Commit Graph

5295 Commits

Author SHA1 Message Date
Roman Bolshakov
fe76b09c5b i386: hvf: Move mmio_buf into CPUX86State
There's no similar field in CPUX86State, but it's needed for MMIO traps.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-13-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:20:09 -04:00
Roman Bolshakov
577f02b890 i386: hvf: Move lazy_flags into CPUX86State
The lazy flags are still needed for instruction decoder.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-12-r.bolshakov@yadro.com>
[Move struct to target/i386/cpu.h - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:19:37 -04:00
Roman Bolshakov
167c6aef67 i386: hvf: Drop regs in HVFX86EmulatorState
HVFX86EmulatorState carries it's own copy of x86 registers. It can be
dropped in favor of regs in generic CPUX86State.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-11-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:15:03 -04:00
Roman Bolshakov
ea48ae9121 i386: hvf: Drop copy of RFLAGS defines
Use the ones provided in target/i386/cpu.h instead.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-10-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:15:02 -04:00
Roman Bolshakov
967f4da2af i386: hvf: Drop rflags from HVFX86EmulatorState
HVFX86EmulatorState carries it's own copy of x86 flags. It can be
dropped in favor of eflags in generic CPUX86State.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-9-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:15:02 -04:00
Roman Bolshakov
2d5f696cb7 i386: hvf: Drop fetch_rip from HVFX86EmulatorState
The field is used to print address of instructions that have no parser
in decode_invalid(). RIP from VMCS is saved into fetch_rip before
decoding starts but it's also saved into env->eip in load_regs().
Therefore env->eip can be used instead of fetch_rip.

While at it, correct address printed in decode_invalid(). It prints an
address before the unknown instruction.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-8-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:15:02 -04:00
Roman Bolshakov
5d32173fc3 i386: hvf: Use IP from CPUX86State
Drop and replace rip field from HVFX86EmulatorState in favor of eip from
common CPUX86State.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-7-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-06-12 11:15:02 -04:00
Roman Bolshakov
81ae3d0216 i386: hvf: Use ins_len to advance IP
There's no need to read VMCS twice, instruction length is already
available in ins_len.

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-6-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-06-12 11:15:02 -04:00
Roman Bolshakov
6345d7e2ae i386: hvf: Drop unused variable
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-5-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-06-12 11:15:01 -04:00
Roman Bolshakov
583ae161b1 i386: hvf: Drop useless declarations in sysemu
They're either declared elsewhere or have no use.

While at it, rename _hvf_cpu_synchronize_post_init() to
do_hvf_cpu_synchronize_post_init().

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-3-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-06-12 11:12:45 -04:00
Roman Bolshakov
24115348bd i386: hvf: Move HVFState definition into hvf
"sysemu/hvf.h" is intended for inclusion in generic code. However it
also contains several hvf definitions and declarations, including
HVFState that are used only inside "hvf.c". "hvf-i386.h" would be more
appropriate place to define HVFState as it's only included by "hvf.c"
and "x86_task.c".

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200528193758.51454-2-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:12:45 -04:00
Philippe Mathieu-Daudé
e89aac1acd target/ppc: Restrict PPCVirtualHypervisorClass to system-mode
The code related to PPC Virtual Hypervisor is pointless in user-mode.

Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200526172427.17460-5-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:12:45 -04:00
Joseph Myers
bc921b2711 target/i386: correct fix for pcmpxstrx substring search
This corrects a bug introduced in my previous fix for SSE4.2 pcmpestri
/ pcmpestrm / pcmpistri / pcmpistrm substring search, commit
ae35eea7e4.

That commit fixed a bug that showed up in four GCC tests with one libc
implementation.  The tests in question generate random inputs to the
intrinsics and compare results to a C implementation, but they only
test 1024 possible random inputs, and when the tests use the cases of
those instructions that work with word rather than byte inputs, it's
easy to have problematic cases that show up much less frequently than
that.  Thus, testing with a different libc implementation, and so a
different random number generator, showed up a problem with the
previous patch.

When investigating the previous test failures, I found the description
of these instructions in the Intel manuals (starting from computing a
16x16 or 8x8 set of comparison results) confusing and hard to match up
with the more optimized implementation in QEMU, and referred to AMD
manuals which described the instructions in a different way.  Those
AMD descriptions are very explicit that the whole of the string being
searched for must be found in the other operand, not running off the
end of that operand; they say "If the prototype and the SUT are equal
in length, the two strings must be identical for the comparison to be
TRUE.".  However, that statement is incorrect.

In my previous commit message, I noted:

  The operation in this case is a search for a string (argument d to
  the helper) in another string (argument s to the helper); if a copy
  of d at a particular position would run off the end of s, the
  resulting output bit should be 0 whether or not the strings match in
  the region where they overlap, but the QEMU implementation was
  wrongly comparing only up to the point where s ends and counting it
  as a match if an initial segment of d matched a terminal segment of
  s.  Here, "run off the end of s" means that some byte of d would
  overlap some byte outside of s; thus, if d has zero length, it is
  considered to match everywhere, including after the end of s.

The description "some byte of d would overlap some byte outside of s"
is accurate only when understood to refer to overlapping some byte
*within the 16-byte operand* but at or after the zero terminator; it
is valid to run over the end of s if the end of s is the end of the
16-byte operand.  So the fix in the previous patch for the case of d
being empty was correct, but the other part of that patch was not
correct (as it never allowed partial matches even at the end of the
16-byte operand).  Nor was the code before the previous patch correct
for the case of d nonempty, as it would always have allowed partial
matches at the end of s.

Fix with a partial revert of my previous change, combined with
inserting a check for the special case of s having maximum length to
determine where it is necessary to check for matches.

In the added test, test 1 is for the case of empty strings, which
failed before my 2017 patch, test 2 is for the bug introduced by my
2017 patch and test 3 deals with the case where a match of an initial
segment at the end of the string is not valid when the string ends
before the end of the 16-byte operand (that is, the case that would be
broken by a simple revert of the non-empty-string part of my 2017
patch).

