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Tue, 21 Jan 2025 18:48:44 +0000 (15:48 -0300)]
 
target/riscv/csr.c: fix 'ret' deadcode in rmw_xireg()
Coverity found a second DEADCODE issue in rmw_xireg() claiming that we can't
reach 'RISCV_EXCP_NONE' at the 'done' label:
 > 2706     done:
 > 2707         if (ret) {
 > 2708             return (env->virt_enabled && virt) ?
 > 2709                    RISCV_EXCP_VIRT_INSTRUCTION_FAULT : RISCV_EXCP_ILLEGAL_INST;
 > 2710         }
 >>>>      CID 
1590356:  Control flow issues  (DEADCODE)
 >>>>      Execution cannot reach this statement: "return RISCV_EXCP_NONE;".
 > 2711         return RISCV_EXCP_NONE;
Our label is now reduced after fixing another deadcode in the previous
patch but the problem reported here still remains:
 done:
    if (ret) {
        return RISCV_EXCP_ILLEGAL_INST;
    }
    return RISCV_EXCP_NONE;
This happens because 'ret' changes only once at the start of the
function:
    ret = smstateen_acc_ok(env, 0, SMSTATEEN0_SVSLCT);
    if (ret != RISCV_EXCP_NONE) {
        return ret;
    }
So it's a guarantee that ret will be RISCV_EXCP_NONE (-1) if we ever
reach the label, i.e. "if (ret)" will always be true, and  the label can
be even further reduced to:
done:
    return RISCV_EXCP_ILLEGAL_INST;
To make a better use of the label, remove the 'else' from the
xiselect_aia_range() chain and let it fall-through to the 'done' label
since they are now both returning RISCV_EXCP_ILLEGAL_INST.
Resolves: Coverity CID 
1590356
Fixes: dc0280723d ("target/riscv: Decouple AIA processing from xiselect and xireg")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250121184847.
2109128-3-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Tue, 21 Jan 2025 18:48:43 +0000 (15:48 -0300)]
 
target/riscv/csr.c: fix deadcode in rmw_xireg()
Coverity found a DEADCODE issue in rmw_xireg() claiming that we can't
reach 'RISCV_EXCP_VIRT_INSTRUCTION_FAULT' at the 'done' label:
done:
    if (ret) {
        return (env->virt_enabled && virt) ?
               RISCV_EXCP_VIRT_INSTRUCTION_FAULT : RISCV_EXCP_ILLEGAL_INST;
    }
    return RISCV_EXCP_NONE;
This happens because the 'virt' flag, which is only used by 'done', is
set to 'false' and it will always remain 'false' in any condition where
we'll jump to 'done':
    switch (csrno) {
    (...)
    case CSR_VSIREG:
        isel = env->vsiselect;
        virt = true;
        break;
    default:
        goto done;
    };
'virt = true' will never reach 'done' because we have a if/else-if/else
block right before the label that will always return:
    if (xiselect_aia_range(isel)) {
        return ...
    } else if (...) {
        return ...
    } else {
        return RISCV_EXCP_ILLEGAL_INST;
    }
All this means that we can preserve the current logic by reducing the
'done' label to:
done:
    if (ret) {
        return RISCV_EXCP_ILLEGAL_INST;
    }
    return RISCV_EXCP_NONE;
The flag 'virt' is now unused. Remove it.
Fix the 'goto done' identation while we're at it.
Resolves: Coverity CID 
1590359
Fixes: dc0280723d ("target/riscv: Decouple AIA processing from xiselect and xireg")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20250121184847.
2109128-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Philippe Mathieu-Daudé [Mon, 3 Mar 2025 17:25:08 +0000 (18:25 +0100)]
 
scripts/checkpatch: Fix a typo
When running checkpatch.pl on a commit adding a file without
SPDX tag we get:
  Undefined subroutine &main::WARNING called at ./scripts/checkpatch.pl line 1694.
The WARNING level is reported by the WARN() method. Fix the typo.
Fixes: fa4d79c64da ("scripts: mandate that new files have SPDX-License-Identifier")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <
20250303172508.93234-1-philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 3 Mar 2025 02:21:09 +0000 (10:21 +0800)]
 
Merge tag 'spdx-check-pull-request' of https://gitlab.com/berrange/qemu into staging
SPDX support for checkpatch
* Mandate use of SPDX-License-Identifier in new files
* Validate SPDX license choices
* Forbid other SPDX tags
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmfB2bYACgkQvobrtBUQ
# T9/XMhAAmfGQpHmr5cMBFkJwcSO7CnmggK+UM+BYP/2Zv6LdzdT3G1n9PzGuvPuv
# bXA2iYzFzZbD3uFYUi1MDHkQPvCY0skGZTIw6FPFv83a9aFTpM571L2wtpcPpBf/
# F+Fa6Thb//rgzB0eUSY+ZE7BVIyqB6Lpgq6eclePF+Q8hpv9e6/pW5LxwK4eYPev
# ELzIdOUUVkTH4PkBKL/HJGpCG4YUP6ORXSCJylU3s74OudjhLX5CXf3hGRbgXLpK
# t3jyl14CipZPtvNOAxW3AvzjkvqEWb4+ZxHGXJCypCscKOrM/SG0m1HpUOrLx2z3
# O9liRSl3yenSmN8gXghPhS346+jLMihocvD6NFJNzJLYq+JgIq3xPM2U3b3AXIUn
# TUaVE92vp90YusCyu/J+4iyMu7gwir7pLSAzKudmRQJLbA8Uxiq6GeQmCPV+Rj65
# eq6YAcxQeH+sgZud5I3fJ1tiupAsbzha+T+kCyEos3vE7qof+a1W9NhnhGGfZd/y
# lsukf/wT9ukX7aw61geiVdGDrwLtMbcfA7fRyLxI5WZkH6qFW+WMX2bpZaEOv0wb
# z+MH21cr0e56hbRwh7PdxwYrXW/sorvyi4sZgTh79ch8O3Hed9pBa2K2VkDJ4LKU
# joqc0vXwKJXbDZe0KLzD0LnajfiJnduCOsZgP5e93PndjL1fHzg=
# =eGL+
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 28 Feb 2025 23:43:50 HKT
# gpg:                using RSA key 
DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF
* tag 'spdx-check-pull-request' of https://gitlab.com/berrange/qemu:
  scripts: forbid use of arbitrary SPDX tags besides license identifiers
  scripts: validate SPDX license choices
  scripts: mandate that new files have SPDX-License-Identifier
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 3 Mar 2025 02:20:59 +0000 (10:20 +0800)]
 
