Commit Graph

97419 Commits

Author SHA1 Message Date
Ilya Leoshkevich
13c59eb09b target/s390x: fix handling of zeroes in vfmin/vfmax
vfmin_res() / vfmax_res() are trying to check whether a and b are both
zeroes, but in reality they check that they are the same kind of zero.
This causes incorrect results when comparing positive and negative
zeroes.

Fixes: da4807527f ("s390x/tcg: Implement VECTOR FP (MAXIMUM|MINIMUM)")
Co-developed-by: Ulrich Weigand <ulrich.weigand@de.ibm.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220713182612.3780050-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-07-19 12:49:56 +02:00
Peter Maydell
b8bb9bbf46 ppc patch queue for 2022-07-18:
This is the last ppc patch queue before the soft freeze. It contains new
 TCG instructions and changes, a tricky bug fix in kvmppc_find_cpu_dt()
 and other enhancements/fixes.
 
 - tcg and target/ppc:
   - move instructions to decodetree
   - check for bad Radix configs
   - ISA 3.00 tlbie[l]
   - fix gen_*_exception error codes
   - check fortb_env != 0 when printing TBU/TBL/DECR
 - fix kvmppc_find_cpu_dt() returning the wrong CPU DT path when there's a
 'clock-frequency' property in the root node
 - spapr, e500: pass a random seed in /chosen/rng-seed
 - all boards: allocate IRQ lines with qdev_init_gpio_in()
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYtWWPgAKCRA82cqW3gMx
 ZOOwAQCNnCvmSP9pehzEeWGxu7JfPs75NlF7dwSYHBpYUxfz1wD+Lii9mhF4RYKv
 epHEh+sMfzUf28uijIq6uRVuDfehjgM=
 =VYC3
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20220718' of https://gitlab.com/danielhb/qemu into staging

ppc patch queue for 2022-07-18:

This is the last ppc patch queue before the soft freeze. It contains new
TCG instructions and changes, a tricky bug fix in kvmppc_find_cpu_dt()
and other enhancements/fixes.

- tcg and target/ppc:
  - move instructions to decodetree
  - check for bad Radix configs
  - ISA 3.00 tlbie[l]
  - fix gen_*_exception error codes
  - check fortb_env != 0 when printing TBU/TBL/DECR
- fix kvmppc_find_cpu_dt() returning the wrong CPU DT path when there's a
'clock-frequency' property in the root node
- spapr, e500: pass a random seed in /chosen/rng-seed
- all boards: allocate IRQ lines with qdev_init_gpio_in()

# gpg: Signature made Mon 18 Jul 2022 18:19:58 BST
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20220718' of https://gitlab.com/danielhb/qemu: (30 commits)
  target/ppc: Check page dir/table base alignment
  target/ppc: Improve Radix xlate level validation
  ppc: Check partition and process table alignment
  target/ppc: check tb_env != 0 before printing TBU/TBL/DECR
  target/ppc: Implement slbiag
  target/ppc: Move slbsync to decodetree
  target/ppc: Move slbfee to decodetree
  target/ppc: Move slbmfee to decodetree
  target/ppc: Move slbmfev to decodetree
  target/ppc: Move slbmte to decodetree
  target/ppc: Move slbia to decodetree
  target/ppc: Move slbieg to decodetree
  target/ppc: Move slbie to decodetree
  target/ppc: add macros to check privilege level
  target/ppc: receive DisasContext explicitly in GEN_PRIV
  target/ppc: Implement ISA 3.00 tlbie[l]
  target/ppc: Move tlbie[l] to decode tree
  target/ppc: fix exception error code in spr_write_excp_vector
  target/ppc: fix PMU Group A register read/write exceptions
  target/ppc: fix exception error code in helper_{load, store}_dcr
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 19:27:25 +01:00
Leandro Lupori
d2066bc50d target/ppc: Check page dir/table base alignment
According to PowerISA 3.1B, Book III 6.7.6 programming note, the
page directory base addresses are expected to be aligned to their
size. Real hardware seems to rely on that and will access the
wrong address if they are misaligned. This results in a
translation failure even if the page tables seem to be properly
populated.

Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220628133959.15131-4-leandro.lupori@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Leandro Lupori
47e83d9107 target/ppc: Improve Radix xlate level validation
Check if the number and size of Radix levels are valid on
POWER9/POWER10 CPUs, according to the supported Radix Tree
Configurations described in their User Manuals.

Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20220628133959.15131-3-leandro.lupori@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Leandro Lupori
3c2e80ad2f ppc: Check partition and process table alignment
Check if partition and process tables are properly aligned, in
their size, according to PowerISA 3.1B, Book III 6.7.6 programming
note. Hardware and KVM also raise an exception in these cases.

Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20220628133959.15131-2-leandro.lupori@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
3778aa970f target/ppc: check tb_env != 0 before printing TBU/TBL/DECR
When using "-machine none", env->tb_env is not allocated, causing the
segmentation fault reported in issue #85 (launchpad bug #811683). To
avoid this problem, check if the pointer != NULL before calling the
methods to print TBU/TBL/DECR.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/85
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220714172343.80539-1-matheus.ferst@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
491a25535c target/ppc: Implement slbiag
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-12-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
acc130cf1d target/ppc: Move slbsync to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-11-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
26d02c9d42 target/ppc: Move slbfee to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-10-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
41b60e46b8 target/ppc: Move slbmfee to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-9-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
74a153844e target/ppc: Move slbmfev to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-8-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
0b0ba40fd2 target/ppc: Move slbmte to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-7-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
2bfcb7a316 target/ppc: Move slbia to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-6-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
a1b05c0625 target/ppc: Move slbieg to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-5-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Lucas Coutinho
43507e47e1 target/ppc: Move slbie to decodetree
Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-4-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
fc34e81acd target/ppc: add macros to check privilege level
Equivalent to CHK_SV and CHK_HV, but can be used in decodetree methods.

Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-3-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
9f0cf04197 target/ppc: receive DisasContext explicitly in GEN_PRIV
GEN_PRIV and related CHK_* macros just assumed that variable named
"ctx" would be in scope when they are used, and that it would be a
pointer to DisasContext. Change these macros to receive the pointer
explicitly.

Reviewed-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br>
Message-Id: <20220701133507.740619-2-lucas.coutinho@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Leandro Lupori
e7beaea55b target/ppc: Implement ISA 3.00 tlbie[l]
This initial version supports the invalidation of one or all
TLB entries. Flush by PID/LPID, or based in process/partition
scope is not supported, because it would make using the
generic QEMU TLB implementation hard. In these cases, all
entries are flushed.

Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220712193741.59134-3-leandro.lupori@eldorado.org.br>
[danielhb: moved 'set' declaration to TLBIE_RIC_PWC block]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Leandro Lupori
016b6e1d9c target/ppc: Move tlbie[l] to decode tree
Also decode RIC, PRS and R operands.

Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220712193741.59134-2-leandro.lupori@eldorado.org.br>
[danielhb: mark bit 31 in @X_tlbie pattern as ignored]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
8e1fedf8ce target/ppc: fix exception error code in spr_write_excp_vector
The 'error' argument of gen_inval_exception will be or-ed with
POWERPC_EXCP_INVAL, so it should always be a constant prefixed with
POWERPC_EXCP_INVAL_. No functional change is intended,
spr_write_excp_vector is only used by register_BookE_sprs, and
powerpc_excp_booke ignores the lower 4 bits of the error code on
POWERPC_EXCP_INVAL exceptions.

Also, take the opportunity to replace printf with qemu_log_mask.

Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220627141104.669152-7-matheus.ferst@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
c35553b5e7 target/ppc: fix PMU Group A register read/write exceptions
A call to "gen_(hv)priv_exception" should use POWERPC_EXCP_PRIV_* as the
'error' argument instead of POWERPC_EXCP_INVAL_*, and POWERPC_EXCP_FU is
an exception type, not an exception error code. To correctly set
FSCR[IC], we should raise Facility Unavailable with this exception type
and IC value as the error code.