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2006121344290.9881@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12 11:10:39 -04:00
Peter Maydell
77c9e078b4 Trivial branch pull request 20200610
Convert DPRINTF() to traces or qemu_logs
 Use IEC binary prefix definitions
 Use qemu_semihosting_log_out() in target/unicore32
 Some code and doc cleanup
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl7g21QSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L7484YgP/jxlYNoSz3574j//OWJQnaprEjpI0EWT
 MWkLb2sKnVAUyoJYLFGRuYl/aAOQvHqGcBUAsUzGWWUdq2HhTI1WlP1pIcxOodsm
 aM0X6UOhuRs7zQDqZHPLUYoNEb/hpxj7RP0pUgh1JXaWucPoCznyZImPLJKIwkDz
 bCS+H1HPRWc9IIb2wkMSfRMGy1gz+bP6Z/uaWLdwwWo/q2uoZ8LZVFmJ5owe5HPG
 eA6alLdG1ZDn8XvUZYUoRZENFRxAz/gDtX2S1e3huej582sBNxfwH65+Y9dMs1Bo
 FoihF1nKRjHejCyyO76QxkEuzgDxnw2w87WrEYBLUsWP1XeZfpb73wMO+1Z++IDL
 8oLYZv310wQv7LJtlmKFb4tlFWJ5DLqwV7J0L03zUQ6zgZRMzQiDlogvJiWMKvv9
 JLKQzUZsoKr9BjVUjYGO1PFW90koKDROHKM+ifBml8L1aIYbyOkq93b64qogik0L
 Vt7n5nPK8ATD0QzZSmwaQL7Fj2ATh6KRdA1CWya3i4YvP91p5o0n87+k0IMbOXgT
 aqB+d6nr8+CQDe6tudvmg8I45CV9uN9x4dnrKS+NVJrK/cogpOXiYovJ275FJkTE
 Cu77eOWFYgImVxScAI2qvmvNqEzaLS9pSRNfOqGVz0JiTb/rWIRSugz7cvHdgQ2U
 4OdHx1J3tupw
 =jkE3
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-5.1-pull-request' into staging

Trivial branch pull request 20200610

Convert DPRINTF() to traces or qemu_logs
Use IEC binary prefix definitions
Use qemu_semihosting_log_out() in target/unicore32
Some code and doc cleanup

# gpg: Signature made Wed 10 Jun 2020 14:08:36 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/trivial-branch-for-5.1-pull-request:
  semihosting: remove the pthread include which seems unused
  hw/openrisc/openrisc_sim: Add assertion to silence GCC warning
  target/unicore32: Prefer qemu_semihosting_log_out() over curses
  target/unicore32: Replace DPRINTF() by qemu_log_mask(GUEST_ERROR)
  target/unicore32: Remove unused headers
  target/i386/cpu: Use the IEC binary prefix definitions
  hw/i386/xen/xen-hvm: Use the IEC binary prefix definitions
  hw/hppa/dino: Use the IEC binary prefix definitions
  hw/arm/aspeed: Correct DRAM container region size
  qemu-img: Fix doc typo for 'bitmap' subcommand
  hw/misc/auxbus: Use qemu_log_mask(UNIMP) instead of debug printf
  hw/isa/apm: Convert debug printf()s to trace events
  hw/unicore32/puv3: Use qemu_log_mask(ERROR) instead of debug printf()
  .mailmap: Update Fred Konrad email address
  net: Do not include a newline in the id of -nic devices
  Fix parameter type in vhost migration log path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	.mailmap
2020-06-11 19:22:52 +01:00
Peter Maydell
470dd165d1 MIPS queue for June 9th, 2020
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJe37ZzAAoJENSXKoln91pl03oH/0bOnlYdWnOaw6Z0cVLAaqei
 ZRaW/T158VrNNuqqwVbUv5wtIo3EqFFfBFayaGat83leYw/C5fRVAi/2qgjDU7iy
 fW5AESIFcg1SQNu4bHdZLUE4nh7rknDNWcHbeK4qMll6P3wwAIv00Xiz2mrqF5tF
 v8vzWvgPE4xD5+aIH+HtLDTCrKYJ1NoC48AEmehYci2IkPvlQiqkGxu4Z3BATXxM
 L/JdsIAJ9UcIYaNtni01snAsYefLlY14VHN7CGDxNhAySGzDp44XzOMfszjmONTg
 EJhuHqIzEs44INgNkT322D61MK4W2k+PaMGP4ZYNJKo1J9qJ/+1UtK9ZhcC6fjg=
 =CCiQ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jun-09-2020' into staging

MIPS queue for June 9th, 2020

# gpg: Signature made Tue 09 Jun 2020 17:18:59 BST
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [full]
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-jun-09-2020:
  target/mips: Enable hardware page table walker and CMGCR features for P5600
  target/mips: Add Loongson-3 CPU definition
  target/mips: fpu: Refactor conversion from ieee to mips exception flags
  target/mips: fpu: Name better paired-single variables
  target/mips: fpu: Remove now unused FLOAT_RINT macro
  target/mips: fpu: Demacro RINT.<D|S>
  target/mips: fpu: Remove now unused FLOAT_CLASS macro
  target/mips: fpu: Demacro CLASS.<D|S>
  target/mips: fpu: Remove now unused UNFUSED_FMA and FLOAT_FMA macros
  target/mips: fpu: Demacro NMSUB.<D|S|PS>
  target/mips: fpu: Demacro NMADD.<D|S|PS>
  target/mips: fpu: Demacro MSUB.<D|S|PS>
  target/mips: fpu: Demacro MADD.<D|S|PS>
  target/mips: fpu: Remove now unused macro FLOAT_BINOP
  target/mips: fpu: Demacro DIV.<D|S|PS>
  target/mips: fpu: Demacro MUL.<D|S|PS>
  target/mips: fpu: Demacro SUB.<D|S|PS>
  target/mips: fpu: Demacro ADD.<D|S|PS>
  mailmap: Change email address of Stefan Brankovic
  mailmap: Change email address of Filip Bozuta

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-11 13:07:34 +01:00
Peter Maydell
c291aca63d Add non-overlapping groups
-----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAl7ftzkdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+N5Af9H2MaCN9Eka7VmHAd
 duob3PBkGsQ8jOCOtOQMVukkptkOk2cMycXlW77DJsVrjX3nzpJ6yZ52MH4WO0vn
 ddFeutkK4iaw+3mBQkEFaJC1H8GavuHz0dMK5NR3WtOvAnZ1eQyEbqFTkbMHJgFI
 TVyNUz3jfsqCLBDxEx8JU3v5dycMET3WKlvFP6aO2FnQNKBSZXnxTcd7eCN67KOs
 e+XmBvcsLuGp6fxrIrNFwakjy48jExytfMRdWVSDulC0ErUw9bV4fI9Z8kHV5ETd
 bL+q5ADFKvogEQeGW74+44zebtmgosO1GWDMfbSTjIdnUQrdAff+Y7huHateaXWs
 +FHszA==
 =Z5Ta
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-dt-20200609' into staging

Add non-overlapping groups

# gpg: Signature made Tue 09 Jun 2020 17:22:17 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-dt-20200609:
  target/arm: Use a non-overlapping group for misc control
  decodetree: Drop check for less than 2 patterns in a group
  tests/decode: Test non-overlapping groups
  decodetree: Implement non-overlapping groups
  decodetree: Move semantic propagation into classes
  decodetree: Allow group covering the entire insn space
  decodetree: Split out MultiPattern from IncMultiPattern
  decodetree: Rename MultiPattern to IncMultiPattern
  decodetree: Tidy error_with_file

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-11 11:20:39 +01:00
Joseph Myers
975af797f1 target/i386: fix IEEE x87 floating-point exception raising
Most x87 instruction implementations fail to raise the expected IEEE
floating-point exceptions because they do nothing to convert the
exception state from the softfloat machinery into the exception flags
in the x87 status word.  There is special-case handling of division to
raise the divide-by-zero exception, but that handling is itself buggy:
it raises the exception in inappropriate cases (inf / 0 and nan / 0,
which should not raise any exceptions, and 0 / 0, which should raise
"invalid" instead).