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* qom: Use command line syntax for default values in help
* i386: support cache topology with machine's configuration
* rust: fix duplicate symbols from monitor-fd.c
* rust: add module to convert between success/-errno and io::Result
* rust: move class_init implementation from trait to method
* pvg: configuration improvements
* kvm guestmemfd: replace assertion with error
* riscv: cleanups
* target/i386/hvf: cleanups to emulation
* target/i386: add Zhaoxin and Yongfeng CPU model
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAme+10sUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMkRwf/eT0gVbE3u0TS6EVZwjGZPHEOEyy/
# gl39SlTT97HxoAClE4PRcdkn7YR3f30hytHghc4qhou+Eh/7Mj2Ox7l7+CyaaCS/
# fxowsOVMBV7++PkyKRPxIMamKzD8Bo0eGwWe+CJijA0zt9PSI/YEwRV0pf/s6KCW
# pOya2f+aNbAo3O5RWtIKSISgbSVvuVzDcDHyfydmOHuvGr2NHAM8UfZYD+41qy5B
# 81PYlvK6HgvhaCboqCUADULkte96Xmc4p2ggk0ZNiy0ho46rs78SMyBh5sXR2S3I
# moiQHpJXyV5TcI7HmwvcW7s0/cpdKm/wmPOjb6otu9InWh/ON1nnURsTEQ==
# =V/fm
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 26 Feb 2025 16:56:43 HKT
# gpg:                using RSA key 
F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (34 commits)
  target/i386: Mask CMPLegacy bit in CPUID[0x80000001].ECX for Zhaoxin CPUs
  target/i386: Introduce Zhaoxin Yongfeng CPU model
  target/i386: Add CPUID leaf 0xC000_0001 EDX definitions
  target/i386: Add support for Zhaoxin CPU vendor identification
  target/riscv: move 128-bit check to TCG realize
  target/riscv: remove unused macro DEFINE_CPU
  i386/cpu: add has_caches flag to check smp_cache configuration
  i386/pc: Support cache topology in -machine for PC machine
  i386/cpu: Update cache topology with machine's configuration
  i386/cpu: Support module level cache topology
  rust: qom: get rid of ClassInitImpl
  rust: pl011, qemu_api tests: do not use ClassInitImpl
  rust: qom: add ObjectImpl::CLASS_INIT
  rust: add SysBusDeviceImpl
  rust: add IsA bounds to QOM implementation traits
  target/i386/hvf: drop some dead code
  target/i386/hvf: move and rename simulate_{rdmsr, wrmsr}
  target/i386/hvf: move and rename {load, store}_regs
  target/i386/hvf: use x86_segment in x86_decode.c
  target/i386/hvf: fix the declaration of hvf_handle_io
  ...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 3 Mar 2025 02:20:48 +0000 (10:20 +0800)]
 
Merge tag 'pull-nvme-
20250227' of https://gitlab.com/birkelund/qemu into staging
nvme queue
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmfAMFEACgkQTeGvMW1P
# DenstAf9GuLVxVUhKDlAJwyRl9Z3lrPMkKwoYF2B75fmqJhW0wZh5VSh6z/s5Qx7
# h/5soFrAMlcZPg5FO0OkY9d4psPlDHBPnuGqX2zLxx0zZnpC/QThSa6hzmETDwfv
# mXEMA/AnXar9MqjrbeR2QjVRphP9mzWpaK7JLmvX9KYvMVxqXSEq5TuylbIeyBQ5
# rSWlVnuKvVLRVtavDpZjHAk5q6CgO1nQ0N3IyIjZmllphCgrJVX5PMtiLur3dPSF
# nYv2TR3uZJmlHR9qsFEc1aIBKNSBhwBJljRuIJe+yFTI8rxCClNlqMQOfgBJp4z6
# GYHm0w0p0NLn/V5dTqLsJoHs20u46A==
# =703u
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 27 Feb 2025 17:28:49 HKT
# gpg:                using RSA key 
522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9
* tag 'pull-nvme-
20250227' of https://gitlab.com/birkelund/qemu:
  hw/nvme: remove nvme_aio_err()
  hw/nvme: set error status code explicitly for misc commands
  hw/nvme: only set command abort requested when cancelled due to Abort
  hw/nvme: rework csi handling
  hw/nvme: be compliant wrt. dsm processing limits
  nvme: fix iocs status code values
  hw/nvme: add knob for doorbell buffer config support
  hw/nvme: make oacs dynamic
  hw/nvme: always initialize a subsystem
  hw/nvme: Add OCP SMART / Health Information Extended Log Page
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 3 Mar 2025 02:20:28 +0000 (10:20 +0800)]
 
Merge tag 'qga-pull-2025-02-26' of https://github.com/kostyanf14/qemu into staging
qga-pull-2025-02-26
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAme/BroACgkQ711egWG6
# hOcSPw//YABMm/kLVW1MeygCutsr4ZVaEfqMc4EBkTpRPQrLwFRNbVxkJpqxC5ep
# vkEfuJQyDcqEXWNowlV1mEnaIYuHvb94RrKAZcf4DD7Me9RB2b2ZKZh5IGuqI27+
# NSO3npmzDiUap0uYjzin64FtuXGvAoFDyGxsSw8CO5iijiPG8x2E7atdxZW5rYd+
# mXEEGbQX/qAunuIiuOuULw5CZkz3K8VcNHjsu/ywQpfayfIowN3xDzZwxT59JpWx
# hZ2DTtDyyD5VVf73N25iqo7zbhXCHEqLnBDcEvp5lntXWEA8d+7Tp/x/IiCQnDPM
# CApGYvXQ19tyvFFKVmzzEdbuxJbrRqmw+184kwRtcuNtOQTNhqV92nUnGMsfivd9
# VnZU1JQfoBBuy1PznWgtYKIJMwY8gVYBZcSXhw+K8FOnNr10ueKhoBwQaxUVasXm
# 7A5/4X562AWxZdw8NjxWEho/auRz48fC+AlADyZisn+VkqnvB6YmBj+UOWkBS3Zn
# BeirdD7NfaUB+SM/n5k/F2vIuR4lp4m/2YBmnPeoHPrHGcHGTW9HsK2QWNetFI7V
# /G0/BBa5mh6WHZnxDux1gLWzWMkv8rc00Q26kKNN9ukA+ifSkPgsBbmkUBNebh4Y
# Cd9/oXJ185D/wQ7dku9/le3I8u2rKbyeJjot1XajjKmWL/E5uoE=
# =kmxC
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 26 Feb 2025 20:19:06 HKT
# gpg:                using RSA key 
C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423  EB84 EF5D 5E81 61BA 84E7
* tag 'qga-pull-2025-02-26' of https://github.com/kostyanf14/qemu:
  qga: Don't daemonize before channel is initialized
  qga: Invert logic on return value in main()
  qga: Add log to guest-fsfreeze-thaw command
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 3 Mar 2025 02:20:19 +0000 (10:20 +0800)]
 