Fixes: 565cb10967 ("target/ppc: add user read/write functions for MMCR0")
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220627141104.669152-6-matheus.ferst@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
e898517985 target/ppc: fix exception error code in helper_{load, store}_dcr
POWERPC_EXCP_INVAL should only be or-ed with other constants prefixed
with POWERPC_EXCP_INVAL_. Also, take the opportunity to move both
helpers under #if !defined(CONFIG_USER_ONLY) as the instructions that
use them are privileged.

No functional change is intended, the lower 4 bits of the error code are
ignored by all powerpc_excp_* methods on POWERPC_EXCP_INVAL exceptions.

Reported-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220627141104.669152-5-matheus.ferst@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
b63fa8b98b target/ppc: remove mfdcrux and mtdcrux
The only PowerPC implementations with these insns were the 460 and 460F,
which had their definitions removed in [1].

[1] 7ff26aa6c6 ("target/ppc: Remove unused PPC 460 and 460F definitions")

Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Message-Id: <20220627141104.669152-4-matheus.ferst@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
efb23674d1 target/ppc: fix exception error value in slbfee
Testing on a POWER9 DD2.3, we observed that the Linux kernel delivers a
signal with si_code ILL_PRVOPC (5) when a userspace application tries to
use slbfee. To obtain this behavior on linux-user, we should use
POWERPC_EXCP_PRIV with POWERPC_EXCP_PRIV_OPC.

No functional change is intended for softmmu targets as
gen_hvpriv_exception uses the same 'exception' argument
(POWERPC_EXCP_HV_EMU) for raise_exception_*, and the powerpc_excp_*
methods do not use lower bits of the exception error code when handling
POWERPC_EXCP_{INVAL,PRIV}.

Reported-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220627141104.669152-3-matheus.ferst@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Matheus Ferst
1315eed69d target/ppc: Fix gen_priv_exception error value in mfspr/mtspr
The code in linux-user/ppc/cpu_loop.c expects POWERPC_EXCP_PRIV
exception with error POWERPC_EXCP_PRIV_OPC or POWERPC_EXCP_PRIV_REG,
while POWERPC_EXCP_INVAL_SPR is expected in POWERPC_EXCP_INVAL
exceptions. This mismatch caused an EXCP_DUMP with the message "Unknown
privilege violation (03)", as seen in [1].

[1] https://gitlab.com/qemu-project/qemu/-/issues/588

Fixes: 9b2fadda3e ("ppc: Rework generation of priv and inval interrupts")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/588
Reviewed-by: Fabiano Rosas <farosas@linux.ibm.com>
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Message-Id: <20220627141104.669152-2-matheus.ferst@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Murilo Opsfelder Araujo
1a42c69237 target/ppc/kvm: Skip current and parent directories in kvmppc_find_cpu_dt
Some systems have /proc/device-tree/cpus/../clock-frequency. However,
this is not the expected path for a CPU device tree directory.

Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com>
Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220712210810.35514-1-muriloo@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Jason A. Donenfeld
c4b075318e hw/ppc: pass random seed to fdt
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This is confirmed to successfully initialize the
RNG on Linux 5.19-rc6. The rng-seed node is part of the DT spec. Set
this on the paravirt platforms, spapr and e500, just as is done on other
architectures with paravirt hardware.

Cc: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220712135114.289855-1-Jason@zx2c4.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater
285c471f82 ppc: Remove unused irq_inputs
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-6-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater
5e66cd0c78 ppc/e500: Allocate IRQ lines with qdev_init_gpio_in()
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-5-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater
0f3e0c6fd3 ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in()
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-4-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater
47b60fc625 ppc/40x: Allocate IRQ lines with qdev_init_gpio_in()
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-3-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Cédric Le Goater
9fd0122e7d ppc64: Allocate IRQ lines with qdev_init_gpio_in()
This replaces the IRQ array 'irq_inputs' with GPIO lines, the goal
being to remove 'irq_inputs' when all CPUs have been converted.