Fix this by converting the floating-point exceptions raised during an
operation by the softfloat machinery into exceptions in the x87 status
word (passing through the existing fpu_set_exception function for
handling related to trapping exceptions).  There are special cases
where some functions convert to integer internally but exceptions from
that conversion are not always correct exceptions for the instruction
to raise.

There might be scope for some simplification if the softfloat
exception state either could always be assumed to be in sync with the
state in the status word, or could always be ignored at the start of
each instruction and just set to 0 then; I haven't looked into that in
detail, and it might run into interactions with the various ways the
emulation does not yet handle trapping exceptions properly.  I think
the approach taken here, of saving the softfloat state, setting
exceptions there to 0 and then merging the old exceptions back in
after carrying out the operation, is conservatively safe.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005152120280.3469@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:51 -04:00
Like Xu
ea39f9b643 target/i386: define a new MSR based feature word - FEAT_PERF_CAPABILITIES
The Perfmon and Debug Capability MSR named IA32_PERF_CAPABILITIES is
a feature-enumerating MSR, which only enumerates the feature full-width
write (via bit 13) by now which indicates the processor supports IA32_A_PMCx
interface for updating bits 32 and above of IA32_PMCx.

The existence of MSR IA32_PERF_CAPABILITIES is enumerated by CPUID.1:ECX[15].

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: qemu-devel@nongnu.org
Signed-off-by: Like Xu <like.xu@linux.intel.com>
Message-Id: <20200529074347.124619-5-like.xu@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:47 -04:00
Julio Faracco
20c8fa2ec7 i386: Remove unused define's from hax and hvf
Commit acb9f95a removed boundary checks for ID and VCPU ID. After that,
the max definitions of that boundaries are not required anymore. This
commit is only a code cleanup.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
Message-Id: <20200323200538.202164-1-jcfaracco@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:47 -04:00
Cathy Zhang
353f98c9ad x86/cpu: Enable AVX512_VP2INTERSECT cpu feature
AVX512_VP2INTERSECT compute vector pair intersection to a pair
of mask registers, which is introduced with intel Tiger Lake,
defining as CPUID.(EAX=7,ECX=0):EDX[bit 08].

Refer to the following release spec:
https://software.intel.com/sites/default/files/managed/c5/15/\
architecture-instruction-set-extensions-programming-reference.pdf

Signed-off-by: Cathy Zhang <cathy.zhang@intel.com>
Message-Id: <1586760758-13638-1-git-send-email-cathy.zhang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:27 -04:00
Joseph Myers
c8af85b10c target/i386: fix fisttpl, fisttpll handling of out-of-range values
The fist / fistt family of instructions should all store the most
negative integer in the destination format when the rounded /
truncated integer result is out of range or the input is an invalid
encoding, infinity or NaN.  The fisttpl and fisttpll implementations
(32-bit and 64-bit results, truncate towards zero) failed to do this,
producing the most positive integer in some cases instead.  Fix this
by copying the code used to handle this issue for fistpl and fistpll,
adjusted to use the _round_to_zero functions for the actual
conversion (but without any other changes to that code).

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005152119160.3469@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:26 -04:00
Joseph Myers
374ff4d0a3 target/i386: fix fbstp handling of out-of-range values
The fbstp implementation fails to check for out-of-range and invalid
values, instead just taking the result of conversion to int64_t and
storing its sign and low 18 decimal digits.  Fix this by checking for
an out-of-range result (invalid conversions always result in INT64_MAX
or INT64_MIN from the softfloat code, which are large enough to be
considered as out-of-range by this code) and storing the packed BCD
indefinite encoding in that case.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005132351110.11687@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:25 -04:00
Joseph Myers
18c53e1e73 target/i386: fix fbstp handling of negative zero
The fbstp implementation stores +0 when the rounded result should be
-0 because it compares an integer value with 0 to determine the sign.
Fix this by checking the sign bit of the operand instead.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005132350230.11687@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:25 -04:00
Joseph Myers
34b9cc076f target/i386: fix fxam handling of invalid encodings
The fxam implementation does not check for invalid encodings, instead
treating them like NaN or normal numbers depending on the exponent.
Fix it to check that the high bit of the significand is set before
treating an encoding as NaN or normal, thus resulting in correct
handling (all of C0, C2 and C3 cleared) for invalid encodings.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005132349311.11687@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:24 -04:00
Joseph Myers
80b4008c80 target/i386: fix floating-point load-constant rounding
The implementations of the fldl2t, fldl2e, fldpi, fldlg2 and fldln2
instructions load fixed constants independent of the rounding mode.
Fix them to load a value correctly rounded for the current rounding
mode (but always rounded to 64-bit precision independent of the
precision control, and without setting "inexact") as specified.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <alpine.DEB.2.21.2005132348310.11687@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:24 -04:00
Joseph Myers
c535d68755 target/i386: fix fscale handling of rounding precision
The fscale implementation uses floatx80_scalbn for the final scaling
operation.  floatx80_scalbn ends up rounding the result using the
dynamic rounding precision configured for the FPU.  But only a limited
set of x87 floating-point instructions are supposed to respect the
dynamic rounding precision, and fscale is not in that set.  Fix the
implementation to save and restore the rounding precision around the
call to floatx80_scalbn.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005070045430.18350@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:21 -04:00
Joseph Myers
c1c5fb8f90 target/i386: fix fscale handling of infinite exponents
The fscale implementation passes infinite exponents through to generic
code that rounds the exponent to a 32-bit integer before using
floatx80_scalbn.  In round-to-nearest mode, and ignoring exceptions,
this works in many cases.  But it fails to handle the special cases of
scaling 0 by a +Inf exponent or an infinity by a -Inf exponent, which
should produce a NaN, and because it produces an inexact result for
finite nonzero numbers being scaled, the result is sometimes incorrect
in other rounding modes.  Add appropriate handling of infinite
exponents to produce a NaN or an appropriately signed exact zero or
infinity as a result.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005070045010.18350@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:18 -04:00
Joseph Myers
b40eec96b2 target/i386: fix fscale handling of invalid exponent encodings
The fscale implementation does not check for invalid encodings in the
exponent operand, thus treating them like INT_MIN (the value returned
for invalid encodings by floatx80_to_int32_round_to_zero).  Fix it to
treat them similarly to signaling NaN exponents, thus generating a
quiet NaN result.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005070044190.18350@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:17 -04:00
Joseph Myers
0d48b43632 target/i386: fix fscale handling of signaling NaN
The implementation of the fscale instruction returns a NaN exponent
unchanged.  Fix it to return a quiet NaN when the provided exponent is
a signaling NaN.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Message-Id: <alpine.DEB.2.21.2005070043330.18350@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:17 -04:00
Joseph Myers
c415f2c582 target/i386: implement special cases for fxtract
The implementation of the fxtract instruction treats all nonzero
operands as normal numbers, so yielding incorrect results for invalid
formats, infinities, NaNs and subnormal and pseudo-denormal operands.
Implement appropriate handling of all those cases.