Merge tag 'pull-request-2025-02-26' of https://gitlab.com/thuth/qemu into staging
* Convert more avocado tests to the functional framework
* Fix a problem with the check-patch/check-dco CI jobs
* Replace the ppc64 e500 functional test with a better one
* Test retrieval of machine class properties
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAme+5TcRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUJZw//bgiGaTFI7Uzp7XgQyedVD5UJ6UiySNn8
# 58pEBjq8Q4gsFsckM4wp0BV3iRfy/EHncUd/bTTsBgrjF2T0+SBZFxkzO5Qw3l2U
# 5Qi158/9rteyKoTTz+WtlzbXY8hW7o2O0YriPwZDqAtWXXHGVOjTnXGqT3ZA6xM/
# SV9q4ZzTjpSSpBq8UMSx2BkRaTsIQ2K9guDWYr1mTAOuP+AlzP5XRIcCyF4SuSzM
# 2VRCaGbHcHrZyyJP9D5JbRebIhwifl7OfXH/iaVpXRWot2pkRdA9zOv0Mxg/4qIl
# VoUPBLxSIBov39i+9uVgBnwiBLObj+EU7T+qXJ1FoBe3WfjVaXEp6Nkj1/T3+Jn5
# lKJGxgqX4xp7RvmLFQBS1/rA6buLco4H/IuUu1PgzGXtzZs78ZRLsC4cV8iMVKzi
# 0xFiK7nBxgYiSdDNMyh/kILwSB4zExhzGe40dz4MDyCThtDK1HZpuPRC4PiJAiH2
# DlTT8O9uo9DVhwZqco1A0+m/Q2yCrF+wTte3AfB663RCjvYQKbRXUDYdu1hwC24K
# 6HQJ9M00FFM8H6YD3LY1bnN/wOTiuZ6zWcLP3bquOPIjmC0ogYkW054F3Mx+lmWk
# 3qOAjKOmznz7pTc+AvbX98FrKY58D2wJTuRjIMBWxFJQLOX/yIkQcfWPl3YPCT/a
# AZf9kGVE2/g=
# =KMhF
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 26 Feb 2025 17:56:07 HKT
# gpg:                using RSA key 
27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-02-26' of https://gitlab.com/thuth/qemu:
  tests/functional: Replace the ppc64 e500 advent calendar test
  gitlab: use --refetch in check-patch/check-dco jobs
  tests/functional: Bump some arm test timeouts
  tests/functional: Convert the x86_64 replay avocado tests
  tests/functional: Convert the aarch64 replay avocado tests
  tests/functional: Convert the s390x replay avocado tests
  tests/functional: Convert the alpha replay avocado tests
  tests/functional: Convert the arm replay avocado tests
  tests/functional: Convert the m68k replay avocado tests
  tests/functional: Convert the microblaze replay avocado tests
  tests/functional: Convert the ppc64 replay avocado tests
  tests/functional: Convert the or1k replay avocado tests
  tests/functional: Convert the 32-bit ppc replay avocado tests
  tests/functional: Convert the sparc replay avocado test
  tests/functional: Convert the xtensa replay test to the functional framework
  tests/functional: Provide a proper name for the VMs in the replay tests
  tests/qtest/qom-test: Test retrieval of machine class properties
  tests/functional: Have microblaze tests inherit common parent class
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 3 Mar 2025 02:20:03 +0000 (10:20 +0800)]
 
Merge tag 'pull-target-arm-
20250225' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
 * hw/arm/smmuv3: Fill u.f_cd_fetch.addr for SMMU_EVT_F_CD_FETCH
 * hw/arm/virt: Support larger highmem MMIO regions
 * machine: Centralize -machine dumpdtb option handling and report
   attempt to dump nonexistent DTB as an error
 * fpu: remove target ifdefs and build it only once
 * target/arm: Refactor to move TCG-only vfp_helper code into tcg/
 * target/arm/hvf: Disable SME feature
 * target/arm/hvf: sign extend the data for a load operation when SSE=1
 * hw/misc/npcm_clk: fix buffer-overflow
 * hw/arm: Add i.MX 8M Plus EVK board ("imx8mp-evk")
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAme+BaQZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kG0EACuWqAhqYdn2muu1Rc3WQMh
# uMOdb/f7oaqbCpeBEdV1dazWfZJQ1Zk05J31t+tdoYowqM7nS55Vw9zrSntoC6Ll
# IYRzBmGWE+FnsODKhA0wx/lQO08GeMTrkHoGM72hiwIjbuC/Nps9aOQ2GH6WOCjN
# TACXF1dYNpoy+H979yIwGMWH1SSgn1fS+9zw3LsKCGtbnt7g80DyWpb6qlfKPJ78
# KHmpth//sCPbu6UtsFKTBlIb0dYtAWTnRoS834WBq9bw51OPh81WoApSBkjV479z
# kTcLyaJnoTKsPnz+6A/z3Fm/qi4aATk4/eCCT2ry3Oyi3ffafSlBf/KiFqAZ0Fue
# vq6/b/wsVTdyjnkcptmCHJ+6qEhPshNi3F4hu8YOFQsx+6zFR7NUkZrNt/IQIhZB
# DOcjtMFymg/duEbRW9RdLeVC3Ds2qVuxnzEbLmNJntBp+jkhm5QkWf6ZEJ6iviOf
# tSP+SLOFyCT71BdQSIMhLJHS9UPJ3vzgGkN54YCLDYg24aNCMSe0nqLFMxfchQJm
# njn1BdyX4pDibXv6tdDJdtOv3sLgvVaZZKEGlTGtNx8kq8qmXnzIJl6iQSBTrmD5
# qMb4NxaYG6hpzSQOV+XxLQ1BdLNj2qXs90EU1Jqfp378sOdl6Oyx5po5NIcyp36o
# g+GsbLqphJL4DkosoH8eFA==
# =MBWK
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 26 Feb 2025 02:02:12 HKT
# gpg:                using RSA key 
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-
20250225' of https://git.linaro.org/people/pmaydell/qemu-arm: (43 commits)
  hw/arm/fsl-imx8mp: Add on-chip RAM
  hw/arm/fsl-imx8mp: Add USB support
  hw/arm/fsl-imx8mp: Add Ethernet controller
  hw/arm/fsl-imx8mp: Implement general purpose timers
  hw/arm/fsl-imx8mp: Add watchdog support
  hw/arm/fsl-imx8mp: Add SPI controllers
  hw/arm/fsl-imx8mp: Add I2C controllers
  hw/arm/fsl-imx8mp: Add GPIO controllers
  hw/arm/fsl-imx8mp: Add PCIe support
  hw/arm/fsl-imx8mp: Add USDHC storage controllers
  hw/arm/fsl-imx8mp: Add SNVS
  hw/arm/fsl-imx8mp: Implement clock tree
  hw/arm: Add i.MX 8M Plus EVK board
  hw/gpio/pca955*: Move Kconfig switches next to implementations
  hw/pci-host/designware: Prevent device attachment on internal PCIe root bus
  hw/usb/hcd-dwc3: Align global registers size with Linux
  hw/misc/npcm_clk: fix buffer-overflow
  target/arm/hvf: sign extend the data for a load operation when SSE=1
  target/arm/hvf: Disable SME feature
  target/arm: Rename vfp_helper.c to vfp_fpscr.c
  ...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Daniel P. Berrangé [Mon, 7 Oct 2024 15:21:54 +0000 (16:21 +0100)]
 