Signed-off-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20220705145814.461723-2-clg@kaod.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-18 13:59:43 -03:00
Peter Maydell
7823789731 target-arm queue:
* hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
  * target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
  * target/arm: Fix aarch64_sve_change_el for SME
  * linux-user/aarch64: Do not clear PROT_MTE on mprotect
  * target/arm: Honour VTCR_EL2 bits in Secure EL2
  * hw/adc: Fix CONV bit in NPCM7XX ADC CON register
  * hw/adc: Make adci[*] R/W in NPCM7XX ADC
  * target/arm: Don't set syndrome ISS for loads and stores with writeback
  * Align Raspberry Pi DMA interrupts with Linux DTS
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmLVZwIZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3lDAD/9hS/LpOp7DG76lxDHX9JJy
 CAbPpEIMJ0RiV4eHz+ksOggv190Z8qS0BvZVOW8y9NmuSPDTgqL6sZE/4ULL3WtT
 wD4w8dBRACoNjEPhKUTfqVDSlb4q18JepnY/kIvBpde8qjXIYmR+uVO7O/Sx8HFM
 ij5ffWqTtCvCdEgAlKXPDsVA1EZ3phwCqSSgkAV5+mZwPeRMHRjQuHvigL0/DjiL
 JFIii2/sEgtHdLQE5tnrmNVjaGO8EXdkBwMzSLKOIWEjPeu/iyrhyQEzLnc40QwY
 ZQXXhUYgDOryPdzHwocPBce6y5Vkj5a8tMvmjJRhlSAXk9TBR0vT2SLfObd8yECp
 DSw2qUTmp2cOkUKQXttLIKa3RFgCDmFCQ1iwMiOI5undZhsfS8DC2inb4vJLjXPT
 XPbY1mqECSRKwOeLpKR1cNoRm2QSfXm+qVn5MKhiMULEsJeaI/tL8S208cj2dZZY
 3kwgQHVDJr2UywVlFnEZexY9pVWzVDpWXd+Ka0xzCTDYrrA0jCzh86V6Q62dQaSF
 AdObf+T83sL+Pj3g4WnNg2isulGtvnWUp8J1EPPWh/9+BvSAwT6jw0kr39wJFvxd
 UVznBeh3odN22xv9sx4UJgRPmozO/Xz9XRp/eHQnHe083m4m+apTz+eet1BBgxdb
 Y5ot0Os3iX58a7OsCOZmbA==
 =rQN2
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20220718' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
 * target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
 * target/arm: Fix aarch64_sve_change_el for SME
 * linux-user/aarch64: Do not clear PROT_MTE on mprotect
 * target/arm: Honour VTCR_EL2 bits in Secure EL2
 * hw/adc: Fix CONV bit in NPCM7XX ADC CON register
 * hw/adc: Make adci[*] R/W in NPCM7XX ADC
 * target/arm: Don't set syndrome ISS for loads and stores with writeback
 * Align Raspberry Pi DMA interrupts with Linux DTS