Signed-off-by: Joseph Myers <joseph@codesourcery.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <alpine.DEB.2.21.2005070042360.18350@digraph.polyomino.org.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:16 -04:00
Pan Nengyuan
2a69314258 i386/kvm: fix a use-after-free when vcpu plug/unplug
When we hotplug vcpus, cpu_update_state is added to vm_change_state_head
in kvm_arch_init_vcpu(). But it forgot to delete in kvm_arch_destroy_vcpu() after
unplug. Then it will cause a use-after-free access. This patch delete it in
kvm_arch_destroy_vcpu() to fix that.

Reproducer:
    virsh setvcpus vm1 4 --live
    virsh setvcpus vm1 2 --live
    virsh suspend vm1
    virsh resume vm1

The UAF stack:
==qemu-system-x86_64==28233==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e00002e798 at pc 0x5573c6917d9e bp 0x7fff07139e50 sp 0x7fff07139e40
WRITE of size 1 at 0x62e00002e798 thread T0
    #0 0x5573c6917d9d in cpu_update_state /mnt/sdb/qemu/target/i386/kvm.c:742
    #1 0x5573c699121a in vm_state_notify /mnt/sdb/qemu/vl.c:1290
    #2 0x5573c636287e in vm_prepare_start /mnt/sdb/qemu/cpus.c:2144
    #3 0x5573c6362927 in vm_start /mnt/sdb/qemu/cpus.c:2150
    #4 0x5573c71e8304 in qmp_cont /mnt/sdb/qemu/monitor/qmp-cmds.c:173
    #5 0x5573c727cb1e in qmp_marshal_cont qapi/qapi-commands-misc.c:835
    #6 0x5573c7694c7a in do_qmp_dispatch /mnt/sdb/qemu/qapi/qmp-dispatch.c:132
    #7 0x5573c7694c7a in qmp_dispatch /mnt/sdb/qemu/qapi/qmp-dispatch.c:175
    #8 0x5573c71d9110 in monitor_qmp_dispatch /mnt/sdb/qemu/monitor/qmp.c:145
    #9 0x5573c71dad4f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu/monitor/qmp.c:234

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200513132630.13412-1-pannengyuan@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:10:01 -04:00
WangBowen
34a0950605 hax: Dynamic allocate vcpu state structure
Dynamic allocating vcpu state structure according to smp value to be
more precise and safe. Previously it will alloccate array of fixed size
HAX_MAX_VCPU.

This is achieved by using g_new0 to dynamic allocate the array. The
allocated size is obtained from smp.max_cpus in MachineState. Also, the
size is compared with HAX_MAX_VCPU when creating the vm. The reason for
choosing dynamic array over linked list is because the status is visited
by index all the time.

This will lead to QEMU checking whether the smp value is larger than the
HAX_MAX_VCPU when creating vm, if larger, the process will terminate,
otherwise it will allocate array of size smp to store the status.

V2: Check max_cpus before open vm. (Philippe)

Signed-off-by: WangBowen <bowen.wang@intel.com>
Signed-off-by: Colin Xu <colin.xu@intel.com>
Message-Id: <20200509035952.187615-1-colin.xu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:59 -04:00
Philippe Mathieu-Daudé
da278d58a0 accel: Move Xen accelerator code under accel/xen/
This code is not related to hardware emulation.
Move it under accel/ with the other hypervisors.

Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200508100222.7112-1-philmd@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:56 -04:00
Liran Alon
73b994f6d7 i386/cpu: Store LAPIC bus frequency in CPU structure
No functional change.
This information will be used by following patches.

Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200312165431.82118-15-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:52 -04:00
Janne Grunau
2dfbea1a87 target/i386: fix phadd* with identical destination and source register
Detected by asm test suite failures in dav1d
(https://code.videolan.org/videolan/dav1d). Can be reproduced by
`qemu-x86_64 -cpu core2duo ./tests/checkasm --test=mc_8bpc 1659890620`.

Signed-off-by: Janne Grunau <j@jannau.net>
Message-Id: <20200401225253.30745-1-j@jannau.net>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:42 -04:00
Babu Moger
cac9edfc4d target/i386: Fix the CPUID leaf CPUID_Fn80000008
CPUID leaf CPUID_Fn80000008_ECX provides information about the
number of threads supported by the processor. It was found that
the field ApicIdSize(bits 15-12) was not set correctly.

ApicIdSize is defined as the number of bits required to represent
all the ApicId values within a package.

Valid Values: Value Description
3h-0h		Reserved.
4h		up to 16 threads.
5h		up to 32 threads.
6h		up to 64 threads.
7h		up to 128 threads.
Fh-8h		Reserved.

Fix the bit appropriately.

This came up during following thread.
https://lore.kernel.org/qemu-devel/158643709116.17430.15995069125716778943.malonedeb@wampee.canonical.com/#t

Refer the Processor Programming Reference (PPR) for AMD Family 17h
Model 01h, Revision B1 Processors. The documentation is available
from the bugzilla Link below.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537

Reported-by: Philipp Eppelt <1871842@bugs.launchpad.net>
Signed-off-by: Babu Moger <babu.moger@amd.com>
Message-Id: <20200417215345.64800.73351.stgit@localhost.localdomain>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:42 -04:00
Philippe Mathieu-Daudé
ce8540fde2 target/i386: Fix OUTL debug output
Fix OUTL instructions incorrectly displayed as OUTW.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200517110147.26026-1-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10 12:09:35 -04:00
Philippe Mathieu-Daudé
c7a856b42e target/unicore32: Prefer qemu_semihosting_log_out() over curses
Use the common API for semihosting logging.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200603123754.19059-4-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:58:53 +02:00
Philippe Mathieu-Daudé
7a7b663234 target/unicore32: Replace DPRINTF() by qemu_log_mask(GUEST_ERROR)
Replace disabled DPRINTF() by qemu_log_mask(GUEST_ERROR).

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200603123754.19059-3-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:58:53 +02:00
Philippe Mathieu-Daudé
c421f81826 target/unicore32: Remove unused headers
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200603123754.19059-2-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:58:53 +02:00
Philippe Mathieu-Daudé
3fb79344bd target/i386/cpu: Use the IEC binary prefix definitions
IEC binary prefixes ease code review: the unit is explicit.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200601142930.29408-9-f4bug@amsat.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-09 19:58:53 +02:00
Richard Henderson
d6084fba47 target/arm: Use a non-overlapping group for misc control
The miscellaneous control instructions are mutually exclusive
within the t32 decode sub-group.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-09 09:21:19 -07:00
Andrea Oliveri
6db06115d2 target/mips: Enable hardware page table walker and CMGCR features for P5600
Enable hardware page table walker and CMGCR features for P5600 that
supports both.