scripts: forbid use of arbitrary SPDX tags besides license identifiers
While SPDX-License-Identifier is a well known SPDX tag, there are a
great many more besides that[1]. These are mostly focused on making
machine readable metadata available to the 'reuse' tool and similar.
They cover concepts like author names, copyright owners, and much
more. It is even possible to define source file line groups and apply
different SPDX tags to regions of code within a file.
At this time we're only interested in adopting SPDX for recording the
file global licensing info, so detect & reject any other SPDX metadata.
If we want to explicitly collect extra data in SPDX format, we can
evaluate each data item on its merits when someone wants to propose it
at a later date.
[1] https://spdx.github.io/spdx-spec/v2.2.2/file-tags/
    https://spdx.github.io/spdx-spec/v2.2.2/file-information/
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Mon, 7 Oct 2024 14:40:28 +0000 (15:40 +0100)]
 
scripts: validate SPDX license choices
We expect all new code to be contributed with the "GPL-2.0-or-later"
license tag. Divergence is permitted if the new file is derived from
pre-existing code under a different license, whether from elsewhere
in QEMU codebase, or outside.
Issue a warning if the declared license is not "GPL-2.0-or-later",
and an error if the license is not one of the handful of the
expected licenses to prevent unintended proliferation. The warning
asks users to explain their unusual choice of license in the commit
message.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Mon, 7 Oct 2024 14:39:51 +0000 (15:39 +0100)]
 
scripts: mandate that new files have SPDX-License-Identifier
Going forward we want all newly created source files to have an
SPDX-License-Identifier tag present.
Initially mandate this for C, Python, Perl, Shell source files,
as well as JSON (QAPI) and Makefiles, while encouraging users
to consider it for other file types.
Reviewed-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Klaus Jensen [Mon, 16 Dec 2024 12:53:10 +0000 (13:53 +0100)]
 
hw/nvme: remove nvme_aio_err()
nvme_rw_complete_cb() is the only remaining user of nvme_aio_err(), so
open code the status code setting instead.
Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Klaus Jensen [Mon, 16 Dec 2024 12:53:09 +0000 (13:53 +0100)]
 
hw/nvme: set error status code explicitly for misc commands
The nvme_aio_err() does not handle Verify, Compare, Copy and other misc
commands and defaults to setting the error status code to Internal
Device Error. For some of these commands, we know better, so set it
explicitly.
For the commands using the nvme_misc_cb() callback (Copy, Flush, ...),
if no status code has explicitly been set by the lower handlers, default
to Internal Device Error as previously.
Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Klaus Jensen [Mon, 16 Dec 2024 12:53:08 +0000 (13:53 +0100)]
 
hw/nvme: only set command abort requested when cancelled due to Abort
The Command Abort Requested status code should only be set if the
command was explicitly cancelled due to an Abort command. Or, in the
case the cancel was due to Submission Queue deletion, set the status
code to Command Aborted due to SQ Deletion.
Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Klaus Jensen [Mon, 16 Dec 2024 12:53:07 +0000 (13:53 +0100)]
 
hw/nvme: rework csi handling
The controller incorrectly allows a zoned namespace to be attached even
if CS.CSS is configured to only support the NVM command set for I/O
queues.
Rework handling of namespace command sets in general by attaching
supported namespaces when the controller is started instead of, like
now, statically when realized.
Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Michal Privoznik [Tue, 7 Jan 2025 14:52:07 +0000 (15:52 +0100)]
 
qga: Don't daemonize before channel is initialized
If the agent is set to daemonize but for whatever reason fails to
init the channel, the error message is lost. Worse, the agent
daemonizes needlessly and returns success. For instance:
  # qemu-ga -m virtio-serial \
            -p /dev/nonexistent_device \
            -f /run/qemu-ga.pid \
            -t /run \
            -d
  # echo $?
  0
This makes it needlessly hard for init scripts to detect a
failure in qemu-ga startup. Though, they shouldn't pass '-d' in
the first place.
Let's open the channel first and only after that become a daemon.
Related bug: https://bugs.gentoo.org/810628
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-ID: <
7a42b0cbda5c7e01cf76bc1b29a1210cd018fa78.
1736261360.git.mprivozn@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Michal Privoznik [Tue, 7 Jan 2025 14:52:06 +0000 (15:52 +0100)]
 
qga: Invert logic on return value in main()
Current logic on return value ('ret' variable) in main() is error
prone. The variable is initialized to EXIT_SUCCESS and then set
to EXIT_FAILURE on error paths. This makes it very easy to forget
to set the variable to indicate error when adding new error path,
as is demonstrated by handling of initialize_agent() failure.
It's simply lacking setting of the variable.
There's just one case where success should be indicated: when
dumping the config ('-D' cmd line argument).
To resolve this, initialize the variable to failure value and set
it explicitly to success value in that one specific case.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Message-ID: <
8a28265f50177a8dc4c10fcf4146e85a7fd748ee.
1736261360.git.mprivozn@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Konstantin Kostiuk [Mon, 16 Dec 2024 15:45:52 +0000 (17:45 +0200)]
 
qga: Add log to guest-fsfreeze-thaw command
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <
20241216154552.213961-2-kkostiuk@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
EwanHai [Mon, 13 Jan 2025 07:44:13 +0000 (02:44 -0500)]
 
target/i386: Mask CMPLegacy bit in CPUID[0x80000001].ECX for Zhaoxin CPUs
Zhaoxin CPUs (including vendors "Shanghai" and "Centaurhauls") handle the
CMPLegacy bit similarly to Intel CPUs. Therefore, this commit masks the
CMPLegacy bit in CPUID[0x80000001].ECX for Zhaoxin CPUs, just as it is done
for Intel CPUs.
AMD uses the CMPLegacy bit (CPUID[0x80000001].ECX.bit1) along with other CPUID
information to enumerate platform topology (e.g., the number of logical
processors per package). However, for Intel and other CPUs that follow Intel's
behavior, CPUID[0x80000001].ECX.bit1 is reserved.
- Impact on Intel and similar CPUs:
This change has no effect on Intel and similar CPUs, as the goal is to
accurately emulate CPU CPUID information.
- Impact on Linux Guests running on Intel (and similar) vCPUs:
During boot, Linux checks if the CPU supports Hyper-Threading. For the Linux
kernel before v6.9, if it detects X86_FEATURE_CMP_LEGACY, it assumes
Hyper-Threading is not supported. For Intel and similar vCPUs, if the
CMPLegacy bit is not masked in CPUID[0x80000001].ECX, Linux will incorrectly
assume that Hyper-Threading is not supported, even if the vCPU does support it.
Signed-off-by: EwanHai <ewanhai-oc@zhaoxin.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250113074413.297793-5-ewanhai-oc@zhaoxin.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
EwanHai [Mon, 13 Jan 2025 07:44:12 +0000 (02:44 -0500)]
 