# gpg: Signature made Mon 18 Jul 2022 14:58:26 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20220718' of https://git.linaro.org/people/pmaydell/qemu-arm:
  Align Raspberry Pi DMA interrupts with Linux DTS
  target/arm: Don't set syndrome ISS for loads and stores with writeback
  hw/adc: Make adci[*] R/W in NPCM7XX ADC
  hw/adc: Fix CONV bit in NPCM7XX ADC CON register
  target/arm: Honour VTCR_EL2 bits in Secure EL2
  target/arm: Store TCR_EL* registers as uint64_t
  target/arm: Store VTCR_EL2, VSTCR_EL2 registers as uint64_t
  target/arm: Fix big-endian host handling of VTCR
  target/arm: Fold regime_tcr() and regime_tcr_value() together
  target/arm: Calculate mask/base_mask in get_level1_table_address()
  target/arm: Define and use new regime_tcr_value() function
  linux-user/aarch64: Do not clear PROT_MTE on mprotect
  target/arm: Fix aarch64_sve_change_el for SME
  target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
  hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 16:29:32 +01:00
Peter Maydell
20f5542396 qga-win32-pull-2022-07-18
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAmLVJGEACgkQ711egWG6
 hOfSKhAAmfCsl3G7NRuvYRISG1jFgwdAXDf4eh/iSXuZ5E6f1fXr3k9tCTOoYjIT
 7dEndIWqBju76bfpPfjZAwwMb9KQlUVHTmh+4y9rVjwJJg3OKs/cgwDNpRMW3NeP
 uCV1e1eT77GY773nz1Ucx9GS15oG2AFTq0JgKio2/0p0D48pdVbWFXpsx2Ap1qMY
 hGeonkvhJ2WkgJN8e/Ht6/woXM8FJ7u+vKVtiQevmaa8X4zOJnSVSgE2fRiHWAWi
 mB3uDszRPpXex0zmVB1r6K/2wRESzgu8Ps+X0vQXaHUXlaVmrAr/wt1wjSEbM2fD
 E/c2kntF06ncToYOL5a4t0zLeVQp6+B0UpuMj7iOxVguW1BNKMLld8LxPV6SemBV
 buDOMOYtDRLyGgNyWyi1ymFlAP2QF3PAS2OkmHkRIiVURDqlhafOaxosaUTiTbr+
 m969FT/S1VLbutp5aseNhOHWpiuxiviGLN5JXJcjlc4Wb9VPsNR6oPOHvHV7Kb0I
 9axPOTKNrwR9q01znvPST//0GgHlllvXLB/Ch6MruAdsLv+2yUjsmWl4FxBn+Les
 y8W/35h6evSauNOjH0Jpw7069MKPmZ+zajZbkZIqEdeUtxW1zKemXU4UP08JOUtp
 14M8tkN1KxJKNAyb4iFXaHIsRKmDTgJwp0PSU/BmgUrVy76nT70=
 =1zne
 -----END PGP SIGNATURE-----

Merge tag 'qga-win32-pull-2022-07-18' of github.com:kostyanf14/qemu into staging

qga-win32-pull-2022-07-18

# gpg: Signature made Mon 18 Jul 2022 10:14:09 BST
# gpg:                using RSA key C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423  EB84 EF5D 5E81 61BA 84E7

* tag 'qga-win32-pull-2022-07-18' of github.com:kostyanf14/qemu:
  MAINTAINERS: Add myself as Guest Agent co-maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 14:33:57 +01:00
Andrey Makarov
004c8a8bc5 Align Raspberry Pi DMA interrupts with Linux DTS
There is nothing in the specs on DMA engine interrupt lines: it should have
been in the "BCM2835 ARM Peripherals" datasheet but the appropriate
"ARM peripherals interrupt table" (p.113) is nearly empty.

All Raspberry Pi models 1-3 (based on bcm2835) have
Linux device tree (arch/arm/boot/dts/bcm2835-common.dtsi +25):

    /* dma channel 11-14 share one irq */

This information is repeated in the driver code
(drivers/dma/bcm2835-dma.c +1344):

    /*
     * in case of channel >= 11
     * use the 11th interrupt and that is shared
     */

In this patch channels 0--10 and 11--14 are handled separately.

Signed-off-by: Andrey Makarov <andrey.makarov@auriga.com>
Message-id: 20220716113210.349153-1-andrey.makarov@auriga.com
[PMM: fixed checkpatch nits]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:25:13 +01:00
Peter Maydell
53ae2fdef1 target/arm: Don't set syndrome ISS for loads and stores with writeback
The architecture requires that for faults on loads and stores which
do writeback, the syndrome information does not have the ISS
instruction syndrome information (i.e. ISV is 0).  We got this wrong
for the load and store instructions covered by disas_ldst_reg_imm9().
Calculate iss_valid correctly so that if the insn is a writeback one
it is false.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1057
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220715123323.1550983-1-peter.maydell@linaro.org
2022-07-18 13:20:14 +01:00
Hao Wu
99638ba9d8 hw/adc: Make adci[*] R/W in NPCM7XX ADC
Our sensor test requires both reading and writing from a sensor's
QOM property. So we need to make the input of ADC module R/W instead
of write only for that to work.

Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Titus Rwantare <titusr@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220714182836.89602-5-wuhaotsh@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:20:14 +01:00
Hao Wu
4a84e85413 hw/adc: Fix CONV bit in NPCM7XX ADC CON register
The correct bit for the CONV bit in NPCM7XX ADC is bit 13. This patch
fixes that in the module, and also lower the IRQ when the guest
is done handling an interrupt event from the ADC module.

Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture<venture@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220714182836.89602-4-wuhaotsh@google.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:20:14 +01:00
Peter Maydell
f04383e749 target/arm: Honour VTCR_EL2 bits in Secure EL2
In regime_tcr() we return the appropriate TCR register for the
translation regime.  For Secure EL2, we return the VSTCR_EL2 value,
but in this translation regime some fields that control behaviour are
in VTCR_EL2.  When this code was originally written (as the comment
notes), QEMU didn't care about any of those fields, but we have since
added support for features such as LPA2 which do need the values from
those fields.

Synthesize a TCR value by merging in the relevant VTCR_EL2 fields to
the VSTCR_EL2 value.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1103
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-8-peter.maydell@linaro.org
2022-07-18 13:20:14 +01:00
Peter Maydell
cb4a0a3444 target/arm: Store TCR_EL* registers as uint64_t
Change the representation of the TCR_EL* registers in the CPU state
struct from struct TCR to uint64_t.  This allows us to drop the
custom vmsa_ttbcr_raw_write() function, moving the "enforce RES0"
checks to their more usual location in the writefn
vmsa_ttbcr_write().  We also don't need the resetfn any more.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-7-peter.maydell@linaro.org
2022-07-18 13:20:13 +01:00
Peter Maydell
988cc1909f target/arm: Store VTCR_EL2, VSTCR_EL2 registers as uint64_t
Change the representation of the VSTCR_EL2 and VTCR_EL2 registers in
the CPU state struct from struct TCR to uint64_t.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-6-peter.maydell@linaro.org
2022-07-18 13:20:13 +01:00
Peter Maydell
afbb181c2d target/arm: Fix big-endian host handling of VTCR
We have a bug in our handling of accesses to the AArch32 VTCR
register on big-endian hosts: we were not adjusting the part of the
uint64_t field within TCR that the generated code would access.  That
can be done with offsetoflow32(), by using an ARM_CP_STATE_BOTH cpreg
struct, or by defining a full set of read/write/reset functions --
the various other TCR cpreg structs used one or another of those
strategies, but for VTCR we did not, so on a big-endian host VTCR
accesses would touch the wrong half of the register.

Use offsetoflow32() in the VTCR register struct.  This works even
though the field in the CPU struct is currently a struct TCR, because
the first field in that struct is the uint64_t raw_tcr.

None of the other TCR registers have this bug -- either they are
AArch64 only, or else they define resetfn, writefn, etc, and
expect to be passed the full struct pointer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-5-peter.maydell@linaro.org
2022-07-18 13:20:13 +01:00
Peter Maydell
c1547bba7e target/arm: Fold regime_tcr() and regime_tcr_value() together
The only caller of regime_tcr() is now regime_tcr_value(); fold the
two together, and use the shorter and more natural 'regime_tcr'
name for the new function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-4-peter.maydell@linaro.org
2022-07-18 13:20:13 +01:00
Peter Maydell
9e70e26c53 target/arm: Calculate mask/base_mask in get_level1_table_address()
In get_level1_table_address(), instead of using precalculated values
of mask and base_mask from the TCR struct, calculate them directly
(in the same way we currently do in vmsa_ttbcr_raw_write() to
populate the TCR struct fields).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-3-peter.maydell@linaro.org
2022-07-18 13:20:13 +01:00
Peter Maydell
dfce4aa8fe target/arm: Define and use new regime_tcr_value() function
The regime_tcr() function returns a pointer to a struct TCR
corresponding to the TCR controlling a translation regime.  The
struct TCR has the raw value of the register, plus two fields mask
and base_mask which are used as a small optimization in the case of
32-bit short-descriptor lookups.  Almost all callers of regime_tcr()
only want the raw register value.  Define and use a new
regime_tcr_value() function which returns only the raw 64-bit
register value.