Signed-off-by: Andrea Oliveri <oliveriandrea@gmail.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <de5adcb9fd0dd607b98026f4bfb34205432b6002.camel@gmail.com>
2020-06-09 17:32:45 +02:00
Huacai Chen
af868995e1 target/mips: Add Loongson-3 CPU definition
Loongson-3 CPU family include Loongson-3A R1/R2/R3/R4 and Loongson-3B
R1/R2. Loongson-3A R1 is the oldest and its ISA is the smallest, while
Loongson-3A R4 is the newest and its ISA is almost the superset of all
others. To reduce complexity, we just define two CPU types:

1) "Loongson-3A1000" CPU which is corresponding to Loongson-3A R1. It is
   suitable for TCG because Loongson-3A R1 has fewest ASE.
2) "Loongson-3A4000" CPU which is corresponding to Loongson-3A R4. It is
   suitable for KVM because Loongson-3A R4 has the VZ ASE.

Loongson-3A has CONFIG6 and CONFIG7, so add their bit-fields as well.

[AM: Rearranged insn_flags, added comments, renamed lmi_helper.c,
improved commit message, fixed checkpatch warnings]

Signed-off-by: Huacai Chen <chenhc@lemote.com>
Co-developed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <1591065557-9174-3-git-send-email-chenhc@lemote.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
9579f78168 target/mips: fpu: Refactor conversion from ieee to mips exception flags
The original coversion function is used for regular and MSA floating
point instructions handling. Since there are some nuanced differences
between regular and MSA floating point exception handling, provide two
instances of the conversion function, rather than just a single common
one. Inline both instances of this function instances for the sake of
performance. Improve variable naming in surrounding code for clarity.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-17-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
485cd2e4ce target/mips: fpu: Name better paired-single variables
Use consistently 'l' and 'h' for low and high halves.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-16-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
bdbe48db40 target/mips: fpu: Remove now unused FLOAT_RINT macro
After demacroing RINT.<D|S>, this macro is not needed anymore.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-15-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
728e424690 target/mips: fpu: Demacro RINT.<D|S>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-14-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
6971a1b970 target/mips: fpu: Remove now unused FLOAT_CLASS macro
After demacroing CLASS.<D|S>, this macro is not needed anymore.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-13-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
0bd99ac77c target/mips: fpu: Demacro CLASS.<D|S>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-12-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
32574f1d1c target/mips: fpu: Remove now unused UNFUSED_FMA and FLOAT_FMA macros
After demacroing <MADD|MSUB|NMADD|NMSUB>.<D|S|PS>, these macros
are not needed anymore.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-11-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
5c591e2259 target/mips: fpu: Demacro NMSUB.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-10-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
0278586d60 target/mips: fpu: Demacro NMADD.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-9-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
faec75244c target/mips: fpu: Demacro MSUB.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-8-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
16734cc1da target/mips: fpu: Demacro MADD.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-7-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
8248c9c5b2 target/mips: fpu: Remove now unused macro FLOAT_BINOP
After demacroing <ADD|SUB|MUL|DIV>.<D|S|PS>, this macro is not
needed anymore.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-6-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
bcca8c4b1a target/mips: fpu: Demacro DIV.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-5-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
11811198ef target/mips: fpu: Demacro MUL.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-4-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
92ebdd7fa4 target/mips: fpu: Demacro SUB.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-3-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Aleksandar Markovic
1ace099f2a target/mips: fpu: Demacro ADD.<D|S|PS>
This is just a cosmetic change to enable tools like gcov, gdb,
callgrind, etc. to better display involved source code.

Reviewed-by: Aleksandar Rikalo <aleksandar.rikalo@syrmia.com>
Signed-off-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Message-Id: <20200518200920.17344-2-aleksandar.qemu.devel@gmail.com>
2020-06-09 17:32:45 +02:00
Philippe Mathieu-Daudé
86e8c353f7 target/sparc/int32_helper: Extract and use excp_name_str()
Improve exception error report:

Before:

  qemu: fatal: Trap 0x06 while interrupts disabled, Error state

After:

  qemu: fatal: Trap 0x06 (Window Underflow) while interrupts disabled, Error state

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-8-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Philippe Mathieu-Daudé
304c1c8aa5 target/sparc/int32_helper: Remove DEBUG_PCALL definition
We define DEBUG_PCALL since b884fc5e (2012-10-06).
7.5 years later it is safe to assume we can remove it :)

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: KONRAD Frederic <frederic.konrad@adacore.com>
Message-Id: <20200331105048.27989-7-f4bug@amsat.org>
2020-06-09 09:21:10 +02:00
Peter Maydell
49ee115552 linux-user pull request 20200605-v2
Implement F_OFD_ fcntl() command, /proc/cpuinfo for hppa
 Fix socket(), prnctl() error codes, underflow in target_mremap,
     epoll_create() strace, oldumount for alpha
 User-mode build dependencies improvement
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl7blvgSHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748Nf0P/1QF1Y4A2I/SI53TksSWS55wlWCfV/wd
 SXUSjTmM1W4Y/tKScwkjooClYeVV59Ie5VL7WMdLO0YGxTQC7jqBONHAuaxSb4ky
 qNI5pvW0fpfl4i1ThC7XIlihOn49WlzEczTZqLRMuOh28nr3gJQCWweo/QIQoyUl
 KNcCLgQiY3raBi7nykC26dRc8DvV6sSu+qcoTk8A0FRbEfUDf+sj/njY3Xh8AZN7
 FAn4iscV/UIAnGM6VGQzGfUHfBBL28rkmg/++oQrnvnH8blx0O1NrdDsgiHuKT7P
 /OC4tzpp6IkBzOy+sL3V/QdjKoxmMPadDj39rGLnZTQ6GZFXRZgVckknVdupTZD6
 77lmnvbQMKmsKJWwn8zrd3RtwG2L6tWHgm16ZUXXaU+lFDa/xn55o4KnMdgZXEGP
 +7EHf2IfkZfiFmblBWiJi7OMg2wzSDQaAIBTMr43nJfDwZUvKGnAHccuVLQitpGe
 4dRN6lCT0K1h6WwNhLRH/Fqqhi9vN7o3sSUQVm128XzYOOPDRyau/R4F1AQNbNdU
 +ZyrZqSvQxSxH0VNeu5wHRiwOym3bFJTVmGd5cWMzXs1kb+vmMG5ZjGBfxFr6gbC
 9bVwDMxJ9vU5ExIZfUg4J/dOtWccJuADj11QPDcm8et3Tbqy1iiV9Py2k5IsIgqM
 BCsqBl3i+ekz
 =5q4d
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.1-pull-request' into staging

linux-user pull request 20200605-v2

Implement F_OFD_ fcntl() command, /proc/cpuinfo for hppa
Fix socket(), prnctl() error codes, underflow in target_mremap,
    epoll_create() strace, oldumount for alpha
User-mode build dependencies improvement