target/i386: Introduce Zhaoxin Yongfeng CPU model
Introduce support for the Zhaoxin Yongfeng CPU model.
The Zhaoxin Yongfeng CPU is Zhaoxin's latest server CPU.
This new cpu model ensure that QEMU can correctly emulate the Zhaoxin
Yongfeng CPU, providing accurate functionality and performance characteristics.
Signed-off-by: EwanHai <ewanhai-oc@zhaoxin.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250113074413.297793-4-ewanhai-oc@zhaoxin.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
EwanHai [Mon, 13 Jan 2025 07:44:11 +0000 (02:44 -0500)]
 
target/i386: Add CPUID leaf 0xC000_0001 EDX definitions
Add new CPUID feature flags for various Zhaoxin PadLock extensions.
These definitions will be used for Zhaoxin CPU models.
Signed-off-by: EwanHai <ewanhai-oc@zhaoxin.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250113074413.297793-3-ewanhai-oc@zhaoxin.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
EwanHai [Mon, 13 Jan 2025 07:44:10 +0000 (02:44 -0500)]
 
target/i386: Add support for Zhaoxin CPU vendor identification
Zhaoxin currently uses two vendors: "Shanghai" and "Centaurhauls".
It is important to note that the latter now belongs to Zhaoxin. Therefore,
this patch replaces CPUID_VENDOR_VIA with CPUID_VENDOR_ZHAOXIN1.
The previous CPUID_VENDOR_VIA macro was only defined but never used in
QEMU, making this change straightforward.
Additionally, the IS_ZHAOXIN_CPU macro has been added to simplify the
checks for Zhaoxin CPUs.
Signed-off-by: EwanHai <ewanhai-oc@zhaoxin.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20250113074413.297793-2-ewanhai-oc@zhaoxin.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cédric Le Goater [Wed, 26 Feb 2025 06:50:13 +0000 (07:50 +0100)]
 
tests/functional: Replace the ppc64 e500 advent calendar test
Replace the advent calendar test with a buildroot image built with
qemu_ppc64_e5500_defconfig. Unlike the advent calendar image, this
newer buildroot image supports networking, too. Thus boot a ppce500
machine from kernel and disk, test network and poweroff.
Add '-no-shutdown' to the command line to avoid exiting from QEMU
as it seems to bother the functional framework.
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Message-ID: <
20250226065013.196052-1-clg@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
[thuth: Add some wording about network support to the commit message]
Signed-off-by: Thomas Huth <thuth@redhat.com>
Daniel P. Berrangé [Tue, 25 Feb 2025 11:05:25 +0000 (11:05 +0000)]
 
gitlab: use --refetch in check-patch/check-dco jobs
When gitlab initializes the repo checkout for a CI job, it will have
done a shallow clone with only partial history. Periodically the objects
that are omitted cause trouble with the check-patch/check-dco jobs. This
is exhibited as reporting strange errors being unable to fetch certain
objects that are known to exist.
Passing the --refetch flag to 'git fetch' causes it to not assume the
local checkout has all common objects and thus re-fetch everything that
is needed. This appears to solve the check-patch/check-dco job failures.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-ID: <
20250225110525.
2209854-1-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Peter Maydell [Fri, 21 Feb 2025 14:06:40 +0000 (14:06 +0000)]
 
tests/functional: Bump some arm test timeouts
On my local machine, for a debug build, sbsaref_alpine takes
nearly 900s:
$ (cd build/x86 && ./pyvenv/bin/meson test --setup thorough --suite func-thorough func-aarch64-aarch64_sbsaref_alpine
)
1/1 qemu:func-thorough+func-aarch64-thorough+thorough / func-aarch64-aarch64_sbsaref_alpine
                      OK 896.90s
arm_aspeed_rainier can also run close to its current timeout:
 6/44 qemu:func-thorough+func-arm-thorough+thorough / func-arm-arm_aspeed_rainier
                      OK 215.75s
and arm_aspeed_ast2500 and arm_aspeed_ast2600 can go over:
13/44 qemu:func-thorough+func-arm-thorough+thorough / func-arm-arm_aspeed_ast2600
                      OK 792.94s
27/44 qemu:func-thorough+func-arm-thorough+thorough / func-arm-arm_aspeed_ast2500
                 TIMEOUT 480.01s
The sx1 test fails not on the overall meson timeout but on the
60 second timeout in some of the subtests.
Bump all these timeouts up a bit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250221140640.786341-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:43 +0000 (16:27 +0100)]
 
tests/functional: Convert the x86_64 replay avocado tests
Put the tests into a separate file now (in the functional framework,
each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com
Message-ID: <
20250218152744.228335-14-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:42 +0000 (16:27 +0100)]
 
tests/functional: Convert the aarch64 replay avocado tests
Put the tests into a separate file now (in the functional framework,
each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-13-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:41 +0000 (16:27 +0100)]
 
tests/functional: Convert the s390x replay avocado tests
Put the tests into a separate file now (in the functional framework,
each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-12-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:40 +0000 (16:27 +0100)]
 
tests/functional: Convert the alpha replay avocado tests
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-11-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:39 +0000 (16:27 +0100)]
 
tests/functional: Convert the arm replay avocado tests
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-10-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:38 +0000 (16:27 +0100)]
 
tests/functional: Convert the m68k replay avocado tests
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-9-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:37 +0000 (16:27 +0100)]
 
tests/functional: Convert the microblaze replay avocado tests
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-8-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:36 +0000 (16:27 +0100)]
 
tests/functional: Convert the ppc64 replay avocado tests
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-7-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:35 +0000 (16:27 +0100)]
 
tests/functional: Convert the or1k replay avocado tests
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-6-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:34 +0000 (16:27 +0100)]
 
tests/functional: Convert the 32-bit ppc replay avocado tests
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-5-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:33 +0000 (16:27 +0100)]
 
tests/functional: Convert the sparc replay avocado test
While we're at it, change the machine from SS-20 to SS-10 to
increase the test coverage a little bit (SS-20 is already
tested in the test_sparc_sun4m.py file).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-4-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:32 +0000 (16:27 +0100)]
 
tests/functional: Convert the xtensa replay test to the functional framework
Put the tests into a separate file now (since in the functional
framework, each file is run with one specific qemu-system-* binary).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-3-thuth@redhat.com>
Thomas Huth [Tue, 18 Feb 2025 15:27:31 +0000 (16:27 +0100)]
 
tests/functional: Provide a proper name for the VMs in the replay tests
With a proper name the log files get a more meaningful name.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20250218152744.228335-2-thuth@redhat.com>
Stefan Hajnoczi [Tue, 25 Feb 2025 23:35:55 +0000 (07:35 +0800)]
 