This is a preliminary to removing the 32-bit short descriptor
optimization -- it only saves a handful of bit operations, which is
tiny compared to the overhead of doing a page table walk at all, and
the TCR struct is awkward and makes fixing
https://gitlab.com/qemu-project/qemu/-/issues/1103 unnecessarily
difficult.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220714132303.1287193-2-peter.maydell@linaro.org
2022-07-18 13:20:13 +01:00
Richard Henderson
7f2cf760fe linux-user/aarch64: Do not clear PROT_MTE on mprotect
The documentation for PROT_MTE says that it cannot be cleared
by mprotect.  Further, the implementation of the VM_ARCH_CLEAR bit,
contains PROT_BTI confiming that bit should be cleared.

Introduce PAGE_TARGET_STICKY to allow target/arch/cpu.h to control
which bits may be reset during page_set_flags.  This is sort of the
opposite of VM_ARCH_CLEAR, but works better with qemu's PAGE_* bits
that are separate from PROT_* bits.

Reported-by: Vitaly Buka <vitalybuka@google.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220711031420.17820-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:20:13 +01:00
Richard Henderson
6a775fd6e0 target/arm: Fix aarch64_sve_change_el for SME
We were only checking for SVE disabled and not taking into
account PSTATE.SM to check SME disabled, which resulted in
vectors being incorrectly truncated.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220713045848.217364-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:20:13 +01:00
Richard Henderson
6215113355 target/arm: Fill in VL for tbflags when SME enabled and SVE disabled
When PSTATE.SM, VL = SVL even if SVE is disabled.
This is visible in kselftest ssve-test.

Reported-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220713045848.217364-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-18 13:20:13 +01:00
Peter Maydell
9d5a9ae962 hw/intc/armv7m_nvic: ICPRn must not unpend an IRQ that is being held high
In the M-profile Arm ARM, rule R_CVJS defines when an interrupt should
be set to the Pending state:
 A) when the input line is high and the interrupt is not Active
 B) when the input line transitions from low to high and the interrupt
    is Active
(Note that the first of these is an ongoing condition, and the
second is a point-in-time event.)

This can be rephrased as:
 1 when the line goes from low to high, set Pending
 2 when Active goes from 1 to 0, if line is high then set Pending
 3 ignore attempts to clear Pending when the line is high
   and Active is 0

where 1 covers both B and one of the "transition into condition A"
cases, 2 deals with the other "transition into condition A"
possibility, and 3 is "don't drop Pending if we're already in
condition A".  Transitions out of condition A don't affect Pending
state.

We handle case 1 in set_irq_level(). For an interrupt (as opposed
to other kinds of exception) the only place where we clear Active
is in armv7m_nvic_complete_irq(), where we handle case 2 by
checking for whether we need to re-pend the exception. For case 3,
the only places where we clear Pending state on an interrupt are in
armv7m_nvic_acknowledge_irq() (where we are setting Active so it
doesn't count) and for writes to NVIC_ICPRn.

It is the "write to NVIC_ICPRn" case that we missed: we must ignore
this if the input line is high and the interrupt is not Active.
(This required behaviour is differently and perhaps more clearly
stated in the v7M Arm ARM, which has pseudocode in section B3.4.1
that implies it.)

Reported-by: Igor Kotrasiński <i.kotrasinsk@samsung.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220628154724.3297442-1-peter.maydell@linaro.org
2022-07-18 13:20:09 +01:00
Konstantin Kostiuk
e8cbe5842b MAINTAINERS: Add myself as Guest Agent co-maintainer
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Acked-by: Michael Roth <michael.roth@amd.com>
2022-07-18 11:56:09 +03:00