# gpg: Signature made Sat 06 Jun 2020 14:15:36 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-5.1-pull-request:
  stubs: Restrict ui/win32-kbd-hook to system-mode
  hw/core: Restrict CpuClass::get_crash_info() to system-mode
  target/s390x: Restrict CpuClass::get_crash_info() to system-mode
  target/i386: Restrict CpuClass::get_crash_info() to system-mode
  arch_init: Remove unused 'qapi-commands-misc.h' include
  exec: Assert CPU migration is not used on user-only build
  target/riscv/cpu: Restrict CPU migration to system-mode
  stubs/Makefile: Reduce the user-mode object list
  util/Makefile: Reduce the user-mode object list
  tests/Makefile: Restrict some softmmu-only tests
  tests/Makefile: Only display TCG-related tests when TCG is available
  configure: Avoid building TCG when not needed
  Makefile: Only build virtiofsd if system-mode is enabled
  linux-user: implement OFD locks
  linux-user/mmap.c: fix integer underflow in target_mremap
  linux-user/strace.list: fix epoll_create{,1} -strace output
  linux-user: Add support for /proc/cpuinfo on hppa platform
  linux-user: return target error codes for socket() and prctl()
  linux-user, alpha: fix oldumount syscall

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-08 11:04:57 +01:00
Peter Maydell
5a922419fe target-arm queue:
hw/ssi/imx_spi: Handle tx burst lengths other than 8 correctly
  hw/input/pxa2xx_keypad: Replace hw_error() by qemu_log_mask()
  hw/arm/pxa2xx: Replace printf() call by qemu_log_mask()
  target/arm: Convert crypto insns to gvec
  hw/adc/stm32f2xx_adc: Correct memory region size and access size
  tests/acceptance: Add a boot test for the xlnx-versal-virt machine
  docs/system: Document Aspeed boards
  raspi: Add model of the USB controller
  target/arm: Convert 2-reg-and-shift and 1-reg-imm Neon insns to decodetree
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl7ad2cZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gWhD/4q680AQzGxQrPclC7fPM0M
 pdgmfXWvL5EpbVYDsERjmQU7pYZ0D7vPy2+dRsKsI/V219RC/b+FttbO9UG0gGxy
 KBHQ2AHfv7QPdLcpXTQOVxfhEBiSU9Ij6Gi8YEF5aPhC8FaGZPMSuum97fWBqOfV
 zcFps9gT39HNQvwzdqeY+dJ8zcwNLw5ssGYjuh/7pcEWC+i622O9t7aO88ZNIhL+
 rz/zD6YUGhtgXPgowzy7DjFZbPFzxXQpvHGJ6vTBZCIA2/66vqFE3Nf99IJlKtNs
 APtYqAVKJ6JCyqlw5xTjL4rO/9rXnb98kruxJaLb7XJpB41Jfyap+Cn5WrxZ91mw
 QsXL2AtOePQsLCLutDGbXj+9nZ2Ps3tjzRX/50KyqQXJDSsgYK6NQillMWrKzYKe
 agNtSRw2100kKh6/31OL5UnaAD3LUiayu6q3DA4jNYryKuRXI2lNJdl9bvsY3vmn
 G8IoFIirH5L5rUqVx/HgMLkur9IH60YkCGGzaLPBCwC2FIPT8Z9YoPYSY0aXicKd
 YBgEVWs9yzXgOYc0Nli9HzIqNw3diAezZfZxs/hOFoE1S+n9L9VeEBTXnhw4kXDN
 nHyIUhSR0DuCd7M6OqOgebkyyR8iwIl6gZta0UmbuWb5hSIQnt5Ero5G85prAI9L
 8vUbk/xJGnTfQ/RZmjVKRA==
 =rGLT
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200605' into staging

target-arm queue:
 hw/ssi/imx_spi: Handle tx burst lengths other than 8 correctly
 hw/input/pxa2xx_keypad: Replace hw_error() by qemu_log_mask()
 hw/arm/pxa2xx: Replace printf() call by qemu_log_mask()
 target/arm: Convert crypto insns to gvec
 hw/adc/stm32f2xx_adc: Correct memory region size and access size
 tests/acceptance: Add a boot test for the xlnx-versal-virt machine
 docs/system: Document Aspeed boards
 raspi: Add model of the USB controller
 target/arm: Convert 2-reg-and-shift and 1-reg-imm Neon insns to decodetree

# gpg: Signature made Fri 05 Jun 2020 17:48:39 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200605: (29 commits)
  target/arm: Convert Neon one-register-and-immediate insns to decodetree
  target/arm: Convert VCVT fixed-point ops to decodetree
  target/arm: Convert Neon VSHLL, VMOVL to decodetree
  target/arm: Convert Neon narrowing shifts with op==9 to decodetree
  target/arm: Convert Neon narrowing shifts with op==8 to decodetree
  target/arm: Convert VQSHLU, VQSHL 2-reg-shift insns to decodetree
  target/arm: Convert Neon VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree
  target/arm: Convert Neon VSHR 2-reg-shift insns to decodetree
  target/arm: Convert Neon VSHL and VSLI 2-reg-shift insn to decodetree
  raspi2 acceptance test: add test for dwc-hsotg (dwc2) USB host
  wire in the dwc-hsotg (dwc2) USB host controller emulation
  usb: add short-packet handling to usb-storage driver
  dwc-hsotg (dwc2) USB host controller emulation
  dwc-hsotg (dwc2) USB host controller state definitions
  dwc-hsotg (dwc2) USB host controller register definitions
  raspi: add BCM2835 SOC MPHI emulation
  docs/system: Document Aspeed boards
  tests/acceptance: Add a boot test for the xlnx-versal-virt machine
  hw/adc/stm32f2xx_adc: Correct memory region size and access size
  target/arm: Split helper_crypto_sm3tt
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 23:31:31 +01:00
Philippe Mathieu-Daudé
6b4bf66e33 target/s390x: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200522172510.25784-12-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-05 21:23:22 +02:00
Philippe Mathieu-Daudé
b75c990080 target/i386: Restrict CpuClass::get_crash_info() to system-mode
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200522172510.25784-11-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-05 21:23:22 +02:00
Philippe Mathieu-Daudé
0c4e99317a target/riscv/cpu: Restrict CPU migration to system-mode
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200522172510.25784-8-philmd@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-05 21:23:22 +02:00
Peter Maydell
2c35a39eda target/arm: Convert Neon one-register-and-immediate insns to decodetree
Convert the insns in the one-register-and-immediate group to decodetree.