Merge tag 'pull-loongarch-
20250225' of https://gitlab.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCZ7156AAKCRAfewwSUazn
# 0T2AAQDW4zr8ECab5FH+udeCtGOv2I6gtTT8CwjwhCdHNzsAAgEAxi0JJOjTIMrK
# z657Q4MTeKbTyzi48niXBbI9hKvyhQM=
# =g4Wx
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 25 Feb 2025 16:06:00 HKT
# gpg:                using EDDSA key 
0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7  13C4 8E86 8FB7 A176 9D4C
#      Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3  D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-
20250225' of https://gitlab.com/bibo-mao/qemu:
  target/loongarch: Enable virtual extioi feature
  target/loongarch: Add kvm steal time feature detection
  target/loongarch: Add vCPU property for kvm steal time feature
  target/loongarch: Enable paravirt ipi feature
  target/loongarch: Add paravirt ipi feature detection
  target/loongarch: Add vCPU property for paravirt ipi feature
  target/loongarch: Move kvm specified vCPU property to kvm directory
  target/loongarch: Add post init function for kvm mode
  target/loongarch: Correct maximum physical address in KVM mode
  target/loongarch/gdbstub: Fix gdbstub incorrectly handling some registers
  target/loongarch: fix vcpu reset command word issue
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Bernhard Beschow [Sun, 23 Feb 2025 11:47:07 +0000 (12:47 +0100)]
 
hw/arm/fsl-imx8mp: Add on-chip RAM
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-18-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:47:05 +0000 (12:47 +0100)]
 
hw/arm/fsl-imx8mp: Add USB support
Split the USB MMIO regions to better keep track of the implemented vs.
unimplemented regions.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-16-shentey@gmail.com
[PMM: drop "static const" from usb_table for GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:47:04 +0000 (12:47 +0100)]
 
hw/arm/fsl-imx8mp: Add Ethernet controller
The i.MX 8M Plus SoC actually has two ethernet controllers, the usual ENET one
and a Designware one. There is no device model for the latter, so only add the
ENET one.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-15-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:47:03 +0000 (12:47 +0100)]
 
hw/arm/fsl-imx8mp: Implement general purpose timers
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-14-shentey@gmail.com
[PMM: drop static const from gpt_attrs for GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:47:02 +0000 (12:47 +0100)]
 
hw/arm/fsl-imx8mp: Add watchdog support
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-13-shentey@gmail.com
[PMM: drop static const from wdog_table for GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:47:01 +0000 (12:47 +0100)]
 
hw/arm/fsl-imx8mp: Add SPI controllers
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-12-shentey@gmail.com
[PMM: drop static const from spi_table for GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:47:00 +0000 (12:47 +0100)]
 
hw/arm/fsl-imx8mp: Add I2C controllers
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-11-shentey@gmail.com
[PMM: drop static const from i2c_table for GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:59 +0000 (12:46 +0100)]
 
hw/arm/fsl-imx8mp: Add GPIO controllers
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-10-shentey@gmail.com
[PMM: drop static const from gpio_table for GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:58 +0000 (12:46 +0100)]
 
hw/arm/fsl-imx8mp: Add PCIe support
Linux checks for the PLLs in the PHY to be locked, so implement a model
emulating that.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-9-shentey@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:57 +0000 (12:46 +0100)]
 
hw/arm/fsl-imx8mp: Add USDHC storage controllers
The USDHC emulation allows for running real-world images such as those generated
by Buildroot. Convert the board documentation accordingly instead of running a
Linux kernel with ephemeral storage.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-8-shentey@gmail.com
[PMM: drop 'static const' from usdhc_table[] for GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:56 +0000 (12:46 +0100)]
 
hw/arm/fsl-imx8mp: Add SNVS
SNVS contains an RTC which allows Linux to deal correctly with time. This is
particularly useful when handling persistent storage which will be done in the
next patch.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-7-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:55 +0000 (12:46 +0100)]
 
hw/arm/fsl-imx8mp: Implement clock tree
Fixes quite a few stack traces during the Linux boot process. Also provides the
clocks for devices added later, e.g. enet1.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-6-shentey@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:54 +0000 (12:46 +0100)]
 
hw/arm: Add i.MX 8M Plus EVK board
As a first step, implement the bare minimum: CPUs, RAM, interrupt controller,
serial. All other devices of the A53 memory map are represented as
TYPE_UNIMPLEMENTED_DEVICE, i.e. the whole memory map is provided. This allows
for running Linux without it crashing due to invalid memory accesses.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-5-shentey@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: drop 'static const' from serial_table[] definition to avoid
 compile failure on GCC 7.5]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:53 +0000 (12:46 +0100)]
 
hw/gpio/pca955*: Move Kconfig switches next to implementations
The move of the Kconfig bits to hw/gpio is fixing a bug in 
6328d8ffa6cb9d
("misc/pca955*: Move models under hw/gpio"), which moved the code but forgot to
move the Kconfig sections.
Fixes: 6328d8ffa6cb9d "misc/pca955*: Move models under hw/gpio"
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-4-shentey@gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:52 +0000 (12:46 +0100)]
 
hw/pci-host/designware: Prevent device attachment on internal PCIe root bus
On the real device, the PCIe root bus is only connected to a PCIe bridge and
does not allow for direct attachment of devices. Doing so in QEMU results in no
PCI devices being detected by Linux. Instead, PCI devices should plug into the
secondary PCIe bus spawned by the internal PCIe bridge.
Unfortunately, QEMU defaults to plugging devices into the PCIe root bus. To work
around this, every PCI device created on the command line needs an extra
`bus=dw-pcie` option which is error prone. Fix that by marking the PCIe root bus
as full which makes QEMU decend into the child PCIe bus.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-3-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Bernhard Beschow [Sun, 23 Feb 2025 11:46:51 +0000 (12:46 +0100)]
 
hw/usb/hcd-dwc3: Align global registers size with Linux
While at it add missing GUSB2RHBCTL register as found in i.MX 8M Plus reference
manual.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 
20250223114708.1780-2-shentey@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pierrick Bouvier [Mon, 24 Feb 2025 20:50:53 +0000 (12:50 -0800)]
 