In the new decode, our asimd_imm_const() function returns a 64-bit value
rather than a 32-bit one, which means we don't need to treat cmode=14 op=1
as a special case in the decoder (it is the only encoding where the two
halves of the 64-bit value are different).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-10-peter.maydell@linaro.org
2020-06-05 17:23:10 +01:00
Peter Maydell
3da26f1171 target/arm: Convert VCVT fixed-point ops to decodetree
Convert the VCVT fixed-point conversion operations in the
Neon 2-regs-and-shift group to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-9-peter.maydell@linaro.org
2020-06-05 17:23:10 +01:00
Peter Maydell
968bf84274 target/arm: Convert Neon VSHLL, VMOVL to decodetree
Convert the VSHLL and VMOVL insns from the 2-reg-shift group
to decodetree. Since the loop always has two passes, we unroll
it to avoid the awkward reassignment of one TCGv to another.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-8-peter.maydell@linaro.org
2020-06-05 17:23:10 +01:00
Peter Maydell
b4a3a77bb7 target/arm: Convert Neon narrowing shifts with op==9 to decodetree
Convert the remaining Neon narrowing shifts to decodetree:
  * VQSHRN
  * VQRSHRN

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-7-peter.maydell@linaro.org
2020-06-05 17:23:10 +01:00
Peter Maydell
712182d340 target/arm: Convert Neon narrowing shifts with op==8 to decodetree
Convert the Neon narrowing shifts where op==8 to decodetree:
 * VSHRN
 * VRSHRN
 * VQSHRUN
 * VQRSHRUN

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-6-peter.maydell@linaro.org
2020-06-05 17:23:10 +01:00
Peter Maydell
37bfce81b1 target/arm: Convert VQSHLU, VQSHL 2-reg-shift insns to decodetree
Convert the VQSHLU and QVSHL 2-reg-shift insns to decodetree.
These are the last of the simple shift-by-immediate insns.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-5-peter.maydell@linaro.org
2020-06-05 17:23:10 +01:00
Peter Maydell
434f71ef96 target/arm: Convert Neon VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree
Convert the VSRA, VSRI, VRSHR, VRSRA 2-reg-shift insns to decodetree.
(These are the last instructions in the group that are vectorized;
the rest all require looping over each element.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-4-peter.maydell@linaro.org
2020-06-05 17:23:10 +01:00
Peter Maydell
66432d6b82 target/arm: Convert Neon VSHR 2-reg-shift insns to decodetree
Convert the VSHR 2-reg-shift insns to decodetree.

Note that unlike the legacy decoder, we present the right shift
amount to the trans_ function as a positive integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-3-peter.maydell@linaro.org
2020-06-05 17:23:09 +01:00
Peter Maydell
d3c8c736f8 target/arm: Convert Neon VSHL and VSLI 2-reg-shift insn to decodetree
Convert the VSHL and VSLI insns from the Neon 2-registers-and-a-shift
group to decodetree.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200522145520.6778-2-peter.maydell@linaro.org
2020-06-05 17:23:09 +01:00
Richard Henderson
43fa36c96c target/arm: Split helper_crypto_sm3tt
Rather than passing an opcode to a helper, fully decode the
operation at translate time.  Use clear_tail_16 to zap the
balance of the SVE register with the AdvSIMD write.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200514212831.31248-7-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Richard Henderson
afc8b7d326 target/arm: Split helper_crypto_sha1_3reg
Rather than passing an opcode to a helper, fully decode the
operation at translate time.  Use clear_tail_16 to zap the
balance of the SVE register with the AdvSIMD write.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200514212831.31248-6-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Richard Henderson
effa992f15 target/arm: Convert sha1 and sha256 to gvec helpers
Do not yet convert the helpers to loop over opr_sz, but the
descriptor allows the vector tail to be cleared.  Which fixes
an existing bug vs SVE.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200514212831.31248-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Richard Henderson
aaffebd6d3 target/arm: Convert sha512 and sm3 to gvec helpers
Do not yet convert the helpers to loop over opr_sz, but the
descriptor allows the vector tail to be cleared.  Which fixes
an existing bug vs SVE.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200514212831.31248-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Richard Henderson
1738860d7e target/arm: Convert rax1 to gvec helpers
With this conversion, we will be able to use the same helpers
with sve.  This also fixes a bug in which we failed to clear
the high bits of the SVE register after an AdvSIMD operation.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200514212831.31248-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Richard Henderson
a04b68e1d4 target/arm: Convert aes and sm4 to gvec helpers
With this conversion, we will be able to use the same helpers
with sve.  In particular, pass 3 vector parameters for the
3-operand operations; for advsimd the destination register
is also an input.

This also fixes a bug in which we failed to clear the high bits
of the SVE register after an AdvSIMD operation.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200514212831.31248-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-05 17:23:09 +01:00
Philippe Mathieu-Daudé
c44d26a234 target/s390x: Restrict system-mode declarations
As these declarations are restricted to !CONFIG_USER_ONLY in
helper.c, only declare them when system-mode emulation is used.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200526172427.17460-8-f4bug@amsat.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Philippe Mathieu-Daudé
8c4b4e3763 target/s390x/helper: Clean ifdef'ry
All this code is guarded checking CONFIG_USER_ONLY definition.
Drop the duplicated checks.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200526172427.17460-7-f4bug@amsat.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Philippe Mathieu-Daudé
d64c1bd6ca target/s390x: Only compile decode_basedisp() on system-mode
The decode_basedisp*() methods are only used in ioinst.c,
which is only build in system-mode emulation.

I/O instructions are privileged, and other S instructions
are decoded elsewhere.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200526172427.17460-6-f4bug@amsat.org>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Christian Borntraeger
f555638c0e s390x/kvm: help valgrind in several places
We need some little help in the code to reduce the valgrind noise.
This patch does this with some designated initializers for the cpu
model features and subfunctions.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20200429074201.100924-1-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-06-05 17:13:11 +02:00
Philippe Mathieu-Daudé
4dfe59d187 memory: Rename memory_region_do_writeback -> memory_region_writeback
We usually use '_do_' for internal functions. Rename
memory_region_do_writeback() as memory_region_writeback().

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20200508062456.23344-2-philmd@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-06-05 09:54:48 +01:00
Alistair Francis
36b80ad99f target/riscv: Add the lowRISC Ibex CPU
Ibex is a small and efficient, 32-bit, in-order RISC-V core with
a 2-stage pipeline that implements the RV32IMC instruction set
architecture.

For more details on lowRISC see here:
https://github.com/lowRISC/ibex

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
2020-06-03 09:11:51 -07:00
Alistair Francis
ff832b77aa target/riscv: Don't set PMP feature in the cpu init
The PMP is enabled by default via the "pmp" property so there is no need
for us to set it in the init function. As all CPUs have PMP support just
remove the set_feature() call in the CPU init functions.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
2020-06-03 09:11:51 -07:00
Alistair Francis
8be6971b73 target/riscv: Disable the MMU correctly
Previously if we didn't enable the MMU it would be enabled in the
realize() function anyway. Let's ensure that if we don't want the MMU we
disable it. We also don't need to enable the MMU as it will be enabled
in realize() by default.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
2020-06-03 09:11:51 -07:00
Alistair Francis
f92d46ad07 target/riscv: Don't overwrite the reset vector
The reset vector is set in the init function don't set it again in
realize.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
2020-06-03 09:11:51 -07:00
Alistair Francis
1a9540d1f1 target/riscv: Drop support for ISA spec version 1.09.1
The RISC-V ISA spec version 1.09.1 has been deprecated in QEMU since
4.1. It's not commonly used so let's remove support for it.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
2020-06-03 09:11:51 -07:00
Alistair Francis
65a117da6e target/riscv: Remove the deprecated CPUs
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bin.meng@windriver.com>
2020-06-03 09:11:51 -07:00
Peter Maydell
5cc7a54c2e Vector rotate support
Signal handling support for NetBSD arm/aarch64
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAl7WgZkdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8ZZwf9Flw0VHTBBzsZHPjL
 JVOdJsz8pnQLRDxk9JUo7D40xehpN1oE5mFCV5aFNMSz929r7OB5WfUHsyNpbms/
 aCDz2ADRscBZ4xEZY9cxUYiNzq4fb3Hez64ibGbRm3uHU1C2pPNDRlFpL9aFQMCE
 elhn54hwOAZUZAAKszepClHGglPffijY5QU5VX6Gq6nmqEmCBlA8lkxMtaV/NRnS
 QfskDF4KvglGqGDCcKI2tfotu5Y9k3R4yh7Nzc2JnotbHk4WrNbhBl6r9KcdXddi
 uQng4J0zhBa1Kq4ENdpKgAqN/ZNVEbsFzev5aY77UD76cnxqbQQ7hfXl2gAORp6m
 Vy5lVw==
 =nRee
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20200602' into staging

Vector rotate support
Signal handling support for NetBSD arm/aarch64

# gpg: Signature made Tue 02 Jun 2020 17:43:05 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth/tags/pull-tcg-20200602:
  accel/tcg: Provide a NetBSD specific aarch64 cpu_signal_handler
  accel/tcg: Adjust cpu_signal_handler for NetBSD/arm
  tcg: Improve move ops in liveness_pass_2
  target/s390x: Use tcg_gen_gvec_rotl{i,s,v}
  target/ppc: Use tcg_gen_gvec_rotlv
  tcg/ppc: Implement INDEX_op_rot[lr]v_vec
  tcg/aarch64: Implement INDEX_op_rotl{i,v}_vec
  tcg/i386: Implement INDEX_op_rotl{i,s,v}_vec
  tcg: Implement gvec support for rotate by scalar
  tcg: Remove expansion to shift by vector from do_shifts
  tcg: Implement gvec support for rotate by vector
  tcg: Implement gvec support for rotate by immediate

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-02 18:16:38 +01:00
Richard Henderson
cea94ba36d target/s390x: Use tcg_gen_gvec_rotl{i,s,v}
Merge VERLL and VERLLV into op_vesv and op_ves, alongside
all of the other vector shift operations.

Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-02 08:42:37 -07:00
Richard Henderson
3e114acc91 target/ppc: Use tcg_gen_gvec_rotlv
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-02 08:42:37 -07:00
Laurent Vivier
250b1da35d target/m68k: implement opcode fetoxm1
Example provided in the launchpad bug fails with:

   qemu: uncaught target signal 4 (Illegal instruction) - core dumped
   Illegal instruction (core dumped)

It appears fetoxm1 is not implemented:

   IN: expm1f
   0x800005cc: fetoxm1x %fp2,%fp0
   Disassembler disagrees with translator over instruction decoding
   Please report this to qemu-devel@nongnu.org

   (gdb) x/2hx 0x800005cc
   0x800005cc: 0xf200 0x0808

This patch adds the instruction.

Bug: https://bugs.launchpad.net/qemu/+bug/1881450
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200531131951.631902-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-02 13:59:02 +02:00
Laurent Vivier
6a0e8bb495 target/m68k: implement fmove.l #<data>,FPCR
The immediate value mode was ignored and instruction execution
ends to an invalid access mode.

This was found running 'R' that set FPSR to 0 at startup with
a 'fmove.l #0,FPSR' in qemu-system-m68k emulation and triggers a
kernel crash:

[   56.640000] *** ADDRESS ERROR ***   FORMAT=2
[   56.640000] Current process id is 728
[   56.640000] BAD KERNEL TRAP: 00000000
[   56.640000] Modules linked in: sg evdev mac_hid ip_tables x_tables sha1_generic hmac ipv6 nf_defrag_ipv6 autofs4 ext4 crc16 mbcache jbd2 crc32c_generic sd_mod t10_pi crc_t10dif crct10dif_generic crct10dif_common sr_mod cdrom mac_esp macsonic esp_scsi
[   56.640000] PC: [<00016a2c>] X_UNSUPP+0x2c/0x3c
[   56.640000] SR: 2004  SP: 3eb5e68c  a2: c02e239a
[   56.640000] d0: 00000040    d1: 00000002    d2: 8002adec    d3: 8002ad50
[   56.640000] d4: 8002c768    d5: 0000000d    a0: ffffffc2    a1: ffffffc1
[   56.640000] Process R (pid: 728, task=a3dfda5d)
[   56.640000] Frame format=2 instr addr=00000000
[   56.650000] Stack from 3a4d9f30:
[   56.650000]         41000000 00000002 00000002 ffffffc2 ffffffc1 1fff0000 80000000 00000000
[   56.650000]         3fbf0000 80000000 00000000 00000000 20000000 00000000 7fff0000 ffffffff
[   56.650000]         ffffffff 00000000 00050008 00000000 8000067c c02c2000 efffee20 000002d8
[   56.650000]         00002a28 3a4d9f98 00000002 00000014 fffffffe 8002c768 00000002 00000041
[   56.650000]         00000002 c041fc58 c0743758 ffffffff 00000000 0008c075 00002b24 00000012
[   56.650000]         000007d0 00000024 00000002 c05bef04 c05bef04 0000005e 00000077 c28aca70
[   56.650000] Call Trace: [<00050008>] copy_overflow+0x10/0x28
[   56.650000]  [<00002a28>] buserr+0x20/0x28
[   56.650000]  [<0008c075>] bpf_check+0x57f/0x1cfa
[   56.650000]  [<00002b24>] syscall+0x8/0xc
[   56.650000]  [<0000c019>] dn_sched_init+0x75/0x88
[   56.650000] Code: 1017 0200 00f0 0c00 0040 66ff 0000 05ac <f23c> 8800 0000 0000 f23c 9000 0000 0000 222e ff84 082e 0005 ff1c 6600 000a 0281
[   56.650000] Disabling lock debugging due to kernel taint
...

Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200531110231.620711-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-06-02 13:59:01 +02:00
Bastian Koppelmann
d127de3baa target/tricore: Implement gdbstub
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20200529072148.284037-6-kbastian@mail.uni-paderborn.de>
2020-06-01 16:55:13 +02:00
Bastian Koppelmann
e00a56dbc3 target/tricore: Implement tricore_cpu_get_phys_page_debug
this also removes tricore_cpu_get_phys_page_attrs_debug() as it was a
temporary fix from b190f477e2.

Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20200529072148.284037-5-kbastian@mail.uni-paderborn.de>
2020-06-01 16:55:12 +02:00