hw/misc/npcm_clk: fix buffer-overflow
Regression introduced by cf76c4
(hw/misc: Add nr_regs and cold_reset_values to NPCM CLK)
cold_reset_values has a different size, depending on device used
(NPCM7xx vs NPCM8xx). However, s->regs has a fixed size, which matches
NPCM8xx. Thus, when initializing a NPCM7xx, we go past cold_reset_values
ending.
Report by asan:
==2066==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55d68a3e97f0 at pc 0x7fcaf2b2d14b bp 0x7ffff0cc3890 sp 0x7ffff0cc3040
READ of size 196 at 0x55d68a3e97f0 thread T0
    #0 0x7fcaf2b2d14a in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
    #1 0x55d688447e0d in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
    #2 0x55d688447e0d in npcm_clk_enter_reset ../hw/misc/npcm_clk.c:968
    #3 0x55d6899b7213 in resettable_phase_enter ../hw/core/resettable.c:136
    #4 0x55d6899a1ef7 in bus_reset_child_foreach ../hw/core/bus.c:97
    #5 0x55d6899b717d in resettable_child_foreach ../hw/core/resettable.c:92
    #6 0x55d6899b717d in resettable_phase_enter ../hw/core/resettable.c:129
    #7 0x55d6899b4ead in resettable_container_child_foreach ../hw/core/resetcontainer.c:54
    #8 0x55d6899b717d in resettable_child_foreach ../hw/core/resettable.c:92
    #9 0x55d6899b717d in resettable_phase_enter ../hw/core/resettable.c:129
    #10 0x55d6899b7bfa in resettable_assert_reset ../hw/core/resettable.c:55
    #11 0x55d6899b8666 in resettable_reset ../hw/core/resettable.c:45
    #12 0x55d688d15cd2 in qemu_system_reset ../system/runstate.c:527
    #13 0x55d687fc5edd in qdev_machine_creation_done ../hw/core/machine.c:1738
    #14 0x55d688d209bd in qemu_machine_creation_done ../system/vl.c:2779
    #15 0x55d688d209bd in qmp_x_exit_preconfig ../system/vl.c:2807
    #16 0x55d688d281fb in qemu_init ../system/vl.c:3838
    #17 0x55d687ceab12 in main ../system/main.c:68
    #18 0x7fcaef006249  (/lib/x86_64-linux-gnu/libc.so.6+0x27249)
    #19 0x7fcaef006304 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x27304)
    #20 0x55d687cf0010 in _start (/home/runner/work/qemu-ci/qemu-ci/build/qemu-system-arm+0x371c010)
0x55d68a3e97f0 is located 0 bytes to the right of global variable 'npcm7xx_cold_reset_values' defined in '../hw/misc/npcm_clk.c:134:23' (0x55d68a3e9780) of size 112
Impacted tests:
Summary of Failures:
check:
  2/747 qemu:qtest+qtest-aarch64 / qtest-aarch64/qom-test                         ERROR             9.28s   killed by signal 6 SIGABRT
  4/747 qemu:qtest+qtest-arm / qtest-arm/qom-test                                 ERROR             7.82s   killed by signal 6 SIGABRT
 32/747 qemu:qtest+qtest-aarch64 / qtest-aarch64/device-introspect-test           ERROR            10.91s   killed by signal 6 SIGABRT
 35/747 qemu:qtest+qtest-arm / qtest-arm/device-introspect-test                   ERROR            11.33s   killed by signal 6 SIGABRT
114/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_pwm-test                         ERROR             0.98s   killed by signal 6 SIGABRT
115/747 qemu:qtest+qtest-aarch64 / qtest-aarch64/test-hmp                         ERROR             2.95s   killed by signal 6 SIGABRT
117/747 qemu:qtest+qtest-arm / qtest-arm/test-hmp                                 ERROR             2.54s   killed by signal 6 SIGABRT
151/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_watchdog_timer-test              ERROR             0.96s   killed by signal 6 SIGABRT
247/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_adc-test                         ERROR             0.96s   killed by signal 6 SIGABRT
248/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_gpio-test                        ERROR             1.05s   killed by signal 6 SIGABRT
249/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_rng-test                         ERROR             0.97s   killed by signal 6 SIGABRT
250/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_sdhci-test                       ERROR             0.97s   killed by signal 6 SIGABRT
251/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_smbus-test                       ERROR             0.89s   killed by signal 6 SIGABRT
252/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_timer-test                       ERROR             1.09s   killed by signal 6 SIGABRT
253/747 qemu:qtest+qtest-arm / qtest-arm/npcm_gmac-test                           ERROR             1.12s   killed by signal 6 SIGABRT
255/747 qemu:qtest+qtest-arm / qtest-arm/npcm7xx_emc-test                         ERROR             1.05s   killed by signal 6 SIGABRT
check-functional:
 22/203 qemu:func-thorough+func-arm-thorough+thorough / func-arm-arm_quanta_gsj                      ERROR             0.79s   exit status 1
 38/203 qemu:func-quick+func-aarch64 / func-aarch64-migration                                        ERROR             1.97s   exit status 1
 45/203 qemu:func-quick+func-arm / func-arm-migration                                                ERROR             1.90s   exit status 1
Fixes: cf76c4e174e1 ("hw/misc: Add nr_regs and cold_reset_values to NPCM CLK")
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Joelle van Dyne [Mon, 24 Feb 2025 18:41:23 +0000 (10:41 -0800)]
 
target/arm/hvf: sign extend the data for a load operation when SSE=1
In the syndrome value for a data abort, bit 21 is SSE, which is
set to indicate that the abort was on a sign-extending load. When
we handle the data abort from the guest via address_space_read(),
we forgot to handle this and so would return the wrong value if
the guest did a sign-extending load to an MMIO region. Add the
sign-extension of the returned data.
Cc: qemu-stable@nongnu.org
Signed-off-by: Joelle van Dyne <j@getutm.app>
Message-id: 
20250224184123.50780-1-j@getutm.app
[PMM: Drop an unnecessary check on 'len'; expand commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Joelle van Dyne [Mon, 24 Feb 2025 16:57:34 +0000 (08:57 -0800)]
 
target/arm/hvf: Disable SME feature
macOS 15.2's Hypervisor.framework exposes SME feature on M4 Macs.
However, QEMU's hvf accelerator code does not properly support it
yet, causing QEMU to fail to start when hvf accelerator is used on
these systems, with the error message:
  qemu-aarch64-softmmu: cannot disable sme4224
  All SME vector lengths are disabled.
  With SME enabled, at least one vector length must be enabled.
Ideally we would have SME support on these hosts; however, until that
point, we must suppress the SME feature in the ID registers, so that
users can at least run non-SME guests.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2665
Signed-off-by: Joelle van Dyne <j@getutm.app>
Message-id: 
20250224165735.36792-1-j@getutm.app
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: expanded commit message, comment]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 21 Feb 2025 19:09:56 +0000 (19:09 +0000)]
 
target/arm: Rename vfp_helper.c to vfp_fpscr.c
The vfp_helper.c in the target/arm directory now only has
code for handling FPSCR/FPCR/FPSR in it, and no helper
functions. Rename it to vfp_fpscr.c; this helps keep it
distinct from tcg/vfp_helper.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250221190957.811948-5-peter.maydell@linaro.org
Peter Maydell [Fri, 21 Feb 2025 19:09:55 +0000 (19:09 +0000)]
 
target/arm: Move softfloat specific FPCR/FPSR handling to tcg/
The softfloat (i.e. TCG) specific handling for the FPCR
and FPSR is abstracted behind five functions:
 arm_set_default_fp_behaviours
 arm_set_ah_fp_behaviours
 vfp_get_fpsr_from_host
 vfp_clear_float_status_exc_flags
 vfp_set_fpsr_to_host
Currently we rely on the first two calling softfloat functions that
work even in a KVM-only compile because they're defined as inline in
the softfloat header file, and we provide stub versions of the last
three in arm/vfp_helper.c if CONFIG_TCG isn't defined.
Move the softfloat-specific versions of these functions to
tcg/vfp_helper.c, and provide the non-TCG stub versions in
tcg-stubs.c.
This lets us drop the softfloat header include and the last
set of CONFIG_TCG ifdefs from arm/vfp_helper.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250221190957.811948-4-peter.maydell@linaro.org
Peter Maydell [Fri, 21 Feb 2025 19:09:54 +0000 (19:09 +0000)]
 
target/arm: Move FPSCR get/set helpers to tcg/vfp_helper.c
Currently the helper_vfp_get_fpscr() and helper_vfp_set_fpscr()
functions do the actual work of updating the FPSCR, and we have
wrappers vfp_get_fpscr() and vfp_set_fpscr() which we use for calls
from other QEMU C code.
Flip these around so that it is vfp_get_fpscr() and vfp_set_fpscr()
which do the actual work, and helper_vfp_get_fpscr() and
helper_vfp_set_fpscr() which are the wrappers; this allows us to move
them to tcg/vfp_helper.c.
Since this is the last HELPER() we had in arm/vfp_helper.c, we can
drop the include of helper-proto.h.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250221190957.811948-3-peter.maydell@linaro.org
Peter Maydell [Fri, 21 Feb 2025 19:09:53 +0000 (19:09 +0000)]
 
target/arm: Move TCG-only VFP code into tcg/ subdir
Most of the target/arm/vfp_helper.c file is purely TCG helper code,
guarded by #ifdef CONFIG_TCG.  Move this into a new file in
target/arm/tcg/.
This leaves only the code relating to getting and setting the
FPCR/FPSR/FPSCR in the original file. (Some of this also is
TCG-only, but that needs more careful disentangling.)
Having two vfp_helper.c files might seem a bit confusing,
but once we've finished moving all the helper code out
of the old file we are going to rename it to vfp_fpscr.c.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250221190957.811948-2-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Feb 2025 11:15:24 +0000 (11:15 +0000)]
 
fpu: Build only once
Now we have removed all the target-specifics from the softfloat code,
we can switch to building it once for the whole system rather than
once per target.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250224111524.
1101196-13-peter.maydell@linaro.org
Message-id: 
20250217125055.160887-11-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Feb 2025 11:15:23 +0000 (11:15 +0000)]
 
fpu: Don't compile-time disable hardfloat for PPC targets
We happen to know that for the PPC target the FP status flags (and in
particular float_flag_inexact) will always be cleared before a
floating point operation, and so can_use_fpu() will always return
false.  So we speed things up a little by forcing QEMU_NO_HARDFLOAT
to true on that target.
We would like to build softfloat once for all targets; that means
removing target-specific ifdefs.  Remove the check for TARGET_PPC;
this won't change behaviour because can_use_fpu() will see that
float_flag_inexact is clear and take the softfloat path anyway.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250224111524.
1101196-12-peter.maydell@linaro.org
Message-id: 
20250217125055.160887-10-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Feb 2025 11:15:22 +0000 (11:15 +0000)]
 
fpu: Always decide snan_bit_is_one() at runtime
Currently we have a compile-time shortcut where we return a hardcode
value from snan_bit_is_one() on everything except MIPS, because we
know that's the only target that needs to change
status->no_signaling_nans at runtime.
Remove the ifdef, so we always look at the status flag.  This means
we must update the two targets (HPPA and SH4) that were previously
hardcoded to return true so that they set the status flag correctly.
This has no behavioural change, but will be necessary if we want to
build softfloat once for all targets.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250224111524.
1101196-11-peter.maydell@linaro.org
Message-id: 
20250217125055.160887-9-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Feb 2025 11:15:21 +0000 (11:15 +0000)]
 
fpu: Always decide no_signaling_nans() at runtime
Currently we have a compile-time shortcut where we
return false from no_signaling_nans() on everything except
Xtensa, because we know that's the only target that
might ever set status->no_signaling_nans.
Remove the ifdef, so we always look at the status flag;
this has no behavioural change, but will be necessary
if we want to build softfloat once for all targets.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 
20250224111524.
1101196-10-peter.maydell@linaro.org
Message-id: 
20250217125055.160887-8-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Feb 2025 11:15:20 +0000 (11:15 +0000)]
 
fpu: Move m68k_denormal fmt flag into floatx80_behaviour
Currently we compile-time set an 'm68k_denormal' flag in the FloatFmt
for floatx80 for m68k.  This controls our handling of what the Intel
documentation calls a "pseudo-denormal": a value where the exponent
field is zero and the explicit integer bit is set.
For x86, the x87 FPU is supposed to accept a pseudo-denormal as
input, but never generate one on output.  For m68k, these values are
permitted on input and may be produced on output.
Replace the flag in the FloatFmt with a flag indicating whether the
float format has an explicit bit (which will be true for floatx80 for
all targets, and false for every other float type).  Then we can gate
the handling of these pseudo-denormals on the setting of a
floatx80_behaviour flag.
As far as I can see from the code we don't actually handle the
x86-mandated "accept on input but don't generate" behaviour, because
the handling in partsN(canonicalize) looked at fmt->m68k_denormal.
So I have added TODO comments to that effect.
This commit doesn't change any behaviour for any target.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 
20250224111524.
1101196-9-peter.maydell@linaro.org
Message-id: 
20250217125055.160887-7-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Feb 2025 11:15:19 +0000 (11:15 +0000)]
 
fpu: Make floatx80 invalid encoding settable at runtime
Because floatx80 has an explicit integer bit, this permits some
odd encodings where the integer bit is not set correctly for the
floating point value type. In In Intel terminology the
 categories are:
  exp == 0, int = 0, mantissa == 0 : zeroes
  exp == 0, int = 0, mantissa != 0 : denormals
  exp == 0, int = 1 : pseudo-denormals
  0 < exp < 0x7fff, int = 0 : unnormals
  0 < exp < 0x7fff, int = 1 : normals
  exp == 0x7fff, int = 0, mantissa == 0 : pseudo-infinities
  exp == 0x7fff, int = 1, mantissa == 0 : infinities
  exp == 0x7fff, int = 0, mantissa != 0 : pseudo-NaNs
  exp == 0x7fff, int = 1, mantissa == 0 : NaNs
The usual IEEE cases of zero, denormal, normal, inf and NaN are always valid.
x87 permits as input also pseudo-denormals.
m68k permits all those and also pseudo-infinities, pseudo-NaNs and unnormals.
Currently we have an ifdef in floatx80_invalid_encoding() to select
the x86 vs m68k behaviour.  Add new floatx80_behaviour flags to
select whether pseudo-NaN and unnormal are valid, and use these
(plus the existing pseudo_inf_valid flag) to decide whether these
encodings are invalid at runtime.
We leave pseudo-denormals as always-valid, since both x86 and m68k
accept them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 
20250224111524.
1101196-8-peter.maydell@linaro.org
Message-id: 
20250217125055.160887-6-peter.maydell@linaro.org
Peter Maydell [Mon, 24 Feb 2025 11:15:18 +0000 (11:15 +0000)]
 
fpu: Pass float_status to floatx80_invalid_encoding()
The definition of which floatx80 encodings are invalid is
target-specific.  Currently we handle this with an ifdef, but we
would like to defer this decision to runtime.  In preparation, pass a
float_status argument to floatx80_invalid_encoding().
We will change the implementation from ifdef to looking at
the status argument in the following commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 
20250224111524.
1101196-7-peter.maydell@linaro.org